mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-23 21:40:12 +00:00
e751d28209
2005-09-20 Roland McGrath <roland@redhat.com> [BZ #1346] * elf/dl-load.c (_dl_map_object_from_fd) [HAVE_Z_RELRO]: Do relro magic on __stack_prot only if [SHARED]. Skip mprotect if __stack_prot lies outside the page-rounded-down relro region.
2266 lines
64 KiB
C
2266 lines
64 KiB
C
/* Map in a shared object's segments from the file.
|
||
Copyright (C) 1995-2002, 2003, 2004, 2005 Free Software Foundation, Inc.
|
||
This file is part of the GNU C Library.
|
||
|
||
The GNU C Library is free software; you can redistribute it and/or
|
||
modify it under the terms of the GNU Lesser General Public
|
||
License as published by the Free Software Foundation; either
|
||
version 2.1 of the License, or (at your option) any later version.
|
||
|
||
The GNU C Library is distributed in the hope that it will be useful,
|
||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
Lesser General Public License for more details.
|
||
|
||
You should have received a copy of the GNU Lesser General Public
|
||
License along with the GNU C Library; if not, write to the Free
|
||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||
02111-1307 USA. */
|
||
|
||
#include <elf.h>
|
||
#include <errno.h>
|
||
#include <fcntl.h>
|
||
#include <libintl.h>
|
||
#include <stdbool.h>
|
||
#include <stdlib.h>
|
||
#include <string.h>
|
||
#include <unistd.h>
|
||
#include <ldsodefs.h>
|
||
#include <bits/wordsize.h>
|
||
#include <sys/mman.h>
|
||
#include <sys/param.h>
|
||
#include <sys/stat.h>
|
||
#include <sys/types.h>
|
||
#include "dynamic-link.h"
|
||
#include <abi-tag.h>
|
||
#include <stackinfo.h>
|
||
#include <caller.h>
|
||
#include <sysdep.h>
|
||
|
||
#include <dl-dst.h>
|
||
|
||
/* On some systems, no flag bits are given to specify file mapping. */
|
||
#ifndef MAP_FILE
|
||
# define MAP_FILE 0
|
||
#endif
|
||
|
||
/* The right way to map in the shared library files is MAP_COPY, which
|
||
makes a virtual copy of the data at the time of the mmap call; this
|
||
guarantees the mapped pages will be consistent even if the file is
|
||
overwritten. Some losing VM systems like Linux's lack MAP_COPY. All we
|
||
get is MAP_PRIVATE, which copies each page when it is modified; this
|
||
means if the file is overwritten, we may at some point get some pages
|
||
from the new version after starting with pages from the old version. */
|
||
#ifndef MAP_COPY
|
||
# define MAP_COPY MAP_PRIVATE
|
||
#endif
|
||
|
||
/* We want to prevent people from modifying DSOs which are currently in
|
||
use. This is what MAP_DENYWRITE is for. */
|
||
#ifndef MAP_DENYWRITE
|
||
# define MAP_DENYWRITE 0
|
||
#endif
|
||
|
||
/* Some systems link their relocatable objects for another base address
|
||
than 0. We want to know the base address for these such that we can
|
||
subtract this address from the segment addresses during mapping.
|
||
This results in a more efficient address space usage. Defaults to
|
||
zero for almost all systems. */
|
||
#ifndef MAP_BASE_ADDR
|
||
# define MAP_BASE_ADDR(l) 0
|
||
#endif
|
||
|
||
|
||
#include <endian.h>
|
||
#if BYTE_ORDER == BIG_ENDIAN
|
||
# define byteorder ELFDATA2MSB
|
||
#elif BYTE_ORDER == LITTLE_ENDIAN
|
||
# define byteorder ELFDATA2LSB
|
||
#else
|
||
# error "Unknown BYTE_ORDER " BYTE_ORDER
|
||
# define byteorder ELFDATANONE
|
||
#endif
|
||
|
||
#define STRING(x) __STRING (x)
|
||
|
||
#ifdef MAP_ANON
|
||
/* The fd is not examined when using MAP_ANON. */
|
||
# define ANONFD -1
|
||
#else
|
||
int _dl_zerofd = -1;
|
||
# define ANONFD _dl_zerofd
|
||
#endif
|
||
|
||
/* Handle situations where we have a preferred location in memory for
|
||
the shared objects. */
|
||
#ifdef ELF_PREFERRED_ADDRESS_DATA
|
||
ELF_PREFERRED_ADDRESS_DATA;
|
||
#endif
|
||
#ifndef ELF_PREFERRED_ADDRESS
|
||
# define ELF_PREFERRED_ADDRESS(loader, maplength, mapstartpref) (mapstartpref)
|
||
#endif
|
||
#ifndef ELF_FIXED_ADDRESS
|
||
# define ELF_FIXED_ADDRESS(loader, mapstart) ((void) 0)
|
||
#endif
|
||
|
||
|
||
int __stack_prot attribute_hidden attribute_relro
|
||
#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
|
||
= PROT_GROWSDOWN;
|
||
#elif _STACK_GROWS_UP && defined PROT_GROWSUP
|
||
= PROT_GROWSUP;
|
||
#else
|
||
= 0;
|
||
#endif
|
||
|
||
|
||
/* Type for the buffer we put the ELF header and hopefully the program
|
||
header. This buffer does not really have to be too large. In most
|
||
cases the program header follows the ELF header directly. If this
|
||
is not the case all bets are off and we can make the header
|
||
arbitrarily large and still won't get it read. This means the only
|
||
question is how large are the ELF and program header combined. The
|
||
ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
|
||
bytes long. Each program header entry is again 32 and 56 bytes
|
||
long respectively. I.e., even with a file which has 10 program
|
||
header entries we only have to read 372B/624B respectively. Add to
|
||
this a bit of margin for program notes and reading 512B and 832B
|
||
for 32-bit and 64-bit files respecitvely is enough. If this
|
||
heuristic should really fail for some file the code in
|
||
`_dl_map_object_from_fd' knows how to recover. */
|
||
struct filebuf
|
||
{
|
||
ssize_t len;
|
||
#if __WORDSIZE == 32
|
||
# define FILEBUF_SIZE 512
|
||
#else
|
||
# define FILEBUF_SIZE 832
|
||
#endif
|
||
char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
|
||
};
|
||
|
||
/* This is the decomposed LD_LIBRARY_PATH search path. */
|
||
static struct r_search_path_struct env_path_list attribute_relro;
|
||
|
||
/* List of the hardware capabilities we might end up using. */
|
||
static const struct r_strlenpair *capstr attribute_relro;
|
||
static size_t ncapstr attribute_relro;
|
||
static size_t max_capstrlen attribute_relro;
|
||
|
||
|
||
/* Get the generated information about the trusted directories. */
|
||
#include "trusted-dirs.h"
|
||
|
||
static const char system_dirs[] = SYSTEM_DIRS;
|
||
static const size_t system_dirs_len[] =
|
||
{
|
||
SYSTEM_DIRS_LEN
|
||
};
|
||
#define nsystem_dirs_len \
|
||
(sizeof (system_dirs_len) / sizeof (system_dirs_len[0]))
|
||
|
||
|
||
/* Local version of `strdup' function. */
|
||
static inline char *
|
||
local_strdup (const char *s)
|
||
{
|
||
size_t len = strlen (s) + 1;
|
||
void *new = malloc (len);
|
||
|
||
if (new == NULL)
|
||
return NULL;
|
||
|
||
return (char *) memcpy (new, s, len);
|
||
}
|
||
|
||
|
||
static size_t
|
||
is_dst (const char *start, const char *name, const char *str,
|
||
int is_path, int secure)
|
||
{
|
||
size_t len;
|
||
bool is_curly = false;
|
||
|
||
if (name[0] == '{')
|
||
{
|
||
is_curly = true;
|
||
++name;
|
||
}
|
||
|
||
len = 0;
|
||
while (name[len] == str[len] && name[len] != '\0')
|
||
++len;
|
||
|
||
if (is_curly)
|
||
{
|
||
if (name[len] != '}')
|
||
return 0;
|
||
|
||
/* Point again at the beginning of the name. */
|
||
--name;
|
||
/* Skip over closing curly brace and adjust for the --name. */
|
||
len += 2;
|
||
}
|
||
else if (name[len] != '\0' && name[len] != '/'
|
||
&& (!is_path || name[len] != ':'))
|
||
return 0;
|
||
|
||
if (__builtin_expect (secure, 0)
|
||
&& ((name[len] != '\0' && (!is_path || name[len] != ':'))
|
||
|| (name != start + 1 && (!is_path || name[-2] != ':'))))
|
||
return 0;
|
||
|
||
return len;
|
||
}
|
||
|
||
|
||
size_t
|
||
_dl_dst_count (const char *name, int is_path)
|
||
{
|
||
const char *const start = name;
|
||
size_t cnt = 0;
|
||
|
||
do
|
||
{
|
||
size_t len;
|
||
|
||
/* $ORIGIN is not expanded for SUID/GUID programs (except if it
|
||
is $ORIGIN alone) and it must always appear first in path. */
|
||
++name;
|
||
if ((len = is_dst (start, name, "ORIGIN", is_path,
|
||
INTUSE(__libc_enable_secure))) != 0
|
||
|| (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
|
||
|| (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
|
||
++cnt;
|
||
|
||
name = strchr (name + len, '$');
|
||
}
|
||
while (name != NULL);
|
||
|
||
return cnt;
|
||
}
|
||
|
||
|
||
char *
|
||
_dl_dst_substitute (struct link_map *l, const char *name, char *result,
|
||
int is_path)
|
||
{
|
||
const char *const start = name;
|
||
char *last_elem, *wp;
|
||
|
||
/* Now fill the result path. While copying over the string we keep
|
||
track of the start of the last path element. When we come accross
|
||
a DST we copy over the value or (if the value is not available)
|
||
leave the entire path element out. */
|
||
last_elem = wp = result;
|
||
|
||
do
|
||
{
|
||
if (__builtin_expect (*name == '$', 0))
|
||
{
|
||
const char *repl = NULL;
|
||
size_t len;
|
||
|
||
++name;
|
||
if ((len = is_dst (start, name, "ORIGIN", is_path,
|
||
INTUSE(__libc_enable_secure))) != 0)
|
||
repl = l->l_origin;
|
||
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
|
||
repl = GLRO(dl_platform);
|
||
else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
|
||
repl = DL_DST_LIB;
|
||
|
||
if (repl != NULL && repl != (const char *) -1)
|
||
{
|
||
wp = __stpcpy (wp, repl);
|
||
name += len;
|
||
}
|
||
else if (len > 1)
|
||
{
|
||
/* We cannot use this path element, the value of the
|
||
replacement is unknown. */
|
||
wp = last_elem;
|
||
name += len;
|
||
while (*name != '\0' && (!is_path || *name != ':'))
|
||
++name;
|
||
}
|
||
else
|
||
/* No DST we recognize. */
|
||
*wp++ = '$';
|
||
}
|
||
else
|
||
{
|
||
*wp++ = *name++;
|
||
if (is_path && *name == ':')
|
||
last_elem = wp;
|
||
}
|
||
}
|
||
while (*name != '\0');
|
||
|
||
*wp = '\0';
|
||
|
||
return result;
|
||
}
|
||
|
||
|
||
/* Return copy of argument with all recognized dynamic string tokens
|
||
($ORIGIN and $PLATFORM for now) replaced. On some platforms it
|
||
might not be possible to determine the path from which the object
|
||
belonging to the map is loaded. In this case the path element
|
||
containing $ORIGIN is left out. */
|
||
static char *
|
||
expand_dynamic_string_token (struct link_map *l, const char *s)
|
||
{
|
||
/* We make two runs over the string. First we determine how large the
|
||
resulting string is and then we copy it over. Since this is now
|
||
frequently executed operation we are looking here not for performance
|
||
but rather for code size. */
|
||
size_t cnt;
|
||
size_t total;
|
||
char *result;
|
||
|
||
/* Determine the number of DST elements. */
|
||
cnt = DL_DST_COUNT (s, 1);
|
||
|
||
/* If we do not have to replace anything simply copy the string. */
|
||
if (__builtin_expect (cnt, 0) == 0)
|
||
return local_strdup (s);
|
||
|
||
/* Determine the length of the substituted string. */
|
||
total = DL_DST_REQUIRED (l, s, strlen (s), cnt);
|
||
|
||
/* Allocate the necessary memory. */
|
||
result = (char *) malloc (total + 1);
|
||
if (result == NULL)
|
||
return NULL;
|
||
|
||
return _dl_dst_substitute (l, s, result, 1);
|
||
}
|
||
|
||
|
||
/* Add `name' to the list of names for a particular shared object.
|
||
`name' is expected to have been allocated with malloc and will
|
||
be freed if the shared object already has this name.
|
||
Returns false if the object already had this name. */
|
||
static void
|
||
internal_function
|
||
add_name_to_object (struct link_map *l, const char *name)
|
||
{
|
||
struct libname_list *lnp, *lastp;
|
||
struct libname_list *newname;
|
||
size_t name_len;
|
||
|
||
lastp = NULL;
|
||
for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
|
||
if (strcmp (name, lnp->name) == 0)
|
||
return;
|
||
|
||
name_len = strlen (name) + 1;
|
||
newname = (struct libname_list *) malloc (sizeof *newname + name_len);
|
||
if (newname == NULL)
|
||
{
|
||
/* No more memory. */
|
||
_dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
|
||
return;
|
||
}
|
||
/* The object should have a libname set from _dl_new_object. */
|
||
assert (lastp != NULL);
|
||
|
||
newname->name = memcpy (newname + 1, name, name_len);
|
||
newname->next = NULL;
|
||
newname->dont_free = 0;
|
||
lastp->next = newname;
|
||
}
|
||
|
||
/* Standard search directories. */
|
||
static struct r_search_path_struct rtld_search_dirs attribute_relro;
|
||
|
||
static size_t max_dirnamelen;
|
||
|
||
static struct r_search_path_elem **
|
||
fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
|
||
int check_trusted, const char *what, const char *where)
|
||
{
|
||
char *cp;
|
||
size_t nelems = 0;
|
||
|
||
while ((cp = __strsep (&rpath, sep)) != NULL)
|
||
{
|
||
struct r_search_path_elem *dirp;
|
||
size_t len = strlen (cp);
|
||
|
||
/* `strsep' can pass an empty string. This has to be
|
||
interpreted as `use the current directory'. */
|
||
if (len == 0)
|
||
{
|
||
static const char curwd[] = "./";
|
||
cp = (char *) curwd;
|
||
}
|
||
|
||
/* Remove trailing slashes (except for "/"). */
|
||
while (len > 1 && cp[len - 1] == '/')
|
||
--len;
|
||
|
||
/* Now add one if there is none so far. */
|
||
if (len > 0 && cp[len - 1] != '/')
|
||
cp[len++] = '/';
|
||
|
||
/* Make sure we don't use untrusted directories if we run SUID. */
|
||
if (__builtin_expect (check_trusted, 0))
|
||
{
|
||
const char *trun = system_dirs;
|
||
size_t idx;
|
||
int unsecure = 1;
|
||
|
||
/* All trusted directories must be complete names. */
|
||
if (cp[0] == '/')
|
||
{
|
||
for (idx = 0; idx < nsystem_dirs_len; ++idx)
|
||
{
|
||
if (len == system_dirs_len[idx]
|
||
&& memcmp (trun, cp, len) == 0)
|
||
{
|
||
/* Found it. */
|
||
unsecure = 0;
|
||
break;
|
||
}
|
||
|
||
trun += system_dirs_len[idx] + 1;
|
||
}
|
||
}
|
||
|
||
if (unsecure)
|
||
/* Simply drop this directory. */
|
||
continue;
|
||
}
|
||
|
||
/* See if this directory is already known. */
|
||
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
|
||
if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
|
||
break;
|
||
|
||
if (dirp != NULL)
|
||
{
|
||
/* It is available, see whether it's on our own list. */
|
||
size_t cnt;
|
||
for (cnt = 0; cnt < nelems; ++cnt)
|
||
if (result[cnt] == dirp)
|
||
break;
|
||
|
||
if (cnt == nelems)
|
||
result[nelems++] = dirp;
|
||
}
|
||
else
|
||
{
|
||
size_t cnt;
|
||
enum r_dir_status init_val;
|
||
size_t where_len = where ? strlen (where) + 1 : 0;
|
||
|
||
/* It's a new directory. Create an entry and add it. */
|
||
dirp = (struct r_search_path_elem *)
|
||
malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
|
||
+ where_len + len + 1);
|
||
if (dirp == NULL)
|
||
_dl_signal_error (ENOMEM, NULL, NULL,
|
||
N_("cannot create cache for search path"));
|
||
|
||
dirp->dirname = ((char *) dirp + sizeof (*dirp)
|
||
+ ncapstr * sizeof (enum r_dir_status));
|
||
*((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
|
||
dirp->dirnamelen = len;
|
||
|
||
if (len > max_dirnamelen)
|
||
max_dirnamelen = len;
|
||
|
||
/* We have to make sure all the relative directories are
|
||
never ignored. The current directory might change and
|
||
all our saved information would be void. */
|
||
init_val = cp[0] != '/' ? existing : unknown;
|
||
for (cnt = 0; cnt < ncapstr; ++cnt)
|
||
dirp->status[cnt] = init_val;
|
||
|
||
dirp->what = what;
|
||
if (__builtin_expect (where != NULL, 1))
|
||
dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
|
||
+ (ncapstr * sizeof (enum r_dir_status)),
|
||
where, where_len);
|
||
else
|
||
dirp->where = NULL;
|
||
|
||
dirp->next = GL(dl_all_dirs);
|
||
GL(dl_all_dirs) = dirp;
|
||
|
||
/* Put it in the result array. */
|
||
result[nelems++] = dirp;
|
||
}
|
||
}
|
||
|
||
/* Terminate the array. */
|
||
result[nelems] = NULL;
|
||
|
||
return result;
|
||
}
|
||
|
||
|
||
static void
|
||
internal_function
|
||
decompose_rpath (struct r_search_path_struct *sps,
|
||
const char *rpath, struct link_map *l, const char *what)
|
||
{
|
||
/* Make a copy we can work with. */
|
||
const char *where = l->l_name;
|
||
char *copy;
|
||
char *cp;
|
||
struct r_search_path_elem **result;
|
||
size_t nelems;
|
||
/* Initialize to please the compiler. */
|
||
const char *errstring = NULL;
|
||
|
||
/* First see whether we must forget the RUNPATH and RPATH from this
|
||
object. */
|
||
if (__builtin_expect (GLRO(dl_inhibit_rpath) != NULL, 0)
|
||
&& !INTUSE(__libc_enable_secure))
|
||
{
|
||
const char *inhp = GLRO(dl_inhibit_rpath);
|
||
|
||
do
|
||
{
|
||
const char *wp = where;
|
||
|
||
while (*inhp == *wp && *wp != '\0')
|
||
{
|
||
++inhp;
|
||
++wp;
|
||
}
|
||
|
||
if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
|
||
{
|
||
/* This object is on the list of objects for which the
|
||
RUNPATH and RPATH must not be used. */
|
||
result = calloc (1, sizeof *result);
|
||
if (result == NULL)
|
||
{
|
||
signal_error_cache:
|
||
errstring = N_("cannot create cache for search path");
|
||
signal_error:
|
||
_dl_signal_error (ENOMEM, NULL, NULL, errstring);
|
||
}
|
||
|
||
sps->dirs = result;
|
||
sps->malloced = 1;
|
||
|
||
return;
|
||
}
|
||
|
||
while (*inhp != '\0')
|
||
if (*inhp++ == ':')
|
||
break;
|
||
}
|
||
while (*inhp != '\0');
|
||
}
|
||
|
||
/* Make a writable copy. At the same time expand possible dynamic
|
||
string tokens. */
|
||
copy = expand_dynamic_string_token (l, rpath);
|
||
if (copy == NULL)
|
||
{
|
||
errstring = N_("cannot create RUNPATH/RPATH copy");
|
||
goto signal_error;
|
||
}
|
||
|
||
/* Count the number of necessary elements in the result array. */
|
||
nelems = 0;
|
||
for (cp = copy; *cp != '\0'; ++cp)
|
||
if (*cp == ':')
|
||
++nelems;
|
||
|
||
/* Allocate room for the result. NELEMS + 1 is an upper limit for the
|
||
number of necessary entries. */
|
||
result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
|
||
* sizeof (*result));
|
||
if (result == NULL)
|
||
goto signal_error_cache;
|
||
|
||
fillin_rpath (copy, result, ":", 0, what, where);
|
||
|
||
/* Free the copied RPATH string. `fillin_rpath' make own copies if
|
||
necessary. */
|
||
free (copy);
|
||
|
||
sps->dirs = result;
|
||
/* The caller will change this value if we haven't used a real malloc. */
|
||
sps->malloced = 1;
|
||
}
|
||
|
||
/* Make sure cached path information is stored in *SP
|
||
and return true if there are any paths to search there. */
|
||
static bool
|
||
cache_rpath (struct link_map *l,
|
||
struct r_search_path_struct *sp,
|
||
int tag,
|
||
const char *what)
|
||
{
|
||
if (sp->dirs == (void *) -1)
|
||
return false;
|
||
|
||
if (sp->dirs != NULL)
|
||
return true;
|
||
|
||
if (l->l_info[tag] == NULL)
|
||
{
|
||
/* There is no path. */
|
||
sp->dirs = (void *) -1;
|
||
return false;
|
||
}
|
||
|
||
/* Make sure the cache information is available. */
|
||
decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
|
||
+ l->l_info[tag]->d_un.d_val),
|
||
l, what);
|
||
return true;
|
||
}
|
||
|
||
|
||
void
|
||
internal_function
|
||
_dl_init_paths (const char *llp)
|
||
{
|
||
size_t idx;
|
||
const char *strp;
|
||
struct r_search_path_elem *pelem, **aelem;
|
||
size_t round_size;
|
||
#ifdef SHARED
|
||
struct link_map *l;
|
||
#endif
|
||
/* Initialize to please the compiler. */
|
||
const char *errstring = NULL;
|
||
|
||
/* Fill in the information about the application's RPATH and the
|
||
directories addressed by the LD_LIBRARY_PATH environment variable. */
|
||
|
||
/* Get the capabilities. */
|
||
capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
|
||
&ncapstr, &max_capstrlen);
|
||
|
||
/* First set up the rest of the default search directory entries. */
|
||
aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
|
||
malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
|
||
if (rtld_search_dirs.dirs == NULL)
|
||
{
|
||
errstring = N_("cannot create search path array");
|
||
signal_error:
|
||
_dl_signal_error (ENOMEM, NULL, NULL, errstring);
|
||
}
|
||
|
||
round_size = ((2 * sizeof (struct r_search_path_elem) - 1
|
||
+ ncapstr * sizeof (enum r_dir_status))
|
||
/ sizeof (struct r_search_path_elem));
|
||
|
||
rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)
|
||
malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))
|
||
* round_size * sizeof (struct r_search_path_elem));
|
||
if (rtld_search_dirs.dirs[0] == NULL)
|
||
{
|
||
errstring = N_("cannot create cache for search path");
|
||
goto signal_error;
|
||
}
|
||
|
||
rtld_search_dirs.malloced = 0;
|
||
pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
|
||
strp = system_dirs;
|
||
idx = 0;
|
||
|
||
do
|
||
{
|
||
size_t cnt;
|
||
|
||
*aelem++ = pelem;
|
||
|
||
pelem->what = "system search path";
|
||
pelem->where = NULL;
|
||
|
||
pelem->dirname = strp;
|
||
pelem->dirnamelen = system_dirs_len[idx];
|
||
strp += system_dirs_len[idx] + 1;
|
||
|
||
/* System paths must be absolute. */
|
||
assert (pelem->dirname[0] == '/');
|
||
for (cnt = 0; cnt < ncapstr; ++cnt)
|
||
pelem->status[cnt] = unknown;
|
||
|
||
pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
|
||
|
||
pelem += round_size;
|
||
}
|
||
while (idx < nsystem_dirs_len);
|
||
|
||
max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
|
||
*aelem = NULL;
|
||
|
||
#ifdef SHARED
|
||
/* This points to the map of the main object. */
|
||
l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
|
||
if (l != NULL)
|
||
{
|
||
assert (l->l_type != lt_loaded);
|
||
|
||
if (l->l_info[DT_RUNPATH])
|
||
{
|
||
/* Allocate room for the search path and fill in information
|
||
from RUNPATH. */
|
||
decompose_rpath (&l->l_runpath_dirs,
|
||
(const void *) (D_PTR (l, l_info[DT_STRTAB])
|
||
+ l->l_info[DT_RUNPATH]->d_un.d_val),
|
||
l, "RUNPATH");
|
||
|
||
/* The RPATH is ignored. */
|
||
l->l_rpath_dirs.dirs = (void *) -1;
|
||
}
|
||
else
|
||
{
|
||
l->l_runpath_dirs.dirs = (void *) -1;
|
||
|
||
if (l->l_info[DT_RPATH])
|
||
{
|
||
/* Allocate room for the search path and fill in information
|
||
from RPATH. */
|
||
decompose_rpath (&l->l_rpath_dirs,
|
||
(const void *) (D_PTR (l, l_info[DT_STRTAB])
|
||
+ l->l_info[DT_RPATH]->d_un.d_val),
|
||
l, "RPATH");
|
||
l->l_rpath_dirs.malloced = 0;
|
||
}
|
||
else
|
||
l->l_rpath_dirs.dirs = (void *) -1;
|
||
}
|
||
}
|
||
#endif /* SHARED */
|
||
|
||
if (llp != NULL && *llp != '\0')
|
||
{
|
||
size_t nllp;
|
||
const char *cp = llp;
|
||
char *llp_tmp = strdupa (llp);
|
||
|
||
/* Decompose the LD_LIBRARY_PATH contents. First determine how many
|
||
elements it has. */
|
||
nllp = 1;
|
||
while (*cp)
|
||
{
|
||
if (*cp == ':' || *cp == ';')
|
||
++nllp;
|
||
++cp;
|
||
}
|
||
|
||
env_path_list.dirs = (struct r_search_path_elem **)
|
||
malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
|
||
if (env_path_list.dirs == NULL)
|
||
{
|
||
errstring = N_("cannot create cache for search path");
|
||
goto signal_error;
|
||
}
|
||
|
||
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
|
||
INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH",
|
||
NULL);
|
||
|
||
if (env_path_list.dirs[0] == NULL)
|
||
{
|
||
free (env_path_list.dirs);
|
||
env_path_list.dirs = (void *) -1;
|
||
}
|
||
|
||
env_path_list.malloced = 0;
|
||
}
|
||
else
|
||
env_path_list.dirs = (void *) -1;
|
||
|
||
/* Remember the last search directory added at startup. */
|
||
GLRO(dl_init_all_dirs) = GL(dl_all_dirs);
|
||
}
|
||
|
||
|
||
static void
|
||
__attribute__ ((noreturn, noinline))
|
||
lose (int code, int fd, const char *name, char *realname, struct link_map *l,
|
||
const char *msg)
|
||
{
|
||
/* The file might already be closed. */
|
||
if (fd != -1)
|
||
(void) __close (fd);
|
||
if (l != NULL)
|
||
{
|
||
/* Remove the stillborn object from the list and free it. */
|
||
assert (l->l_next == NULL);
|
||
if (l->l_prev == NULL)
|
||
/* No other module loaded. This happens only in the static library,
|
||
or in rtld under --verify. */
|
||
GL(dl_ns)[l->l_ns]._ns_loaded = NULL;
|
||
else
|
||
l->l_prev->l_next = NULL;
|
||
--GL(dl_ns)[l->l_ns]._ns_nloaded;
|
||
free (l);
|
||
}
|
||
free (realname);
|
||
_dl_signal_error (code, name, NULL, msg);
|
||
}
|
||
|
||
|
||
/* Map in the shared object NAME, actually located in REALNAME, and already
|
||
opened on FD. */
|
||
|
||
#ifndef EXTERNAL_MAP_FROM_FD
|
||
static
|
||
#endif
|
||
struct link_map *
|
||
_dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
|
||
char *realname, struct link_map *loader, int l_type,
|
||
int mode, void **stack_endp, Lmid_t nsid)
|
||
{
|
||
struct link_map *l = NULL;
|
||
const ElfW(Ehdr) *header;
|
||
const ElfW(Phdr) *phdr;
|
||
const ElfW(Phdr) *ph;
|
||
size_t maplength;
|
||
int type;
|
||
struct stat64 st;
|
||
/* Initialize to keep the compiler happy. */
|
||
const char *errstring = NULL;
|
||
int errval = 0;
|
||
struct r_debug *r = _dl_debug_initialize (0, nsid);
|
||
bool make_consistent = false;
|
||
|
||
/* Get file information. */
|
||
if (__builtin_expect (__fxstat64 (_STAT_VER, fd, &st) < 0, 0))
|
||
{
|
||
errstring = N_("cannot stat shared object");
|
||
call_lose_errno:
|
||
errval = errno;
|
||
call_lose:
|
||
if (make_consistent)
|
||
{
|
||
r->r_state = RT_CONSISTENT;
|
||
_dl_debug_state ();
|
||
}
|
||
|
||
lose (errval, fd, name, realname, l, errstring);
|
||
}
|
||
|
||
/* Look again to see if the real name matched another already loaded. */
|
||
for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
|
||
if (l->l_removed == 0 && l->l_ino == st.st_ino && l->l_dev == st.st_dev)
|
||
{
|
||
/* The object is already loaded.
|
||
Just bump its reference count and return it. */
|
||
__close (fd);
|
||
|
||
/* If the name is not in the list of names for this object add
|
||
it. */
|
||
free (realname);
|
||
add_name_to_object (l, name);
|
||
|
||
return l;
|
||
}
|
||
|
||
#ifdef SHARED
|
||
/* When loading into a namespace other than the base one we must
|
||
avoid loading ld.so since there can only be one copy. Ever. */
|
||
if (__builtin_expect (nsid != LM_ID_BASE, 0)
|
||
&& ((st.st_ino == GL(dl_rtld_map).l_ino
|
||
&& st.st_dev == GL(dl_rtld_map).l_dev)
|
||
|| _dl_name_match_p (name, &GL(dl_rtld_map))))
|
||
{
|
||
/* This is indeed ld.so. Create a new link_map which refers to
|
||
the real one for almost everything. */
|
||
l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
|
||
if (l == NULL)
|
||
goto fail_new;
|
||
|
||
/* Refer to the real descriptor. */
|
||
l->l_real = &GL(dl_rtld_map);
|
||
|
||
/* No need to bump the refcount of the real object, ld.so will
|
||
never be unloaded. */
|
||
__close (fd);
|
||
|
||
return l;
|
||
}
|
||
#endif
|
||
|
||
if (mode & RTLD_NOLOAD)
|
||
/* We are not supposed to load the object unless it is already
|
||
loaded. So return now. */
|
||
return NULL;
|
||
|
||
/* Print debugging message. */
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
|
||
_dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
|
||
|
||
/* This is the ELF header. We read it in `open_verify'. */
|
||
header = (void *) fbp->buf;
|
||
|
||
#ifndef MAP_ANON
|
||
# define MAP_ANON 0
|
||
if (_dl_zerofd == -1)
|
||
{
|
||
_dl_zerofd = _dl_sysdep_open_zero_fill ();
|
||
if (_dl_zerofd == -1)
|
||
{
|
||
__close (fd);
|
||
_dl_signal_error (errno, NULL, NULL,
|
||
N_("cannot open zero fill device"));
|
||
}
|
||
}
|
||
#endif
|
||
|
||
/* Signal that we are going to add new objects. */
|
||
if (r->r_state == RT_CONSISTENT)
|
||
{
|
||
#ifdef SHARED
|
||
/* Auditing checkpoint: we are going to add new objects. */
|
||
if (__builtin_expect (GLRO(dl_naudit) > 0, 0))
|
||
{
|
||
struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
|
||
/* Do not call the functions for any auditing object. */
|
||
if (head->l_auditing == 0)
|
||
{
|
||
struct audit_ifaces *afct = GLRO(dl_audit);
|
||
for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
|
||
{
|
||
if (afct->activity != NULL)
|
||
afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD);
|
||
|
||
afct = afct->next;
|
||
}
|
||
}
|
||
}
|
||
#endif
|
||
|
||
/* Notify the debugger we have added some objects. We need to
|
||
call _dl_debug_initialize in a static program in case dynamic
|
||
linking has not been used before. */
|
||
r->r_state = RT_ADD;
|
||
_dl_debug_state ();
|
||
make_consistent = true;
|
||
}
|
||
else
|
||
assert (r->r_state == RT_ADD);
|
||
|
||
/* Enter the new object in the list of loaded objects. */
|
||
l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
|
||
if (__builtin_expect (l == NULL, 0))
|
||
{
|
||
#ifdef SHARED
|
||
fail_new:
|
||
#endif
|
||
errstring = N_("cannot create shared object descriptor");
|
||
goto call_lose_errno;
|
||
}
|
||
|
||
/* Extract the remaining details we need from the ELF header
|
||
and then read in the program header table. */
|
||
l->l_entry = header->e_entry;
|
||
type = header->e_type;
|
||
l->l_phnum = header->e_phnum;
|
||
|
||
maplength = header->e_phnum * sizeof (ElfW(Phdr));
|
||
if (header->e_phoff + maplength <= (size_t) fbp->len)
|
||
phdr = (void *) (fbp->buf + header->e_phoff);
|
||
else
|
||
{
|
||
phdr = alloca (maplength);
|
||
__lseek (fd, header->e_phoff, SEEK_SET);
|
||
if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
|
||
{
|
||
errstring = N_("cannot read file data");
|
||
goto call_lose_errno;
|
||
}
|
||
}
|
||
|
||
/* Presumed absent PT_GNU_STACK. */
|
||
uint_fast16_t stack_flags = PF_R|PF_W|PF_X;
|
||
|
||
{
|
||
/* Scan the program header table, collecting its load commands. */
|
||
struct loadcmd
|
||
{
|
||
ElfW(Addr) mapstart, mapend, dataend, allocend;
|
||
off_t mapoff;
|
||
int prot;
|
||
} loadcmds[l->l_phnum], *c;
|
||
size_t nloadcmds = 0;
|
||
bool has_holes = false;
|
||
|
||
/* The struct is initialized to zero so this is not necessary:
|
||
l->l_ld = 0;
|
||
l->l_phdr = 0;
|
||
l->l_addr = 0; */
|
||
for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
|
||
switch (ph->p_type)
|
||
{
|
||
/* These entries tell us where to find things once the file's
|
||
segments are mapped in. We record the addresses it says
|
||
verbatim, and later correct for the run-time load address. */
|
||
case PT_DYNAMIC:
|
||
l->l_ld = (void *) ph->p_vaddr;
|
||
l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
|
||
break;
|
||
|
||
case PT_PHDR:
|
||
l->l_phdr = (void *) ph->p_vaddr;
|
||
break;
|
||
|
||
case PT_LOAD:
|
||
/* A load command tells us to map in part of the file.
|
||
We record the load commands and process them all later. */
|
||
if (__builtin_expect ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0,
|
||
0))
|
||
{
|
||
errstring = N_("ELF load command alignment not page-aligned");
|
||
goto call_lose;
|
||
}
|
||
if (__builtin_expect (((ph->p_vaddr - ph->p_offset)
|
||
& (ph->p_align - 1)) != 0, 0))
|
||
{
|
||
errstring
|
||
= N_("ELF load command address/offset not properly aligned");
|
||
goto call_lose;
|
||
}
|
||
|
||
c = &loadcmds[nloadcmds++];
|
||
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
|
||
c->mapend = ((ph->p_vaddr + ph->p_filesz + GLRO(dl_pagesize) - 1)
|
||
& ~(GLRO(dl_pagesize) - 1));
|
||
c->dataend = ph->p_vaddr + ph->p_filesz;
|
||
c->allocend = ph->p_vaddr + ph->p_memsz;
|
||
c->mapoff = ph->p_offset & ~(GLRO(dl_pagesize) - 1);
|
||
|
||
/* Determine whether there is a gap between the last segment
|
||
and this one. */
|
||
if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
|
||
has_holes = true;
|
||
|
||
/* Optimize a common case. */
|
||
#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
|
||
c->prot = (PF_TO_PROT
|
||
>> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
|
||
#else
|
||
c->prot = 0;
|
||
if (ph->p_flags & PF_R)
|
||
c->prot |= PROT_READ;
|
||
if (ph->p_flags & PF_W)
|
||
c->prot |= PROT_WRITE;
|
||
if (ph->p_flags & PF_X)
|
||
c->prot |= PROT_EXEC;
|
||
#endif
|
||
break;
|
||
|
||
case PT_TLS:
|
||
#ifdef USE_TLS
|
||
if (ph->p_memsz == 0)
|
||
/* Nothing to do for an empty segment. */
|
||
break;
|
||
|
||
l->l_tls_blocksize = ph->p_memsz;
|
||
l->l_tls_align = ph->p_align;
|
||
if (ph->p_align == 0)
|
||
l->l_tls_firstbyte_offset = 0;
|
||
else
|
||
l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
|
||
l->l_tls_initimage_size = ph->p_filesz;
|
||
/* Since we don't know the load address yet only store the
|
||
offset. We will adjust it later. */
|
||
l->l_tls_initimage = (void *) ph->p_vaddr;
|
||
|
||
/* If not loading the initial set of shared libraries,
|
||
check whether we should permit loading a TLS segment. */
|
||
if (__builtin_expect (l->l_type == lt_library, 1)
|
||
/* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
|
||
not set up TLS data structures, so don't use them now. */
|
||
|| __builtin_expect (GL(dl_tls_dtv_slotinfo_list) != NULL, 1))
|
||
{
|
||
/* Assign the next available module ID. */
|
||
l->l_tls_modid = _dl_next_tls_modid ();
|
||
break;
|
||
}
|
||
|
||
# ifdef SHARED
|
||
if (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0)
|
||
/* We are loading the executable itself when the dynamic linker
|
||
was executed directly. The setup will happen later. */
|
||
break;
|
||
|
||
/* In a static binary there is no way to tell if we dynamically
|
||
loaded libpthread. */
|
||
if (GL(dl_error_catch_tsd) == &_dl_initial_error_catch_tsd)
|
||
# endif
|
||
{
|
||
/* We have not yet loaded libpthread.
|
||
We can do the TLS setup right now! */
|
||
|
||
void *tcb;
|
||
|
||
/* The first call allocates TLS bookkeeping data structures.
|
||
Then we allocate the TCB for the initial thread. */
|
||
if (__builtin_expect (_dl_tls_setup (), 0)
|
||
|| __builtin_expect ((tcb = _dl_allocate_tls (NULL)) == NULL,
|
||
0))
|
||
{
|
||
errval = ENOMEM;
|
||
errstring = N_("\
|
||
cannot allocate TLS data structures for initial thread");
|
||
goto call_lose;
|
||
}
|
||
|
||
/* Now we install the TCB in the thread register. */
|
||
errstring = TLS_INIT_TP (tcb, 0);
|
||
if (__builtin_expect (errstring == NULL, 1))
|
||
{
|
||
/* Now we are all good. */
|
||
l->l_tls_modid = ++GL(dl_tls_max_dtv_idx);
|
||
break;
|
||
}
|
||
|
||
/* The kernel is too old or somesuch. */
|
||
errval = 0;
|
||
_dl_deallocate_tls (tcb, 1);
|
||
goto call_lose;
|
||
}
|
||
#endif
|
||
|
||
/* Uh-oh, the binary expects TLS support but we cannot
|
||
provide it. */
|
||
errval = 0;
|
||
errstring = N_("cannot handle TLS data");
|
||
goto call_lose;
|
||
break;
|
||
|
||
case PT_GNU_STACK:
|
||
stack_flags = ph->p_flags;
|
||
break;
|
||
|
||
case PT_GNU_RELRO:
|
||
l->l_relro_addr = ph->p_vaddr;
|
||
l->l_relro_size = ph->p_memsz;
|
||
break;
|
||
}
|
||
|
||
if (__builtin_expect (nloadcmds == 0, 0))
|
||
{
|
||
/* This only happens for a bogus object that will be caught with
|
||
another error below. But we don't want to go through the
|
||
calculations below using NLOADCMDS - 1. */
|
||
errstring = N_("object file has no loadable segments");
|
||
goto call_lose;
|
||
}
|
||
|
||
/* Now process the load commands and map segments into memory. */
|
||
c = loadcmds;
|
||
|
||
/* Length of the sections to be loaded. */
|
||
maplength = loadcmds[nloadcmds - 1].allocend - c->mapstart;
|
||
|
||
if (__builtin_expect (type, ET_DYN) == ET_DYN)
|
||
{
|
||
/* This is a position-independent shared object. We can let the
|
||
kernel map it anywhere it likes, but we must have space for all
|
||
the segments in their specified positions relative to the first.
|
||
So we map the first segment without MAP_FIXED, but with its
|
||
extent increased to cover all the segments. Then we remove
|
||
access from excess portion, and there is known sufficient space
|
||
there to remap from the later segments.
|
||
|
||
As a refinement, sometimes we have an address that we would
|
||
prefer to map such objects at; but this is only a preference,
|
||
the OS can do whatever it likes. */
|
||
ElfW(Addr) mappref;
|
||
mappref = (ELF_PREFERRED_ADDRESS (loader, maplength,
|
||
c->mapstart & GLRO(dl_use_load_bias))
|
||
- MAP_BASE_ADDR (l));
|
||
|
||
/* Remember which part of the address space this object uses. */
|
||
l->l_map_start = (ElfW(Addr)) __mmap ((void *) mappref, maplength,
|
||
c->prot,
|
||
MAP_COPY|MAP_FILE|MAP_DENYWRITE,
|
||
fd, c->mapoff);
|
||
if (__builtin_expect ((void *) l->l_map_start == MAP_FAILED, 0))
|
||
{
|
||
map_error:
|
||
errstring = N_("failed to map segment from shared object");
|
||
goto call_lose_errno;
|
||
}
|
||
|
||
l->l_map_end = l->l_map_start + maplength;
|
||
l->l_addr = l->l_map_start - c->mapstart;
|
||
|
||
if (has_holes)
|
||
/* Change protection on the excess portion to disallow all access;
|
||
the portions we do not remap later will be inaccessible as if
|
||
unallocated. Then jump into the normal segment-mapping loop to
|
||
handle the portion of the segment past the end of the file
|
||
mapping. */
|
||
__mprotect ((caddr_t) (l->l_addr + c->mapend),
|
||
loadcmds[nloadcmds - 1].mapstart - c->mapend,
|
||
PROT_NONE);
|
||
|
||
goto postmap;
|
||
}
|
||
|
||
/* This object is loaded at a fixed address. This must never
|
||
happen for objects loaded with dlopen(). */
|
||
if (__builtin_expect ((mode & __RTLD_OPENEXEC) == 0, 0))
|
||
{
|
||
errstring = N_("cannot dynamically load executable");
|
||
goto call_lose;
|
||
}
|
||
|
||
/* Notify ELF_PREFERRED_ADDRESS that we have to load this one
|
||
fixed. */
|
||
ELF_FIXED_ADDRESS (loader, c->mapstart);
|
||
|
||
|
||
/* Remember which part of the address space this object uses. */
|
||
l->l_map_start = c->mapstart + l->l_addr;
|
||
l->l_map_end = l->l_map_start + maplength;
|
||
|
||
while (c < &loadcmds[nloadcmds])
|
||
{
|
||
if (c->mapend > c->mapstart
|
||
/* Map the segment contents from the file. */
|
||
&& (__mmap ((void *) (l->l_addr + c->mapstart),
|
||
c->mapend - c->mapstart, c->prot,
|
||
MAP_FIXED|MAP_COPY|MAP_FILE|MAP_DENYWRITE,
|
||
fd, c->mapoff)
|
||
== MAP_FAILED))
|
||
goto map_error;
|
||
|
||
postmap:
|
||
if (c->prot & PROT_EXEC)
|
||
l->l_text_end = l->l_addr + c->mapend;
|
||
|
||
if (l->l_phdr == 0
|
||
&& (ElfW(Off)) c->mapoff <= header->e_phoff
|
||
&& ((size_t) (c->mapend - c->mapstart + c->mapoff)
|
||
>= header->e_phoff + header->e_phnum * sizeof (ElfW(Phdr))))
|
||
/* Found the program header in this segment. */
|
||
l->l_phdr = (void *) (c->mapstart + header->e_phoff - c->mapoff);
|
||
|
||
if (c->allocend > c->dataend)
|
||
{
|
||
/* Extra zero pages should appear at the end of this segment,
|
||
after the data mapped from the file. */
|
||
ElfW(Addr) zero, zeroend, zeropage;
|
||
|
||
zero = l->l_addr + c->dataend;
|
||
zeroend = l->l_addr + c->allocend;
|
||
zeropage = ((zero + GLRO(dl_pagesize) - 1)
|
||
& ~(GLRO(dl_pagesize) - 1));
|
||
|
||
if (zeroend < zeropage)
|
||
/* All the extra data is in the last page of the segment.
|
||
We can just zero it. */
|
||
zeropage = zeroend;
|
||
|
||
if (zeropage > zero)
|
||
{
|
||
/* Zero the final part of the last page of the segment. */
|
||
if (__builtin_expect ((c->prot & PROT_WRITE) == 0, 0))
|
||
{
|
||
/* Dag nab it. */
|
||
if (__mprotect ((caddr_t) (zero
|
||
& ~(GLRO(dl_pagesize) - 1)),
|
||
GLRO(dl_pagesize), c->prot|PROT_WRITE) < 0)
|
||
{
|
||
errstring = N_("cannot change memory protections");
|
||
goto call_lose_errno;
|
||
}
|
||
}
|
||
memset ((void *) zero, '\0', zeropage - zero);
|
||
if (__builtin_expect ((c->prot & PROT_WRITE) == 0, 0))
|
||
__mprotect ((caddr_t) (zero & ~(GLRO(dl_pagesize) - 1)),
|
||
GLRO(dl_pagesize), c->prot);
|
||
}
|
||
|
||
if (zeroend > zeropage)
|
||
{
|
||
/* Map the remaining zero pages in from the zero fill FD. */
|
||
caddr_t mapat;
|
||
mapat = __mmap ((caddr_t) zeropage, zeroend - zeropage,
|
||
c->prot, MAP_ANON|MAP_PRIVATE|MAP_FIXED,
|
||
ANONFD, 0);
|
||
if (__builtin_expect (mapat == MAP_FAILED, 0))
|
||
{
|
||
errstring = N_("cannot map zero-fill pages");
|
||
goto call_lose_errno;
|
||
}
|
||
}
|
||
}
|
||
|
||
++c;
|
||
}
|
||
}
|
||
|
||
if (l->l_ld == 0)
|
||
{
|
||
if (__builtin_expect (type == ET_DYN, 0))
|
||
{
|
||
errstring = N_("object file has no dynamic section");
|
||
goto call_lose;
|
||
}
|
||
}
|
||
else
|
||
l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
|
||
|
||
elf_get_dynamic_info (l, NULL);
|
||
|
||
/* Make sure we are not dlopen'ing an object that has the
|
||
DF_1_NOOPEN flag set. */
|
||
if (__builtin_expect (l->l_flags_1 & DF_1_NOOPEN, 0)
|
||
&& (mode & __RTLD_DLOPEN))
|
||
{
|
||
/* We are not supposed to load this object. Free all resources. */
|
||
__munmap ((void *) l->l_map_start, l->l_map_end - l->l_map_start);
|
||
|
||
if (!l->l_libname->dont_free)
|
||
free (l->l_libname);
|
||
|
||
if (l->l_phdr_allocated)
|
||
free ((void *) l->l_phdr);
|
||
|
||
errstring = N_("shared object cannot be dlopen()ed");
|
||
goto call_lose;
|
||
}
|
||
|
||
if (l->l_phdr == NULL)
|
||
{
|
||
/* The program header is not contained in any of the segments.
|
||
We have to allocate memory ourself and copy it over from out
|
||
temporary place. */
|
||
ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
|
||
* sizeof (ElfW(Phdr)));
|
||
if (newp == NULL)
|
||
{
|
||
errstring = N_("cannot allocate memory for program header");
|
||
goto call_lose_errno;
|
||
}
|
||
|
||
l->l_phdr = memcpy (newp, phdr,
|
||
(header->e_phnum * sizeof (ElfW(Phdr))));
|
||
l->l_phdr_allocated = 1;
|
||
}
|
||
else
|
||
/* Adjust the PT_PHDR value by the runtime load address. */
|
||
l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
|
||
|
||
if (__builtin_expect ((stack_flags &~ GL(dl_stack_flags)) & PF_X, 0))
|
||
{
|
||
if (__builtin_expect (__check_caller (RETURN_ADDRESS (0), allow_ldso),
|
||
0) != 0)
|
||
{
|
||
errstring = N_("invalid caller");
|
||
goto call_lose;
|
||
}
|
||
|
||
/* The stack is presently not executable, but this module
|
||
requires that it be executable. We must change the
|
||
protection of the variable which contains the flags used in
|
||
the mprotect calls. */
|
||
#if defined HAVE_Z_RELRO && defined SHARED
|
||
if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
|
||
{
|
||
const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
|
||
const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
|
||
|
||
struct link_map *const m = &GL(dl_rtld_map);
|
||
const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
|
||
+ m->l_relro_size)
|
||
& -GLRO(dl_pagesize));
|
||
if (__builtin_expect (p + s <= relro_end, 1))
|
||
{
|
||
/* The variable lies in the region protected by RELRO. */
|
||
__mprotect ((void *) p, s, PROT_READ|PROT_WRITE);
|
||
__stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
|
||
__mprotect ((void *) p, s, PROT_READ);
|
||
}
|
||
else
|
||
__stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
|
||
}
|
||
else
|
||
#endif
|
||
__stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
|
||
|
||
#ifdef check_consistency
|
||
check_consistency ();
|
||
#endif
|
||
|
||
errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
|
||
if (errval)
|
||
{
|
||
errstring = N_("\
|
||
cannot enable executable stack as shared object requires");
|
||
goto call_lose;
|
||
}
|
||
}
|
||
|
||
#ifdef USE_TLS
|
||
/* Adjust the address of the TLS initialization image. */
|
||
if (l->l_tls_initimage != NULL)
|
||
l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
|
||
#endif
|
||
|
||
/* We are done mapping in the file. We no longer need the descriptor. */
|
||
if (__builtin_expect (__close (fd) != 0, 0))
|
||
{
|
||
errstring = N_("cannot close file descriptor");
|
||
goto call_lose_errno;
|
||
}
|
||
/* Signal that we closed the file. */
|
||
fd = -1;
|
||
|
||
if (l->l_type == lt_library && type == ET_EXEC)
|
||
l->l_type = lt_executable;
|
||
|
||
l->l_entry += l->l_addr;
|
||
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
|
||
_dl_debug_printf ("\
|
||
dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
|
||
entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
|
||
(int) sizeof (void *) * 2,
|
||
(unsigned long int) l->l_ld,
|
||
(int) sizeof (void *) * 2,
|
||
(unsigned long int) l->l_addr,
|
||
(int) sizeof (void *) * 2, maplength,
|
||
(int) sizeof (void *) * 2,
|
||
(unsigned long int) l->l_entry,
|
||
(int) sizeof (void *) * 2,
|
||
(unsigned long int) l->l_phdr,
|
||
(int) sizeof (void *) * 2, l->l_phnum);
|
||
|
||
/* Set up the symbol hash table. */
|
||
_dl_setup_hash (l);
|
||
|
||
/* If this object has DT_SYMBOLIC set modify now its scope. We don't
|
||
have to do this for the main map. */
|
||
if ((mode & RTLD_DEEPBIND) == 0
|
||
&& __builtin_expect (l->l_info[DT_SYMBOLIC] != NULL, 0)
|
||
&& &l->l_searchlist != l->l_scope[0])
|
||
{
|
||
/* Create an appropriate searchlist. It contains only this map.
|
||
This is the definition of DT_SYMBOLIC in SysVr4. */
|
||
l->l_symbolic_searchlist.r_list =
|
||
(struct link_map **) malloc (sizeof (struct link_map *));
|
||
|
||
if (l->l_symbolic_searchlist.r_list == NULL)
|
||
{
|
||
errstring = N_("cannot create searchlist");
|
||
goto call_lose_errno;
|
||
}
|
||
|
||
l->l_symbolic_searchlist.r_list[0] = l;
|
||
l->l_symbolic_searchlist.r_nlist = 1;
|
||
|
||
/* Now move the existing entries one back. */
|
||
memmove (&l->l_scope[1], &l->l_scope[0],
|
||
(l->l_scope_max - 1) * sizeof (l->l_scope[0]));
|
||
|
||
/* Now add the new entry. */
|
||
l->l_scope[0] = &l->l_symbolic_searchlist;
|
||
}
|
||
|
||
/* Remember whether this object must be initialized first. */
|
||
if (l->l_flags_1 & DF_1_INITFIRST)
|
||
GL(dl_initfirst) = l;
|
||
|
||
/* Finally the file information. */
|
||
l->l_dev = st.st_dev;
|
||
l->l_ino = st.st_ino;
|
||
|
||
/* When we profile the SONAME might be needed for something else but
|
||
loading. Add it right away. */
|
||
if (__builtin_expect (GLRO(dl_profile) != NULL, 0)
|
||
&& l->l_info[DT_SONAME] != NULL)
|
||
add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
|
||
+ l->l_info[DT_SONAME]->d_un.d_val));
|
||
|
||
#ifdef SHARED
|
||
/* Auditing checkpoint: we have a new object. */
|
||
if (__builtin_expect (GLRO(dl_naudit) > 0, 0)
|
||
&& !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
|
||
{
|
||
struct audit_ifaces *afct = GLRO(dl_audit);
|
||
for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
|
||
{
|
||
if (afct->objopen != NULL)
|
||
{
|
||
l->l_audit[cnt].bindflags
|
||
= afct->objopen (l, nsid, &l->l_audit[cnt].cookie);
|
||
|
||
l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0;
|
||
}
|
||
|
||
afct = afct->next;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
return l;
|
||
}
|
||
|
||
/* Print search path. */
|
||
static void
|
||
print_search_path (struct r_search_path_elem **list,
|
||
const char *what, const char *name)
|
||
{
|
||
char buf[max_dirnamelen + max_capstrlen];
|
||
int first = 1;
|
||
|
||
_dl_debug_printf (" search path=");
|
||
|
||
while (*list != NULL && (*list)->what == what) /* Yes, ==. */
|
||
{
|
||
char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
|
||
size_t cnt;
|
||
|
||
for (cnt = 0; cnt < ncapstr; ++cnt)
|
||
if ((*list)->status[cnt] != nonexisting)
|
||
{
|
||
char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
|
||
if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
|
||
cp[0] = '\0';
|
||
else
|
||
cp[-1] = '\0';
|
||
|
||
_dl_debug_printf_c (first ? "%s" : ":%s", buf);
|
||
first = 0;
|
||
}
|
||
|
||
++list;
|
||
}
|
||
|
||
if (name != NULL)
|
||
_dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
|
||
name[0] ? name : rtld_progname);
|
||
else
|
||
_dl_debug_printf_c ("\t\t(%s)\n", what);
|
||
}
|
||
|
||
/* Open a file and verify it is an ELF file for this architecture. We
|
||
ignore only ELF files for other architectures. Non-ELF files and
|
||
ELF files with different header information cause fatal errors since
|
||
this could mean there is something wrong in the installation and the
|
||
user might want to know about this. */
|
||
static int
|
||
open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
|
||
int whatcode)
|
||
{
|
||
/* This is the expected ELF header. */
|
||
#define ELF32_CLASS ELFCLASS32
|
||
#define ELF64_CLASS ELFCLASS64
|
||
#ifndef VALID_ELF_HEADER
|
||
# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
|
||
# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
|
||
# define VALID_ELF_ABIVERSION(ver) (ver == 0)
|
||
#endif
|
||
static const unsigned char expected[EI_PAD] =
|
||
{
|
||
[EI_MAG0] = ELFMAG0,
|
||
[EI_MAG1] = ELFMAG1,
|
||
[EI_MAG2] = ELFMAG2,
|
||
[EI_MAG3] = ELFMAG3,
|
||
[EI_CLASS] = ELFW(CLASS),
|
||
[EI_DATA] = byteorder,
|
||
[EI_VERSION] = EV_CURRENT,
|
||
[EI_OSABI] = ELFOSABI_SYSV,
|
||
[EI_ABIVERSION] = 0
|
||
};
|
||
static const struct
|
||
{
|
||
ElfW(Word) vendorlen;
|
||
ElfW(Word) datalen;
|
||
ElfW(Word) type;
|
||
char vendor[4];
|
||
} expected_note = { 4, 16, 1, "GNU" };
|
||
/* Initialize it to make the compiler happy. */
|
||
const char *errstring = NULL;
|
||
int errval = 0;
|
||
|
||
#ifdef SHARED
|
||
/* Give the auditing libraries a chance. */
|
||
if (__builtin_expect (GLRO(dl_naudit) > 0, 0) && whatcode != 0
|
||
&& loader->l_auditing == 0)
|
||
{
|
||
struct audit_ifaces *afct = GLRO(dl_audit);
|
||
for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
|
||
{
|
||
if (afct->objsearch != NULL)
|
||
{
|
||
name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
|
||
whatcode);
|
||
if (name == NULL)
|
||
/* Ignore the path. */
|
||
return -1;
|
||
}
|
||
|
||
afct = afct->next;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
/* Open the file. We always open files read-only. */
|
||
int fd = __open (name, O_RDONLY);
|
||
if (fd != -1)
|
||
{
|
||
ElfW(Ehdr) *ehdr;
|
||
ElfW(Phdr) *phdr, *ph;
|
||
ElfW(Word) *abi_note, abi_note_buf[8];
|
||
unsigned int osversion;
|
||
size_t maplength;
|
||
|
||
/* We successfully openened the file. Now verify it is a file
|
||
we can use. */
|
||
__set_errno (0);
|
||
fbp->len = __libc_read (fd, fbp->buf, sizeof (fbp->buf));
|
||
|
||
/* This is where the ELF header is loaded. */
|
||
assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
|
||
ehdr = (ElfW(Ehdr) *) fbp->buf;
|
||
|
||
/* Now run the tests. */
|
||
if (__builtin_expect (fbp->len < (ssize_t) sizeof (ElfW(Ehdr)), 0))
|
||
{
|
||
errval = errno;
|
||
errstring = (errval == 0
|
||
? N_("file too short") : N_("cannot read file data"));
|
||
call_lose:
|
||
lose (errval, fd, name, NULL, NULL, errstring);
|
||
}
|
||
|
||
/* See whether the ELF header is what we expect. */
|
||
if (__builtin_expect (! VALID_ELF_HEADER (ehdr->e_ident, expected,
|
||
EI_PAD), 0))
|
||
{
|
||
/* Something is wrong. */
|
||
if (*(Elf32_Word *) &ehdr->e_ident !=
|
||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||
((ELFMAG0 << (EI_MAG0 * 8)) |
|
||
(ELFMAG1 << (EI_MAG1 * 8)) |
|
||
(ELFMAG2 << (EI_MAG2 * 8)) |
|
||
(ELFMAG3 << (EI_MAG3 * 8)))
|
||
#else
|
||
((ELFMAG0 << (EI_MAG3 * 8)) |
|
||
(ELFMAG1 << (EI_MAG2 * 8)) |
|
||
(ELFMAG2 << (EI_MAG1 * 8)) |
|
||
(ELFMAG3 << (EI_MAG0 * 8)))
|
||
#endif
|
||
)
|
||
errstring = N_("invalid ELF header");
|
||
else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
|
||
/* This is not a fatal error. On architectures where
|
||
32-bit and 64-bit binaries can be run this might
|
||
happen. */
|
||
goto close_and_out;
|
||
else if (ehdr->e_ident[EI_DATA] != byteorder)
|
||
{
|
||
if (BYTE_ORDER == BIG_ENDIAN)
|
||
errstring = N_("ELF file data encoding not big-endian");
|
||
else
|
||
errstring = N_("ELF file data encoding not little-endian");
|
||
}
|
||
else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
|
||
errstring
|
||
= N_("ELF file version ident does not match current one");
|
||
/* XXX We should be able so set system specific versions which are
|
||
allowed here. */
|
||
else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
|
||
errstring = N_("ELF file OS ABI invalid");
|
||
else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_ABIVERSION]))
|
||
errstring = N_("ELF file ABI version invalid");
|
||
else
|
||
/* Otherwise we don't know what went wrong. */
|
||
errstring = N_("internal error");
|
||
|
||
goto call_lose;
|
||
}
|
||
|
||
if (__builtin_expect (ehdr->e_version, EV_CURRENT) != EV_CURRENT)
|
||
{
|
||
errstring = N_("ELF file version does not match current one");
|
||
goto call_lose;
|
||
}
|
||
if (! __builtin_expect (elf_machine_matches_host (ehdr), 1))
|
||
goto close_and_out;
|
||
else if (__builtin_expect (ehdr->e_type, ET_DYN) != ET_DYN
|
||
&& __builtin_expect (ehdr->e_type, ET_EXEC) != ET_EXEC)
|
||
{
|
||
errstring = N_("only ET_DYN and ET_EXEC can be loaded");
|
||
goto call_lose;
|
||
}
|
||
else if (__builtin_expect (ehdr->e_phentsize, sizeof (ElfW(Phdr)))
|
||
!= sizeof (ElfW(Phdr)))
|
||
{
|
||
errstring = N_("ELF file's phentsize not the expected size");
|
||
goto call_lose;
|
||
}
|
||
|
||
maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
|
||
if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
|
||
phdr = (void *) (fbp->buf + ehdr->e_phoff);
|
||
else
|
||
{
|
||
phdr = alloca (maplength);
|
||
__lseek (fd, ehdr->e_phoff, SEEK_SET);
|
||
if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
|
||
{
|
||
read_error:
|
||
errval = errno;
|
||
errstring = N_("cannot read file data");
|
||
goto call_lose;
|
||
}
|
||
}
|
||
|
||
/* Check .note.ABI-tag if present. */
|
||
for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
|
||
if (ph->p_type == PT_NOTE && ph->p_filesz == 32 && ph->p_align >= 4)
|
||
{
|
||
if (ph->p_offset + 32 <= (size_t) fbp->len)
|
||
abi_note = (void *) (fbp->buf + ph->p_offset);
|
||
else
|
||
{
|
||
__lseek (fd, ph->p_offset, SEEK_SET);
|
||
if (__libc_read (fd, (void *) abi_note_buf, 32) != 32)
|
||
goto read_error;
|
||
|
||
abi_note = abi_note_buf;
|
||
}
|
||
|
||
if (memcmp (abi_note, &expected_note, sizeof (expected_note)))
|
||
continue;
|
||
|
||
osversion = (abi_note[5] & 0xff) * 65536
|
||
+ (abi_note[6] & 0xff) * 256
|
||
+ (abi_note[7] & 0xff);
|
||
if (abi_note[4] != __ABI_TAG_OS
|
||
|| (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
|
||
{
|
||
close_and_out:
|
||
__close (fd);
|
||
__set_errno (ENOENT);
|
||
fd = -1;
|
||
}
|
||
|
||
break;
|
||
}
|
||
}
|
||
|
||
return fd;
|
||
}
|
||
|
||
/* Try to open NAME in one of the directories in *DIRSP.
|
||
Return the fd, or -1. If successful, fill in *REALNAME
|
||
with the malloc'd full directory name. If it turns out
|
||
that none of the directories in *DIRSP exists, *DIRSP is
|
||
replaced with (void *) -1, and the old value is free()d
|
||
if MAY_FREE_DIRS is true. */
|
||
|
||
static int
|
||
open_path (const char *name, size_t namelen, int preloaded,
|
||
struct r_search_path_struct *sps, char **realname,
|
||
struct filebuf *fbp, struct link_map *loader, int whatcode)
|
||
{
|
||
struct r_search_path_elem **dirs = sps->dirs;
|
||
char *buf;
|
||
int fd = -1;
|
||
const char *current_what = NULL;
|
||
int any = 0;
|
||
|
||
if (__builtin_expect (dirs == NULL, 0))
|
||
/* We're called before _dl_init_paths when loading the main executable
|
||
given on the command line when rtld is run directly. */
|
||
return -1;
|
||
|
||
buf = alloca (max_dirnamelen + max_capstrlen + namelen);
|
||
do
|
||
{
|
||
struct r_search_path_elem *this_dir = *dirs;
|
||
size_t buflen = 0;
|
||
size_t cnt;
|
||
char *edp;
|
||
int here_any = 0;
|
||
int err;
|
||
|
||
/* If we are debugging the search for libraries print the path
|
||
now if it hasn't happened now. */
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_LIBS, 0)
|
||
&& current_what != this_dir->what)
|
||
{
|
||
current_what = this_dir->what;
|
||
print_search_path (dirs, current_what, this_dir->where);
|
||
}
|
||
|
||
edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
|
||
for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
|
||
{
|
||
/* Skip this directory if we know it does not exist. */
|
||
if (this_dir->status[cnt] == nonexisting)
|
||
continue;
|
||
|
||
buflen =
|
||
((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
|
||
capstr[cnt].len),
|
||
name, namelen)
|
||
- buf);
|
||
|
||
/* Print name we try if this is wanted. */
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_LIBS, 0))
|
||
_dl_debug_printf (" trying file=%s\n", buf);
|
||
|
||
fd = open_verify (buf, fbp, loader, whatcode);
|
||
if (this_dir->status[cnt] == unknown)
|
||
{
|
||
if (fd != -1)
|
||
this_dir->status[cnt] = existing;
|
||
/* Do not update the directory information when loading
|
||
auditing code. We must try to disturb the program as
|
||
little as possible. */
|
||
else if (loader == NULL
|
||
|| GL(dl_ns)[loader->l_ns]._ns_loaded->l_audit == 0)
|
||
{
|
||
/* We failed to open machine dependent library. Let's
|
||
test whether there is any directory at all. */
|
||
struct stat64 st;
|
||
|
||
buf[buflen - namelen - 1] = '\0';
|
||
|
||
if (__xstat64 (_STAT_VER, buf, &st) != 0
|
||
|| ! S_ISDIR (st.st_mode))
|
||
/* The directory does not exist or it is no directory. */
|
||
this_dir->status[cnt] = nonexisting;
|
||
else
|
||
this_dir->status[cnt] = existing;
|
||
}
|
||
}
|
||
|
||
/* Remember whether we found any existing directory. */
|
||
here_any |= this_dir->status[cnt] != nonexisting;
|
||
|
||
if (fd != -1 && __builtin_expect (preloaded, 0)
|
||
&& INTUSE(__libc_enable_secure))
|
||
{
|
||
/* This is an extra security effort to make sure nobody can
|
||
preload broken shared objects which are in the trusted
|
||
directories and so exploit the bugs. */
|
||
struct stat64 st;
|
||
|
||
if (__fxstat64 (_STAT_VER, fd, &st) != 0
|
||
|| (st.st_mode & S_ISUID) == 0)
|
||
{
|
||
/* The shared object cannot be tested for being SUID
|
||
or this bit is not set. In this case we must not
|
||
use this object. */
|
||
__close (fd);
|
||
fd = -1;
|
||
/* We simply ignore the file, signal this by setting
|
||
the error value which would have been set by `open'. */
|
||
errno = ENOENT;
|
||
}
|
||
}
|
||
}
|
||
|
||
if (fd != -1)
|
||
{
|
||
*realname = (char *) malloc (buflen);
|
||
if (*realname != NULL)
|
||
{
|
||
memcpy (*realname, buf, buflen);
|
||
return fd;
|
||
}
|
||
else
|
||
{
|
||
/* No memory for the name, we certainly won't be able
|
||
to load and link it. */
|
||
__close (fd);
|
||
return -1;
|
||
}
|
||
}
|
||
if (here_any && (err = errno) != ENOENT && err != EACCES)
|
||
/* The file exists and is readable, but something went wrong. */
|
||
return -1;
|
||
|
||
/* Remember whether we found anything. */
|
||
any |= here_any;
|
||
}
|
||
while (*++dirs != NULL);
|
||
|
||
/* Remove the whole path if none of the directories exists. */
|
||
if (__builtin_expect (! any, 0))
|
||
{
|
||
/* Paths which were allocated using the minimal malloc() in ld.so
|
||
must not be freed using the general free() in libc. */
|
||
if (sps->malloced)
|
||
free (sps->dirs);
|
||
#ifdef HAVE_Z_RELRO
|
||
/* rtld_search_dirs is attribute_relro, therefore avoid writing
|
||
into it. */
|
||
if (sps != &rtld_search_dirs)
|
||
#endif
|
||
sps->dirs = (void *) -1;
|
||
}
|
||
|
||
return -1;
|
||
}
|
||
|
||
/* Map in the shared object file NAME. */
|
||
|
||
struct link_map *
|
||
internal_function
|
||
_dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||
int type, int trace_mode, int mode, Lmid_t nsid)
|
||
{
|
||
int fd;
|
||
char *realname;
|
||
char *name_copy;
|
||
struct link_map *l;
|
||
struct filebuf fb;
|
||
|
||
assert (nsid >= 0);
|
||
assert (nsid < DL_NNS);
|
||
|
||
/* Look for this name among those already loaded. */
|
||
for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
|
||
{
|
||
/* If the requested name matches the soname of a loaded object,
|
||
use that object. Elide this check for names that have not
|
||
yet been opened. */
|
||
if (__builtin_expect (l->l_faked, 0) != 0
|
||
|| __builtin_expect (l->l_removed, 0) != 0)
|
||
continue;
|
||
if (!_dl_name_match_p (name, l))
|
||
{
|
||
const char *soname;
|
||
|
||
if (__builtin_expect (l->l_soname_added, 1)
|
||
|| l->l_info[DT_SONAME] == NULL)
|
||
continue;
|
||
|
||
soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
|
||
+ l->l_info[DT_SONAME]->d_un.d_val);
|
||
if (strcmp (name, soname) != 0)
|
||
continue;
|
||
|
||
/* We have a match on a new name -- cache it. */
|
||
add_name_to_object (l, soname);
|
||
l->l_soname_added = 1;
|
||
}
|
||
|
||
/* We have a match. */
|
||
return l;
|
||
}
|
||
|
||
/* Display information if we are debugging. */
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0)
|
||
&& loader != NULL)
|
||
_dl_debug_printf ("\nfile=%s [%lu]; needed by %s [%lu]\n", name, nsid,
|
||
loader->l_name[0]
|
||
? loader->l_name : rtld_progname, loader->l_ns);
|
||
|
||
#ifdef SHARED
|
||
/* Give the auditing libraries a chance to change the name before we
|
||
try anything. */
|
||
if (__builtin_expect (GLRO(dl_naudit) > 0, 0)
|
||
&& (loader == NULL || loader->l_auditing == 0))
|
||
{
|
||
struct audit_ifaces *afct = GLRO(dl_audit);
|
||
for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
|
||
{
|
||
if (afct->objsearch != NULL)
|
||
{
|
||
name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
|
||
LA_SER_ORIG);
|
||
if (name == NULL)
|
||
{
|
||
/* Do not try anything further. */
|
||
fd = -1;
|
||
goto no_file;
|
||
}
|
||
}
|
||
|
||
afct = afct->next;
|
||
}
|
||
}
|
||
#endif
|
||
|
||
if (strchr (name, '/') == NULL)
|
||
{
|
||
/* Search for NAME in several places. */
|
||
|
||
size_t namelen = strlen (name) + 1;
|
||
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_LIBS, 0))
|
||
_dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
|
||
|
||
fd = -1;
|
||
|
||
/* When the object has the RUNPATH information we don't use any
|
||
RPATHs. */
|
||
if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
|
||
{
|
||
/* First try the DT_RPATH of the dependent object that caused NAME
|
||
to be loaded. Then that object's dependent, and on up. */
|
||
for (l = loader; fd == -1 && l; l = l->l_loader)
|
||
if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
|
||
fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
|
||
&realname, &fb, loader, LA_SER_RUNPATH);
|
||
|
||
/* If dynamically linked, try the DT_RPATH of the executable
|
||
itself. NB: we do this for lookups in any namespace. */
|
||
if (fd == -1)
|
||
{
|
||
l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
|
||
if (l && l->l_type != lt_loaded && l != loader
|
||
&& cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
|
||
fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
|
||
&realname, &fb, loader ?: l, LA_SER_RUNPATH);
|
||
}
|
||
}
|
||
|
||
/* Try the LD_LIBRARY_PATH environment variable. */
|
||
if (fd == -1 && env_path_list.dirs != (void *) -1)
|
||
fd = open_path (name, namelen, preloaded, &env_path_list,
|
||
&realname, &fb,
|
||
loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
|
||
LA_SER_LIBPATH);
|
||
|
||
/* Look at the RUNPATH information for this binary. */
|
||
if (fd == -1 && loader != NULL
|
||
&& cache_rpath (loader, &loader->l_runpath_dirs,
|
||
DT_RUNPATH, "RUNPATH"))
|
||
fd = open_path (name, namelen, preloaded,
|
||
&loader->l_runpath_dirs, &realname, &fb, loader,
|
||
LA_SER_RUNPATH);
|
||
|
||
if (fd == -1
|
||
&& (__builtin_expect (! preloaded, 1)
|
||
|| ! INTUSE(__libc_enable_secure)))
|
||
{
|
||
/* Check the list of libraries in the file /etc/ld.so.cache,
|
||
for compatibility with Linux's ldconfig program. */
|
||
const char *cached = _dl_load_cache_lookup (name);
|
||
|
||
if (cached != NULL)
|
||
{
|
||
#ifdef SHARED
|
||
// XXX Correct to unconditionally default to namespace 0?
|
||
l = loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded;
|
||
#else
|
||
l = loader;
|
||
#endif
|
||
|
||
/* If the loader has the DF_1_NODEFLIB flag set we must not
|
||
use a cache entry from any of these directories. */
|
||
if (
|
||
#ifndef SHARED
|
||
/* 'l' is always != NULL for dynamically linked objects. */
|
||
l != NULL &&
|
||
#endif
|
||
__builtin_expect (l->l_flags_1 & DF_1_NODEFLIB, 0))
|
||
{
|
||
const char *dirp = system_dirs;
|
||
unsigned int cnt = 0;
|
||
|
||
do
|
||
{
|
||
if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
|
||
{
|
||
/* The prefix matches. Don't use the entry. */
|
||
cached = NULL;
|
||
break;
|
||
}
|
||
|
||
dirp += system_dirs_len[cnt] + 1;
|
||
++cnt;
|
||
}
|
||
while (cnt < nsystem_dirs_len);
|
||
}
|
||
|
||
if (cached != NULL)
|
||
{
|
||
fd = open_verify (cached,
|
||
&fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
|
||
LA_SER_CONFIG);
|
||
if (__builtin_expect (fd != -1, 1))
|
||
{
|
||
realname = local_strdup (cached);
|
||
if (realname == NULL)
|
||
{
|
||
__close (fd);
|
||
fd = -1;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
/* Finally, try the default path. */
|
||
if (fd == -1
|
||
&& ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
|
||
|| __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
|
||
&& rtld_search_dirs.dirs != (void *) -1)
|
||
fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
|
||
&realname, &fb, l, LA_SER_DEFAULT);
|
||
|
||
/* Add another newline when we are tracing the library loading. */
|
||
if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_LIBS, 0))
|
||
_dl_debug_printf ("\n");
|
||
}
|
||
else
|
||
{
|
||
/* The path may contain dynamic string tokens. */
|
||
realname = (loader
|
||
? expand_dynamic_string_token (loader, name)
|
||
: local_strdup (name));
|
||
if (realname == NULL)
|
||
fd = -1;
|
||
else
|
||
{
|
||
fd = open_verify (realname, &fb,
|
||
loader ?: GL(dl_ns)[nsid]._ns_loaded, 0);
|
||
if (__builtin_expect (fd, 0) == -1)
|
||
free (realname);
|
||
}
|
||
}
|
||
|
||
#ifdef SHARED
|
||
no_file:
|
||
#endif
|
||
/* In case the LOADER information has only been provided to get to
|
||
the appropriate RUNPATH/RPATH information we do not need it
|
||
anymore. */
|
||
if (mode & __RTLD_CALLMAP)
|
||
loader = NULL;
|
||
|
||
if (__builtin_expect (fd, 0) == -1)
|
||
{
|
||
if (trace_mode
|
||
&& __builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_PRELINK, 0) == 0)
|
||
{
|
||
/* We haven't found an appropriate library. But since we
|
||
are only interested in the list of libraries this isn't
|
||
so severe. Fake an entry with all the information we
|
||
have. */
|
||
static const Elf_Symndx dummy_bucket = STN_UNDEF;
|
||
|
||
/* Enter the new object in the list of loaded objects. */
|
||
if ((name_copy = local_strdup (name)) == NULL
|
||
|| (l = _dl_new_object (name_copy, name, type, loader,
|
||
mode, nsid)) == NULL)
|
||
_dl_signal_error (ENOMEM, name, NULL,
|
||
N_("cannot create shared object descriptor"));
|
||
/* Signal that this is a faked entry. */
|
||
l->l_faked = 1;
|
||
/* Since the descriptor is initialized with zero we do not
|
||
have do this here.
|
||
l->l_reserved = 0; */
|
||
l->l_buckets = &dummy_bucket;
|
||
l->l_nbuckets = 1;
|
||
l->l_relocated = 1;
|
||
|
||
return l;
|
||
}
|
||
else
|
||
_dl_signal_error (errno, name, NULL,
|
||
N_("cannot open shared object file"));
|
||
}
|
||
|
||
void *stack_end = __libc_stack_end;
|
||
return _dl_map_object_from_fd (name, fd, &fb, realname, loader, type, mode,
|
||
&stack_end, nsid);
|
||
}
|
||
|
||
|
||
void
|
||
internal_function
|
||
_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
|
||
{
|
||
if (counting)
|
||
{
|
||
si->dls_cnt = 0;
|
||
si->dls_size = 0;
|
||
}
|
||
|
||
unsigned int idx = 0;
|
||
char *allocptr = (char *) &si->dls_serpath[si->dls_cnt];
|
||
void add_path (const struct r_search_path_struct *sps, unsigned int flags)
|
||
# define add_path(sps, flags) add_path(sps, 0) /* XXX */
|
||
{
|
||
if (sps->dirs != (void *) -1)
|
||
{
|
||
struct r_search_path_elem **dirs = sps->dirs;
|
||
do
|
||
{
|
||
const struct r_search_path_elem *const r = *dirs++;
|
||
if (counting)
|
||
{
|
||
si->dls_cnt++;
|
||
si->dls_size += r->dirnamelen;
|
||
}
|
||
else
|
||
{
|
||
Dl_serpath *const sp = &si->dls_serpath[idx++];
|
||
sp->dls_name = allocptr;
|
||
allocptr = __mempcpy (allocptr,
|
||
r->dirname, r->dirnamelen - 1);
|
||
*allocptr++ = '\0';
|
||
sp->dls_flags = flags;
|
||
}
|
||
}
|
||
while (*dirs != NULL);
|
||
}
|
||
}
|
||
|
||
/* When the object has the RUNPATH information we don't use any RPATHs. */
|
||
if (loader->l_info[DT_RUNPATH] == NULL)
|
||
{
|
||
/* First try the DT_RPATH of the dependent object that caused NAME
|
||
to be loaded. Then that object's dependent, and on up. */
|
||
|
||
struct link_map *l = loader;
|
||
do
|
||
{
|
||
if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
|
||
add_path (&l->l_rpath_dirs, XXX_RPATH);
|
||
l = l->l_loader;
|
||
}
|
||
while (l != NULL);
|
||
|
||
/* If dynamically linked, try the DT_RPATH of the executable itself. */
|
||
if (loader->l_ns == LM_ID_BASE)
|
||
{
|
||
l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
|
||
if (l != NULL && l->l_type != lt_loaded && l != loader)
|
||
if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
|
||
add_path (&l->l_rpath_dirs, XXX_RPATH);
|
||
}
|
||
}
|
||
|
||
/* Try the LD_LIBRARY_PATH environment variable. */
|
||
add_path (&env_path_list, XXX_ENV);
|
||
|
||
/* Look at the RUNPATH information for this binary. */
|
||
if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
|
||
add_path (&loader->l_runpath_dirs, XXX_RUNPATH);
|
||
|
||
/* XXX
|
||
Here is where ld.so.cache gets checked, but we don't have
|
||
a way to indicate that in the results for Dl_serinfo. */
|
||
|
||
/* Finally, try the default path. */
|
||
if (!(loader->l_flags_1 & DF_1_NODEFLIB))
|
||
add_path (&rtld_search_dirs, XXX_default);
|
||
|
||
if (counting)
|
||
/* Count the struct size before the string area, which we didn't
|
||
know before we completed dls_cnt. */
|
||
si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
|
||
}
|