1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1988 AT&T 24 * All Rights Reserved 25 * 26 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 27 * Copyright (c) 2012, Joyent, Inc. All rights reserved. 28 */ 29 30 /* 31 * x86 machine dependent and ELF file class dependent functions. 32 * Contains routines for performing function binding and symbol relocations. 33 */ 34 35 #include <stdio.h> 36 #include <sys/elf.h> 37 #include <sys/elf_386.h> 38 #include <sys/mman.h> 39 #include <dlfcn.h> 40 #include <synch.h> 41 #include <string.h> 42 #include <debug.h> 43 #include <reloc.h> 44 #include <conv.h> 45 #include "_rtld.h" 46 #include "_audit.h" 47 #include "_elf.h" 48 #include "_inline_gen.h" 49 #include "_inline_reloc.h" 50 #include "msg.h" 51 52 extern void elf_rtbndr(Rt_map *, ulong_t, caddr_t); 53 54 int 55 elf_mach_flags_check(Rej_desc *rej, Ehdr *ehdr) 56 { 57 /* 58 * Check machine type and flags. 59 */ 60 if (ehdr->e_flags != 0) { 61 rej->rej_type = SGS_REJ_BADFLAG; 62 rej->rej_info = (uint_t)ehdr->e_flags; 63 return (0); 64 } 65 return (1); 66 } 67 68 void 69 ldso_plt_init(Rt_map *lmp) 70 { 71 /* 72 * There is no need to analyze ld.so because we don't map in any of 73 * its dependencies. However we may map these dependencies in later 74 * (as if ld.so had dlopened them), so initialize the plt and the 75 * permission information. 76 */ 77 if (PLTGOT(lmp)) 78 elf_plt_init((PLTGOT(lmp)), (caddr_t)lmp); 79 } 80 81 static const uchar_t dyn_plt_template[] = { 82 /* 0x00 */ 0x55, /* pushl %ebp */ 83 /* 0x01 */ 0x8b, 0xec, /* movl %esp, %ebp */ 84 /* 0x03 */ 0x68, 0x00, 0x00, 0x00, 0x00, /* pushl trace_fields */ 85 /* 0x08 */ 0xe9, 0xfc, 0xff, 0xff, 0xff, 0xff /* jmp elf_plt_trace */ 86 }; 87 int dyn_plt_ent_size = sizeof (dyn_plt_template); 88 89 /* 90 * the dynamic plt entry is: 91 * 92 * pushl %ebp 93 * movl %esp, %ebp 94 * pushl tfp 95 * jmp elf_plt_trace 96 * dyn_data: 97 * .align 4 98 * uintptr_t reflmp 99 * uintptr_t deflmp 100 * uint_t symndx 101 * uint_t sb_flags 102 * Sym symdef 103 */ 104 static caddr_t 105 elf_plt_trace_write(uint_t roffset, Rt_map *rlmp, Rt_map *dlmp, Sym *sym, 106 uint_t symndx, uint_t pltndx, caddr_t to, uint_t sb_flags, int *fail) 107 { 108 extern int elf_plt_trace(); 109 ulong_t got_entry; 110 uchar_t *dyn_plt; 111 uintptr_t *dyndata; 112 113 /* 114 * We only need to add the glue code if there is an auditing 115 * library that is interested in this binding. 116 */ 117 dyn_plt = (uchar_t *)((uintptr_t)AUDINFO(rlmp)->ai_dynplts + 118 (pltndx * dyn_plt_ent_size)); 119 120 /* 121 * Have we initialized this dynamic plt entry yet? If we haven't do it 122 * now. Otherwise this function has been called before, but from a 123 * different plt (ie. from another shared object). In that case 124 * we just set the plt to point to the new dyn_plt. 125 */ 126 if (*dyn_plt == 0) { 127 Sym *symp; 128 Word symvalue; 129 Lm_list *lml = LIST(rlmp); 130 131 (void) memcpy((void *)dyn_plt, dyn_plt_template, 132 sizeof (dyn_plt_template)); 133 dyndata = (uintptr_t *)((uintptr_t)dyn_plt + 134 ROUND(sizeof (dyn_plt_template), M_WORD_ALIGN)); 135 136 /* 137 * relocate: 138 * pushl dyn_data 139 */ 140 symvalue = (Word)dyndata; 141 if (do_reloc_rtld(R_386_32, &dyn_plt[4], &symvalue, 142 MSG_ORIG(MSG_SYM_LADYNDATA), 143 MSG_ORIG(MSG_SPECFIL_DYNPLT), lml) == 0) { 144 *fail = 1; 145 return (0); 146 } 147 148 /* 149 * jmps are relative, so I need to figure out the relative 150 * address to elf_plt_trace. 151 * 152 * relocating: 153 * jmp elf_plt_trace 154 */ 155 symvalue = (ulong_t)(elf_plt_trace) - (ulong_t)(dyn_plt + 9); 156 if (do_reloc_rtld(R_386_PC32, &dyn_plt[9], &symvalue, 157 MSG_ORIG(MSG_SYM_ELFPLTTRACE), 158 MSG_ORIG(MSG_SPECFIL_DYNPLT), lml) == 0) { 159 *fail = 1; 160 return (0); 161 } 162 163 *dyndata++ = (uintptr_t)rlmp; 164 *dyndata++ = (uintptr_t)dlmp; 165 *dyndata++ = (uint_t)symndx; 166 *dyndata++ = (uint_t)sb_flags; 167 symp = (Sym *)dyndata; 168 *symp = *sym; 169 symp->st_name += (Word)STRTAB(dlmp); 170 symp->st_value = (Addr)to; 171 } 172 173 got_entry = (ulong_t)roffset; 174 *(ulong_t *)got_entry = (ulong_t)dyn_plt; 175 return ((caddr_t)dyn_plt); 176 } 177 178 /* 179 * Function binding routine - invoked on the first call to a function through 180 * the procedure linkage table; 181 * passes first through an assembly language interface. 182 * 183 * Takes the offset into the relocation table of the associated 184 * relocation entry and the address of the link map (rt_private_map struct) 185 * for the entry. 186 * 187 * Returns the address of the function referenced after re-writing the PLT 188 * entry to invoke the function directly. 189 * 190 * On error, causes process to terminate with a signal. 191 */ 192 ulong_t 193 elf_bndr(Rt_map *lmp, ulong_t reloff, caddr_t from) 194 { 195 Rt_map *nlmp, *llmp; 196 ulong_t addr, symval, rsymndx; 197 char *name; 198 Rel *rptr; 199 Sym *rsym, *nsym; 200 uint_t binfo, sb_flags = 0, dbg_class; 201 Slookup sl; 202 Sresult sr; 203 int entry, lmflags; 204 Lm_list *lml; 205 206 /* 207 * For compatibility with libthread (TI_VERSION 1) we track the entry 208 * value. A zero value indicates we have recursed into ld.so.1 to 209 * further process a locking request. Under this recursion we disable 210 * tsort and cleanup activities. 211 */ 212 entry = enter(0); 213 214 lml = LIST(lmp); 215 if ((lmflags = lml->lm_flags) & LML_FLG_RTLDLM) { 216 dbg_class = dbg_desc->d_class; 217 dbg_desc->d_class = 0; 218 } 219 220 /* 221 * Perform some basic sanity checks. If we didn't get a load map or 222 * the relocation offset is invalid then its possible someone has walked 223 * over the .got entries or jumped to plt0 out of the blue. 224 */ 225 if ((reloff % sizeof (Rel)) != 0) { 226 Conv_inv_buf_t inv_buf; 227 228 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_PLTREF), 229 conv_reloc_386_type(R_386_JMP_SLOT, 0, &inv_buf), 230 EC_NATPTR(lmp), EC_XWORD(reloff), EC_NATPTR(from)); 231 rtldexit(lml, 1); 232 } 233 234 /* 235 * Use relocation entry to get symbol table entry and symbol name. 236 */ 237 addr = (ulong_t)JMPREL(lmp); 238 rptr = (Rel *)(addr + reloff); 239 rsymndx = ELF_R_SYM(rptr->r_info); 240 rsym = (Sym *)((ulong_t)SYMTAB(lmp) + (rsymndx * SYMENT(lmp))); 241 name = (char *)(STRTAB(lmp) + rsym->st_name); 242 243 /* 244 * Determine the last link-map of this list, this'll be the starting 245 * point for any tsort() processing. 246 */ 247 llmp = lml->lm_tail; 248 249 /* 250 * Find definition for symbol. Initialize the symbol lookup, and 251 * symbol result, data structures. 252 */ 253 SLOOKUP_INIT(sl, name, lmp, lml->lm_head, ld_entry_cnt, 0, 254 rsymndx, rsym, 0, LKUP_DEFT); 255 SRESULT_INIT(sr, name); 256 257 if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) { 258 eprintf(lml, ERR_FATAL, MSG_INTL(MSG_REL_NOSYM), NAME(lmp), 259 demangle(name)); 260 rtldexit(lml, 1); 261 } 262 263 name = (char *)sr.sr_name; 264 nlmp = sr.sr_dmap; 265 nsym = sr.sr_sym; 266 267 symval = nsym->st_value; 268 269 if (!(FLAGS(nlmp) & FLG_RT_FIXED) && 270 (nsym->st_shndx != SHN_ABS)) 271 symval += ADDR(nlmp); 272 if ((lmp != nlmp) && ((FLAGS1(nlmp) & FL1_RT_NOINIFIN) == 0)) { 273 /* 274 * Record that this new link map is now bound to the caller. 275 */ 276 if (bind_one(lmp, nlmp, BND_REFER) == 0) 277 rtldexit(lml, 1); 278 } 279 280 if ((lml->lm_tflags | AFLAGS(lmp) | AFLAGS(nlmp)) & 281 LML_TFLG_AUD_SYMBIND) { 282 uint_t symndx = (((uintptr_t)nsym - 283 (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); 284 symval = audit_symbind(lmp, nlmp, nsym, symndx, symval, 285 &sb_flags); 286 } 287 288 if (!(rtld_flags & RT_FL_NOBIND)) { 289 addr = rptr->r_offset; 290 if (!(FLAGS(lmp) & FLG_RT_FIXED)) 291 addr += ADDR(lmp); 292 if (((lml->lm_tflags | AFLAGS(lmp)) & 293 (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && 294 AUDINFO(lmp)->ai_dynplts) { 295 int fail = 0; 296 uint_t pltndx = reloff / sizeof (Rel); 297 uint_t symndx = (((uintptr_t)nsym - 298 (uintptr_t)SYMTAB(nlmp)) / SYMENT(nlmp)); 299 300 symval = (ulong_t)elf_plt_trace_write(addr, lmp, nlmp, 301 nsym, symndx, pltndx, (caddr_t)symval, sb_flags, 302 &fail); 303 if (fail) 304 rtldexit(lml, 1); 305 } else { 306 /* 307 * Write standard PLT entry to jump directly 308 * to newly bound function. 309 */ 310 *(ulong_t *)addr = symval; 311 } 312 } 313 314 /* 315 * Print binding information and rebuild PLT entry. 316 */ 317 DBG_CALL(Dbg_bind_global(lmp, (Addr)from, (Off)(from - ADDR(lmp)), 318 (Xword)(reloff / sizeof (Rel)), PLT_T_FULL, nlmp, (Addr)symval, 319 nsym->st_value, name, binfo)); 320 321 /* 322 * Complete any processing for newly loaded objects. Note we don't 323 * know exactly where any new objects are loaded (we know the object 324 * that supplied the symbol, but others may have been loaded lazily as 325 * we searched for the symbol), so sorting starts from the last 326 * link-map know on entry to this routine. 327 */ 328 if (entry) 329 load_completion(llmp); 330 331 /* 332 * Some operations like dldump() or dlopen()'ing a relocatable object 333 * result in objects being loaded on rtld's link-map, make sure these 334 * objects are initialized also. 335 */ 336 if ((LIST(nlmp)->lm_flags & LML_FLG_RTLDLM) && LIST(nlmp)->lm_init) 337 load_completion(nlmp); 338 339 /* 340 * Make sure the object to which we've bound has had it's .init fired. 341 * Cleanup before return to user code. 342 */ 343 if (entry) { 344 is_dep_init(nlmp, lmp); 345 leave(lml, 0); 346 } 347 348 if (lmflags & LML_FLG_RTLDLM) 349 dbg_desc->d_class = dbg_class; 350 351 return (symval); 352 } 353 354 /* 355 * Read and process the relocations for one link object, we assume all 356 * relocation sections for loadable segments are stored contiguously in 357 * the file. 358 */ 359 int 360 elf_reloc(Rt_map *lmp, uint_t plt, int *in_nfavl, APlist **textrel) 361 { 362 ulong_t relbgn, relend, relsiz, basebgn, pltbgn, pltend; 363 ulong_t _pltbgn, _pltend; 364 ulong_t dsymndx, roffset, rsymndx, psymndx = 0; 365 uchar_t rtype; 366 long value, pvalue; 367 Sym *symref, *psymref, *symdef, *psymdef; 368 Syminfo *sip; 369 char *name, *pname; 370 Rt_map *_lmp, *plmp; 371 int ret = 1, noplt = 0; 372 int relacount = RELACOUNT(lmp), plthint = 0; 373 Rel *rel; 374 uint_t binfo, pbinfo; 375 APlist *bound = NULL; 376 377 /* 378 * Although only necessary for lazy binding, initialize the first 379 * global offset entry to go to elf_rtbndr(). dbx(1) seems 380 * to find this useful. 381 */ 382 if ((plt == 0) && PLTGOT(lmp)) { 383 mmapobj_result_t *mpp; 384 385 /* 386 * Make sure the segment is writable. 387 */ 388 if ((((mpp = 389 find_segment((caddr_t)PLTGOT(lmp), lmp)) != NULL) && 390 ((mpp->mr_prot & PROT_WRITE) == 0)) && 391 ((set_prot(lmp, mpp, 1) == 0) || 392 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) 393 return (0); 394 395 elf_plt_init(PLTGOT(lmp), (caddr_t)lmp); 396 } 397 398 /* 399 * Initialize the plt start and end addresses. 400 */ 401 if ((pltbgn = (ulong_t)JMPREL(lmp)) != 0) 402 pltend = pltbgn + (ulong_t)(PLTRELSZ(lmp)); 403 404 relsiz = (ulong_t)(RELENT(lmp)); 405 basebgn = ADDR(lmp); 406 407 if (PLTRELSZ(lmp)) 408 plthint = PLTRELSZ(lmp) / relsiz; 409 410 /* 411 * If we've been called upon to promote an RTLD_LAZY object to an 412 * RTLD_NOW then we're only interested in scaning the .plt table. 413 * An uninitialized .plt is the case where the associated got entry 414 * points back to the plt itself. Determine the range of the real .plt 415 * entries using the _PROCEDURE_LINKAGE_TABLE_ symbol. 416 */ 417 if (plt) { 418 Slookup sl; 419 Sresult sr; 420 421 relbgn = pltbgn; 422 relend = pltend; 423 if (!relbgn || (relbgn == relend)) 424 return (1); 425 426 /* 427 * Initialize the symbol lookup, and symbol result, data 428 * structures. 429 */ 430 SLOOKUP_INIT(sl, MSG_ORIG(MSG_SYM_PLT), lmp, lmp, ld_entry_cnt, 431 elf_hash(MSG_ORIG(MSG_SYM_PLT)), 0, 0, 0, LKUP_DEFT); 432 SRESULT_INIT(sr, MSG_ORIG(MSG_SYM_PLT)); 433 434 if (elf_find_sym(&sl, &sr, &binfo, NULL) == 0) 435 return (1); 436 437 symdef = sr.sr_sym; 438 _pltbgn = symdef->st_value; 439 if (!(FLAGS(lmp) & FLG_RT_FIXED) && 440 (symdef->st_shndx != SHN_ABS)) 441 _pltbgn += basebgn; 442 _pltend = _pltbgn + (((PLTRELSZ(lmp) / relsiz)) * 443 M_PLT_ENTSIZE) + M_PLT_RESERVSZ; 444 445 } else { 446 /* 447 * The relocation sections appear to the run-time linker as a 448 * single table. Determine the address of the beginning and end 449 * of this table. There are two different interpretations of 450 * the ABI at this point: 451 * 452 * o The REL table and its associated RELSZ indicate the 453 * concatenation of *all* relocation sections (this is the 454 * model our link-editor constructs). 455 * 456 * o The REL table and its associated RELSZ indicate the 457 * concatenation of all *but* the .plt relocations. These 458 * relocations are specified individually by the JMPREL and 459 * PLTRELSZ entries. 460 * 461 * Determine from our knowledege of the relocation range and 462 * .plt range, the range of the total relocation table. Note 463 * that one other ABI assumption seems to be that the .plt 464 * relocations always follow any other relocations, the 465 * following range checking drops that assumption. 466 */ 467 relbgn = (ulong_t)(REL(lmp)); 468 relend = relbgn + (ulong_t)(RELSZ(lmp)); 469 if (pltbgn) { 470 if (!relbgn || (relbgn > pltbgn)) 471 relbgn = pltbgn; 472 if (!relbgn || (relend < pltend)) 473 relend = pltend; 474 } 475 } 476 if (!relbgn || (relbgn == relend)) { 477 DBG_CALL(Dbg_reloc_run(lmp, 0, plt, DBG_REL_NONE)); 478 return (1); 479 } 480 DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, plt, DBG_REL_START)); 481 482 /* 483 * If we're processing a dynamic executable in lazy mode there is no 484 * need to scan the .rel.plt table, however if we're processing a shared 485 * object in lazy mode the .got addresses associated to each .plt must 486 * be relocated to reflect the location of the shared object. 487 */ 488 if (pltbgn && ((MODE(lmp) & RTLD_NOW) == 0) && 489 (FLAGS(lmp) & FLG_RT_FIXED)) 490 noplt = 1; 491 492 sip = SYMINFO(lmp); 493 /* 494 * Loop through relocations. 495 */ 496 while (relbgn < relend) { 497 mmapobj_result_t *mpp; 498 uint_t sb_flags = 0; 499 500 rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); 501 502 /* 503 * If this is a RELATIVE relocation in a shared object (the 504 * common case), and if we are not debugging, then jump into a 505 * tighter relocation loop (elf_reloc_relative). 506 */ 507 if ((rtype == R_386_RELATIVE) && 508 ((FLAGS(lmp) & FLG_RT_FIXED) == 0) && (DBG_ENABLED == 0)) { 509 if (relacount) { 510 relbgn = elf_reloc_relative_count(relbgn, 511 relacount, relsiz, basebgn, lmp, 512 textrel, 0); 513 relacount = 0; 514 } else { 515 relbgn = elf_reloc_relative(relbgn, relend, 516 relsiz, basebgn, lmp, textrel, 0); 517 } 518 if (relbgn >= relend) 519 break; 520 rtype = ELF_R_TYPE(((Rel *)relbgn)->r_info, M_MACH); 521 } 522 523 roffset = ((Rel *)relbgn)->r_offset; 524 525 /* 526 * If this is a shared object, add the base address to offset. 527 */ 528 if (!(FLAGS(lmp) & FLG_RT_FIXED)) { 529 /* 530 * If we're processing lazy bindings, we have to step 531 * through the plt entries and add the base address 532 * to the corresponding got entry. 533 */ 534 if (plthint && (plt == 0) && 535 (rtype == R_386_JMP_SLOT) && 536 ((MODE(lmp) & RTLD_NOW) == 0)) { 537 relbgn = elf_reloc_relative_count(relbgn, 538 plthint, relsiz, basebgn, lmp, textrel, 0); 539 plthint = 0; 540 continue; 541 } 542 roffset += basebgn; 543 } 544 545 rsymndx = ELF_R_SYM(((Rel *)relbgn)->r_info); 546 rel = (Rel *)relbgn; 547 relbgn += relsiz; 548 549 /* 550 * Optimizations. 551 */ 552 if (rtype == R_386_NONE) 553 continue; 554 if (noplt && ((ulong_t)rel >= pltbgn) && 555 ((ulong_t)rel < pltend)) { 556 relbgn = pltend; 557 continue; 558 } 559 560 /* 561 * If we're promoting plts, determine if this one has already 562 * been written. 563 */ 564 if (plt && ((*(ulong_t *)roffset < _pltbgn) || 565 (*(ulong_t *)roffset > _pltend))) 566 continue; 567 568 /* 569 * If this relocation is not against part of the image 570 * mapped into memory we skip it. 571 */ 572 if ((mpp = find_segment((caddr_t)roffset, lmp)) == NULL) { 573 elf_reloc_bad(lmp, (void *)rel, rtype, roffset, 574 rsymndx); 575 continue; 576 } 577 578 binfo = 0; 579 /* 580 * If a symbol index is specified then get the symbol table 581 * entry, locate the symbol definition, and determine its 582 * address. 583 */ 584 if (rsymndx) { 585 /* 586 * If a Syminfo section is provided, determine if this 587 * symbol is deferred, and if so, skip this relocation. 588 */ 589 if (sip && is_sym_deferred((ulong_t)rel, basebgn, lmp, 590 textrel, sip, rsymndx)) 591 continue; 592 593 /* 594 * Get the local symbol table entry. 595 */ 596 symref = (Sym *)((ulong_t)SYMTAB(lmp) + 597 (rsymndx * SYMENT(lmp))); 598 599 /* 600 * If this is a local symbol, just use the base address. 601 * (we should have no local relocations in the 602 * executable). 603 */ 604 if (ELF_ST_BIND(symref->st_info) == STB_LOCAL) { 605 value = basebgn; 606 name = NULL; 607 608 /* 609 * Special case TLS relocations. 610 */ 611 if (rtype == R_386_TLS_DTPMOD32) { 612 /* 613 * Use the TLS modid. 614 */ 615 value = TLSMODID(lmp); 616 617 } else if (rtype == R_386_TLS_TPOFF) { 618 if ((value = elf_static_tls(lmp, symref, 619 rel, rtype, 0, roffset, 0)) == 0) { 620 ret = 0; 621 break; 622 } 623 } 624 } else { 625 /* 626 * If the symbol index is equal to the previous 627 * symbol index relocation we processed then 628 * reuse the previous values. (Note that there 629 * have been cases where a relocation exists 630 * against a copy relocation symbol, our ld(1) 631 * should optimize this away, but make sure we 632 * don't use the same symbol information should 633 * this case exist). 634 */ 635 if ((rsymndx == psymndx) && 636 (rtype != R_386_COPY)) { 637 /* LINTED */ 638 if (psymdef == 0) { 639 DBG_CALL(Dbg_bind_weak(lmp, 640 (Addr)roffset, (Addr) 641 (roffset - basebgn), name)); 642 continue; 643 } 644 /* LINTED */ 645 value = pvalue; 646 /* LINTED */ 647 name = pname; 648 /* LINTED */ 649 symdef = psymdef; 650 /* LINTED */ 651 symref = psymref; 652 /* LINTED */ 653 _lmp = plmp; 654 /* LINTED */ 655 binfo = pbinfo; 656 657 if ((LIST(_lmp)->lm_tflags | 658 AFLAGS(_lmp)) & 659 LML_TFLG_AUD_SYMBIND) { 660 value = audit_symbind(lmp, _lmp, 661 /* LINTED */ 662 symdef, dsymndx, value, 663 &sb_flags); 664 } 665 } else { 666 Slookup sl; 667 Sresult sr; 668 669 /* 670 * Lookup the symbol definition. 671 * Initialize the symbol lookup, and 672 * symbol result, data structures. 673 */ 674 name = (char *)(STRTAB(lmp) + 675 symref->st_name); 676 677 SLOOKUP_INIT(sl, name, lmp, 0, 678 ld_entry_cnt, 0, rsymndx, symref, 679 rtype, LKUP_STDRELOC); 680 SRESULT_INIT(sr, name); 681 symdef = NULL; 682 683 if (lookup_sym(&sl, &sr, &binfo, 684 in_nfavl)) { 685 name = (char *)sr.sr_name; 686 _lmp = sr.sr_dmap; 687 symdef = sr.sr_sym; 688 } 689 690 /* 691 * If the symbol is not found and the 692 * reference was not to a weak symbol, 693 * report an error. Weak references 694 * may be unresolved. 695 */ 696 /* BEGIN CSTYLED */ 697 if (symdef == 0) { 698 if (sl.sl_bind != STB_WEAK) { 699 if (elf_reloc_error(lmp, name, 700 rel, binfo)) 701 continue; 702 703 ret = 0; 704 break; 705 706 } else { 707 psymndx = rsymndx; 708 psymdef = 0; 709 710 DBG_CALL(Dbg_bind_weak(lmp, 711 (Addr)roffset, (Addr) 712 (roffset - basebgn), name)); 713 continue; 714 } 715 } 716 /* END CSTYLED */ 717 718 /* 719 * If symbol was found in an object 720 * other than the referencing object 721 * then record the binding. 722 */ 723 if ((lmp != _lmp) && ((FLAGS1(_lmp) & 724 FL1_RT_NOINIFIN) == 0)) { 725 if (aplist_test(&bound, _lmp, 726 AL_CNT_RELBIND) == 0) { 727 ret = 0; 728 break; 729 } 730 } 731 732 /* 733 * Calculate the location of definition; 734 * symbol value plus base address of 735 * containing shared object. 736 */ 737 if (IS_SIZE(rtype)) 738 value = symdef->st_size; 739 else 740 value = symdef->st_value; 741 742 if (!(FLAGS(_lmp) & FLG_RT_FIXED) && 743 !(IS_SIZE(rtype)) && 744 (symdef->st_shndx != SHN_ABS) && 745 (ELF_ST_TYPE(symdef->st_info) != 746 STT_TLS)) 747 value += ADDR(_lmp); 748 749 /* 750 * Retain this symbol index and the 751 * value in case it can be used for the 752 * subsequent relocations. 753 */ 754 if (rtype != R_386_COPY) { 755 psymndx = rsymndx; 756 pvalue = value; 757 pname = name; 758 psymdef = symdef; 759 psymref = symref; 760 plmp = _lmp; 761 pbinfo = binfo; 762 } 763 if ((LIST(_lmp)->lm_tflags | 764 AFLAGS(_lmp)) & 765 LML_TFLG_AUD_SYMBIND) { 766 dsymndx = (((uintptr_t)symdef - 767 (uintptr_t)SYMTAB(_lmp)) / 768 SYMENT(_lmp)); 769 value = audit_symbind(lmp, _lmp, 770 symdef, dsymndx, value, 771 &sb_flags); 772 } 773 } 774 775 /* 776 * If relocation is PC-relative, subtract 777 * offset address. 778 */ 779 if (IS_PC_RELATIVE(rtype)) 780 value -= roffset; 781 782 /* 783 * Special case TLS relocations. 784 */ 785 if (rtype == R_386_TLS_DTPMOD32) { 786 /* 787 * Relocation value is the TLS modid. 788 */ 789 value = TLSMODID(_lmp); 790 791 } else if (rtype == R_386_TLS_TPOFF) { 792 if ((value = elf_static_tls(_lmp, 793 symdef, rel, rtype, name, roffset, 794 value)) == 0) { 795 ret = 0; 796 break; 797 } 798 } 799 } 800 } else { 801 /* 802 * Special cases. 803 */ 804 if (rtype == R_386_TLS_DTPMOD32) { 805 /* 806 * TLS relocation value is the TLS modid. 807 */ 808 value = TLSMODID(lmp); 809 } else 810 value = basebgn; 811 812 name = NULL; 813 } 814 815 DBG_CALL(Dbg_reloc_in(LIST(lmp), ELF_DBG_RTLD, M_MACH, 816 M_REL_SHT_TYPE, rel, NULL, 0, name)); 817 818 /* 819 * Make sure the segment is writable. 820 */ 821 if (((mpp->mr_prot & PROT_WRITE) == 0) && 822 ((set_prot(lmp, mpp, 1) == 0) || 823 (aplist_append(textrel, mpp, AL_CNT_TEXTREL) == NULL))) { 824 ret = 0; 825 break; 826 } 827 828 /* 829 * Call relocation routine to perform required relocation. 830 */ 831 switch (rtype) { 832 case R_386_COPY: 833 if (elf_copy_reloc(name, symref, lmp, (void *)roffset, 834 symdef, _lmp, (const void *)value) == 0) 835 ret = 0; 836 break; 837 case R_386_JMP_SLOT: 838 if (((LIST(lmp)->lm_tflags | AFLAGS(lmp)) & 839 (LML_TFLG_AUD_PLTENTER | LML_TFLG_AUD_PLTEXIT)) && 840 AUDINFO(lmp)->ai_dynplts) { 841 int fail = 0; 842 int pltndx = (((ulong_t)rel - 843 (uintptr_t)JMPREL(lmp)) / relsiz); 844 int symndx = (((uintptr_t)symdef - 845 (uintptr_t)SYMTAB(_lmp)) / SYMENT(_lmp)); 846 847 (void) elf_plt_trace_write(roffset, lmp, _lmp, 848 symdef, symndx, pltndx, (caddr_t)value, 849 sb_flags, &fail); 850 if (fail) 851 ret = 0; 852 } else { 853 /* 854 * Write standard PLT entry to jump directly 855 * to newly bound function. 856 */ 857 DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), 858 ELF_DBG_RTLD, (Xword)roffset, 859 (Xword)value)); 860 *(ulong_t *)roffset = value; 861 } 862 break; 863 default: 864 /* 865 * Write the relocation out. 866 */ 867 if (do_reloc_rtld(rtype, (uchar_t *)roffset, 868 (Word *)&value, name, NAME(lmp), LIST(lmp)) == 0) 869 ret = 0; 870 871 DBG_CALL(Dbg_reloc_apply_val(LIST(lmp), ELF_DBG_RTLD, 872 (Xword)roffset, (Xword)value)); 873 } 874 875 if ((ret == 0) && 876 ((LIST(lmp)->lm_flags & LML_FLG_TRC_WARN) == 0)) 877 break; 878 879 if (binfo) { 880 DBG_CALL(Dbg_bind_global(lmp, (Addr)roffset, 881 (Off)(roffset - basebgn), (Xword)(-1), PLT_T_FULL, 882 _lmp, (Addr)value, symdef->st_value, name, binfo)); 883 } 884 } 885 886 return (relocate_finish(lmp, bound, ret)); 887 } 888 889 /* 890 * Initialize the first few got entries so that function calls go to 891 * elf_rtbndr: 892 * 893 * GOT[GOT_XLINKMAP] = the address of the link map 894 * GOT[GOT_XRTLD] = the address of rtbinder 895 */ 896 void 897 elf_plt_init(void *got, caddr_t l) 898 { 899 uint_t *_got; 900 /* LINTED */ 901 Rt_map *lmp = (Rt_map *)l; 902 903 _got = (uint_t *)got + M_GOT_XLINKMAP; 904 *_got = (uint_t)lmp; 905 _got = (uint_t *)got + M_GOT_XRTLD; 906 *_got = (uint_t)elf_rtbndr; 907 } 908 909 /* 910 * For SVR4 Intel compatability. USL uses /usr/lib/libc.so.1 as the run-time 911 * linker, so the interpreter's address will differ from /usr/lib/ld.so.1. 912 * Further, USL has special _iob[] and _ctype[] processing that makes up for the 913 * fact that these arrays do not have associated copy relocations. So we try 914 * and make up for that here. Any relocations found will be added to the global 915 * copy relocation list and will be processed in setup(). 916 */ 917 static int 918 _elf_copy_reloc(const char *name, Rt_map *rlmp, Rt_map *dlmp) 919 { 920 Sym *symref, *symdef; 921 caddr_t ref, def; 922 Rt_map *_lmp; 923 Rel rel; 924 Slookup sl; 925 Sresult sr; 926 uint_t binfo; 927 928 /* 929 * Determine if the special symbol exists as a reference in the dynamic 930 * executable, and that an associated definition exists in libc.so.1. 931 * 932 * Initialize the symbol lookup, and symbol result, data structures. 933 */ 934 SLOOKUP_INIT(sl, name, rlmp, rlmp, ld_entry_cnt, 0, 0, 0, 0, 935 LKUP_FIRST); 936 SRESULT_INIT(sr, name); 937 938 if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) 939 return (1); 940 symref = sr.sr_sym; 941 942 SLOOKUP_INIT(sl, name, rlmp, dlmp, ld_entry_cnt, 0, 0, 0, 0, 943 LKUP_DEFT); 944 SRESULT_INIT(sr, name); 945 946 if (lookup_sym(&sl, &sr, &binfo, NULL) == 0) 947 return (1); 948 949 _lmp = sr.sr_dmap; 950 symdef = sr.sr_sym; 951 952 if (strcmp(NAME(sr.sr_dmap), MSG_ORIG(MSG_PTH_LIBC))) 953 return (1); 954 955 /* 956 * Determine the reference and definition addresses. 957 */ 958 ref = (void *)(symref->st_value); 959 if (!(FLAGS(rlmp) & FLG_RT_FIXED)) 960 ref += ADDR(rlmp); 961 def = (void *)(symdef->st_value); 962 if (!(FLAGS(sr.sr_dmap) & FLG_RT_FIXED)) 963 def += ADDR(_lmp); 964 965 /* 966 * Set up a relocation entry for debugging and call the generic copy 967 * relocation function to provide symbol size error checking and to 968 * record the copy relocation that must be performed. 969 */ 970 rel.r_offset = (Addr)ref; 971 rel.r_info = (Word)R_386_COPY; 972 DBG_CALL(Dbg_reloc_in(LIST(rlmp), ELF_DBG_RTLD, M_MACH, M_REL_SHT_TYPE, 973 &rel, NULL, 0, name)); 974 975 return (elf_copy_reloc((char *)name, symref, rlmp, (void *)ref, symdef, 976 _lmp, (void *)def)); 977 } 978 979 int 980 elf_copy_gen(Rt_map *lmp) 981 { 982 if (interp && ((ulong_t)interp->i_faddr != 983 r_debug.rtd_rdebug.r_ldbase) && 984 !(strcmp(interp->i_name, MSG_ORIG(MSG_PTH_LIBC)))) { 985 986 DBG_CALL(Dbg_reloc_run(lmp, M_REL_SHT_TYPE, 0, 987 DBG_REL_START)); 988 989 if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_CTYPE), lmp, 990 (Rt_map *)NEXT(lmp)) == 0) 991 return (0); 992 if (_elf_copy_reloc(MSG_ORIG(MSG_SYM_IOB), lmp, 993 (Rt_map *)NEXT(lmp)) == 0) 994 return (0); 995 } 996 return (1); 997 } 998 999 /* 1000 * Plt writing interface to allow debugging initialization to be generic. 1001 */ 1002 Pltbindtype 1003 /* ARGSUSED1 */ 1004 elf_plt_write(uintptr_t addr, uintptr_t vaddr, void *rptr, uintptr_t symval, 1005 Xword pltndx) 1006 { 1007 Rel *rel = (Rel*)rptr; 1008 uintptr_t pltaddr; 1009 1010 pltaddr = addr + rel->r_offset; 1011 *(ulong_t *)pltaddr = (ulong_t)symval; 1012 DBG_CALL(pltcntfull++); 1013 return (PLT_T_FULL); 1014 } 1015 1016 /* 1017 * Provide a machine specific interface to the conversion routine. By calling 1018 * the machine specific version, rather than the generic version, we insure that 1019 * the data tables/strings for all known machine versions aren't dragged into 1020 * ld.so.1. 1021 */ 1022 const char * 1023 _conv_reloc_type(uint_t rel) 1024 { 1025 static Conv_inv_buf_t inv_buf; 1026 1027 return (conv_reloc_386_type(rel, 0, &inv_buf)); 1028 }