1 /* $NetBSD: headers.c,v 1.72 2024/08/03 21:59:57 riastradh Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt@3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root@ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp@polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: headers.c,v 1.72 2024/08/03 21:59:57 riastradh Exp $"); 44 #endif /* not lint */ 45 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <stdarg.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <sys/types.h> 55 #include <sys/mman.h> 56 #include <sys/bitops.h> 57 #include <dirent.h> 58 59 #include "debug.h" 60 #include "rtld.h" 61 62 /* 63 * Process a shared object's DYNAMIC section, and save the important 64 * information in its Obj_Entry structure. 65 */ 66 void 67 _rtld_digest_dynamic(const char *execname, Obj_Entry *obj) 68 { 69 Elf_Dyn *dynp; 70 Needed_Entry **needed_tail = &obj->needed; 71 const Elf_Dyn *dyn_soname = NULL; 72 const Elf_Dyn *dyn_rpath = NULL; 73 bool use_pltrel = false; 74 bool use_pltrela = false; 75 Elf_Addr relsz = 0, relasz = 0; 76 Elf_Addr pltrel = 0, pltrelsz = 0; 77 #ifdef RTLD_LOADER 78 Elf_Addr init = 0, fini = 0; 79 #endif 80 81 dbg(("headers: digesting PT_DYNAMIC at %p", obj->dynamic)); 82 for (dynp = obj->dynamic; dynp->d_tag != DT_NULL; ++dynp) { 83 dbg((" d_tag %ld at %p", (long)dynp->d_tag, dynp)); 84 switch (dynp->d_tag) { 85 86 case DT_REL: 87 obj->rel = (const Elf_Rel *) 88 (obj->relocbase + dynp->d_un.d_ptr); 89 break; 90 91 case DT_RELSZ: 92 relsz = dynp->d_un.d_val; 93 break; 94 95 case DT_RELENT: 96 assert(dynp->d_un.d_val == sizeof(Elf_Rel)); 97 break; 98 99 case DT_JMPREL: 100 pltrel = dynp->d_un.d_ptr; 101 break; 102 103 case DT_PLTRELSZ: 104 pltrelsz = dynp->d_un.d_val; 105 break; 106 107 case DT_RELA: 108 obj->rela = (const Elf_Rela *) 109 (obj->relocbase + dynp->d_un.d_ptr); 110 break; 111 112 case DT_RELASZ: 113 relasz = dynp->d_un.d_val; 114 break; 115 116 case DT_RELAENT: 117 assert(dynp->d_un.d_val == sizeof(Elf_Rela)); 118 break; 119 120 case DT_PLTREL: 121 use_pltrel = dynp->d_un.d_val == DT_REL; 122 use_pltrela = dynp->d_un.d_val == DT_RELA; 123 assert(use_pltrel || use_pltrela); 124 break; 125 126 case DT_SYMTAB: 127 obj->symtab = (const Elf_Sym *) 128 (obj->relocbase + dynp->d_un.d_ptr); 129 break; 130 131 case DT_SYMENT: 132 assert(dynp->d_un.d_val == sizeof(Elf_Sym)); 133 break; 134 135 case DT_STRTAB: 136 obj->strtab = (const char *) 137 (obj->relocbase + dynp->d_un.d_ptr); 138 break; 139 140 case DT_STRSZ: 141 obj->strsize = dynp->d_un.d_val; 142 break; 143 144 case DT_VERNEED: 145 obj->verneed = (const Elf_Verneed *) 146 (obj->relocbase + dynp->d_un.d_ptr); 147 break; 148 149 case DT_VERNEEDNUM: 150 obj->verneednum = dynp->d_un.d_val; 151 break; 152 153 case DT_VERDEF: 154 obj->verdef = (const Elf_Verdef *) 155 (obj->relocbase + dynp->d_un.d_ptr); 156 break; 157 158 case DT_VERDEFNUM: 159 obj->verdefnum = dynp->d_un.d_val; 160 break; 161 162 case DT_VERSYM: 163 obj->versyms = (const Elf_Versym *) 164 (obj->relocbase + dynp->d_un.d_ptr); 165 break; 166 167 case DT_HASH: 168 { 169 uint32_t nbuckets, nchains; 170 const Elf_Symindx *hashtab = (const Elf_Symindx *) 171 (obj->relocbase + dynp->d_un.d_ptr); 172 173 if (hashtab[0] > UINT32_MAX) 174 nbuckets = UINT32_MAX; 175 else 176 nbuckets = hashtab[0]; 177 obj->nbuckets = nbuckets; 178 obj->nchains = (nchains = hashtab[1]); 179 obj->buckets = hashtab + 2; 180 obj->chains = obj->buckets + obj->nbuckets; 181 182 /* Validity check */ 183 if (!obj->buckets || !nbuckets || !nchains) 184 continue; 185 186 obj->sysv_hash = true; 187 188 /* 189 * Should really be in _rtld_relocate_objects, 190 * but _rtld_symlook_obj might be used before. 191 */ 192 fast_divide32_prepare(obj->nbuckets, 193 &obj->nbuckets_m, 194 &obj->nbuckets_s1, 195 &obj->nbuckets_s2); 196 } 197 break; 198 199 case DT_GNU_HASH: 200 { 201 uint32_t nmaskwords; 202 uint32_t nbuckets, symndx; 203 int bloom_size32; 204 bool nmw_power2; 205 const Elf_Symindx *hashtab = (const Elf_Symindx *) 206 (obj->relocbase + dynp->d_un.d_ptr); 207 208 if (hashtab[0] > UINT32_MAX) 209 nbuckets = UINT32_MAX; 210 else 211 nbuckets = hashtab[0]; 212 obj->nbuckets_gnu = nbuckets; 213 214 nmaskwords = hashtab[2]; 215 bloom_size32 = nmaskwords * (ELFSIZE / 32); 216 217 obj->buckets_gnu = (const uint32_t *)(hashtab + 4 + bloom_size32); 218 219 nmw_power2 = powerof2(nmaskwords); 220 221 /* Validity check */ 222 if (!nmw_power2 || !nbuckets || !obj->buckets_gnu) 223 continue; 224 225 obj->gnu_hash = true; 226 227 obj->mask_bm_gnu = nmaskwords - 1; 228 obj->symndx_gnu = (symndx = hashtab[1]); 229 obj->shift2_gnu = hashtab[3]; 230 obj->bloom_gnu = (const Elf_Addr *)(hashtab + 4); 231 obj->chains_gnu = obj->buckets_gnu + nbuckets - symndx; 232 233 /* 234 * Should really be in _rtld_relocate_objects, 235 * but _rtld_symlook_obj might be used before. 236 */ 237 fast_divide32_prepare(nbuckets, 238 &obj->nbuckets_m_gnu, 239 &obj->nbuckets_s1_gnu, 240 &obj->nbuckets_s2_gnu); 241 242 dbg(("found GNU Hash: buckets=%p " 243 "nbuckets=%u chains=%p nchains=%lu " 244 "bloom=%p mask_bm=%u shift2=%u " 245 "symndx=%u", 246 obj->buckets_gnu, obj->nbuckets_gnu, 247 obj->chains_gnu, obj->nchains_gnu, 248 obj->bloom_gnu, obj->mask_bm_gnu, 249 obj->shift2_gnu, obj->symndx_gnu)); 250 } 251 break; 252 253 case DT_NEEDED: 254 { 255 Needed_Entry *nep = NEW(Needed_Entry); 256 257 nep->name = dynp->d_un.d_val; 258 nep->obj = NULL; 259 nep->next = NULL; 260 261 *needed_tail = nep; 262 needed_tail = &nep->next; 263 } 264 break; 265 266 case DT_PLTGOT: 267 obj->pltgot = (Elf_Addr *) 268 (obj->relocbase + dynp->d_un.d_ptr); 269 break; 270 271 case DT_TEXTREL: 272 obj->textrel = true; 273 break; 274 275 case DT_SYMBOLIC: 276 obj->symbolic = true; 277 break; 278 279 case DT_RPATH: 280 case DT_RUNPATH: 281 /* 282 * We have to wait until later to process this, because 283 * we might not have gotten the address of the string 284 * table yet. 285 */ 286 dyn_rpath = dynp; 287 break; 288 289 case DT_SONAME: 290 dyn_soname = dynp; 291 break; 292 293 case DT_INIT: 294 #ifdef RTLD_LOADER 295 init = dynp->d_un.d_ptr; 296 #endif 297 break; 298 299 #ifdef HAVE_INITFINI_ARRAY 300 case DT_INIT_ARRAY: 301 obj->init_array = 302 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 303 dbg(("headers: DT_INIT_ARRAY at %p", 304 obj->init_array)); 305 break; 306 307 case DT_INIT_ARRAYSZ: 308 obj->init_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 309 dbg(("headers: DT_INIT_ARRAYZ %zu", 310 obj->init_arraysz)); 311 break; 312 #endif 313 314 case DT_FINI: 315 #ifdef RTLD_LOADER 316 fini = dynp->d_un.d_ptr; 317 #endif 318 break; 319 320 #ifdef HAVE_INITFINI_ARRAY 321 case DT_FINI_ARRAY: 322 obj->fini_array = 323 (fptr_t *)(obj->relocbase + dynp->d_un.d_ptr); 324 dbg(("headers: DT_FINI_ARRAY at %p", 325 obj->fini_array)); 326 break; 327 328 case DT_FINI_ARRAYSZ: 329 obj->fini_arraysz = dynp->d_un.d_val / sizeof(fptr_t); 330 dbg(("headers: DT_FINI_ARRAYZ %zu", 331 obj->fini_arraysz)); 332 break; 333 #endif 334 335 /* 336 * Don't process DT_DEBUG on MIPS as the dynamic section 337 * is mapped read-only. DT_MIPS_RLD_MAP is used instead. 338 * XXX: n32/n64 may use DT_DEBUG, not sure yet. 339 */ 340 #ifndef __mips__ 341 case DT_DEBUG: 342 #ifdef RTLD_LOADER 343 dynp->d_un.d_ptr = (Elf_Addr)&_rtld_debug; 344 #endif 345 break; 346 #endif 347 348 #ifdef __mips__ 349 case DT_MIPS_LOCAL_GOTNO: 350 obj->local_gotno = dynp->d_un.d_val; 351 break; 352 353 case DT_MIPS_SYMTABNO: 354 obj->symtabno = dynp->d_un.d_val; 355 break; 356 357 case DT_MIPS_GOTSYM: 358 obj->gotsym = dynp->d_un.d_val; 359 break; 360 361 case DT_MIPS_RLD_MAP: 362 #ifdef RTLD_LOADER 363 *((Elf_Addr *)(dynp->d_un.d_ptr)) = (Elf_Addr) 364 &_rtld_debug; 365 #endif 366 break; 367 #endif 368 #ifdef __powerpc__ 369 #ifdef _LP64 370 case DT_PPC64_GLINK: 371 obj->glink = (Elf_Addr)(uintptr_t)obj->relocbase + dynp->d_un.d_ptr; 372 break; 373 #else 374 case DT_PPC_GOT: 375 obj->gotptr = (Elf_Addr *)(obj->relocbase + dynp->d_un.d_ptr); 376 break; 377 #endif 378 #endif 379 case DT_FLAGS_1: 380 obj->z_now = 381 ((dynp->d_un.d_val & DF_1_NOW) != 0); 382 obj->z_nodelete = 383 ((dynp->d_un.d_val & DF_1_NODELETE) != 0); 384 obj->z_initfirst = 385 ((dynp->d_un.d_val & DF_1_INITFIRST) != 0); 386 obj->z_noopen = 387 ((dynp->d_un.d_val & DF_1_NOOPEN) != 0); 388 break; 389 } 390 } 391 392 obj->rellim = (const Elf_Rel *)((const uint8_t *)obj->rel + relsz); 393 obj->relalim = (const Elf_Rela *)((const uint8_t *)obj->rela + relasz); 394 if (use_pltrel) { 395 obj->pltrel = (const Elf_Rel *)(obj->relocbase + pltrel); 396 obj->pltrellim = (const Elf_Rel *)(obj->relocbase + pltrel + pltrelsz); 397 obj->pltrelalim = 0; 398 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 399 Trim rel(a)lim to save time later. */ 400 if (obj->rellim && obj->pltrel && 401 obj->rellim > obj->pltrel && 402 obj->rellim <= obj->pltrellim) 403 obj->rellim = obj->pltrel; 404 } else if (use_pltrela) { 405 obj->pltrela = (const Elf_Rela *)(obj->relocbase + pltrel); 406 obj->pltrellim = 0; 407 obj->pltrelalim = (const Elf_Rela *)(obj->relocbase + pltrel + pltrelsz); 408 /* On PPC and SPARC, at least, REL(A)SZ may include JMPREL. 409 Trim rel(a)lim to save time later. */ 410 if (obj->relalim && obj->pltrela && 411 obj->relalim > obj->pltrela && 412 obj->relalim <= obj->pltrelalim) 413 obj->relalim = obj->pltrela; 414 } 415 416 /* If the ELF Hash is present, "nchains" is the same in both hashes. */ 417 if (!obj->sysv_hash && obj->gnu_hash) { 418 uint_fast32_t i, nbucket, symndx; 419 420 /* Otherwise, count the entries from the GNU Hash chain. */ 421 nbucket = obj->nbuckets_gnu; 422 symndx = obj->symndx_gnu; 423 424 for (i = 0; i < nbucket; i++) { 425 Elf_Word bkt = obj->buckets_gnu[i]; 426 if (bkt == 0) 427 continue; 428 const uint32_t *hashval = &obj->chains_gnu[bkt]; 429 do { 430 symndx++; 431 } while ((*hashval++ & 1U) == 0); 432 } 433 obj->nchains_gnu = (uint32_t)symndx; 434 } 435 436 #ifdef RTLD_LOADER 437 #if defined(__HAVE_FUNCTION_DESCRIPTORS) 438 if (init != 0) 439 obj->init = (void (*)(void)) 440 _rtld_function_descriptor_alloc(obj, NULL, init); 441 if (fini != 0) 442 obj->fini = (void (*)(void)) 443 _rtld_function_descriptor_alloc(obj, NULL, fini); 444 #else 445 if (init != 0) 446 obj->init = (void (*)(void)) (obj->relocbase + init); 447 if (fini != 0) 448 obj->fini = (void (*)(void)) (obj->relocbase + fini); 449 #endif 450 #endif 451 452 if (dyn_rpath != NULL) { 453 _rtld_add_paths(execname, &obj->rpaths, obj->strtab + 454 dyn_rpath->d_un.d_val); 455 } 456 if (dyn_soname != NULL) { 457 _rtld_object_add_name(obj, obj->strtab + 458 dyn_soname->d_un.d_val); 459 } 460 } 461 462 #ifdef RTLD_LOADER 463 /* 464 * Process a shared object's program header. This is used only for the 465 * main program, when the kernel has already loaded the main program 466 * into memory before calling the dynamic linker. It creates and 467 * returns an Obj_Entry structure. 468 */ 469 Obj_Entry * 470 _rtld_digest_phdr(const Elf_Phdr *phdr, int phnum, caddr_t entry) 471 { 472 Obj_Entry *obj; 473 const Elf_Phdr *phlimit = phdr + phnum; 474 const Elf_Phdr *ph; 475 bool first_seg = true; 476 Elf_Addr vaddr; 477 size_t size; 478 479 obj = _rtld_obj_new(); 480 481 for (ph = phdr; ph < phlimit; ++ph) { 482 if (ph->p_type != PT_PHDR) 483 continue; 484 485 obj->relocbase = (caddr_t)((uintptr_t)phdr - (uintptr_t)ph->p_vaddr); 486 obj->phdr = phdr; /* Equivalent to relocbase + p_vaddr. */ 487 obj->phsize = ph->p_memsz; 488 dbg(("headers: phdr %p (%p) phsize %zu relocbase %p", 489 obj->phdr, phdr, obj->phsize, obj->relocbase)); 490 break; 491 } 492 493 for (ph = phdr; ph < phlimit; ++ph) { 494 vaddr = (Elf_Addr)(uintptr_t)(obj->relocbase + ph->p_vaddr); 495 switch (ph->p_type) { 496 497 case PT_INTERP: 498 obj->interp = (const char *)(uintptr_t)vaddr; 499 dbg(("headers: %s %p phsize %" PRImemsz, 500 "PT_INTERP", (void *)(uintptr_t)vaddr, 501 ph->p_memsz)); 502 break; 503 504 case PT_LOAD: 505 size = round_up(vaddr + ph->p_memsz) - obj->vaddrbase; 506 if (first_seg) { /* First load segment */ 507 obj->vaddrbase = round_down(vaddr); 508 obj->mapbase = (caddr_t)(uintptr_t)obj->vaddrbase; 509 obj->textsize = size; 510 obj->mapsize = size; 511 first_seg = false; 512 } else { /* Last load segment */ 513 obj->mapsize = MAX(obj->mapsize, size); 514 } 515 dbg(("headers: %s %p phsize %" PRImemsz, 516 "PT_LOAD", (void *)(uintptr_t)vaddr, 517 ph->p_memsz)); 518 break; 519 520 case PT_DYNAMIC: 521 obj->dynamic = (Elf_Dyn *)(uintptr_t)vaddr; 522 dbg(("headers: %s %p phsize %" PRImemsz, 523 "PT_DYNAMIC", (void *)(uintptr_t)vaddr, 524 ph->p_memsz)); 525 break; 526 527 #ifdef GNU_RELRO 528 case PT_GNU_RELRO: 529 /* rounding happens later. */ 530 obj->relro_page = obj->relocbase + ph->p_vaddr; 531 obj->relro_size = ph->p_memsz; 532 dbg(("headers: %s %p phsize %" PRImemsz, 533 "PT_GNU_RELRO", (void *)(uintptr_t)vaddr, 534 ph->p_memsz)); 535 break; 536 #endif 537 538 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 539 case PT_TLS: 540 obj->tlsindex = 1; 541 obj->tlssize = ph->p_memsz; 542 obj->tlsalign = ph->p_align; 543 obj->tlsinitsize = ph->p_filesz; 544 obj->tlsinit = (void *)(obj->relocbase + 545 (uintptr_t)ph->p_vaddr); 546 dbg(("headers: %s %p phsize %" PRImemsz, 547 "PT_TLS", (void *)(uintptr_t)vaddr, 548 ph->p_memsz)); 549 break; 550 #endif 551 #ifdef __ARM_EABI__ 552 case PT_ARM_EXIDX: 553 obj->exidx_start = (void *)(uintptr_t)vaddr; 554 obj->exidx_sz = ph->p_memsz; 555 dbg(("headers: %s %p phsize %" PRImemsz, 556 "PT_ARM_EXIDX", (void *)(uintptr_t)vaddr, 557 ph->p_memsz)); 558 break; 559 #endif 560 } 561 } 562 563 obj->entry = entry; 564 return obj; 565 } 566 #endif 567