1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2014 Garrett D'Amore <garrett@damore.org>
25 */
26
27 /*
28 * Implementation of all external interfaces between ld.so.1 and libc.
29 *
30 * This file started as a set of routines that provided synchronization and
31 * locking operations using calls to libthread. libthread has merged with libc
32 * under the Unified Process Model (UPM), and things have gotten a lot simpler.
33 * This file continues to establish and redirect various events within ld.so.1
34 * to interfaces within libc.
35 *
36 * Until libc is loaded and relocated, any external interfaces are captured
37 * locally. Each link-map list maintains its own set of external vectors, as
38 * each link-map list typically provides its own libc. Although this per-link-
39 * map list vectoring provides a degree of flexibility, there is a protocol
40 * expected when calling various libc interfaces.
41 *
42 * i. Any new alternative link-map list should call CI_THRINIT, and then call
43 * CI_TLS_MODADD to register any TLS for each object of that link-map list
44 * (this item is labeled i. as auditors can be the first objects loaded,
45 * and they exist on their own lik-map list).
46 *
47 * ii. For the primary link-map list, CI_TLS_STATMOD must be called first to
48 * register any static TLS. This routine is called regardless of there
49 * being any TLS, as this routine also establishes the link-map list as the
50 * primary list and fixes the association of uberdata). CI_THRINIT should
51 * then be called.
52 *
53 * iii. Any objects added to an existing link-map list (primary or alternative)
54 * should call CI_TLS_MODADD to register any additional TLS.
55 *
56 * These events are established by:
57 *
58 * i. Typically, libc is loaded as part of the primary dependencies of any
59 * link-map list (since the Unified Process Model (UPM), libc can't be
60 * lazily loaded). To minimize the possibility of loading and registering
61 * objects, and then tearing them down (because of a relocation error),
62 * external vectors are established as part of load_completion(). This
63 * routine is called on completion of any operation that can cause objects
64 * to be loaded. This point of control insures the objects have been fully
65 * analyzed and relocated, and moved to their controlling link-map list.
66 * The external vectors are established prior to any .inits being fired.
67 *
68 * ii. Calls to CI_THRINIT, and CI_TLS_MODADD also occur as part of
69 * load_completion(). CI_THRINIT is only called once for each link-map
70 * control list.
71 *
72 * iii. Calls to CI_TLS_STATMOD, and CI_THRINIT occur for the primary link-map
73 * list in the final stages of setup().
74 *
75 * The interfaces provide by libc can be divided into two families. The first
76 * family consists of those interfaces that should be called from the link-map
77 * list. It's possible that these interfaces convey state concerning the
78 * link-map list they are part of:
79 *
80 * CI_ATEXIT
81 * CI TLS_MODADD
82 * CI_TLS_MODREM
83 * CI_TLS_STATMOD
84 * CI_THRINIT
85 *
86 * The second family are global in nature, that is, the link-map list from
87 * which they are called provides no state information. In fact, for
88 * CI_BIND_GUARD, the calling link-map isn't even known. The link-map can only
89 * be deduced after ld.so.1's global lock has been obtained. Therefore, the
90 * following interfaces are also maintained as global:
91 *
92 * CI_LCMESSAGES
93 * CI_BIND_GUARD
94 * CI_BIND_CLEAR
95 * CI_THR_SELF
96 *
97 * Note, it is possible that these global interfaces are obtained from an
98 * alternative link-map list that gets torn down because of a processing
99 * failure (unlikely, because the link-map list components must be analyzed
100 * and relocated prior to load_completion(), but perhaps the tear down is still
101 * a possibility). Thus the global interfaces may have to be replaced. Once
102 * the interfaces have been obtained from the primary link-map, they can
103 * remain fixed, as the primary link-map isn't going to go anywhere.
104 *
105 * The last wrinkle in the puzzle is what happens if an alternative link-map
106 * is loaded with no libc dependency? In this case, the alternative objects
107 * can not call CI_THRINIT, can not be allowed to use TLS, and will not receive
108 * any atexit processing.
109 *
110 * The history of these external interfaces is defined by their version:
111 *
112 * TI_VERSION == 1
113 * Under this model libthread provided rw_rwlock/rw_unlock, through which
114 * all rt_mutex_lock/rt_mutex_unlock calls were vectored.
115 * Under libc/libthread these interfaces provided _sigon/_sigoff (unlike
116 * lwp/libthread that provided signal blocking via bind_guard/bind_clear).
117 *
118 * TI_VERSION == 2
119 * Under this model only libthreads bind_guard/bind_clear and thr_self
120 * interfaces were used. Both libthreads blocked signals under the
121 * bind_guard/bind_clear interfaces. Lower level locking is derived
122 * from internally bound _lwp_ interfaces. This removes recursive
123 * problems encountered when obtaining locking interfaces from libthread.
124 * The use of mutexes over reader/writer locks also enables the use of
125 * condition variables for controlling thread concurrency (allows access
126 * to objects only after their .init has completed).
127 *
128 * NOTE, the TI_VERSION indicated the ti_interface version number, where the
129 * ti_interface was a large vector of functions passed to both libc (to override
130 * the thread stub interfaces) and ld.so.1. ld.so.1 used only a small subset of
131 * these interfaces.
132 *
133 * CI_VERSION == 1
134 * Introduced with CI_VERSION & CI_ATEXIT
135 *
136 * CI_VERSION == 2 (Solaris 8 update 2).
137 * Added support for CI_LCMESSAGES
138 *
139 * CI_VERSION == 3 (Solaris 9).
140 * Added the following versions to the CI table:
141 *
142 * CI_BIND_GUARD, CI_BIND_CLEAR, CI_THR_SELF
143 * CI_TLS_MODADD, CI_TLS_MOD_REMOVE, CI_TLS_STATMOD
144 *
145 * This version introduced the DT_SUNW_RTLDINFO structure as a mechanism
146 * to handshake with ld.so.1.
147 *
148 * CI_VERSION == 4 (Solaris 10).
149 * Added the CI_THRINIT handshake as part of the libc/libthread unified
150 * process model. libc now initializes the current thread pointer from
151 * this interface (and no longer relies on the INITFIRST flag - which
152 * others have started to camp out on).
153 *
154 * CI_VERSION == 5 (Solaris 11).
155 * Use of "protected" references within libc, so that symbols are
156 * pre-bound, and don't require ld.so.1 binding. This implementation
157 * protects libc's critical regions from being vectored to auditors.
158 *
159 * CI_VERSION == 6 (Solaris 11).
160 * Added the CI_CRITICAL handshake, to allow "mem*" family to be reexposed
161 * as "global", and thus be redirected to auxiliary filters.
162 *
163 * Release summary:
164 *
165 * Solaris 8 CI_ATEXIT via _ld_libc()
166 * TI_* via _ld_concurrency()
167 *
168 * Solaris 9 CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
169 * CI_* via RTLDINFO and _ld_libc() - new libthread
170 * TI_* via _ld_concurrency() - old libthread
171 *
172 * Solaris 10 CI_ATEXIT and CI_LCMESSAGES via _ld_libc()
173 * CI_* via RTLDINFO and _ld_libc() - new libthread
174 */
175
176 #include <sys/debug.h>
177 #include <synch.h>
178 #include <signal.h>
179 #include <thread.h>
180 #include <synch.h>
181 #include <strings.h>
182 #include <stdio.h>
183 #include <debug.h>
184 #include <libc_int.h>
185 #include "_elf.h"
186 #include "_rtld.h"
187
188 /*
189 * This interface provides the unified process model communication between
190 * ld.so.1 and libc. This interface can be called a number of times:
191 *
192 * - Initially, this interface is called to process RTLDINFO. This data
193 * structure is typically provided by libc, and contains the address of
194 * libc interfaces that must be called to initialize threads information.
195 *
196 * - _ld_libc(), this interface can also be called by libc at process
197 * initialization, after libc has been loaded and relocated, but before
198 * control has been passed to any user code (.init's or main()). This
199 * call provides additional libc interface information that ld.so.1 must
200 * call during process execution.
201 *
202 * - _ld_libc() can also be called by libc during process execution to
203 * re-establish interfaces such as the locale.
204 */
205 static void
206 get_lcinterface(Rt_map *lmp, Lc_interface *funcs)
207 {
208 int threaded = 0, entry = 0, tag;
209 Lm_list *lml;
210 Lc_desc *lcp;
211
212 if ((lmp == NULL) || (funcs == NULL))
213 return;
214
215 /*
216 * Once the process is active, ensure we grab a lock.
217 */
218 if (rtld_flags & RT_FL_APPLIC)
219 entry = enter(0);
220
221 lml = LIST(lmp);
222 lcp = &lml->lm_lcs[0];
223
224 DBG_CALL(Dbg_util_nl(lml, DBG_NL_STD));
225
226 for (tag = funcs->ci_tag; tag; tag = (++funcs)->ci_tag) {
227 char *gptr;
228 char *lptr = funcs->ci_un.ci_ptr;
229
230 DBG_CALL(Dbg_util_lcinterface(lmp, tag, lptr));
231
232 if (tag >= CI_MAX)
233 continue;
234
235 /*
236 * Maintain all interfaces on a per-link-map basis. Note, for
237 * most interfaces, only the first interface is used for any
238 * link-map list. This prevents accidents with developers who
239 * manage to load two different versions of libc.
240 */
241 if ((lcp[tag].lc_lmp) &&
242 (tag != CI_LCMESSAGES) && (tag != CI_VERSION)) {
243 DBG_CALL(Dbg_unused_lcinterface(lmp,
244 lcp[tag].lc_lmp, tag));
245 continue;
246 }
247
248 lcp[tag].lc_un.lc_ptr = lptr;
249 lcp[tag].lc_lmp = lmp;
250
251 gptr = glcs[tag].lc_un.lc_ptr;
252
253 /*
254 * Process any interfaces that must be maintained on a global
255 * basis.
256 */
257 switch (tag) {
258 case CI_ATEXIT:
259 break;
260
261 case CI_LCMESSAGES:
262 /*
263 * At startup, ld.so.1 can establish a locale from one
264 * of the locale family of environment variables (see
265 * ld_str_env() and readenv_user()). During process
266 * execution the locale can also be changed by the user.
267 * This interface is called from libc should the locale
268 * be modified. Presently, only one global locale is
269 * maintained for all link-map lists, and only objects
270 * on the primrary link-map may change this locale.
271 */
272 if ((lml->lm_flags & LML_FLG_BASELM) &&
273 ((gptr == NULL) || (strcmp(gptr, lptr) != 0))) {
274 /*
275 * If we've obtained a message locale (typically
276 * supplied via libc's setlocale()), then
277 * register the locale for use in dgettext() so
278 * as to reestablish the locale for ld.so.1's
279 * messages.
280 */
281 if (gptr) {
282 free((void *)gptr);
283 rtld_flags |= RT_FL_NEWLOCALE;
284 }
285 glcs[tag].lc_un.lc_ptr = strdup(lptr);
286
287 /*
288 * Clear any cached messages.
289 */
290 bzero(err_strs, sizeof (err_strs));
291 nosym_str = NULL;
292 }
293 break;
294
295 case CI_BIND_GUARD:
296 case CI_BIND_CLEAR:
297 case CI_THR_SELF:
298 case CI_CRITICAL:
299 /*
300 * If the global vector is unset, or this is the primary
301 * link-map, set the global vector.
302 */
303 if ((gptr == NULL) || (lml->lm_flags & LML_FLG_BASELM))
304 glcs[tag].lc_un.lc_ptr = lptr;
305
306 /* FALLTHROUGH */
307
308 case CI_TLS_MODADD:
309 case CI_TLS_MODREM:
310 case CI_TLS_STATMOD:
311 case CI_THRINIT:
312 threaded++;
313 break;
314
315 case CI_VERSION:
316 if ((rtld_flags2 & RT_FL2_RTLDSEEN) == 0) {
317 Aliste idx;
318 Lm_list *lml2;
319 int version;
320
321 rtld_flags2 |= RT_FL2_RTLDSEEN;
322
323 version = funcs->ci_un.ci_val;
324 #if defined(CI_V_FIVE)
325 if (version >= CI_V_FIVE) {
326 thr_flg_nolock = THR_FLG_NOLOCK;
327 thr_flg_reenter = THR_FLG_REENTER;
328 }
329 #endif
330 if (version < CI_V_FOUR)
331 break;
332
333 rtld_flags2 |= RT_FL2_UNIFPROC;
334
335 /*
336 * We might have seen an auditor which is not
337 * dependent on libc. Such an auditor's link
338 * map list has LML_FLG_HOLDLOCK set. This
339 * lock needs to be dropped. Refer to
340 * audit_setup() in audit.c.
341 */
342 if ((rtld_flags2 & RT_FL2_HASAUDIT) == 0)
343 break;
344
345 /*
346 * Yes, we did. Take care of them.
347 */
348 for (APLIST_TRAVERSE(dynlm_list, idx, lml2)) {
349 Rt_map *map = (Rt_map *)lml2->lm_head;
350
351 if (FLAGS(map) & FLG_RT_AUDIT) {
352 lml2->lm_flags &=
353 ~LML_FLG_HOLDLOCK;
354 }
355 }
356 }
357 break;
358
359 default:
360 break;
361 }
362 }
363
364 if (threaded) {
365 /*
366 * If a version of libc gives us only a subset of the TLS
367 * interfaces, it's confused and we discard the whole lot.
368 */
369 if ((lcp[CI_TLS_MODADD].lc_un.lc_func &&
370 lcp[CI_TLS_MODREM].lc_un.lc_func &&
371 lcp[CI_TLS_STATMOD].lc_un.lc_func) == NULL) {
372 lcp[CI_TLS_MODADD].lc_un.lc_func = NULL;
373 lcp[CI_TLS_MODREM].lc_un.lc_func = NULL;
374 lcp[CI_TLS_STATMOD].lc_un.lc_func = NULL;
375 }
376
377 /*
378 * Indicate that we're now thread capable.
379 */
380 if ((lml->lm_flags & LML_FLG_RTLDLM) == 0)
381 rtld_flags |= RT_FL_THREADS;
382 }
383
384 if (entry)
385 leave(lml, 0);
386 }
387
388 /*
389 * At this point we know we have a set of objects that have been fully analyzed
390 * and relocated. Prior to the next major step of running .init sections (ie.
391 * running user code), retrieve any RTLDINFO interfaces.
392 */
393 int
394 rt_get_extern(Lm_list *lml, Rt_map *lmp)
395 {
396 if (lml->lm_rti) {
397 Aliste idx;
398 Rti_desc *rti;
399
400 for (ALIST_TRAVERSE(lml->lm_rti, idx, rti))
401 get_lcinterface(rti->rti_lmp, rti->rti_info);
402
403 free(lml->lm_rti);
404 lml->lm_rti = 0;
405 }
406
407 /*
408 * Perform some sanity checks. If we have TLS requirements we better
409 * have the associated external interfaces.
410 */
411 if (lml->lm_tls &&
412 (lml->lm_lcs[CI_TLS_STATMOD].lc_un.lc_func == NULL)) {
413 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_TLS_NOSUPPORT),
414 NAME(lmp));
415 return (0);
416 }
417 return (1);
418 }
419
420 /*
421 * Provide an interface for libc to communicate additional interface
422 * information.
423 */
424 void
425 _ld_libc(void *ptr)
426 {
427 get_lcinterface(_caller(caller(), CL_EXECDEF), (Lc_interface *)ptr);
428 }
429
430 static int bindmask = 0;
431
432 int
433 rt_bind_guard(int flags)
434 {
435 int (*fptr)(int);
436 int bindflag;
437
438 if ((fptr = glcs[CI_BIND_GUARD].lc_un.lc_func) != NULL) {
439 return ((*fptr)(flags));
440 } else {
441 bindflag = (flags & THR_FLG_RTLD);
442 if ((bindflag & bindmask) == 0) {
443 bindmask |= bindflag;
444 return (1);
445 }
446 return (0);
447 }
448 }
449
450 int
451 rt_bind_clear(int flags)
452 {
453 int (*fptr)(int);
454 int bindflag;
455
456 if ((fptr = glcs[CI_BIND_CLEAR].lc_un.lc_func) != NULL) {
457 return ((*fptr)(flags));
458 } else {
459 bindflag = (flags & THR_FLG_RTLD);
460 if (bindflag == 0)
461 return (bindmask);
462 else {
463 bindmask &= ~bindflag;
464 return (0);
465 }
466 }
467 }
468
469 /*
470 * Make sure threads have been initialized. This interface is called once for
471 * each link-map list.
472 */
473 void
474 rt_thr_init(Lm_list *lml)
475 {
476 void (*fptr)(void);
477
478 if ((fptr =
479 (void (*)())lml->lm_lcs[CI_THRINIT].lc_un.lc_func) != NULL) {
480 lml->lm_lcs[CI_THRINIT].lc_un.lc_func = NULL;
481
482 leave(lml, thr_flg_reenter);
483 (*fptr)();
484 (void) enter(thr_flg_reenter);
485
486 /*
487 * If this is an alternative link-map list, and this is the
488 * first call to initialize threads, don't let the destination
489 * libc be deleted. It is possible that an auditors complete
490 * initialization fails, but there is presently no main link-map
491 * list. As this libc has established the thread pointer, don't
492 * delete this libc, otherwise the initialization of libc on the
493 * main link-map can be compromised during its threads
494 * initialization.
495 */
496 if (((lml->lm_flags & LML_FLG_BASELM) == 0) &&
497 ((rtld_flags2 & RT_FL2_PLMSETUP) == 0))
498 MODE(lml->lm_lcs[CI_THRINIT].lc_lmp) |= RTLD_NODELETE;
499 }
500 }
501
502 thread_t
503 rt_thr_self()
504 {
505 thread_t (*fptr)(void);
506
507 if ((fptr = (thread_t (*)())glcs[CI_THR_SELF].lc_un.lc_func) != NULL)
508 return ((*fptr)());
509
510 return (1);
511 }
512
513 int
514 rt_mutex_lock(Rt_lock *mp)
515 {
516 return (_lwp_mutex_lock((lwp_mutex_t *)mp));
517 }
518
519 int
520 rt_mutex_unlock(Rt_lock *mp)
521 {
522 return (_lwp_mutex_unlock((lwp_mutex_t *)mp));
523 }
524
525 /*
526 * Test whether we're in a libc critical region. Certain function references,
527 * like the "mem*" family, might require binding. Although these functions can
528 * safely bind to auxiliary filtees, they should not be captured by auditors.
529 */
530 int
531 rt_critical()
532 {
533 int (*fptr)(void);
534
535 if ((fptr = glcs[CI_CRITICAL].lc_un.lc_func) != NULL)
536 return ((*fptr)());
537
538 return (0);
539 }
540
541 /*
542 * Mutex interfaces to resolve references from any objects extracted from
543 * libc_pic.a. Note, as ld.so.1 is essentially single threaded these can be
544 * noops.
545 */
546 #pragma weak lmutex_lock = mutex_lock
547 /* ARGSUSED */
548 int
549 mutex_lock(mutex_t *mp)
550 {
551 return (0);
552 }
553
554 #pragma weak lmutex_unlock = mutex_unlock
555 /* ARGSUSED */
556 int
557 mutex_unlock(mutex_t *mp)
558 {
559 return (0);
560 }
561
562 /* ARGSUSED */
563 int
564 mutex_init(mutex_t *mp, int type, void *arg)
565 {
566 return (0);
567 }
568
569 /* ARGSUSED */
570 int
571 mutex_destroy(mutex_t *mp)
572 {
573 return (0);
574 }
575
576 /*
577 * This is needed to satisfy sysconf() (case _SC_THREAD_STACK_MIN)
578 */
579 size_t
580 thr_min_stack()
581 {
582 return (sizeof (uintptr_t) * 1024);
583 }
584
585 /*
586 * Local str[n]casecmp() interfaces for the dynamic linker,
587 * to avoid problems when linking with libc_pic.a
588 */
589 int
590 strcasecmp(const char *s1, const char *s2)
591 {
592 extern int ascii_strcasecmp(const char *, const char *);
593
594 return (ascii_strcasecmp(s1, s2));
595 }
596
597 int
598 strncasecmp(const char *s1, const char *s2, size_t n)
599 {
600 extern int ascii_strncasecmp(const char *, const char *, size_t);
601
602 return (ascii_strncasecmp(s1, s2, n));
603 }
604
605 /*
606 * The following functions are cancellation points in libc.
607 * They are called from other functions in libc that we extract
608 * and use directly. We don't do cancellation while we are in
609 * the dynamic linker, so we redefine these to call the primitive,
610 * non-cancellation interfaces.
611 */
612 int
613 close(int fildes)
614 {
615 extern int __close(int);
616
617 return (__close(fildes));
618 }
619
620 int
621 fcntl(int fildes, int cmd, ...)
622 {
623 extern int __fcntl(int, int, ...);
624 intptr_t arg;
625 va_list ap;
626
627 va_start(ap, cmd);
628 arg = va_arg(ap, intptr_t);
629 va_end(ap);
630 return (__fcntl(fildes, cmd, arg));
631 }
632
633 int
634 open(const char *path, int oflag, ...)
635 {
636 extern int __open(const char *, int, mode_t);
637 mode_t mode;
638 va_list ap;
639
640 va_start(ap, oflag);
641 mode = va_arg(ap, mode_t);
642 va_end(ap);
643 return (__open(path, oflag, mode));
644 }
645
646 int
647 openat(int fd, const char *path, int oflag, ...)
648 {
649 extern int __openat(int, const char *, int, mode_t);
650 mode_t mode;
651 va_list ap;
652
653 va_start(ap, oflag);
654 mode = va_arg(ap, mode_t);
655 va_end(ap);
656 return (__openat(fd, path, oflag, mode));
657 }
658
659 ssize_t
660 read(int fd, void *buf, size_t size)
661 {
662 extern ssize_t __read(int, void *, size_t);
663 return (__read(fd, buf, size));
664 }
665
666 ssize_t
667 write(int fd, const void *buf, size_t size)
668 {
669 extern ssize_t __write(int, const void *, size_t);
670 return (__write(fd, buf, size));
671 }
672
673 /*
674 * ASCII versions of ctype character classification functions. This avoids
675 * pulling in the entire locale framework that is in libc.
676 */
677
678 int
679 isdigit(int c)
680 {
681 return ((c >= '0' && c <= '9') ? 1 : 0);
682 }
683
684 int
685 isupper(int c)
686 {
687 return ((c >= 'A' && c <= 'Z') ? 1 : 0);
688 }
689
690 int
691 islower(int c)
692 {
693 return ((c >= 'a' && c <= 'z') ? 1 : 0);
694 }
695
696 int
697 isspace(int c)
698 {
699 return (((c == ' ') || (c == '\t') || (c == '\r') || (c == '\n') ||
700 (c == '\v') || (c == '\f')) ? 1 : 0);
701 }
702
703 int
704 isxdigit(int c)
705 {
706 return ((isdigit(c) || (c >= 'A' && c <= 'F') ||
707 (c >= 'a' && c <= 'f')) ? 1 : 0);
708 }
709
710 int
711 isalpha(int c)
712 {
713 return ((isupper(c) || islower(c)) ? 1 : 0);
714 }
715
716 int
717 isalnum(int c)
718 {
719 return ((isalpha(c) || isdigit(c)) ? 1 : 0);
720 }