1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  *      Copyright (c) 1988 AT&T
  24  *        All Rights Reserved
  25  *
  26  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
  27  */
  28 /*
  29  * Copyright (c) 2012, Joyent, Inc.  All rights reserved.
  30  */
  31 
  32 /*
  33  * Object file dependent support for ELF objects.
  34  */
  35 
  36 #include        <stdio.h>
  37 #include        <sys/procfs.h>
  38 #include        <sys/mman.h>
  39 #include        <sys/debug.h>
  40 #include        <string.h>
  41 #include        <limits.h>
  42 #include        <dlfcn.h>
  43 #include        <debug.h>
  44 #include        <conv.h>
  45 #include        "_rtld.h"
  46 #include        "_audit.h"
  47 #include        "_elf.h"
  48 #include        "_inline_gen.h"
  49 #include        "_inline_reloc.h"
  50 #include        "msg.h"
  51 
  52 /*
  53  * Default and secure dependency search paths.
  54  */
  55 static Spath_defn _elf_def_dirs[] = {
  56 #if     defined(_ELF64)
  57         { MSG_ORIG(MSG_PTH_LIB_64),             MSG_PTH_LIB_64_SIZE },
  58         { MSG_ORIG(MSG_PTH_USRLIB_64),          MSG_PTH_USRLIB_64_SIZE },
  59 #else
  60         { MSG_ORIG(MSG_PTH_LIB),                MSG_PTH_LIB_SIZE },
  61         { MSG_ORIG(MSG_PTH_USRLIB),             MSG_PTH_USRLIB_SIZE },
  62 #endif
  63         { 0, 0 }
  64 };
  65 
  66 static Spath_defn _elf_sec_dirs[] = {
  67 #if     defined(_ELF64)
  68         { MSG_ORIG(MSG_PTH_LIBSE_64),           MSG_PTH_LIBSE_64_SIZE },
  69         { MSG_ORIG(MSG_PTH_USRLIBSE_64),        MSG_PTH_USRLIBSE_64_SIZE },
  70 #else
  71         { MSG_ORIG(MSG_PTH_LIBSE),              MSG_PTH_LIBSE_SIZE },
  72         { MSG_ORIG(MSG_PTH_USRLIBSE),           MSG_PTH_USRLIBSE_SIZE },
  73 #endif
  74         { 0, 0 }
  75 };
  76 
  77 Alist   *elf_def_dirs = NULL;
  78 Alist   *elf_sec_dirs = NULL;
  79 
  80 /*
  81  * Defines for local functions.
  82  */
  83 static void     elf_dladdr(ulong_t, Rt_map *, Dl_info *, void **, int);
  84 static Addr     elf_entry_point(void);
  85 static int      elf_fix_name(const char *, Rt_map *, Alist **, Aliste, uint_t);
  86 static Alist    **elf_get_def_dirs(void);
  87 static Alist    **elf_get_sec_dirs(void);
  88 static char     *elf_get_so(const char *, const char *, size_t, size_t);
  89 static int      elf_needed(Lm_list *, Aliste, Rt_map *, int *);
  90 
  91 /*
  92  * Functions and data accessed through indirect pointers.
  93  */
  94 Fct elf_fct = {
  95         elf_verify,
  96         elf_new_lmp,
  97         elf_entry_point,
  98         elf_needed,
  99         lookup_sym,
 100         elf_reloc,
 101         elf_get_def_dirs,
 102         elf_get_sec_dirs,
 103         elf_fix_name,
 104         elf_get_so,
 105         elf_dladdr,
 106         dlsym_handle
 107 };
 108 
 109 /*
 110  * Default and secure dependency search paths.
 111  */
 112 static Alist **
 113 elf_get_def_dirs()
 114 {
 115         if (elf_def_dirs == NULL)
 116                 set_dirs(&elf_def_dirs, _elf_def_dirs, LA_SER_DEFAULT);
 117         return (&elf_def_dirs);
 118 }
 119 
 120 static Alist **
 121 elf_get_sec_dirs()
 122 {
 123         if (elf_sec_dirs == NULL)
 124                 set_dirs(&elf_sec_dirs, _elf_sec_dirs, LA_SER_SECURE);
 125         return (&elf_sec_dirs);
 126 }
 127 
 128 /*
 129  * Redefine NEEDED name if necessary.
 130  */
 131 static int
 132 elf_fix_name(const char *name, Rt_map *clmp, Alist **alpp, Aliste alni,
 133     uint_t orig)
 134 {
 135         /*
 136          * For ABI compliance, if we are asked for ld.so.1, then really give
 137          * them libsys.so.1 (the SONAME of libsys.so.1 is ld.so.1).
 138          */
 139         if (((*name == '/') &&
 140         /* BEGIN CSTYLED */
 141 #if     defined(_ELF64)
 142             (strcmp(name, MSG_ORIG(MSG_PTH_RTLD_64)) == 0)) ||
 143 #else
 144             (strcmp(name, MSG_ORIG(MSG_PTH_RTLD)) == 0)) ||
 145 #endif
 146             (strcmp(name, MSG_ORIG(MSG_FIL_RTLD)) == 0)) {
 147                 /* END CSTYLED */
 148                 Pdesc   *pdp;
 149 
 150                 DBG_CALL(Dbg_file_fixname(LIST(clmp), name,
 151                     MSG_ORIG(MSG_PTH_LIBSYS)));
 152                 if ((pdp = alist_append(alpp, NULL, sizeof (Pdesc),
 153                     alni)) == NULL)
 154                         return (0);
 155 
 156                 pdp->pd_pname = (char *)MSG_ORIG(MSG_PTH_LIBSYS);
 157                 pdp->pd_plen = MSG_PTH_LIBSYS_SIZE;
 158                 pdp->pd_flags = PD_FLG_PNSLASH;
 159 
 160                 return (1);
 161         }
 162 
 163         return (expand_paths(clmp, name, alpp, alni, orig, 0));
 164 }
 165 
 166 /*
 167  * Determine whether this object requires capabilities.
 168  */
 169 inline static int
 170 elf_cap_check(Fdesc *fdp, Ehdr *ehdr, Rej_desc *rej)
 171 {
 172         Phdr    *phdr;
 173         Cap     *cap = NULL;
 174         Dyn     *dyn = NULL;
 175         char    *str = NULL;
 176         Addr    base;
 177         uint_t  cnt, dyncnt;
 178 
 179         /*
 180          * If this is a shared object, the base address of the shared object is
 181          * added to all address values defined within the object.  Otherwise, if
 182          * this is an executable, all object addresses are used as is.
 183          */
 184         if (ehdr->e_type == ET_EXEC)
 185                 base = 0;
 186         else
 187                 base = (Addr)ehdr;
 188 
 189         /* LINTED */
 190         phdr = (Phdr *)((char *)ehdr + ehdr->e_phoff);
 191         for (cnt = 0; cnt < ehdr->e_phnum; cnt++, phdr++) {
 192                 if (phdr->p_type == PT_DYNAMIC) {
 193                         /* LINTED */
 194                         dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
 195                         dyncnt = phdr->p_filesz / sizeof (Dyn);
 196                 } else if (phdr->p_type == PT_SUNWCAP) {
 197                         /* LINTED */
 198                         cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
 199                 }
 200         }
 201 
 202         if (cap) {
 203                 /*
 204                  * From the .dynamic section, determine the associated string
 205                  * table.  Required for CA_SUNW_MACH and CA_SUNW_PLAT
 206                  * processing.
 207                  */
 208                 while (dyn && dyncnt) {
 209                         if (dyn->d_tag == DT_NULL) {
 210                                 break;
 211                         } else if (dyn->d_tag == DT_STRTAB) {
 212                                 str = (char *)(dyn->d_un.d_ptr + base);
 213                                 break;
 214                         }
 215                         dyn++, dyncnt--;
 216                 }
 217         }
 218 
 219         /*
 220          * Establish any alternative capabilities, and validate this object
 221          * if it defines it's own capabilities information.
 222          */
 223         return (cap_check_fdesc(fdp, cap, str, rej));
 224 }
 225 
 226 /*
 227  * Determine if we have been given an ELF file and if so determine if the file
 228  * is compatible.  Returns 1 if true, else 0 and sets the reject descriptor
 229  * with associated error information.
 230  */
 231 Fct *
 232 elf_verify(caddr_t addr, size_t size, Fdesc *fdp, const char *name,
 233     Rej_desc *rej)
 234 {
 235         Ehdr    *ehdr;
 236         char    *caddr = (char *)addr;
 237 
 238         /*
 239          * Determine if we're an elf file.  If not simply return, we don't set
 240          * any rejection information as this test allows use to scroll through
 241          * the objects we support (ELF, AOUT).
 242          */
 243         if (size < sizeof (Ehdr) ||
 244             caddr[EI_MAG0] != ELFMAG0 ||
 245             caddr[EI_MAG1] != ELFMAG1 ||
 246             caddr[EI_MAG2] != ELFMAG2 ||
 247             caddr[EI_MAG3] != ELFMAG3) {
 248                 return (NULL);
 249         }
 250 
 251         /*
 252          * Check class and encoding.
 253          */
 254         /* LINTED */
 255         ehdr = (Ehdr *)addr;
 256         if (ehdr->e_ident[EI_CLASS] != M_CLASS) {
 257                 rej->rej_type = SGS_REJ_CLASS;
 258                 rej->rej_info = (uint_t)ehdr->e_ident[EI_CLASS];
 259                 return (NULL);
 260         }
 261         if (ehdr->e_ident[EI_DATA] != M_DATA) {
 262                 rej->rej_type = SGS_REJ_DATA;
 263                 rej->rej_info = (uint_t)ehdr->e_ident[EI_DATA];
 264                 return (NULL);
 265         }
 266         if ((ehdr->e_type != ET_REL) && (ehdr->e_type != ET_EXEC) &&
 267             (ehdr->e_type != ET_DYN)) {
 268                 rej->rej_type = SGS_REJ_TYPE;
 269                 rej->rej_info = (uint_t)ehdr->e_type;
 270                 return (NULL);
 271         }
 272 
 273         /*
 274          * Verify ELF version.
 275          */
 276         if (ehdr->e_version > EV_CURRENT) {
 277                 rej->rej_type = SGS_REJ_VERSION;
 278                 rej->rej_info = (uint_t)ehdr->e_version;
 279                 return (NULL);
 280         }
 281 
 282         /*
 283          * Verify machine specific flags.
 284          */
 285         if (elf_mach_flags_check(rej, ehdr) == 0)
 286                 return (NULL);
 287 
 288         /*
 289          * Verify any capability requirements.  Note, if this object is a shared
 290          * object that is explicitly defined on the ldd(1) command line, and it
 291          * contains an incompatible capabilities requirement, then inform the
 292          * user, but continue processing.
 293          */
 294         if (elf_cap_check(fdp, ehdr, rej) == 0) {
 295                 Rt_map  *lmp = lml_main.lm_head;
 296 
 297                 if ((lml_main.lm_flags & LML_FLG_TRC_LDDSTUB) && lmp &&
 298                     (FLAGS1(lmp) & FL1_RT_LDDSTUB) && (NEXT(lmp) == NULL)) {
 299                         /* LINTED */
 300                         (void) printf(MSG_INTL(ldd_warn[rej->rej_type]), name,
 301                             rej->rej_str);
 302                         return (&elf_fct);
 303                 }
 304                 return (NULL);
 305         }
 306         return (&elf_fct);
 307 }
 308 
 309 /*
 310  * The runtime linker employs lazy loading to provide the libraries needed for
 311  * debugging, preloading .o's and dldump().  As these are seldom used, the
 312  * standard startup of ld.so.1 doesn't initialize all the information necessary
 313  * to perform plt relocation on ld.so.1's link-map.  The first time lazy loading
 314  * is called we get here to perform these initializations:
 315  *
 316  *  -   elf_needed() is called to establish any ld.so.1 dependencies.  These
 317  *      dependencies should all be lazy loaded, so this routine is typically a
 318  *      no-op.  However, we call elf_needed() for completeness, in case any
 319  *      NEEDED initialization is required.
 320  *
 321  *  -   For intel, ld.so.1's JMPSLOT relocations need relative updates. These
 322  *      are by default skipped thus delaying all relative relocation processing
 323  *      on every invocation of ld.so.1.
 324  */
 325 int
 326 elf_rtld_load()
 327 {
 328         Lm_list *lml = &lml_rtld;
 329         Rt_map  *lmp = lml->lm_head;
 330 
 331         if (lml->lm_flags & LML_FLG_PLTREL)
 332                 return (1);
 333 
 334         if (elf_needed(lml, ALIST_OFF_DATA, lmp, NULL) == 0)
 335                 return (0);
 336 
 337 #if     defined(__i386)
 338         /*
 339          * This is a kludge to give ld.so.1 a performance benefit on i386.
 340          * It's based around two factors.
 341          *
 342          *  -   JMPSLOT relocations (PLT's) actually need a relative relocation
 343          *      applied to the GOT entry so that they can find PLT0.
 344          *
 345          *  -   ld.so.1 does not exercise *any* PLT's before it has made a call
 346          *      to elf_lazy_load().  This is because all dynamic dependencies
 347          *      are recorded as lazy dependencies.
 348          */
 349         (void) elf_reloc_relative_count((ulong_t)JMPREL(lmp),
 350             (ulong_t)(PLTRELSZ(lmp) / RELENT(lmp)), (ulong_t)RELENT(lmp),
 351             (ulong_t)ADDR(lmp), lmp, NULL, 0);
 352 #endif
 353         lml->lm_flags |= LML_FLG_PLTREL;
 354         return (1);
 355 }
 356 
 357 /*
 358  * Lazy load an object.
 359  */
 360 Rt_map *
 361 elf_lazy_load(Rt_map *clmp, Slookup *slp, uint_t ndx, const char *sym,
 362     uint_t flags, Grp_hdl **hdl, int *in_nfavl)
 363 {
 364         Alist           *palp = NULL;
 365         Rt_map          *nlmp;
 366         Dyninfo         *dip = &DYNINFO(clmp)[ndx], *pdip;
 367         const char      *name;
 368         Lm_list         *lml = LIST(clmp);
 369         Aliste          lmco;
 370 
 371         /*
 372          * If this dependency should be ignored, or has already been processed,
 373          * we're done.
 374          */
 375         if (((nlmp = (Rt_map *)dip->di_info) != NULL) ||
 376             (dip->di_flags & (FLG_DI_IGNORE | FLG_DI_LDD_DONE)))
 377                 return (nlmp);
 378 
 379         /*
 380          * If we're running under ldd(1), indicate that this dependency has been
 381          * processed (see test above).  It doesn't matter whether the object is
 382          * successfully loaded or not, this flag simply ensures that we don't
 383          * repeatedly attempt to load an object that has already failed to load.
 384          * To do so would create multiple failure diagnostics for the same
 385          * object under ldd(1).
 386          */
 387         if (lml->lm_flags & LML_FLG_TRC_ENABLE)
 388                 dip->di_flags |= FLG_DI_LDD_DONE;
 389 
 390         /*
 391          * Determine the initial dependency name.
 392          */
 393         name = dip->di_name;
 394         DBG_CALL(Dbg_file_lazyload(clmp, name, sym));
 395 
 396         /*
 397          * If this object needs to establish its own group, make sure a handle
 398          * is created.
 399          */
 400         if (dip->di_flags & FLG_DI_GROUP)
 401                 flags |= (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
 402 
 403         /*
 404          * Lazy dependencies are identified as DT_NEEDED entries with a
 405          * DF_P1_LAZYLOAD flag in the previous DT_POSFLAG_1 element.  The
 406          * dynamic information element that corresponds to the DT_POSFLAG_1
 407          * entry is free, and thus used to store the present entrance
 408          * identifier.  This identifier is used to prevent multiple attempts to
 409          * load a failed lazy loadable dependency within the same runtime linker
 410          * operation.  However, future attempts to reload this dependency are
 411          * still possible.
 412          */
 413         if (ndx && (pdip = dip - 1) && (pdip->di_flags & FLG_DI_POSFLAG1))
 414                 pdip->di_info = (void *)slp->sl_id;
 415 
 416         /*
 417          * Expand the requested name if necessary.
 418          */
 419         if (elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0)
 420                 return (NULL);
 421 
 422         /*
 423          * Establish a link-map control list for this request.
 424          */
 425         if ((lmco = create_cntl(lml, 0)) == NULL) {
 426                 remove_alist(&palp, 1);
 427                 return (NULL);
 428         }
 429 
 430         /*
 431          * Load the associated object.
 432          */
 433         dip->di_info = nlmp =
 434             load_one(lml, lmco, palp, clmp, MODE(clmp), flags, hdl, in_nfavl);
 435 
 436         /*
 437          * Remove any expanded pathname infrastructure.  Reduce the pending lazy
 438          * dependency count of the caller, together with the link-map lists
 439          * count of objects that still have lazy dependencies pending.
 440          */
 441         remove_alist(&palp, 1);
 442         if (--LAZY(clmp) == 0)
 443                 LIST(clmp)->lm_lazy--;
 444 
 445         /*
 446          * Finish processing the objects associated with this request, and
 447          * create an association between the caller and this dependency.
 448          */
 449         if (nlmp && ((bind_one(clmp, nlmp, BND_NEEDED) == 0) ||
 450             ((nlmp = analyze_lmc(lml, lmco, nlmp, clmp, in_nfavl)) == NULL) ||
 451             (relocate_lmc(lml, lmco, clmp, nlmp, in_nfavl) == 0)))
 452                 dip->di_info = nlmp = NULL;
 453 
 454         /*
 455          * If this lazyload has failed, and we've created a new link-map
 456          * control list to which this request has added objects, then remove
 457          * all the objects that have been associated to this request.
 458          */
 459         if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
 460                 remove_lmc(lml, clmp, lmco, name);
 461 
 462         /*
 463          * Remove any temporary link-map control list.
 464          */
 465         if (lmco != ALIST_OFF_DATA)
 466                 remove_cntl(lml, lmco);
 467 
 468         /*
 469          * If this lazy loading failed, record the fact, and bump the lazy
 470          * counts.
 471          */
 472         if (nlmp == NULL) {
 473                 dip->di_flags |= FLG_DI_LAZYFAIL;
 474                 if (LAZY(clmp)++ == 0)
 475                         LIST(clmp)->lm_lazy++;
 476         }
 477 
 478         return (nlmp);
 479 }
 480 
 481 /*
 482  * Return the entry point of the ELF executable.
 483  */
 484 static Addr
 485 elf_entry_point(void)
 486 {
 487         Rt_map  *lmp = lml_main.lm_head;
 488         Ehdr    *ehdr = (Ehdr *)ADDR(lmp);
 489         Addr    addr = (Addr)(ehdr->e_entry);
 490 
 491         if ((FLAGS(lmp) & FLG_RT_FIXED) == 0)
 492                 addr += ADDR(lmp);
 493 
 494         return (addr);
 495 }
 496 
 497 /*
 498  * Determine if a dependency requires a particular version and if so verify
 499  * that the version exists in the dependency.
 500  */
 501 int
 502 elf_verify_vers(const char *name, Rt_map *clmp, Rt_map *nlmp)
 503 {
 504         Verneed         *vnd = VERNEED(clmp);
 505         int             _num, num = VERNEEDNUM(clmp);
 506         char            *cstrs = (char *)STRTAB(clmp);
 507         Lm_list         *lml = LIST(clmp);
 508 
 509         /*
 510          * Traverse the callers version needed information and determine if any
 511          * specific versions are required from the dependency.
 512          */
 513         DBG_CALL(Dbg_ver_need_title(LIST(clmp), NAME(clmp)));
 514         for (_num = 1; _num <= num; _num++,
 515             vnd = (Verneed *)((Xword)vnd + vnd->vn_next)) {
 516                 Half            cnt = vnd->vn_cnt;
 517                 Vernaux         *vnap;
 518                 char            *nstrs, *need;
 519 
 520                 /*
 521                  * Determine if a needed entry matches this dependency.
 522                  */
 523                 need = (char *)(cstrs + vnd->vn_file);
 524                 if (strcmp(name, need) != 0)
 525                         continue;
 526 
 527                 if ((lml->lm_flags & LML_FLG_TRC_VERBOSE) &&
 528                     ((FLAGS1(clmp) & FL1_RT_LDDSTUB) == 0))
 529                         (void) printf(MSG_INTL(MSG_LDD_VER_FIND), name);
 530 
 531                 /*
 532                  * Validate that each version required actually exists in the
 533                  * dependency.
 534                  */
 535                 nstrs = (char *)STRTAB(nlmp);
 536 
 537                 for (vnap = (Vernaux *)((Xword)vnd + vnd->vn_aux); cnt;
 538                     cnt--, vnap = (Vernaux *)((Xword)vnap + vnap->vna_next)) {
 539                         char            *version, *define;
 540                         Verdef          *vdf = VERDEF(nlmp);
 541                         ulong_t         _num, num = VERDEFNUM(nlmp);
 542                         int             found = 0;
 543 
 544                         /*
 545                          * Skip validation of versions that are marked
 546                          * INFO. This optimization is used for versions
 547                          * that are inherited by another version. Verification
 548                          * of the inheriting version is sufficient.
 549                          *
 550                          * Such versions are recorded in the object for the
 551                          * benefit of VERSYM entries that refer to them. This
 552                          * provides a purely diagnostic benefit.
 553                          */
 554                         if (vnap->vna_flags & VER_FLG_INFO)
 555                                 continue;
 556 
 557                         version = (char *)(cstrs + vnap->vna_name);
 558                         DBG_CALL(Dbg_ver_need_entry(lml, 0, need, version));
 559 
 560                         for (_num = 1; _num <= num; _num++,
 561                             vdf = (Verdef *)((Xword)vdf + vdf->vd_next)) {
 562                                 Verdaux         *vdap;
 563 
 564                                 if (vnap->vna_hash != vdf->vd_hash)
 565                                         continue;
 566 
 567                                 vdap = (Verdaux *)((Xword)vdf + vdf->vd_aux);
 568                                 define = (char *)(nstrs + vdap->vda_name);
 569                                 if (strcmp(version, define) != 0)
 570                                         continue;
 571 
 572                                 found++;
 573                                 break;
 574                         }
 575 
 576                         /*
 577                          * If we're being traced print out any matched version
 578                          * when the verbose (-v) option is in effect.  Always
 579                          * print any unmatched versions.
 580                          */
 581                         if (lml->lm_flags & LML_FLG_TRC_ENABLE) {
 582                                 /* BEGIN CSTYLED */
 583                                 if (found) {
 584                                     if (!(lml->lm_flags & LML_FLG_TRC_VERBOSE))
 585                                         continue;
 586 
 587                                     (void) printf(MSG_ORIG(MSG_LDD_VER_FOUND),
 588                                         need, version, NAME(nlmp));
 589                                 } else {
 590                                     if (rtld_flags & RT_FL_SILENCERR)
 591                                         continue;
 592 
 593                                     (void) printf(MSG_INTL(MSG_LDD_VER_NFOUND),
 594                                         need, version);
 595                                 }
 596                                 /* END CSTYLED */
 597                                 continue;
 598                         }
 599 
 600                         /*
 601                          * If the version hasn't been found then this is a
 602                          * candidate for a fatal error condition.  Weak
 603                          * version definition requirements are silently
 604                          * ignored.  Also, if the image inspected for a version
 605                          * definition has no versioning recorded at all then
 606                          * silently ignore this (this provides better backward
 607                          * compatibility to old images created prior to
 608                          * versioning being available).  Both of these skipped
 609                          * diagnostics are available under tracing (see above).
 610                          */
 611                         if ((found == 0) && (num != 0) &&
 612                             (!(vnap->vna_flags & VER_FLG_WEAK))) {
 613                                 eprintf(lml, ERR_FATAL,
 614                                     MSG_INTL(MSG_VER_NFOUND), need, version,
 615                                     NAME(clmp));
 616                                 return (0);
 617                         }
 618                 }
 619         }
 620         DBG_CALL(Dbg_ver_need_done(lml));
 621         return (1);
 622 }
 623 
 624 /*
 625  * Search through the dynamic section for DT_NEEDED entries and perform one
 626  * of two functions.  If only the first argument is specified then load the
 627  * defined shared object, otherwise add the link map representing the defined
 628  * link map the the dlopen list.
 629  */
 630 static int
 631 elf_needed(Lm_list *lml, Aliste lmco, Rt_map *clmp, int *in_nfavl)
 632 {
 633         Alist           *palp = NULL;
 634         Dyn             *dyn;
 635         Dyninfo         *dip;
 636         Word            lmflags = lml->lm_flags;
 637 
 638         /*
 639          * A DYNINFO() structure is created during link-map generation that
 640          * parallels the DYN() information, and defines any flags that
 641          * influence a dependencies loading.
 642          */
 643         for (dyn = DYN(clmp), dip = DYNINFO(clmp);
 644             !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
 645                 uint_t          flags = 0, silent = 0;
 646                 const char      *name = dip->di_name;
 647                 Rt_map          *nlmp = NULL;
 648 
 649                 if ((dip->di_flags & FLG_DI_NEEDED) == 0)
 650                         continue;
 651 
 652                 /*
 653                  * Skip any deferred dependencies, unless ldd(1) has forced
 654                  * their processing.  By default, deferred dependencies are
 655                  * only processed when an explicit binding to an individual
 656                  * deferred reference is made.
 657                  */
 658                 if ((dip->di_flags & FLG_DI_DEFERRED) &&
 659                     ((rtld_flags & RT_FL_DEFERRED) == 0))
 660                         continue;
 661 
 662                 /*
 663                  * NOTE, libc.so.1 can't be lazy loaded.  Although a lazy
 664                  * position flag won't be produced when a RTLDINFO .dynamic
 665                  * entry is found (introduced with the UPM in Solaris 10), it
 666                  * was possible to mark libc for lazy loading on previous
 667                  * releases.  To reduce the overhead of testing for this
 668                  * occurrence, only carry out this check for the first object
 669                  * on the link-map list (there aren't many applications built
 670                  * without libc).
 671                  */
 672                 if ((dip->di_flags & FLG_DI_LAZY) && (lml->lm_head == clmp) &&
 673                     (strcmp(name, MSG_ORIG(MSG_FIL_LIBC)) == 0))
 674                         dip->di_flags &= ~FLG_DI_LAZY;
 675 
 676                 /*
 677                  * Don't bring in lazy loaded objects yet unless we've been
 678                  * asked to attempt to load all available objects (crle(1) sets
 679                  * LD_FLAGS=loadavail).  Even under RTLD_NOW we don't process
 680                  * this - RTLD_NOW will cause relocation processing which in
 681                  * turn might trigger lazy loading, but its possible that the
 682                  * object has a lazy loaded file with no bindings (i.e., it
 683                  * should never have been a dependency in the first place).
 684                  */
 685                 if (dip->di_flags & FLG_DI_LAZY) {
 686                         if ((lmflags & LML_FLG_LOADAVAIL) == 0) {
 687                                 LAZY(clmp)++;
 688                                 continue;
 689                         }
 690 
 691                         /*
 692                          * Silence any error messages - see description under
 693                          * elf_lookup_filtee().
 694                          */
 695                         if ((rtld_flags & RT_FL_SILENCERR) == 0) {
 696                                 rtld_flags |= RT_FL_SILENCERR;
 697                                 silent = 1;
 698                         }
 699                 }
 700 
 701                 DBG_CALL(Dbg_file_needed(clmp, name));
 702 
 703                 /*
 704                  * If we're running under ldd(1), indicate that this dependency
 705                  * has been processed.  It doesn't matter whether the object is
 706                  * successfully loaded or not, this flag simply ensures that we
 707                  * don't repeatedly attempt to load an object that has already
 708                  * failed to load.  To do so would create multiple failure
 709                  * diagnostics for the same object under ldd(1).
 710                  */
 711                 if (lml->lm_flags & LML_FLG_TRC_ENABLE)
 712                         dip->di_flags |= FLG_DI_LDD_DONE;
 713 
 714                 /*
 715                  * Identify any group permission requirements.
 716                  */
 717                 if (dip->di_flags & FLG_DI_GROUP)
 718                         flags = (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
 719 
 720                 /*
 721                  * Establish the objects name, load it and establish a binding
 722                  * with the caller.
 723                  */
 724                 if ((elf_fix_name(name, clmp, &palp, AL_CNT_NEEDED, 0) == 0) ||
 725                     ((nlmp = load_one(lml, lmco, palp, clmp, MODE(clmp),
 726                     flags, 0, in_nfavl)) == NULL) ||
 727                     (bind_one(clmp, nlmp, BND_NEEDED) == 0))
 728                         nlmp = NULL;
 729 
 730                 /*
 731                  * Clean up any infrastructure, including the removal of the
 732                  * error suppression state, if it had been previously set in
 733                  * this routine.
 734                  */
 735                 remove_alist(&palp, 0);
 736 
 737                 if (silent)
 738                         rtld_flags &= ~RT_FL_SILENCERR;
 739 
 740                 if ((dip->di_info = (void *)nlmp) == NULL) {
 741                         /*
 742                          * If the object could not be mapped, continue if error
 743                          * suppression is established or we're here with ldd(1).
 744                          */
 745                         if ((MODE(clmp) & RTLD_CONFGEN) || (lmflags &
 746                             (LML_FLG_LOADAVAIL | LML_FLG_TRC_ENABLE)))
 747                                 continue;
 748                         else {
 749                                 remove_alist(&palp, 1);
 750                                 return (0);
 751                         }
 752                 }
 753         }
 754 
 755         if (LAZY(clmp))
 756                 lml->lm_lazy++;
 757 
 758         remove_alist(&palp, 1);
 759         return (1);
 760 }
 761 
 762 /*
 763  * A null symbol interpretor.  Used if a filter has no associated filtees.
 764  */
 765 /* ARGSUSED0 */
 766 static int
 767 elf_null_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
 768 {
 769         return (0);
 770 }
 771 
 772 /*
 773  * Disable filtee use.
 774  */
 775 static void
 776 elf_disable_filtee(Rt_map *lmp, Dyninfo *dip)
 777 {
 778         if ((dip->di_flags & FLG_DI_SYMFLTR) == 0) {
 779                 /*
 780                  * If this is an object filter, null out the reference name.
 781                  */
 782                 if (OBJFLTRNDX(lmp) != FLTR_DISABLED) {
 783                         REFNAME(lmp) = NULL;
 784                         OBJFLTRNDX(lmp) = FLTR_DISABLED;
 785 
 786                         /*
 787                          * Indicate that this filtee is no longer available.
 788                          */
 789                         if (dip->di_flags & FLG_DI_STDFLTR)
 790                                 SYMINTP(lmp) = elf_null_find_sym;
 791 
 792                 }
 793         } else if (dip->di_flags & FLG_DI_STDFLTR) {
 794                 /*
 795                  * Indicate that this standard filtee is no longer available.
 796                  */
 797                 if (SYMSFLTRCNT(lmp))
 798                         SYMSFLTRCNT(lmp)--;
 799         } else {
 800                 /*
 801                  * Indicate that this auxiliary filtee is no longer available.
 802                  */
 803                 if (SYMAFLTRCNT(lmp))
 804                         SYMAFLTRCNT(lmp)--;
 805         }
 806         dip->di_flags &= ~MSK_DI_FILTER;
 807 }
 808 
 809 /*
 810  * Find symbol interpreter - filters.
 811  * This function is called when the symbols from a shared object should
 812  * be resolved from the shared objects filtees instead of from within itself.
 813  *
 814  * A symbol name of 0 is used to trigger filtee loading.
 815  */
 816 static int
 817 _elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
 818     int *in_nfavl)
 819 {
 820         const char      *name = slp->sl_name, *filtees;
 821         Rt_map          *clmp = slp->sl_cmap;
 822         Rt_map          *ilmp = slp->sl_imap;
 823         Pdesc           *pdp;
 824         int             any;
 825         Dyninfo         *dip = &DYNINFO(ilmp)[ndx];
 826         Lm_list         *lml = LIST(ilmp);
 827         Aliste          idx;
 828 
 829         /*
 830          * Indicate that the filter has been used.  If a binding already exists
 831          * to the caller, indicate that this object is referenced.  This insures
 832          * we don't generate false unreferenced diagnostics from ldd -u/U or
 833          * debugging.  Don't create a binding regardless, as this filter may
 834          * have been dlopen()'ed.
 835          */
 836         if (name && (ilmp != clmp)) {
 837                 Word    tracing = (LIST(clmp)->lm_flags &
 838                     (LML_FLG_TRC_UNREF | LML_FLG_TRC_UNUSED));
 839 
 840                 if (tracing || DBG_ENABLED) {
 841                         Bnd_desc        *bdp;
 842                         Aliste          idx;
 843 
 844                         FLAGS1(ilmp) |= FL1_RT_USED;
 845 
 846                         if ((tracing & LML_FLG_TRC_UNREF) || DBG_ENABLED) {
 847                                 for (APLIST_TRAVERSE(CALLERS(ilmp), idx, bdp)) {
 848                                         if (bdp->b_caller == clmp) {
 849                                                 bdp->b_flags |= BND_REFER;
 850                                                 break;
 851                                         }
 852                                 }
 853                         }
 854                 }
 855         }
 856 
 857         /*
 858          * If this is the first call to process this filter, establish the
 859          * filtee list.  If a configuration file exists, determine if any
 860          * filtee associations for this filter, and its filtee reference, are
 861          * defined.  Otherwise, process the filtee reference.  Any token
 862          * expansion is also completed at this point (i.e., $PLATFORM).
 863          */
 864         filtees = dip->di_name;
 865         if (dip->di_info == NULL) {
 866                 if (rtld_flags2 & RT_FL2_FLTCFG) {
 867                         elf_config_flt(lml, PATHNAME(ilmp), filtees,
 868                             (Alist **)&dip->di_info, AL_CNT_FILTEES);
 869                 }
 870                 if (dip->di_info == NULL) {
 871                         DBG_CALL(Dbg_file_filter(lml, NAME(ilmp), filtees, 0));
 872                         if ((lml->lm_flags &
 873                             (LML_FLG_TRC_VERBOSE | LML_FLG_TRC_SEARCH)) &&
 874                             ((FLAGS1(ilmp) & FL1_RT_LDDSTUB) == 0))
 875                                 (void) printf(MSG_INTL(MSG_LDD_FIL_FILTER),
 876                                     NAME(ilmp), filtees);
 877 
 878                         if (expand_paths(ilmp, filtees, (Alist **)&dip->di_info,
 879                             AL_CNT_FILTEES, 0, 0) == 0) {
 880                                 elf_disable_filtee(ilmp, dip);
 881                                 return (0);
 882                         }
 883                 }
 884         }
 885 
 886         /*
 887          * Traverse the filtee list, dlopen()'ing any objects specified and
 888          * using their group handle to lookup the symbol.
 889          */
 890         any = 0;
 891         for (ALIST_TRAVERSE((Alist *)dip->di_info, idx, pdp)) {
 892                 int     mode;
 893                 Grp_hdl *ghp;
 894                 Rt_map  *nlmp = NULL;
 895 
 896                 if (pdp->pd_plen == 0)
 897                         continue;
 898 
 899                 /*
 900                  * Establish the mode of the filtee from the filter.  As filtees
 901                  * are loaded via a dlopen(), make sure that RTLD_GROUP is set
 902                  * and the filtees aren't global.  It would be nice to have
 903                  * RTLD_FIRST used here also, but as filters got out long before
 904                  * RTLD_FIRST was introduced it's a little too late now.
 905                  */
 906                 mode = MODE(ilmp) | RTLD_GROUP;
 907                 mode &= ~RTLD_GLOBAL;
 908 
 909                 /*
 910                  * Insure that any auxiliary filter can locate symbols from its
 911                  * caller.
 912                  */
 913                 if (dip->di_flags & FLG_DI_AUXFLTR)
 914                         mode |= RTLD_PARENT;
 915 
 916                 /*
 917                  * Process any capability directory.  Establish a new link-map
 918                  * control list from which to analyze any newly added objects.
 919                  */
 920                 if ((pdp->pd_info == NULL) && (pdp->pd_flags & PD_TKN_CAP)) {
 921                         const char      *dir = pdp->pd_pname;
 922                         Aliste          lmco;
 923 
 924                         /*
 925                          * Establish a link-map control list for this request.
 926                          */
 927                         if ((lmco = create_cntl(lml, 0)) == NULL)
 928                                 return (NULL);
 929 
 930                         /*
 931                          * Determine the capability filtees.  If none can be
 932                          * found, provide suitable diagnostics.
 933                          */
 934                         DBG_CALL(Dbg_cap_filter(lml, dir, ilmp));
 935                         if (cap_filtees((Alist **)&dip->di_info, idx, dir,
 936                             lmco, ilmp, clmp, filtees, mode,
 937                             (FLG_RT_PUBHDL | FLG_RT_CAP), in_nfavl) == 0) {
 938                                 if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
 939                                     (dip->di_flags & FLG_DI_AUXFLTR) &&
 940                                     (rtld_flags & RT_FL_WARNFLTR)) {
 941                                         (void) printf(
 942                                             MSG_INTL(MSG_LDD_CAP_NFOUND), dir);
 943                                 }
 944                                 DBG_CALL(Dbg_cap_filter(lml, dir, 0));
 945                         }
 946 
 947                         /*
 948                          * Re-establish the originating path name descriptor,
 949                          * as the expansion of capabilities filtees may have
 950                          * re-allocated the controlling Alist.  Mark this
 951                          * original pathname descriptor as unused so that the
 952                          * descriptor isn't revisited for processing.  Any real
 953                          * capabilities filtees have been added as new pathname
 954                          * descriptors following this descriptor.
 955                          */
 956                         pdp = alist_item((Alist *)dip->di_info, idx);
 957                         pdp->pd_flags &= ~PD_TKN_CAP;
 958                         pdp->pd_plen = 0;
 959 
 960                         /*
 961                          * Now that any capability objects have been processed,
 962                          * remove any temporary link-map control list.
 963                          */
 964                         if (lmco != ALIST_OFF_DATA)
 965                                 remove_cntl(lml, lmco);
 966                 }
 967 
 968                 if (pdp->pd_plen == 0)
 969                         continue;
 970 
 971                 /*
 972                  * Process an individual filtee.
 973                  */
 974                 if (pdp->pd_info == NULL) {
 975                         const char      *filtee = pdp->pd_pname;
 976                         int             audit = 0;
 977 
 978                         DBG_CALL(Dbg_file_filtee(lml, NAME(ilmp), filtee, 0));
 979 
 980                         ghp = NULL;
 981 
 982                         /*
 983                          * Determine if the reference link map is already
 984                          * loaded.  As an optimization compare the filtee with
 985                          * our interpretor.  The most common filter is
 986                          * libdl.so.1, which is a filter on ld.so.1.
 987                          */
 988 #if     defined(_ELF64)
 989                         if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD_64)) == 0) {
 990 #else
 991                         if (strcmp(filtee, MSG_ORIG(MSG_PTH_RTLD)) == 0) {
 992 #endif
 993                                 uint_t  hflags, rdflags, cdflags;
 994 
 995                                 /*
 996                                  * Establish any flags for the handle (Grp_hdl).
 997                                  *
 998                                  *  -   This is a special, public, ld.so.1
 999                                  *      handle.
1000                                  *  -   Only the first object on this handle
1001                                  *      can supply symbols.
1002                                  *  -   This handle provides a filtee.
1003                                  *
1004                                  * Essentially, this handle allows a caller to
1005                                  * reference the dl*() family of interfaces from
1006                                  * ld.so.1.
1007                                  */
1008                                 hflags = (GPH_PUBLIC | GPH_LDSO |
1009                                     GPH_FIRST | GPH_FILTEE);
1010 
1011                                 /*
1012                                  * Establish the flags for the referenced
1013                                  * dependency descriptor (Grp_desc).
1014                                  *
1015                                  *  -   ld.so.1 is available for dlsym().
1016                                  *  -   ld.so.1 is available to relocate
1017                                  *      against.
1018                                  *  -   There's no need to add an dependencies
1019                                  *      to this handle.
1020                                  */
1021                                 rdflags = (GPD_DLSYM | GPD_RELOC);
1022 
1023                                 /*
1024                                  * Establish the flags for this callers
1025                                  * dependency descriptor (Grp_desc).
1026                                  *
1027                                  *  -   The explicit creation of a handle
1028                                  *      creates a descriptor for the referenced
1029                                  *      object and the parent (caller).
1030                                  */
1031                                 cdflags = GPD_PARENT;
1032 
1033                                 nlmp = lml_rtld.lm_head;
1034                                 if ((ghp = hdl_create(&lml_rtld, nlmp, ilmp,
1035                                     hflags, rdflags, cdflags)) == NULL)
1036                                         nlmp = NULL;
1037 
1038                                 /*
1039                                  * Establish the filter handle to prevent any
1040                                  * recursion.
1041                                  */
1042                                 if (nlmp && ghp)
1043                                         pdp->pd_info = (void *)ghp;
1044 
1045                                 /*
1046                                  * Audit the filter/filtee established.  Ignore
1047                                  * any return from the auditor, as we can't
1048                                  * allow ignore filtering to ld.so.1, otherwise
1049                                  * nothing is going to work.
1050                                  */
1051                                 if (nlmp && ((lml->lm_tflags | AFLAGS(ilmp)) &
1052                                     LML_TFLG_AUD_OBJFILTER))
1053                                         (void) audit_objfilter(ilmp, filtees,
1054                                             nlmp, 0);
1055 
1056                         } else {
1057                                 Rej_desc        rej = { 0 };
1058                                 Fdesc           fd = { 0 };
1059                                 Aliste          lmco;
1060 
1061                                 /*
1062                                  * Trace the inspection of this file, determine
1063                                  * any auditor substitution, and seed the file
1064                                  * descriptor with the originating name.
1065                                  */
1066                                 if (load_trace(lml, pdp, clmp, &fd) == NULL)
1067                                         continue;
1068 
1069                                 /*
1070                                  * Establish a link-map control list for this
1071                                  * request.
1072                                  */
1073                                 if ((lmco = create_cntl(lml, 0)) == NULL)
1074                                         return (NULL);
1075 
1076                                 /*
1077                                  * Locate and load the filtee.
1078                                  */
1079                                 if ((nlmp = load_path(lml, lmco, ilmp, mode,
1080                                     FLG_RT_PUBHDL, &ghp, &fd, &rej,
1081                                     in_nfavl)) == NULL)
1082                                         file_notfound(LIST(ilmp), filtee, ilmp,
1083                                             FLG_RT_PUBHDL, &rej);
1084 
1085                                 filtee = pdp->pd_pname;
1086 
1087                                 /*
1088                                  * Establish the filter handle to prevent any
1089                                  * recursion.
1090                                  */
1091                                 if (nlmp && ghp) {
1092                                         ghp->gh_flags |= GPH_FILTEE;
1093                                         pdp->pd_info = (void *)ghp;
1094 
1095                                         FLAGS1(nlmp) |= FL1_RT_USED;
1096                                 }
1097 
1098                                 /*
1099                                  * Audit the filter/filtee established.  A
1100                                  * return of 0 indicates the auditor wishes to
1101                                  * ignore this filtee.
1102                                  */
1103                                 if (nlmp && ((lml->lm_tflags | FLAGS1(ilmp)) &
1104                                     LML_TFLG_AUD_OBJFILTER)) {
1105                                         if (audit_objfilter(ilmp, filtees,
1106                                             nlmp, 0) == 0) {
1107                                                 audit = 1;
1108                                                 nlmp = NULL;
1109                                         }
1110                                 }
1111 
1112                                 /*
1113                                  * Finish processing the objects associated with
1114                                  * this request.  Create an association between
1115                                  * this object and the originating filter to
1116                                  * provide sufficient information to tear down
1117                                  * this filtee if necessary.
1118                                  */
1119                                 if (nlmp && ghp && (((nlmp = analyze_lmc(lml,
1120                                     lmco, nlmp, clmp, in_nfavl)) == NULL) ||
1121                                     (relocate_lmc(lml, lmco, ilmp, nlmp,
1122                                     in_nfavl) == 0)))
1123                                         nlmp = NULL;
1124 
1125                                 /*
1126                                  * If the filtee has been successfully
1127                                  * processed, then create an association
1128                                  * between the filter and filtee.  This
1129                                  * association provides sufficient information
1130                                  * to tear down the filter and filtee if
1131                                  * necessary.
1132                                  */
1133                                 DBG_CALL(Dbg_file_hdl_title(DBG_HDL_ADD));
1134                                 if (nlmp && ghp && (hdl_add(ghp, ilmp,
1135                                     GPD_FILTER, NULL) == NULL))
1136                                         nlmp = NULL;
1137 
1138                                 /*
1139                                  * Generate a diagnostic if the filtee couldn't
1140                                  * be loaded.
1141                                  */
1142                                 if (nlmp == NULL)
1143                                         DBG_CALL(Dbg_file_filtee(lml, 0, filtee,
1144                                             audit));
1145 
1146                                 /*
1147                                  * If this filtee loading has failed, and we've
1148                                  * created a new link-map control list to which
1149                                  * this request has added objects, then remove
1150                                  * all the objects that have been associated to
1151                                  * this request.
1152                                  */
1153                                 if ((nlmp == NULL) && (lmco != ALIST_OFF_DATA))
1154                                         remove_lmc(lml, clmp, lmco, name);
1155 
1156                                 /*
1157                                  * Remove any temporary link-map control list.
1158                                  */
1159                                 if (lmco != ALIST_OFF_DATA)
1160                                         remove_cntl(lml, lmco);
1161                         }
1162 
1163                         /*
1164                          * If the filtee couldn't be loaded, null out the
1165                          * path name descriptor entry, and continue the search.
1166                          * Otherwise, the group handle is retained for future
1167                          * symbol searches.
1168                          */
1169                         if (nlmp == NULL) {
1170                                 pdp->pd_info = NULL;
1171                                 pdp->pd_plen = 0;
1172                                 continue;
1173                         }
1174                 }
1175 
1176                 ghp = (Grp_hdl *)pdp->pd_info;
1177 
1178                 /*
1179                  * If name is NULL, we're here to trigger filtee loading.
1180                  * Skip the symbol lookup so that we'll continue looking for
1181                  * additional filtees.
1182                  */
1183                 if (name) {
1184                         Grp_desc        *gdp;
1185                         int             ret = 0;
1186                         Aliste          idx;
1187                         Slookup         sl = *slp;
1188 
1189                         sl.sl_flags |= (LKUP_FIRST | LKUP_DLSYM);
1190                         any++;
1191 
1192                         /*
1193                          * Look for the symbol in the handles dependencies.
1194                          */
1195                         for (ALIST_TRAVERSE(ghp->gh_depends, idx, gdp)) {
1196                                 if ((gdp->gd_flags & GPD_DLSYM) == 0)
1197                                         continue;
1198 
1199                                 /*
1200                                  * If our parent is a dependency don't look at
1201                                  * it (otherwise we are in a recursive loop).
1202                                  * This situation can occur with auxiliary
1203                                  * filters if the filtee has a dependency on the
1204                                  * filter.  This dependency isn't necessary as
1205                                  * auxiliary filters are opened RTLD_PARENT, but
1206                                  * users may still unknowingly add an explicit
1207                                  * dependency to the parent.
1208                                  */
1209                                 if ((sl.sl_imap = gdp->gd_depend) == ilmp)
1210                                         continue;
1211 
1212                                 if (((ret = SYMINTP(sl.sl_imap)(&sl, srp, binfo,
1213                                     in_nfavl)) != 0) ||
1214                                     (ghp->gh_flags & GPH_FIRST))
1215                                         break;
1216                         }
1217 
1218                         /*
1219                          * If a symbol has been found, indicate the binding
1220                          * and return the symbol.
1221                          */
1222                         if (ret) {
1223                                 *binfo |= DBG_BINFO_FILTEE;
1224                                 return (1);
1225                         }
1226                 }
1227 
1228                 /*
1229                  * If this object is tagged to terminate filtee processing we're
1230                  * done.
1231                  */
1232                 if (FLAGS1(ghp->gh_ownlmp) & FL1_RT_ENDFILTE)
1233                         break;
1234         }
1235 
1236         /*
1237          * If we're just here to trigger filtee loading then we're done.
1238          */
1239         if (name == NULL)
1240                 return (0);
1241 
1242         /*
1243          * If no filtees have been found for a filter, clean up any path name
1244          * descriptors and disable their search completely.  For auxiliary
1245          * filters we can reselect the symbol search function so that we never
1246          * enter this routine again for this object.  For standard filters we
1247          * use the null symbol routine.
1248          */
1249         if (any == 0) {
1250                 remove_alist((Alist **)&(dip->di_info), 1);
1251                 elf_disable_filtee(ilmp, dip);
1252         }
1253 
1254         return (0);
1255 }
1256 
1257 /*
1258  * Focal point for disabling error messages for auxiliary filters.  As an
1259  * auxiliary filter allows for filtee use, but provides a fallback should a
1260  * filtee not exist (or fail to load), any errors generated as a consequence of
1261  * trying to load the filtees are typically suppressed.  Setting RT_FL_SILENCERR
1262  * suppresses errors generated by eprintf(), but ensures a debug diagnostic is
1263  * produced.  ldd(1) employs printf(), and here the selection of whether to
1264  * print a diagnostic in regards to auxiliary filters is a little more complex.
1265  *
1266  *   -  The determination of whether to produce an ldd message, or a fatal
1267  *      error message is driven by LML_FLG_TRC_ENABLE.
1268  *   -  More detailed ldd messages may also be driven off of LML_FLG_TRC_WARN,
1269  *      (ldd -d/-r), LML_FLG_TRC_VERBOSE (ldd -v), LML_FLG_TRC_SEARCH (ldd -s),
1270  *      and LML_FLG_TRC_UNREF/LML_FLG_TRC_UNUSED (ldd -U/-u).
1271  *   -  If the calling object is lddstub, then several classes of message are
1272  *      suppressed.  The user isn't trying to diagnose lddstub, this is simply
1273  *      a stub executable employed to preload a user specified library against.
1274  *   -  If RT_FL_SILENCERR is in effect then any generic ldd() messages should
1275  *      be suppressed.  All detailed ldd messages should still be produced.
1276  */
1277 int
1278 elf_lookup_filtee(Slookup *slp, Sresult *srp, uint_t *binfo, uint_t ndx,
1279     int *in_nfavl)
1280 {
1281         Dyninfo *dip = &DYNINFO(slp->sl_imap)[ndx];
1282         int     ret, silent = 0;
1283 
1284         /*
1285          * Make sure this entry is still acting as a filter.  We may have tried
1286          * to process this previously, and disabled it if the filtee couldn't
1287          * be processed.  However, other entries may provide different filtees
1288          * that are yet to be completed.
1289          */
1290         if (dip->di_flags == 0)
1291                 return (0);
1292 
1293         /*
1294          * Indicate whether an error message is required should this filtee not
1295          * be found, based on the type of filter.
1296          */
1297         if ((dip->di_flags & FLG_DI_AUXFLTR) &&
1298             ((rtld_flags & (RT_FL_WARNFLTR | RT_FL_SILENCERR)) == 0)) {
1299                 rtld_flags |= RT_FL_SILENCERR;
1300                 silent = 1;
1301         }
1302 
1303         ret = _elf_lookup_filtee(slp, srp, binfo, ndx, in_nfavl);
1304 
1305         if (silent)
1306                 rtld_flags &= ~RT_FL_SILENCERR;
1307 
1308         return (ret);
1309 }
1310 
1311 /*
1312  * Compute the elf hash value (as defined in the ELF access library).
1313  * The form of the hash table is:
1314  *
1315  *      |--------------|
1316  *      | # of buckets |
1317  *      |--------------|
1318  *      | # of chains  |
1319  *      |--------------|
1320  *      |   bucket[]   |
1321  *      |--------------|
1322  *      |   chain[]    |
1323  *      |--------------|
1324  */
1325 ulong_t
1326 elf_hash(const char *name)
1327 {
1328         uint_t  hval = 0;
1329 
1330         while (*name) {
1331                 uint_t  g;
1332                 hval = (hval << 4) + *name++;
1333                 if ((g = (hval & 0xf0000000)) != 0)
1334                         hval ^= g >> 24;
1335                 hval &= ~g;
1336         }
1337         return ((ulong_t)hval);
1338 }
1339 
1340 /*
1341  * Look up a symbol.  The callers lookup information is passed in the Slookup
1342  * structure, and any resultant binding information is returned in the Sresult
1343  * structure.
1344  */
1345 int
1346 elf_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
1347 {
1348         const char      *name = slp->sl_name;
1349         Rt_map          *ilmp = slp->sl_imap;
1350         ulong_t         hash = slp->sl_hash;
1351         uint_t          ndx, hashoff, buckets, *chainptr;
1352         Sym             *sym, *symtabptr;
1353         char            *strtabptr, *strtabname;
1354         uint_t          flags1;
1355         Syminfo         *sip;
1356 
1357         /*
1358          * If we're only here to establish a symbols index, skip the diagnostic
1359          * used to trace a symbol search.
1360          */
1361         if ((slp->sl_flags & LKUP_SYMNDX) == 0)
1362                 DBG_CALL(Dbg_syms_lookup(ilmp, name, MSG_ORIG(MSG_STR_ELF)));
1363 
1364         if (HASH(ilmp) == NULL)
1365                 return (0);
1366 
1367         buckets = HASH(ilmp)[0];
1368         /* LINTED */
1369         hashoff = ((uint_t)hash % buckets) + 2;
1370 
1371         /*
1372          * Get the first symbol from the hash chain and initialize the string
1373          * and symbol table pointers.
1374          */
1375         if ((ndx = HASH(ilmp)[hashoff]) == 0)
1376                 return (0);
1377 
1378         chainptr = HASH(ilmp) + 2 + buckets;
1379         strtabptr = STRTAB(ilmp);
1380         symtabptr = SYMTAB(ilmp);
1381 
1382         while (ndx) {
1383                 sym = symtabptr + ndx;
1384                 strtabname = strtabptr + sym->st_name;
1385 
1386                 /*
1387                  * Compare the symbol found with the name required.  If the
1388                  * names don't match continue with the next hash entry.
1389                  */
1390                 if ((*strtabname++ != *name) || strcmp(strtabname, &name[1])) {
1391                         hashoff = ndx + buckets + 2;
1392                         if ((ndx = chainptr[ndx]) != 0)
1393                                 continue;
1394                         return (0);
1395                 }
1396 
1397                 /*
1398                  * Symbols that are defined as hidden within an object usually
1399                  * have any references from within the same object bound at
1400                  * link-edit time, thus ld.so.1 is not involved.  However, if
1401                  * these are capabilities symbols, then references to them must
1402                  * be resolved at runtime.  A hidden symbol can only be bound
1403                  * to by the object that defines the symbol.
1404                  */
1405                 if ((sym->st_shndx != SHN_UNDEF) &&
1406                     (ELF_ST_VISIBILITY(sym->st_other) == STV_HIDDEN) &&
1407                     (slp->sl_cmap != ilmp))
1408                         return (0);
1409 
1410                 /*
1411                  * The Solaris ld does not put DT_VERSYM in the dynamic
1412                  * section, but the GNU ld does. The GNU runtime linker
1413                  * interprets the top bit of the 16-bit Versym value
1414                  * (0x8000) as the "hidden" bit. If this bit is set,
1415                  * the linker is supposed to act as if that symbol does
1416                  * not exist. The hidden bit supports their versioning
1417                  * scheme, which allows multiple incompatible functions
1418                  * with the same name to exist at different versions
1419                  * within an object. The Solaris linker does not support this
1420                  * mechanism, or the model of interface evolution that
1421                  * it allows, but we honor the hidden bit in GNU ld
1422                  * produced objects in order to interoperate with them.
1423                  */
1424                 if (VERSYM(ilmp) && (VERSYM(ilmp)[ndx] & 0x8000)) {
1425                         DBG_CALL(Dbg_syms_ignore_gnuver(ilmp, name,
1426                             ndx, VERSYM(ilmp)[ndx]));
1427                         return (0);
1428                 }
1429 
1430                 /*
1431                  * If we're only here to establish a symbol's index, we're done.
1432                  */
1433                 if (slp->sl_flags & LKUP_SYMNDX) {
1434                         srp->sr_dmap = ilmp;
1435                         srp->sr_sym = sym;
1436                         return (1);
1437                 }
1438 
1439                 /*
1440                  * If we find a match and the symbol is defined, capture the
1441                  * symbol pointer and the link map in which it was found.
1442                  */
1443                 if (sym->st_shndx != SHN_UNDEF) {
1444                         srp->sr_dmap = ilmp;
1445                         srp->sr_sym = sym;
1446                         *binfo |= DBG_BINFO_FOUND;
1447 
1448                         if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1449                             ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1450                             is_sym_interposer(ilmp, sym)))
1451                                 *binfo |= DBG_BINFO_INTERPOSE;
1452                         break;
1453 
1454                 /*
1455                  * If we find a match and the symbol is undefined, the
1456                  * symbol type is a function, and the value of the symbol
1457                  * is non zero, then this is a special case.  This allows
1458                  * the resolution of a function address to the plt[] entry.
1459                  * See SPARC ABI, Dynamic Linking, Function Addresses for
1460                  * more details.
1461                  */
1462                 } else if ((slp->sl_flags & LKUP_SPEC) &&
1463                     (FLAGS(ilmp) & FLG_RT_ISMAIN) && (sym->st_value != 0) &&
1464                     (ELF_ST_TYPE(sym->st_info) == STT_FUNC)) {
1465                         srp->sr_dmap = ilmp;
1466                         srp->sr_sym = sym;
1467                         *binfo |= (DBG_BINFO_FOUND | DBG_BINFO_PLTADDR);
1468 
1469                         if ((FLAGS(ilmp) & FLG_RT_OBJINTPO) ||
1470                             ((FLAGS(ilmp) & FLG_RT_SYMINTPO) &&
1471                             is_sym_interposer(ilmp, sym)))
1472                                 *binfo |= DBG_BINFO_INTERPOSE;
1473                         return (1);
1474                 }
1475 
1476                 /*
1477                  * Undefined symbol.
1478                  */
1479                 return (0);
1480         }
1481 
1482         /*
1483          * We've found a match.  Determine if the defining object contains
1484          * symbol binding information.
1485          */
1486         if ((sip = SYMINFO(ilmp)) != NULL)
1487                 sip += ndx;
1488 
1489         /*
1490          * If this definition is a singleton, and we haven't followed a default
1491          * symbol search knowing that we're looking for a singleton (presumably
1492          * because the symbol definition has been changed since the referring
1493          * object was built), then reject this binding so that the caller can
1494          * fall back to a standard symbol search.
1495          */
1496         if ((ELF_ST_VISIBILITY(sym->st_other) == STV_SINGLETON) &&
1497             (((slp->sl_flags & LKUP_STANDARD) == 0) ||
1498             (((slp->sl_flags & LKUP_SINGLETON) == 0) &&
1499             (LIST(ilmp)->lm_flags & LML_FLG_GROUPSEXIST)))) {
1500                 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1501                     DBG_BNDREJ_SINGLE));
1502                 *binfo |= BINFO_REJSINGLE;
1503                 *binfo &= ~DBG_BINFO_MSK;
1504                 return (0);
1505         }
1506 
1507         /*
1508          * If this is a direct binding request, but the symbol definition has
1509          * disabled directly binding to it (presumably because the symbol
1510          * definition has been changed since the referring object was built),
1511          * reject this binding so that the caller can fall back to a standard
1512          * symbol search.
1513          */
1514         if (sip && (slp->sl_flags & LKUP_DIRECT) &&
1515             (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT)) {
1516                 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1517                     DBG_BNDREJ_DIRECT));
1518                 *binfo |= BINFO_REJDIRECT;
1519                 *binfo &= ~DBG_BINFO_MSK;
1520                 return (0);
1521         }
1522 
1523         /*
1524          * If this is a binding request within an RTLD_GROUP family, and the
1525          * symbol has disabled directly binding to it, reject this binding so
1526          * that the caller can fall back to a standard symbol search.
1527          *
1528          * Effectively, an RTLD_GROUP family achieves what can now be
1529          * established with direct bindings.  However, various symbols have
1530          * been tagged as inappropriate for direct binding to (ie. libc:malloc).
1531          *
1532          * A symbol marked as no-direct cannot be used within a group without
1533          * first ensuring that the symbol has not been interposed upon outside
1534          * of the group.  A common example occurs when users implement their own
1535          * version of malloc() in the executable.  Such a malloc() interposes on
1536          * the libc:malloc, and this interposition must be honored within the
1537          * group as well.
1538          *
1539          * Following any rejection, LKUP_WORLD is established as a means of
1540          * overriding this test as we return to a standard search.
1541          */
1542         if (sip && (sip->si_flags & SYMINFO_FLG_NOEXTDIRECT) &&
1543             ((MODE(slp->sl_cmap) & (RTLD_GROUP | RTLD_WORLD)) == RTLD_GROUP) &&
1544             ((slp->sl_flags & LKUP_WORLD) == 0)) {
1545                 DBG_CALL(Dbg_bind_reject(slp->sl_cmap, ilmp, name,
1546                     DBG_BNDREJ_GROUP));
1547                 *binfo |= BINFO_REJGROUP;
1548                 *binfo &= ~DBG_BINFO_MSK;
1549                 return (0);
1550         }
1551 
1552         /*
1553          * If this symbol is associated with capabilities, then each of the
1554          * capabilities instances needs to be compared against the system
1555          * capabilities.  The best instance will be chosen to satisfy this
1556          * binding.
1557          */
1558         if (CAP(ilmp) && CAPINFO(ilmp) && ELF_C_GROUP(CAPINFO(ilmp)[ndx]) &&
1559             (cap_match(srp, ndx, symtabptr, strtabptr) == 0))
1560                 return (0);
1561 
1562         /*
1563          * Determine whether this object is acting as a filter.
1564          */
1565         if (((flags1 = FLAGS1(ilmp)) & MSK_RT_FILTER) == 0)
1566                 return (1);
1567 
1568         /*
1569          * Determine if this object offers per-symbol filtering, and if so,
1570          * whether this symbol references a filtee.
1571          */
1572         if (sip && (flags1 & (FL1_RT_SYMSFLTR | FL1_RT_SYMAFLTR))) {
1573                 /*
1574                  * If this is a standard filter reference, and no standard
1575                  * filtees remain to be inspected, we're done.  If this is an
1576                  * auxiliary filter reference, and no auxiliary filtees remain,
1577                  * we'll fall through in case any object filtering is available.
1578                  */
1579                 if ((sip->si_flags & SYMINFO_FLG_FILTER) &&
1580                     (SYMSFLTRCNT(ilmp) == 0))
1581                         return (0);
1582 
1583                 if ((sip->si_flags & SYMINFO_FLG_FILTER) ||
1584                     ((sip->si_flags & SYMINFO_FLG_AUXILIARY) &&
1585                     SYMAFLTRCNT(ilmp))) {
1586                         Sresult sr;
1587 
1588                         /*
1589                          * Initialize a local symbol result descriptor, using
1590                          * the original symbol name.
1591                          */
1592                         SRESULT_INIT(sr, slp->sl_name);
1593 
1594                         /*
1595                          * This symbol has an associated filtee.  Lookup the
1596                          * symbol in the filtee, and if it is found return it.
1597                          * If the symbol doesn't exist, and this is a standard
1598                          * filter, return an error, otherwise fall through to
1599                          * catch any object filtering that may be available.
1600                          */
1601                         if (elf_lookup_filtee(slp, &sr, binfo, sip->si_boundto,
1602                             in_nfavl)) {
1603                                 *srp = sr;
1604                                 return (1);
1605                         }
1606                         if (sip->si_flags & SYMINFO_FLG_FILTER)
1607                                 return (0);
1608                 }
1609         }
1610 
1611         /*
1612          * Determine if this object provides global filtering.
1613          */
1614         if (flags1 & (FL1_RT_OBJSFLTR | FL1_RT_OBJAFLTR)) {
1615                 if (OBJFLTRNDX(ilmp) != FLTR_DISABLED) {
1616                         Sresult sr;
1617 
1618                         /*
1619                          * Initialize a local symbol result descriptor, using
1620                          * the original symbol name.
1621                          */
1622                         SRESULT_INIT(sr, slp->sl_name);
1623 
1624                         /*
1625                          * This object has an associated filtee.  Lookup the
1626                          * symbol in the filtee, and if it is found return it.
1627                          * If the symbol doesn't exist, and this is a standard
1628                          * filter, return and error, otherwise return the symbol
1629                          * within the filter itself.
1630                          */
1631                         if (elf_lookup_filtee(slp, &sr, binfo, OBJFLTRNDX(ilmp),
1632                             in_nfavl)) {
1633                                 *srp = sr;
1634                                 return (1);
1635                         }
1636                 }
1637 
1638                 if (flags1 & FL1_RT_OBJSFLTR)
1639                         return (0);
1640         }
1641         return (1);
1642 }
1643 
1644 /*
1645  * Create a new Rt_map structure for an ELF object and initialize
1646  * all values.
1647  */
1648 Rt_map *
1649 elf_new_lmp(Lm_list *lml, Aliste lmco, Fdesc *fdp, Addr addr, size_t msize,
1650     void *odyn, Rt_map *clmp, int *in_nfavl)
1651 {
1652         const char      *name = fdp->fd_nname;
1653         Rt_map          *lmp;
1654         Ehdr            *ehdr = (Ehdr *)addr;
1655         Phdr            *phdr, *tphdr = NULL, *dphdr = NULL, *uphdr = NULL;
1656         Dyn             *dyn = (Dyn *)odyn;
1657         Cap             *cap = NULL;
1658         int             ndx;
1659         Addr            base, fltr = 0, audit = 0, cfile = 0, crle = 0;
1660         Xword           rpath = 0;
1661         size_t          lmsz, rtsz, epsz, dynsz = 0;
1662         uint_t          dyncnt = 0;
1663 
1664         DBG_CALL(Dbg_file_elf(lml, name, addr, msize, lml->lm_lmidstr, lmco));
1665 
1666         /*
1667          * If this is a shared object, the base address of the shared object is
1668          * added to all address values defined within the object.  Otherwise, if
1669          * this is an executable, all object addresses are used as is.
1670          */
1671         if (ehdr->e_type == ET_EXEC)
1672                 base = 0;
1673         else
1674                 base = addr;
1675 
1676         /*
1677          * Traverse the program header table, picking off required items.  This
1678          * traversal also provides for the sizing of the PT_DYNAMIC section.
1679          */
1680         phdr = (Phdr *)((uintptr_t)ehdr + ehdr->e_phoff);
1681         for (ndx = 0; ndx < (int)ehdr->e_phnum; ndx++,
1682             phdr = (Phdr *)((uintptr_t)phdr + ehdr->e_phentsize)) {
1683                 switch (phdr->p_type) {
1684                 case PT_DYNAMIC:
1685                         dphdr = phdr;
1686                         dyn = (Dyn *)((uintptr_t)phdr->p_vaddr + base);
1687                         break;
1688                 case PT_TLS:
1689                         tphdr = phdr;
1690                         break;
1691                 case PT_SUNWCAP:
1692                         cap = (Cap *)((uintptr_t)phdr->p_vaddr + base);
1693                         break;
1694                 case PT_SUNW_UNWIND:
1695                 case PT_SUNW_EH_FRAME:
1696                         uphdr = phdr;
1697                         break;
1698                 default:
1699                         break;
1700                 }
1701         }
1702 
1703         /*
1704          * Determine the number of PT_DYNAMIC entries for the DYNINFO()
1705          * allocation.  Sadly, this is a little larger than we really need,
1706          * as there are typically padding DT_NULL entries.  However, adding
1707          * this data to the initial link-map allocation is a win.
1708          */
1709         if (dyn) {
1710                 dyncnt = dphdr->p_filesz / sizeof (Dyn);
1711                 dynsz = dyncnt * sizeof (Dyninfo);
1712         }
1713 
1714         /*
1715          * Allocate space for the link-map, private elf information, and
1716          * DYNINFO() data.  Once these are allocated and initialized,
1717          * remove_so(0, lmp) can be used to tear down the link-map allocation
1718          * should any failures occur.
1719          */
1720         rtsz = S_DROUND(sizeof (Rt_map));
1721         epsz = S_DROUND(sizeof (Rt_elfp));
1722         lmsz = rtsz + epsz + dynsz;
1723         if ((lmp = calloc(lmsz, 1)) == NULL)
1724                 return (NULL);
1725         ELFPRV(lmp) = (void *)((uintptr_t)lmp + rtsz);
1726         DYNINFO(lmp) = (Dyninfo *)((uintptr_t)lmp + rtsz + epsz);
1727         LMSIZE(lmp) = lmsz;
1728 
1729         /*
1730          * All fields not filled in were set to 0 by calloc.
1731          */
1732         NAME(lmp) = (char *)name;
1733         ADDR(lmp) = addr;
1734         MSIZE(lmp) = msize;
1735         SYMINTP(lmp) = elf_find_sym;
1736         FCT(lmp) = &elf_fct;
1737         LIST(lmp) = lml;
1738         OBJFLTRNDX(lmp) = FLTR_DISABLED;
1739         SORTVAL(lmp) = -1;
1740         DYN(lmp) = dyn;
1741         DYNINFOCNT(lmp) = dyncnt;
1742         PTUNWIND(lmp) = uphdr;
1743 
1744         if (ehdr->e_type == ET_EXEC)
1745                 FLAGS(lmp) |= FLG_RT_FIXED;
1746 
1747         /*
1748          * Fill in rest of the link map entries with information from the file's
1749          * dynamic structure.
1750          */
1751         if (dyn) {
1752                 Dyninfo         *dip;
1753                 uint_t          dynndx;
1754                 Xword           pltpadsz = 0;
1755                 Rti_desc        *rti;
1756                 Dyn             *pdyn;
1757                 Word            lmtflags = lml->lm_tflags;
1758                 int             ignore = 0;
1759 
1760                 /*
1761                  * Note, we use DT_NULL to terminate processing, and the
1762                  * dynamic entry count as a fall back.  Normally, a DT_NULL
1763                  * entry marks the end of the dynamic section.  Any non-NULL
1764                  * items following the first DT_NULL are silently ignored.
1765                  * This situation should only occur through use of elfedit(1)
1766                  * or a similar tool.
1767                  */
1768                 for (dynndx = 0, pdyn = NULL, dip = DYNINFO(lmp);
1769                     dynndx < dyncnt; dynndx++, pdyn = dyn++, dip++) {
1770 
1771                         if (ignore) {
1772                                 dip->di_flags |= FLG_DI_IGNORE;
1773                                 continue;
1774                         }
1775 
1776                         switch ((Xword)dyn->d_tag) {
1777                         case DT_NULL:
1778                                 dip->di_flags |= ignore = FLG_DI_IGNORE;
1779                                 break;
1780                         case DT_POSFLAG_1:
1781                                 dip->di_flags |= FLG_DI_POSFLAG1;
1782                                 break;
1783                         case DT_NEEDED:
1784                         case DT_USED:
1785                                 dip->di_flags |= FLG_DI_NEEDED;
1786 
1787                                 /* BEGIN CSTYLED */
1788                                 if (pdyn && (pdyn->d_tag == DT_POSFLAG_1)) {
1789                                     /*
1790                                      * Identify any non-deferred lazy load for
1791                                      * future processing, unless LD_NOLAZYLOAD
1792                                      * has been set.
1793                                      */
1794                                     if ((pdyn->d_un.d_val & DF_P1_LAZYLOAD) &&
1795                                         ((lmtflags & LML_TFLG_NOLAZYLD) == 0))
1796                                             dip->di_flags |= FLG_DI_LAZY;
1797 
1798                                     /*
1799                                      * Identify any group permission
1800                                      * requirements.
1801                                      */
1802                                     if (pdyn->d_un.d_val & DF_P1_GROUPPERM)
1803                                             dip->di_flags |= FLG_DI_GROUP;
1804 
1805                                     /*
1806                                      * Identify any deferred dependencies.
1807                                      */
1808                                     if (pdyn->d_un.d_val & DF_P1_DEFERRED)
1809                                             dip->di_flags |= FLG_DI_DEFERRED;
1810                                 }
1811                                 /* END CSTYLED */
1812                                 break;
1813                         case DT_SYMTAB:
1814                                 SYMTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1815                                 break;
1816                         case DT_SUNW_SYMTAB:
1817                                 SUNWSYMTAB(lmp) =
1818                                     (void *)(dyn->d_un.d_ptr + base);
1819                                 break;
1820                         case DT_SUNW_SYMSZ:
1821                                 SUNWSYMSZ(lmp) = dyn->d_un.d_val;
1822                                 break;
1823                         case DT_STRTAB:
1824                                 STRTAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1825                                 break;
1826                         case DT_SYMENT:
1827                                 SYMENT(lmp) = dyn->d_un.d_val;
1828                                 break;
1829                         case DT_FEATURE_1:
1830                                 if (dyn->d_un.d_val & DTF_1_CONFEXP)
1831                                         crle = 1;
1832                                 break;
1833                         case DT_MOVESZ:
1834                                 MOVESZ(lmp) = dyn->d_un.d_val;
1835                                 FLAGS(lmp) |= FLG_RT_MOVE;
1836                                 break;
1837                         case DT_MOVEENT:
1838                                 MOVEENT(lmp) = dyn->d_un.d_val;
1839                                 break;
1840                         case DT_MOVETAB:
1841                                 MOVETAB(lmp) = (void *)(dyn->d_un.d_ptr + base);
1842                                 break;
1843                         case DT_REL:
1844                         case DT_RELA:
1845                                 /*
1846                                  * At this time, ld.so. can only handle one
1847                                  * type of relocation per object.
1848                                  */
1849                                 REL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1850                                 break;
1851                         case DT_RELSZ:
1852                         case DT_RELASZ:
1853                                 RELSZ(lmp) = dyn->d_un.d_val;
1854                                 break;
1855                         case DT_RELENT:
1856                         case DT_RELAENT:
1857                                 RELENT(lmp) = dyn->d_un.d_val;
1858                                 break;
1859                         case DT_RELCOUNT:
1860                         case DT_RELACOUNT:
1861                                 RELACOUNT(lmp) = (uint_t)dyn->d_un.d_val;
1862                                 break;
1863                         case DT_HASH:
1864                                 HASH(lmp) = (uint_t *)(dyn->d_un.d_ptr + base);
1865                                 break;
1866                         case DT_PLTGOT:
1867                                 PLTGOT(lmp) =
1868                                     (uint_t *)(dyn->d_un.d_ptr + base);
1869                                 break;
1870                         case DT_PLTRELSZ:
1871                                 PLTRELSZ(lmp) = dyn->d_un.d_val;
1872                                 break;
1873                         case DT_JMPREL:
1874                                 JMPREL(lmp) = (void *)(dyn->d_un.d_ptr + base);
1875                                 break;
1876                         case DT_INIT:
1877                                 if (dyn->d_un.d_ptr != NULL)
1878                                         INIT(lmp) =
1879                                             (void (*)())(dyn->d_un.d_ptr +
1880                                             base);
1881                                 break;
1882                         case DT_FINI:
1883                                 if (dyn->d_un.d_ptr != NULL)
1884                                         FINI(lmp) =
1885                                             (void (*)())(dyn->d_un.d_ptr +
1886                                             base);
1887                                 break;
1888                         case DT_INIT_ARRAY:
1889                                 INITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1890                                     base);
1891                                 break;
1892                         case DT_INIT_ARRAYSZ:
1893                                 INITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1894                                 break;
1895                         case DT_FINI_ARRAY:
1896                                 FINIARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1897                                     base);
1898                                 break;
1899                         case DT_FINI_ARRAYSZ:
1900                                 FINIARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1901                                 break;
1902                         case DT_PREINIT_ARRAY:
1903                                 PREINITARRAY(lmp) = (Addr *)(dyn->d_un.d_ptr +
1904                                     base);
1905                                 break;
1906                         case DT_PREINIT_ARRAYSZ:
1907                                 PREINITARRAYSZ(lmp) = (uint_t)dyn->d_un.d_val;
1908                                 break;
1909                         case DT_RPATH:
1910                         case DT_RUNPATH:
1911                                 rpath = dyn->d_un.d_val;
1912                                 break;
1913                         case DT_FILTER:
1914                                 dip->di_flags |= FLG_DI_STDFLTR;
1915                                 fltr = dyn->d_un.d_val;
1916                                 OBJFLTRNDX(lmp) = dynndx;
1917                                 FLAGS1(lmp) |= FL1_RT_OBJSFLTR;
1918                                 break;
1919                         case DT_AUXILIARY:
1920                                 dip->di_flags |= FLG_DI_AUXFLTR;
1921                                 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1922                                         fltr = dyn->d_un.d_val;
1923                                         OBJFLTRNDX(lmp) = dynndx;
1924                                 }
1925                                 FLAGS1(lmp) |= FL1_RT_OBJAFLTR;
1926                                 break;
1927                         case DT_SUNW_FILTER:
1928                                 dip->di_flags |=
1929                                     (FLG_DI_STDFLTR | FLG_DI_SYMFLTR);
1930                                 SYMSFLTRCNT(lmp)++;
1931                                 FLAGS1(lmp) |= FL1_RT_SYMSFLTR;
1932                                 break;
1933                         case DT_SUNW_AUXILIARY:
1934                                 dip->di_flags |=
1935                                     (FLG_DI_AUXFLTR | FLG_DI_SYMFLTR);
1936                                 if (!(rtld_flags & RT_FL_NOAUXFLTR)) {
1937                                         SYMAFLTRCNT(lmp)++;
1938                                 }
1939                                 FLAGS1(lmp) |= FL1_RT_SYMAFLTR;
1940                                 break;
1941                         case DT_DEPAUDIT:
1942                                 if (!(rtld_flags & RT_FL_NOAUDIT)) {
1943                                         audit = dyn->d_un.d_val;
1944                                         FLAGS1(lmp) |= FL1_RT_DEPAUD;
1945                                 }
1946                                 break;
1947                         case DT_CONFIG:
1948                                 cfile = dyn->d_un.d_val;
1949                                 break;
1950                         case DT_DEBUG:
1951                                 /*
1952                                  * DT_DEBUG entries are only created in
1953                                  * dynamic objects that require an interpretor
1954                                  * (ie. all dynamic executables and some shared
1955                                  * objects), and provide for a hand-shake with
1956                                  * old debuggers.  This entry is initialized to
1957                                  * zero by the link-editor.  If a debugger is
1958                                  * monitoring us, and has updated this entry,
1959                                  * set the debugger monitor flag, and finish
1960                                  * initializing the debugging structure.  See
1961                                  * setup().  Also, switch off any configuration
1962                                  * object use as most debuggers can't handle
1963                                  * fixed dynamic executables as dependencies.
1964                                  */
1965                                 if (dyn->d_un.d_ptr)
1966                                         rtld_flags |=
1967                                             (RT_FL_DEBUGGER | RT_FL_NOOBJALT);
1968                                 dyn->d_un.d_ptr = (Addr)&r_debug;
1969                                 break;
1970                         case DT_VERNEED:
1971                                 VERNEED(lmp) = (Verneed *)(dyn->d_un.d_ptr +
1972                                     base);
1973                                 break;
1974                         case DT_VERNEEDNUM:
1975                                 /* LINTED */
1976                                 VERNEEDNUM(lmp) = (int)dyn->d_un.d_val;
1977                                 break;
1978                         case DT_VERDEF:
1979                                 VERDEF(lmp) = (Verdef *)(dyn->d_un.d_ptr +
1980                                     base);
1981                                 break;
1982                         case DT_VERDEFNUM:
1983                                 /* LINTED */
1984                                 VERDEFNUM(lmp) = (int)dyn->d_un.d_val;
1985                                 break;
1986                         case DT_VERSYM:
1987                                 /*
1988                                  * The Solaris ld does not produce DT_VERSYM,
1989                                  * but the GNU ld does, in order to support
1990                                  * their style of versioning, which differs
1991                                  * from ours in some ways, while using the
1992                                  * same data structures. The presence of
1993                                  * DT_VERSYM therefore means that GNU
1994                                  * versioning rules apply to the given file.
1995                                  * If DT_VERSYM is not present, then Solaris
1996                                  * versioning rules apply.
1997                                  */
1998                                 VERSYM(lmp) = (Versym *)(dyn->d_un.d_ptr +
1999                                     base);
2000                                 break;
2001                         case DT_BIND_NOW:
2002                                 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
2003                                     ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2004                                         MODE(lmp) |= RTLD_NOW;
2005                                         MODE(lmp) &= ~RTLD_LAZY;
2006                                 }
2007                                 break;
2008                         case DT_FLAGS:
2009                                 FLAGS1(lmp) |= FL1_RT_DTFLAGS;
2010                                 if (dyn->d_un.d_val & DF_SYMBOLIC)
2011                                         FLAGS1(lmp) |= FL1_RT_SYMBOLIC;
2012                                 if ((dyn->d_un.d_val & DF_BIND_NOW) &&
2013                                     ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2014                                         MODE(lmp) |= RTLD_NOW;
2015                                         MODE(lmp) &= ~RTLD_LAZY;
2016                                 }
2017                                 /*
2018                                  * Capture any static TLS use, and enforce that
2019                                  * this object be non-deletable.
2020                                  */
2021                                 if (dyn->d_un.d_val & DF_STATIC_TLS) {
2022                                         FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2023                                         MODE(lmp) |= RTLD_NODELETE;
2024                                 }
2025                                 break;
2026                         case DT_FLAGS_1:
2027                                 if (dyn->d_un.d_val & DF_1_DISPRELPND)
2028                                         FLAGS1(lmp) |= FL1_RT_DISPREL;
2029                                 if (dyn->d_un.d_val & DF_1_GROUP)
2030                                         FLAGS(lmp) |=
2031                                             (FLG_RT_SETGROUP | FLG_RT_PUBHDL);
2032                                 if ((dyn->d_un.d_val & DF_1_NOW) &&
2033                                     ((rtld_flags2 & RT_FL2_BINDLAZY) == 0)) {
2034                                         MODE(lmp) |= RTLD_NOW;
2035                                         MODE(lmp) &= ~RTLD_LAZY;
2036                                 }
2037                                 if (dyn->d_un.d_val & DF_1_NODELETE)
2038                                         MODE(lmp) |= RTLD_NODELETE;
2039                                 if (dyn->d_un.d_val & DF_1_INITFIRST)
2040                                         FLAGS(lmp) |= FLG_RT_INITFRST;
2041                                 if (dyn->d_un.d_val & DF_1_NOOPEN)
2042                                         FLAGS(lmp) |= FLG_RT_NOOPEN;
2043                                 if (dyn->d_un.d_val & DF_1_LOADFLTR)
2044                                         FLAGS(lmp) |= FLG_RT_LOADFLTR;
2045                                 if (dyn->d_un.d_val & DF_1_NODUMP)
2046                                         FLAGS(lmp) |= FLG_RT_NODUMP;
2047                                 if (dyn->d_un.d_val & DF_1_CONFALT)
2048                                         crle = 1;
2049                                 if (dyn->d_un.d_val & DF_1_DIRECT)
2050                                         FLAGS1(lmp) |= FL1_RT_DIRECT;
2051                                 if (dyn->d_un.d_val & DF_1_NODEFLIB)
2052                                         FLAGS1(lmp) |= FL1_RT_NODEFLIB;
2053                                 if (dyn->d_un.d_val & DF_1_ENDFILTEE)
2054                                         FLAGS1(lmp) |= FL1_RT_ENDFILTE;
2055                                 if (dyn->d_un.d_val & DF_1_TRANS)
2056                                         FLAGS(lmp) |= FLG_RT_TRANS;
2057 
2058                                 /*
2059                                  * Global auditing is only meaningful when
2060                                  * specified by the initiating object of the
2061                                  * process - typically the dynamic executable.
2062                                  * If this is the initiating object, its link-
2063                                  * map will not yet have been added to the
2064                                  * link-map list, and consequently the link-map
2065                                  * list is empty.  (see setup()).
2066                                  */
2067                                 if (dyn->d_un.d_val & DF_1_GLOBAUDIT) {
2068                                         if (lml_main.lm_head == NULL)
2069                                                 FLAGS1(lmp) |= FL1_RT_GLOBAUD;
2070                                         else
2071                                                 DBG_CALL(Dbg_audit_ignore(lmp));
2072                                 }
2073 
2074                                 /*
2075                                  * If this object identifies itself as an
2076                                  * interposer, but relocation processing has
2077                                  * already started, then demote it.  It's too
2078                                  * late to guarantee complete interposition.
2079                                  */
2080                                 /* BEGIN CSTYLED */
2081                                 if (dyn->d_un.d_val &
2082                                     (DF_1_INTERPOSE | DF_1_SYMINTPOSE)) {
2083                                     if (lml->lm_flags & LML_FLG_STARTREL) {
2084                                         DBG_CALL(Dbg_util_intoolate(lmp));
2085                                         if (lml->lm_flags & LML_FLG_TRC_ENABLE)
2086                                             (void) printf(
2087                                                 MSG_INTL(MSG_LDD_REL_ERR2),
2088                                                 NAME(lmp));
2089                                     } else if (dyn->d_un.d_val & DF_1_INTERPOSE)
2090                                         FLAGS(lmp) |= FLG_RT_OBJINTPO;
2091                                     else
2092                                         FLAGS(lmp) |= FLG_RT_SYMINTPO;
2093                                 }
2094                                 /* END CSTYLED */
2095                                 break;
2096                         case DT_SYMINFO:
2097                                 SYMINFO(lmp) = (Syminfo *)(dyn->d_un.d_ptr +
2098                                     base);
2099                                 break;
2100                         case DT_SYMINENT:
2101                                 SYMINENT(lmp) = dyn->d_un.d_val;
2102                                 break;
2103                         case DT_PLTPAD:
2104                                 PLTPAD(lmp) = (void *)(dyn->d_un.d_ptr + base);
2105                                 break;
2106                         case DT_PLTPADSZ:
2107                                 pltpadsz = dyn->d_un.d_val;
2108                                 break;
2109                         case DT_SUNW_RTLDINF:
2110                                 /*
2111                                  * Maintain a list of RTLDINFO structures.
2112                                  * Typically, libc is the only supplier, and
2113                                  * only one structure is provided.  However,
2114                                  * multiple suppliers and multiple structures
2115                                  * are supported.  For example, one structure
2116                                  * may provide thread_init, and another
2117                                  * structure may provide atexit reservations.
2118                                  */
2119                                 if ((rti = alist_append(&lml->lm_rti, NULL,
2120                                     sizeof (Rti_desc),
2121                                     AL_CNT_RTLDINFO)) == NULL) {
2122                                         remove_so(0, lmp, clmp);
2123                                         return (NULL);
2124                                 }
2125                                 rti->rti_lmp = lmp;
2126                                 rti->rti_info = (void *)(dyn->d_un.d_ptr +
2127                                     base);
2128                                 break;
2129                         case DT_SUNW_SORTENT:
2130                                 SUNWSORTENT(lmp) = dyn->d_un.d_val;
2131                                 break;
2132                         case DT_SUNW_SYMSORT:
2133                                 SUNWSYMSORT(lmp) =
2134                                     (void *)(dyn->d_un.d_ptr + base);
2135                                 break;
2136                         case DT_SUNW_SYMSORTSZ:
2137                                 SUNWSYMSORTSZ(lmp) = dyn->d_un.d_val;
2138                                 break;
2139                         case DT_DEPRECATED_SPARC_REGISTER:
2140                         case M_DT_REGISTER:
2141                                 dip->di_flags |= FLG_DI_REGISTER;
2142                                 FLAGS(lmp) |= FLG_RT_REGSYMS;
2143                                 break;
2144                         case DT_SUNW_CAP:
2145                                 CAP(lmp) = (void *)(dyn->d_un.d_ptr + base);
2146                                 break;
2147                         case DT_SUNW_CAPINFO:
2148                                 CAPINFO(lmp) = (void *)(dyn->d_un.d_ptr + base);
2149                                 break;
2150                         case DT_SUNW_CAPCHAIN:
2151                                 CAPCHAIN(lmp) = (void *)(dyn->d_un.d_ptr +
2152                                     base);
2153                                 break;
2154                         case DT_SUNW_CAPCHAINENT:
2155                                 CAPCHAINENT(lmp) = dyn->d_un.d_val;
2156                                 break;
2157                         case DT_SUNW_CAPCHAINSZ:
2158                                 CAPCHAINSZ(lmp) = dyn->d_un.d_val;
2159                                 break;
2160                         }
2161                 }
2162 
2163                 /*
2164                  * Update any Dyninfo string pointers now that STRTAB() is
2165                  * known.
2166                  */
2167                 for (dynndx = 0, dyn = DYN(lmp), dip = DYNINFO(lmp);
2168                     !(dip->di_flags & FLG_DI_IGNORE); dyn++, dip++) {
2169 
2170                         switch ((Xword)dyn->d_tag) {
2171                         case DT_NEEDED:
2172                         case DT_USED:
2173                         case DT_FILTER:
2174                         case DT_AUXILIARY:
2175                         case DT_SUNW_FILTER:
2176                         case DT_SUNW_AUXILIARY:
2177                                 dip->di_name = STRTAB(lmp) + dyn->d_un.d_val;
2178                                 break;
2179                         }
2180                 }
2181 
2182                 /*
2183                  * Assign any padding.
2184                  */
2185                 if (PLTPAD(lmp)) {
2186                         if (pltpadsz == (Xword)0)
2187                                 PLTPAD(lmp) = NULL;
2188                         else
2189                                 PLTPADEND(lmp) = (void *)((Addr)PLTPAD(lmp) +
2190                                     pltpadsz);
2191                 }
2192         }
2193 
2194         /*
2195          * A dynsym contains only global functions. We want to have
2196          * a version of it that also includes local functions, so that
2197          * dladdr() will be able to report names for local functions
2198          * when used to generate a stack trace for a stripped file.
2199          * This version of the dynsym is provided via DT_SUNW_SYMTAB.
2200          *
2201          * In producing DT_SUNW_SYMTAB, ld uses a non-obvious trick
2202          * in order to avoid having to have two copies of the global
2203          * symbols held in DT_SYMTAB: The local symbols are placed in
2204          * a separate section than the globals in the dynsym, but the
2205          * linker conspires to put the data for these two sections adjacent
2206          * to each other. DT_SUNW_SYMTAB points at the top of the local
2207          * symbols, and DT_SUNW_SYMSZ is the combined length of both tables.
2208          *
2209          * If the two sections are not adjacent, then something went wrong
2210          * at link time. We use ASSERT to kill the process if this is
2211          * a debug build. In a production build, we will silently ignore
2212          * the presence of the .ldynsym and proceed. We can detect this
2213          * situation by checking to see that DT_SYMTAB lies in
2214          * the range given by DT_SUNW_SYMTAB/DT_SUNW_SYMSZ.
2215          */
2216         if ((SUNWSYMTAB(lmp) != NULL) &&
2217             (((char *)SYMTAB(lmp) <= (char *)SUNWSYMTAB(lmp)) ||
2218             (((char *)SYMTAB(lmp) >=
2219             (SUNWSYMSZ(lmp) + (char *)SUNWSYMTAB(lmp)))))) {
2220                 ASSERT(0);
2221                 SUNWSYMTAB(lmp) = NULL;
2222                 SUNWSYMSZ(lmp) = 0;
2223         }
2224 
2225         /*
2226          * If configuration file use hasn't been disabled, and a configuration
2227          * file hasn't already been set via an environment variable, see if any
2228          * application specific configuration file is specified.  An LD_CONFIG
2229          * setting is used first, but if this image was generated via crle(1)
2230          * then a default configuration file is a fall-back.
2231          */
2232         if ((!(rtld_flags & RT_FL_NOCFG)) && (config->c_name == NULL)) {
2233                 if (cfile)
2234                         config->c_name = (const char *)(cfile +
2235                             (char *)STRTAB(lmp));
2236                 else if (crle)
2237                         rtld_flags |= RT_FL_CONFAPP;
2238         }
2239 
2240         if (rpath)
2241                 RPATH(lmp) = (char *)(rpath + (char *)STRTAB(lmp));
2242         if (fltr)
2243                 REFNAME(lmp) = (char *)(fltr + (char *)STRTAB(lmp));
2244 
2245         /*
2246          * For Intel ABI compatibility.  It's possible that a JMPREL can be
2247          * specified without any other relocations (e.g. a dynamic executable
2248          * normally only contains .plt relocations).  If this is the case then
2249          * no REL, RELSZ or RELENT will have been created.  For us to be able
2250          * to traverse the .plt relocations under LD_BIND_NOW we need to know
2251          * the RELENT for these relocations.  Refer to elf_reloc() for more
2252          * details.
2253          */
2254         if (!RELENT(lmp) && JMPREL(lmp))
2255                 RELENT(lmp) = sizeof (M_RELOC);
2256 
2257         /*
2258          * Establish any per-object auditing.  If we're establishing main's
2259          * link-map its too early to go searching for audit objects so just
2260          * hold the object name for later (see setup()).
2261          */
2262         if (audit) {
2263                 char    *cp = audit + (char *)STRTAB(lmp);
2264 
2265                 if (*cp) {
2266                         if (((AUDITORS(lmp) =
2267                             calloc(1, sizeof (Audit_desc))) == NULL) ||
2268                             ((AUDITORS(lmp)->ad_name = strdup(cp)) == NULL)) {
2269                                 remove_so(0, lmp, clmp);
2270                                 return (NULL);
2271                         }
2272                         if (lml_main.lm_head) {
2273                                 if (audit_setup(lmp, AUDITORS(lmp), 0,
2274                                     in_nfavl) == 0) {
2275                                         remove_so(0, lmp, clmp);
2276                                         return (NULL);
2277                                 }
2278                                 AFLAGS(lmp) |= AUDITORS(lmp)->ad_flags;
2279                                 lml->lm_flags |= LML_FLG_LOCAUDIT;
2280                         }
2281                 }
2282         }
2283 
2284         if (tphdr && (tls_assign(lml, lmp, tphdr) == 0)) {
2285                 remove_so(0, lmp, clmp);
2286                 return (NULL);
2287         }
2288 
2289         /*
2290          * A capabilities section should be identified by a DT_SUNW_CAP entry,
2291          * and if non-empty object capabilities are included, a PT_SUNWCAP
2292          * header should reference the section.  Make sure CAP() is set
2293          * regardless.
2294          */
2295         if ((CAP(lmp) == NULL) && cap)
2296                 CAP(lmp) = cap;
2297 
2298         /*
2299          * Make sure any capabilities information or chain can be handled.
2300          */
2301         if (CAPINFO(lmp) && (CAPINFO(lmp)[0] > CAPINFO_CURRENT))
2302                 CAPINFO(lmp) = NULL;
2303         if (CAPCHAIN(lmp) && (CAPCHAIN(lmp)[0] > CAPCHAIN_CURRENT))
2304                 CAPCHAIN(lmp) = NULL;
2305 
2306         /*
2307          * As part of processing dependencies, a file descriptor is populated
2308          * with capabilities information following validation.
2309          */
2310         if (fdp->fd_flags & FLG_FD_ALTCHECK) {
2311                 FLAGS1(lmp) |= FL1_RT_ALTCHECK;
2312                 CAPSET(lmp) = fdp->fd_scapset;
2313 
2314                 if (fdp->fd_flags & FLG_FD_ALTCAP)
2315                         FLAGS1(lmp) |= FL1_RT_ALTCAP;
2316 
2317         } else if ((cap = CAP(lmp)) != NULL) {
2318                 /*
2319                  * Processing of the a.out and ld.so.1 does not involve a file
2320                  * descriptor as exec() did all the work, so capture the
2321                  * capabilities for these cases.
2322                  */
2323                 while (cap->c_tag != CA_SUNW_NULL) {
2324                         switch (cap->c_tag) {
2325                         case CA_SUNW_HW_1:
2326                                 CAPSET(lmp).sc_hw_1 = cap->c_un.c_val;
2327                                 break;
2328                         case CA_SUNW_SF_1:
2329                                 CAPSET(lmp).sc_sf_1 = cap->c_un.c_val;
2330                                 break;
2331                         case CA_SUNW_HW_2:
2332                                 CAPSET(lmp).sc_hw_2 = cap->c_un.c_val;
2333                                 break;
2334                         case CA_SUNW_PLAT:
2335                                 CAPSET(lmp).sc_plat = STRTAB(lmp) +
2336                                     cap->c_un.c_ptr;
2337                                 break;
2338                         case CA_SUNW_MACH:
2339                                 CAPSET(lmp).sc_mach = STRTAB(lmp) +
2340                                     cap->c_un.c_ptr;
2341                                 break;
2342                         }
2343                         cap++;
2344                 }
2345         }
2346 
2347         /*
2348          * If a capabilities chain table exists, duplicate it.  The chain table
2349          * is inspected for each initial call to a capabilities family lead
2350          * symbol.  From this chain, each family member is inspected to
2351          * determine the 'best' family member.  The chain table is then updated
2352          * so that the best member is immediately selected for any further
2353          * family searches.
2354          */
2355         if (CAPCHAIN(lmp)) {
2356                 Capchain        *capchain;
2357 
2358                 if ((capchain = calloc(CAPCHAINSZ(lmp), 1)) == NULL)
2359                         return (NULL);
2360                 (void) memcpy(capchain, CAPCHAIN(lmp), CAPCHAINSZ(lmp));
2361                 CAPCHAIN(lmp) = capchain;
2362         }
2363 
2364         /*
2365          * Add the mapped object to the end of the link map list.
2366          */
2367         lm_append(lml, lmco, lmp);
2368 
2369         /*
2370          * Start the system loading in the ELF information we'll be processing.
2371          */
2372         if (REL(lmp)) {
2373                 (void) madvise((void *)ADDR(lmp), (uintptr_t)REL(lmp) +
2374                     (uintptr_t)RELSZ(lmp) - (uintptr_t)ADDR(lmp),
2375                     MADV_WILLNEED);
2376         }
2377         return (lmp);
2378 }
2379 
2380 /*
2381  * Build full pathname of shared object from given directory name and filename.
2382  */
2383 static char *
2384 elf_get_so(const char *dir, const char *file, size_t dlen, size_t flen)
2385 {
2386         static char     pname[PATH_MAX];
2387 
2388         (void) strncpy(pname, dir, dlen);
2389         pname[dlen++] = '/';
2390         (void) strncpy(&pname[dlen], file, flen + 1);
2391         return (pname);
2392 }
2393 
2394 /*
2395  * The copy relocation is recorded in a copy structure which will be applied
2396  * after all other relocations are carried out.  This provides for copying data
2397  * that must be relocated itself (ie. pointers in shared objects).  This
2398  * structure also provides a means of binding RTLD_GROUP dependencies to any
2399  * copy relocations that have been taken from any group members.
2400  *
2401  * If the size of the .bss area available for the copy information is not the
2402  * same as the source of the data inform the user if we're under ldd(1) control
2403  * (this checking was only established in 5.3, so by only issuing an error via
2404  * ldd(1) we maintain the standard set by previous releases).
2405  */
2406 int
2407 elf_copy_reloc(char *name, Sym *rsym, Rt_map *rlmp, void *radd, Sym *dsym,
2408     Rt_map *dlmp, const void *dadd)
2409 {
2410         Rel_copy        rc;
2411         Lm_list         *lml = LIST(rlmp);
2412 
2413         rc.r_name = name;
2414         rc.r_rsym = rsym;               /* the new reference symbol and its */
2415         rc.r_rlmp = rlmp;               /*      associated link-map */
2416         rc.r_dlmp = dlmp;               /* the defining link-map */
2417         rc.r_dsym = dsym;               /* the original definition */
2418         rc.r_radd = radd;
2419         rc.r_dadd = dadd;
2420 
2421         if (rsym->st_size > dsym->st_size)
2422                 rc.r_size = (size_t)dsym->st_size;
2423         else
2424                 rc.r_size = (size_t)rsym->st_size;
2425 
2426         if (alist_append(&COPY_R(dlmp), &rc, sizeof (Rel_copy),
2427             AL_CNT_COPYREL) == NULL) {
2428                 if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2429                         return (0);
2430                 else
2431                         return (1);
2432         }
2433         if (!(FLAGS1(dlmp) & FL1_RT_COPYTOOK)) {
2434                 if (aplist_append(&COPY_S(rlmp), dlmp,
2435                     AL_CNT_COPYREL) == NULL) {
2436                         if (!(lml->lm_flags & LML_FLG_TRC_WARN))
2437                                 return (0);
2438                         else
2439                                 return (1);
2440                 }
2441                 FLAGS1(dlmp) |= FL1_RT_COPYTOOK;
2442         }
2443 
2444         /*
2445          * If we are tracing (ldd), warn the user if
2446          *      1) the size from the reference symbol differs from the
2447          *         copy definition. We can only copy as much data as the
2448          *         reference (dynamic executables) entry allows.
2449          *      2) the copy definition has STV_PROTECTED visibility.
2450          */
2451         if (lml->lm_flags & LML_FLG_TRC_WARN) {
2452                 if (rsym->st_size != dsym->st_size) {
2453                         (void) printf(MSG_INTL(MSG_LDD_CPY_SIZDIF),
2454                             _conv_reloc_type(M_R_COPY), demangle(name),
2455                             NAME(rlmp), EC_XWORD(rsym->st_size),
2456                             NAME(dlmp), EC_XWORD(dsym->st_size));
2457                         if (rsym->st_size > dsym->st_size)
2458                                 (void) printf(MSG_INTL(MSG_LDD_CPY_INSDATA),
2459                                     NAME(dlmp));
2460                         else
2461                                 (void) printf(MSG_INTL(MSG_LDD_CPY_DATRUNC),
2462                                     NAME(rlmp));
2463                 }
2464 
2465                 if (ELF_ST_VISIBILITY(dsym->st_other) == STV_PROTECTED) {
2466                         (void) printf(MSG_INTL(MSG_LDD_CPY_PROT),
2467                             _conv_reloc_type(M_R_COPY), demangle(name),
2468                             NAME(dlmp));
2469                 }
2470         }
2471 
2472         DBG_CALL(Dbg_reloc_apply_val(lml, ELF_DBG_RTLD, (Xword)radd,
2473             (Xword)rc.r_size));
2474         return (1);
2475 }
2476 
2477 /*
2478  * Determine the symbol location of an address within a link-map.  Look for
2479  * the nearest symbol (whose value is less than or equal to the required
2480  * address).  This is the object specific part of dladdr().
2481  */
2482 static void
2483 elf_dladdr(ulong_t addr, Rt_map *lmp, Dl_info *dlip, void **info, int flags)
2484 {
2485         ulong_t         ndx, cnt, base, _value;
2486         Sym             *sym, *_sym = NULL;
2487         const char      *str;
2488         int             _flags;
2489         uint_t          *dynaddr_ndx;
2490         uint_t          dynaddr_n = 0;
2491         ulong_t         value;
2492 
2493         /*
2494          * If SUNWSYMTAB() is non-NULL, then it sees a special version of
2495          * the dynsym that starts with any local function symbols that exist in
2496          * the library and then moves to the data held in SYMTAB(). In this
2497          * case, SUNWSYMSZ tells us how long the symbol table is. The
2498          * availability of local function symbols will enhance the results
2499          * we can provide.
2500          *
2501          * If SUNWSYMTAB() is non-NULL, then there might also be a
2502          * SUNWSYMSORT() vector associated with it. SUNWSYMSORT() contains
2503          * an array of indices into SUNWSYMTAB, sorted by increasing
2504          * address. We can use this to do an O(log N) search instead of a
2505          * brute force search.
2506          *
2507          * If SUNWSYMTAB() is NULL, then SYMTAB() references a dynsym that
2508          * contains only global symbols. In that case, the length of
2509          * the symbol table comes from the nchain field of the related
2510          * symbol lookup hash table.
2511          */
2512         str = STRTAB(lmp);
2513         if (SUNWSYMSZ(lmp) == NULL) {
2514                 sym = SYMTAB(lmp);
2515                 /*
2516                  * If we don't have a .hash table there are no symbols
2517                  * to look at.
2518                  */
2519                 if (HASH(lmp) == NULL)
2520                         return;
2521                 cnt = HASH(lmp)[1];
2522         } else {
2523                 sym = SUNWSYMTAB(lmp);
2524                 cnt = SUNWSYMSZ(lmp) / SYMENT(lmp);
2525                 dynaddr_ndx = SUNWSYMSORT(lmp);
2526                 if (dynaddr_ndx != NULL)
2527                         dynaddr_n = SUNWSYMSORTSZ(lmp) / SUNWSORTENT(lmp);
2528         }
2529 
2530         if (FLAGS(lmp) & FLG_RT_FIXED)
2531                 base = 0;
2532         else
2533                 base = ADDR(lmp);
2534 
2535         if (dynaddr_n > 0) {         /* Binary search */
2536                 long    low = 0, low_bnd;
2537                 long    high = dynaddr_n - 1, high_bnd;
2538                 long    mid;
2539                 Sym     *mid_sym;
2540 
2541                 /*
2542                  * Note that SUNWSYMSORT only contains symbols types that
2543                  * supply memory addresses, so there's no need to check and
2544                  * filter out any other types.
2545                  */
2546                 low_bnd = low;
2547                 high_bnd = high;
2548                 while (low <= high) {
2549                         mid = (low + high) / 2;
2550                         mid_sym = &sym[dynaddr_ndx[mid]];
2551                         value = mid_sym->st_value + base;
2552                         if (addr < value) {
2553                                 if ((sym[dynaddr_ndx[high]].st_value + base) >=
2554                                     addr)
2555                                         high_bnd = high;
2556                                 high = mid - 1;
2557                         } else if (addr > value) {
2558                                 if ((sym[dynaddr_ndx[low]].st_value + base) <=
2559                                     addr)
2560                                         low_bnd = low;
2561                                 low = mid + 1;
2562                         } else {
2563                                 _sym = mid_sym;
2564                                 _value = value;
2565                                 break;
2566                         }
2567                 }
2568                 /*
2569                  * If the above didn't find it exactly, then we must
2570                  * return the closest symbol with a value that doesn't
2571                  * exceed the one we are looking for. If that symbol exists,
2572                  * it will lie in the range bounded by low_bnd and
2573                  * high_bnd. This is a linear search, but a short one.
2574                  */
2575                 if (_sym == NULL) {
2576                         for (mid = low_bnd; mid <= high_bnd; mid++) {
2577                                 mid_sym = &sym[dynaddr_ndx[mid]];
2578                                 value = mid_sym->st_value + base;
2579                                 if (addr >= value) {
2580                                         _sym = mid_sym;
2581                                         _value = value;
2582                                 } else {
2583                                         break;
2584                                 }
2585                         }
2586                 }
2587         } else {                        /* Linear search */
2588                 for (_value = 0, sym++, ndx = 1; ndx < cnt; ndx++, sym++) {
2589                         /*
2590                          * Skip expected symbol types that are not functions
2591                          * or data:
2592                          *      - A symbol table starts with an undefined symbol
2593                          *              in slot 0. If we are using SUNWSYMTAB(),
2594                          *              there will be a second undefined symbol
2595                          *              right before the globals.
2596                          *      - The local part of SUNWSYMTAB() contains a
2597                          *              series of function symbols. Each section
2598                          *              starts with an initial STT_FILE symbol.
2599                          */
2600                         if ((sym->st_shndx == SHN_UNDEF) ||
2601                             (ELF_ST_TYPE(sym->st_info) == STT_FILE))
2602                                 continue;
2603 
2604                         value = sym->st_value + base;
2605                         if (value > addr)
2606                                 continue;
2607                         if (value < _value)
2608                                 continue;
2609 
2610                         _sym = sym;
2611                         _value = value;
2612 
2613                         /*
2614                          * Note, because we accept local and global symbols
2615                          * we could find a section symbol that matches the
2616                          * associated address, which means that the symbol
2617                          * name will be null.  In this case continue the
2618                          * search in case we can find a global symbol of
2619                          * the same value.
2620                          */
2621                         if ((value == addr) &&
2622                             (ELF_ST_TYPE(sym->st_info) != STT_SECTION))
2623                                 break;
2624                 }
2625         }
2626 
2627         _flags = flags & RTLD_DL_MASK;
2628         if (_sym) {
2629                 if (_flags == RTLD_DL_SYMENT)
2630                         *info = (void *)_sym;
2631                 else if (_flags == RTLD_DL_LINKMAP)
2632                         *info = (void *)lmp;
2633 
2634                 dlip->dli_sname = str + _sym->st_name;
2635                 dlip->dli_saddr = (void *)_value;
2636         } else {
2637                 /*
2638                  * addr lies between the beginning of the mapped segment and
2639                  * the first global symbol. We have no symbol to return
2640                  * and the caller requires one. We use _START_, the base
2641                  * address of the mapping.
2642                  */
2643 
2644                 if (_flags == RTLD_DL_SYMENT) {
2645                         /*
2646                          * An actual symbol struct is needed, so we
2647                          * construct one for _START_. To do this in a
2648                          * fully accurate way requires a different symbol
2649                          * for each mapped segment. This requires the
2650                          * use of dynamic memory and a mutex. That's too much
2651                          * plumbing for a fringe case of limited importance.
2652                          *
2653                          * Fortunately, we can simplify:
2654                          *    - Only the st_size and st_info fields are useful
2655                          *      outside of the linker internals. The others
2656                          *      reference things that outside code cannot see,
2657                          *      and can be set to 0.
2658                          *    - It's just a label and there is no size
2659                          *      to report. So, the size should be 0.
2660                          * This means that only st_info needs a non-zero
2661                          * (constant) value. A static struct will suffice.
2662                          * It must be const (readonly) so the caller can't
2663                          * change its meaning for subsequent callers.
2664                          */
2665                         static const Sym fsym = { 0, 0, 0,
2666                             ELF_ST_INFO(STB_LOCAL, STT_OBJECT) };
2667                         *info = (void *) &fsym;
2668                 }
2669 
2670                 dlip->dli_sname = MSG_ORIG(MSG_SYM_START);
2671                 dlip->dli_saddr = (void *) ADDR(lmp);
2672         }
2673 }
2674 
2675 /*
2676  * This routine is called as a last fall-back to search for a symbol from a
2677  * standard relocation or dlsym().  To maintain lazy loadings goal of reducing
2678  * the number of objects mapped, any symbol search is first carried out using
2679  * the objects that already exist in the process (either on a link-map list or
2680  * handle).  If a symbol can't be found, and lazy dependencies are still
2681  * pending, this routine loads the dependencies in an attempt to locate the
2682  * symbol.
2683  */
2684 int
2685 elf_lazy_find_sym(Slookup *slp, Sresult *srp, uint_t *binfo, int *in_nfavl)
2686 {
2687         static APlist   *alist = NULL;
2688         Aliste          idx1;
2689         Rt_map          *lmp1, *lmp = slp->sl_imap, *clmp = slp->sl_cmap;
2690         const char      *name = slp->sl_name;
2691         Slookup         sl1 = *slp;
2692         Lm_list         *lml;
2693         Lm_cntl         *lmc;
2694 
2695         /*
2696          * It's quite possible we've been here before to process objects,
2697          * therefore reinitialize our dynamic list.
2698          */
2699         if (alist)
2700                 aplist_reset(alist);
2701 
2702         /*
2703          * Discard any relocation index from further symbol searches.  This
2704          * index has already been used to trigger any necessary lazy-loads,
2705          * and it might be because one of these lazy loads has failed that
2706          * we're performing this fallback.  By removing the relocation index
2707          * we don't try and perform the same failed lazy loading activity again.
2708          */
2709         sl1.sl_rsymndx = 0;
2710 
2711         /*
2712          * Determine the callers link-map list so that we can monitor whether
2713          * new objects have been added.
2714          */
2715         lml = LIST(clmp);
2716         lmc = (Lm_cntl *)alist_item_by_offset(lml->lm_lists, CNTL(clmp));
2717 
2718         /*
2719          * Generate a local list of new objects to process.  This list can grow
2720          * as each object supplies its own lazy dependencies.
2721          */
2722         if (aplist_append(&alist, lmp, AL_CNT_LAZYFIND) == NULL)
2723                 return (NULL);
2724 
2725         for (APLIST_TRAVERSE(alist, idx1, lmp1)) {
2726                 uint_t  dynndx;
2727                 Dyninfo *dip, *pdip;
2728 
2729                 /*
2730                  * Loop through the lazy DT_NEEDED entries examining each object
2731                  * for the required symbol.  If the symbol is not found, the
2732                  * object is in turn added to the local alist, so that the
2733                  * objects lazy DT_NEEDED entries can be examined.
2734                  */
2735                 lmp = lmp1;
2736                 for (dynndx = 0, dip = DYNINFO(lmp), pdip = NULL;
2737                     !(dip->di_flags & FLG_DI_IGNORE); dynndx++, pdip = dip++) {
2738                         Grp_hdl         *ghp;
2739                         Grp_desc        *gdp;
2740                         Rt_map          *nlmp, *llmp;
2741                         Slookup         sl2;
2742                         Sresult         sr;
2743                         Aliste          idx2;
2744 
2745                         if (((dip->di_flags & FLG_DI_LAZY) == 0) ||
2746                             dip->di_info)
2747                                 continue;
2748 
2749                         /*
2750                          * If this object has already failed to lazy load, and
2751                          * we're still processing the same runtime linker
2752                          * operation that produced the failure, don't bother
2753                          * to try and load the object again.
2754                          */
2755                         if ((dip->di_flags & FLG_DI_LAZYFAIL) && pdip &&
2756                             (pdip->di_flags & FLG_DI_POSFLAG1)) {
2757                                 if (pdip->di_info == (void *)ld_entry_cnt)
2758                                         continue;
2759 
2760                                 dip->di_flags &= ~FLG_DI_LAZYFAIL;
2761                                 pdip->di_info = NULL;
2762                         }
2763 
2764                         /*
2765                          * Determine the last link-map presently on the callers
2766                          * link-map control list.
2767                          */
2768                         llmp = lmc->lc_tail;
2769 
2770                         /*
2771                          * Try loading this lazy dependency.  If the object
2772                          * can't be loaded, consider this non-fatal and continue
2773                          * the search.  Lazy loaded dependencies need not exist
2774                          * and their loading should only turn out to be fatal
2775                          * if they are required to satisfy a relocation.
2776                          *
2777                          * A successful lazy load can mean one of two things:
2778                          *
2779                          *  -   new objects have been loaded, in which case the
2780                          *      objects will have been analyzed, relocated, and
2781                          *      finally moved to the callers control list.
2782                          *  -   the objects are already loaded, and this lazy
2783                          *      load has simply associated the referenced object
2784                          *      with it's lazy dependencies.
2785                          *
2786                          * If new objects are loaded, look in these objects
2787                          * first.  Note, a new object can be the object being
2788                          * referenced by this lazy load, however we can also
2789                          * descend into multiple lazy loads as we relocate this
2790                          * reference.
2791                          *
2792                          * If the symbol hasn't been found, use the referenced
2793                          * objects handle, as it might have dependencies on
2794                          * objects that are already loaded.  Note that existing
2795                          * objects might have already been searched and skipped
2796                          * as non-available to this caller.   However, a lazy
2797                          * load might have caused the promotion of modes, or
2798                          * added this object to the family of the caller.  In
2799                          * either case, the handle associated with the object
2800                          * is then used to carry out the symbol search.
2801                          */
2802                         if ((nlmp = elf_lazy_load(lmp, &sl1, dynndx, name,
2803                             FLG_RT_PRIHDL, &ghp, in_nfavl)) == NULL)
2804                                 continue;
2805 
2806                         if (NEXT_RT_MAP(llmp)) {
2807                                 /*
2808                                  * Look in any new objects.
2809                                  */
2810                                 sl1.sl_imap = NEXT_RT_MAP(llmp);
2811                                 sl1.sl_flags &= ~LKUP_STDRELOC;
2812 
2813                                 /*
2814                                  * Initialize a local symbol result descriptor,
2815                                  * using the original symbol name.
2816                                  */
2817                                 SRESULT_INIT(sr, slp->sl_name);
2818 
2819                                 if (lookup_sym(&sl1, &sr, binfo, in_nfavl)) {
2820                                         *srp = sr;
2821                                         return (1);
2822                                 }
2823                         }
2824 
2825                         /*
2826                          * Use the objects handle to inspect the family of
2827                          * objects associated with the handle.  Note, there's
2828                          * a possibility of overlap with the above search,
2829                          * should a lazy load bring in new objects and
2830                          * reference existing objects.
2831                          */
2832                         sl2 = sl1;
2833                         for (ALIST_TRAVERSE(ghp->gh_depends, idx2, gdp)) {
2834                                 if ((gdp->gd_depend != NEXT_RT_MAP(llmp)) &&
2835                                     (gdp->gd_flags & GPD_DLSYM)) {
2836 
2837                                         sl2.sl_imap = gdp->gd_depend;
2838                                         sl2.sl_flags |= LKUP_FIRST;
2839 
2840                                         /*
2841                                          * Initialize a local symbol result
2842                                          * descriptor, using the original
2843                                          * symbol name.
2844                                          */
2845                                         SRESULT_INIT(sr, slp->sl_name);
2846 
2847                                         if (lookup_sym(&sl2, &sr, binfo,
2848                                             in_nfavl)) {
2849                                                 *srp = sr;
2850                                                 return (1);
2851                                         }
2852                                 }
2853                         }
2854 
2855                         /*
2856                          * Some dlsym() operations are already traversing a
2857                          * link-map (dlopen(0)), and thus there's no need to
2858                          * save them on the dynamic dependency list.
2859                          */
2860                         if (slp->sl_flags & LKUP_NODESCENT)
2861                                 continue;
2862 
2863                         if (aplist_test(&alist, nlmp, AL_CNT_LAZYFIND) == NULL)
2864                                 return (0);
2865                 }
2866         }
2867 
2868         return (0);
2869 }
2870 
2871 /*
2872  * Warning message for bad r_offset.
2873  */
2874 void
2875 elf_reloc_bad(Rt_map *lmp, void *rel, uchar_t rtype, ulong_t roffset,
2876     ulong_t rsymndx)
2877 {
2878         const char      *name = NULL;
2879         Lm_list         *lml = LIST(lmp);
2880         int             trace;
2881 
2882         if ((lml->lm_flags & LML_FLG_TRC_ENABLE) &&
2883             (((rtld_flags & RT_FL_SILENCERR) == 0) ||
2884             (lml->lm_flags & LML_FLG_TRC_VERBOSE)))
2885                 trace = 1;
2886         else
2887                 trace = 0;
2888 
2889         if ((trace == 0) && (DBG_ENABLED == 0))
2890                 return;
2891 
2892         if (rsymndx) {
2893                 Sym     *symref = (Sym *)((ulong_t)SYMTAB(lmp) +
2894                     (rsymndx * SYMENT(lmp)));
2895 
2896                 if (ELF_ST_BIND(symref->st_info) != STB_LOCAL)
2897                         name = (char *)(STRTAB(lmp) + symref->st_name);
2898         }
2899 
2900         if (name == NULL)
2901                 name = MSG_INTL(MSG_STR_UNKNOWN);
2902 
2903         if (trace) {
2904                 const char *rstr;
2905 
2906                 rstr = _conv_reloc_type((uint_t)rtype);
2907                 (void) printf(MSG_INTL(MSG_LDD_REL_ERR1), rstr, name,
2908                     EC_ADDR(roffset));
2909                 return;
2910         }
2911 
2912         Dbg_reloc_error(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel, name);
2913 }
2914 
2915 /*
2916  * Resolve a static TLS relocation.
2917  */
2918 long
2919 elf_static_tls(Rt_map *lmp, Sym *sym, void *rel, uchar_t rtype, char *name,
2920     ulong_t roffset, long value)
2921 {
2922         Lm_list *lml = LIST(lmp);
2923 
2924         /*
2925          * Relocations against a static TLS block have limited support once
2926          * process initialization has completed.  Any error condition should be
2927          * discovered by testing for DF_STATIC_TLS as part of loading an object,
2928          * however individual relocations are tested in case the dynamic flag
2929          * had not been set when this object was built.
2930          */
2931         if (PTTLS(lmp) == NULL) {
2932                 DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2933                     M_REL_SHT_TYPE, rel, NULL, 0, name));
2934                 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2935                     _conv_reloc_type((uint_t)rtype), NAME(lmp),
2936                     name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2937                 return (0);
2938         }
2939 
2940         /*
2941          * If no static TLS has been set aside for this object, determine if
2942          * any can be obtained.  Enforce that any object using static TLS is
2943          * non-deletable.
2944          */
2945         if (TLSSTATOFF(lmp) == 0) {
2946                 FLAGS1(lmp) |= FL1_RT_TLSSTAT;
2947                 MODE(lmp) |= RTLD_NODELETE;
2948 
2949                 if (tls_assign(lml, lmp, PTTLS(lmp)) == 0) {
2950                         DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH,
2951                             M_REL_SHT_TYPE, rel, NULL, 0, name));
2952                         eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_BADTLS),
2953                             _conv_reloc_type((uint_t)rtype), NAME(lmp),
2954                             name ? demangle(name) : MSG_INTL(MSG_STR_UNKNOWN));
2955                         return (0);
2956                 }
2957         }
2958 
2959         /*
2960          * Typically, a static TLS offset is maintained as a symbols value.
2961          * For local symbols that are not apart of the dynamic symbol table,
2962          * the TLS relocation points to a section symbol, and the static TLS
2963          * offset was deposited in the associated GOT table.  Make sure the GOT
2964          * is cleared, so that the value isn't reused in do_reloc().
2965          */
2966         if (ELF_ST_BIND(sym->st_info) == STB_LOCAL) {
2967                 if ((ELF_ST_TYPE(sym->st_info) == STT_SECTION)) {
2968                         value = *(long *)roffset;
2969                         *(long *)roffset = 0;
2970                 } else {
2971                         value = sym->st_value;
2972                 }
2973         }
2974         return (-(TLSSTATOFF(lmp) - value));
2975 }
2976 
2977 /*
2978  * If the symbol is not found and the reference was not to a weak symbol, report
2979  * an error.  Weak references may be unresolved.
2980  */
2981 int
2982 elf_reloc_error(Rt_map *lmp, const char *name, void *rel, uint_t binfo)
2983 {
2984         Lm_list *lml = LIST(lmp);
2985 
2986         /*
2987          * Under crle(1), relocation failures are ignored.
2988          */
2989         if (lml->lm_flags & LML_FLG_IGNRELERR)
2990                 return (1);
2991 
2992         /*
2993          * Under ldd(1), unresolved references are reported.  However, if the
2994          * original reference is EXTERN or PARENT these references are ignored
2995          * unless ldd's -p option is in effect.
2996          */
2997         if (lml->lm_flags & LML_FLG_TRC_WARN) {
2998                 if (((binfo & DBG_BINFO_REF_MSK) == 0) ||
2999                     ((lml->lm_flags & LML_FLG_TRC_NOPAREXT) != 0)) {
3000                         (void) printf(MSG_INTL(MSG_LDD_SYM_NFOUND),
3001                             demangle(name), NAME(lmp));
3002                 }
3003                 return (1);
3004         }
3005 
3006         /*
3007          * Otherwise, the unresolved references is fatal.
3008          */
3009         DBG_CALL(Dbg_reloc_in(lml, ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, rel,
3010             NULL, 0, name));
3011         eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp),
3012             demangle(name));
3013 
3014         return (0);
3015 }