1 /* $NetBSD: rumpuser_dl.c,v 1.30 2014/11/04 19:05:17 pooka Exp $ */ 2 3 /* 4 * Copyright (c) 2009 Antti Kantee. All Rights Reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS 16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 /* 29 * Load all module link sets and feed symbol table to the kernel. 30 * Called during rump bootstrap. 31 */ 32 33 /* 34 * Solaris libelf.h doesn't support _FILE_OFFSET_BITS=64. Luckily, 35 * for this module it doesn't matter. 36 */ 37 #if defined(__sun__) 38 #define RUMPUSER_NO_FILE_OFFSET_BITS 39 #endif 40 #include "rumpuser_port.h" 41 42 #if !defined(lint) 43 __RCSID("$NetBSD: rumpuser_dl.c,v 1.30 2014/11/04 19:05:17 pooka Exp $"); 44 #endif /* !lint */ 45 46 #include <sys/types.h> 47 #include <sys/time.h> 48 #include <assert.h> 49 50 #include <dlfcn.h> 51 #include <errno.h> 52 #include <fcntl.h> 53 #include <stdint.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <string.h> 57 #include <unistd.h> 58 59 #include <rump/rumpuser.h> 60 61 #if defined(__ELF__) && defined(HAVE_DLINFO) 62 #include <elf.h> 63 #include <link.h> 64 65 static size_t symtabsize = 0, strtabsize = 0; 66 static size_t symtaboff = 0, strtaboff = 0; 67 static uint8_t *symtab = NULL; 68 static char *strtab = NULL; 69 static unsigned char eident; 70 71 /* nb5 compat */ 72 #ifndef Elf_Symindx 73 #define Elf_Symindx uint32_t 74 #endif 75 76 static void * 77 reservespace(void *store, size_t *storesize, 78 size_t storeoff, size_t required) 79 { 80 size_t chunk, newsize; 81 82 assert(storeoff <= *storesize); 83 chunk = *storesize - storeoff; 84 85 if (chunk >= required) 86 return store; 87 88 newsize = *storesize + ((size_t)required - chunk); 89 store = realloc(store, newsize); 90 if (store == NULL) { 91 return NULL; 92 } 93 *((uint8_t *)store + storeoff) = '\0'; 94 *storesize = newsize; 95 96 return store; 97 } 98 99 /* 100 * Macros to make handling elf32/64 in the code a little saner. 101 */ 102 103 #define DYNn_GETMEMBER(base, n, thevar, result) \ 104 do { \ 105 if (eident == ELFCLASS32) { \ 106 const Elf32_Dyn *dyn = base; \ 107 /*LINTED*/ \ 108 result = dyn[n].thevar; \ 109 } else { \ 110 const Elf64_Dyn *dyn = base; \ 111 /*LINTED*/ \ 112 result = dyn[n].thevar; \ 113 } \ 114 } while (/*CONSTCOND*/0) 115 116 #define SYMn_GETMEMBER(base, n, thevar, result) \ 117 do { \ 118 if (eident == ELFCLASS32) { \ 119 const Elf32_Sym *sym = base; \ 120 /*LINTED*/ \ 121 result = sym[n].thevar; \ 122 } else { \ 123 const Elf64_Sym *sym = base; \ 124 /*LINTED*/ \ 125 result = sym[n].thevar; \ 126 } \ 127 } while (/*CONSTCOND*/0) 128 129 #define SYMn_SETMEMBER(base, n, thevar, value) \ 130 do { \ 131 if (eident == ELFCLASS32) { \ 132 Elf32_Sym *sym = base; \ 133 /*LINTED*/ \ 134 sym[n].thevar = value; \ 135 } else { \ 136 Elf64_Sym *sym = base; \ 137 /*LINTED*/ \ 138 sym[n].thevar = value; \ 139 } \ 140 } while (/*CONSTCOND*/0) 141 142 #define SYM_GETSIZE() ((eident==ELFCLASS32)?sizeof(Elf32_Sym):sizeof(Elf64_Sym)) 143 144 /* 145 * On NetBSD, the dynamic section pointer values seem to be relative to 146 * the address the dso is mapped at. On glibc, they seem to contain 147 * the absolute address. I couldn't find anything definite from a quick 148 * read of the standard and therefore I will not go and figure beyond ifdef. 149 * On Solaris and DragonFly / FreeBSD, the main object works differently 150 * ... uuuuh. 151 */ 152 #if defined(__GLIBC__) && !defined(__mips__) 153 #define adjptr(_map_, _ptr_) ((void *)(_ptr_)) 154 #elif defined(__sun__) || defined(__DragonFly__) || defined(__FreeBSD__) 155 #define adjptr(_map_, _ptr_) \ 156 (ismainobj ? (void *)(_ptr_) : (void *)(_map_->l_addr + (_ptr_))) 157 #else 158 /* NetBSD and some others, e.g. Linux + musl */ 159 #define adjptr(_map_, _ptr_) ((void *)(_map_->l_addr + (_ptr_))) 160 #endif 161 162 static int 163 getsymbols(struct link_map *map, int ismainobj) 164 { 165 char *str_base; 166 void *syms_base = NULL; /* XXXgcc */ 167 size_t curstrsize; 168 const void *ed_base; 169 uint64_t ed_tag; 170 size_t cursymcount; 171 unsigned i; 172 173 if (map->l_addr) { 174 if (memcmp((void *)map->l_addr, ELFMAG, SELFMAG) != 0) 175 return ENOEXEC; 176 eident = *(unsigned char *)(map->l_addr + EI_CLASS); 177 if (eident != ELFCLASS32 && eident != ELFCLASS64) 178 return ENOEXEC; 179 } 180 181 /* 182 * ok, we probably have only the main object. instead of going 183 * to disk and reading the ehdr, just try to guess the size. 184 */ 185 if (eident == 0) { 186 if (/*CONSTCOND*/sizeof(void *) == 4) 187 eident = ELFCLASS32; 188 else 189 eident = ELFCLASS64; 190 } 191 192 /* 193 * Find symtab and strtab and their sizes. 194 */ 195 str_base = NULL; 196 curstrsize = 0; 197 cursymcount = 0; 198 ed_base = map->l_ld; 199 DYNn_GETMEMBER(ed_base, 0, d_tag, ed_tag); 200 for (i = 0; ed_tag != DT_NULL;) { 201 uintptr_t edptr; 202 size_t edval; 203 Elf_Symindx *hashtab; 204 205 switch (ed_tag) { 206 case DT_SYMTAB: 207 DYNn_GETMEMBER(ed_base, i, d_un.d_ptr, edptr); 208 syms_base = adjptr(map, edptr); 209 break; 210 case DT_STRTAB: 211 DYNn_GETMEMBER(ed_base, i, d_un.d_ptr, edptr); 212 str_base = adjptr(map, edptr); 213 break; 214 case DT_STRSZ: 215 DYNn_GETMEMBER(ed_base, i, d_un.d_val, edval); 216 curstrsize = edval; 217 break; 218 case DT_HASH: 219 DYNn_GETMEMBER(ed_base, i, d_un.d_ptr, edptr); 220 hashtab = (Elf_Symindx *)adjptr(map, edptr); 221 cursymcount = hashtab[1]; 222 break; 223 #ifdef DT_GNU_HASH 224 /* 225 * DT_GNU_HASH is a bit more complicated than DT_HASH 226 * in this regard since apparently there is no field 227 * telling us the total symbol count. Instead, we look 228 * for the last valid hash bucket and add its chain lenght 229 * to the bucket's base index. 230 */ 231 case DT_GNU_HASH: { 232 Elf32_Word nbuck, symndx, maskwords, maxchain = 0; 233 Elf32_Word *gnuhash, *buckets, *ptr; 234 int bi; 235 236 DYNn_GETMEMBER(ed_base, i, d_un.d_ptr, edptr); 237 gnuhash = (Elf32_Word *)adjptr(map, edptr); 238 239 nbuck = gnuhash[0]; 240 symndx = gnuhash[1]; 241 maskwords = gnuhash[2]; 242 243 /* 244 * First, find the last valid bucket and grab its index 245 */ 246 if (eident == ELFCLASS64) 247 maskwords *= 2; /* sizeof(*buckets) == 4 */ 248 buckets = gnuhash + 4 + maskwords; 249 for (bi = nbuck-1; bi >= 0; bi--) { 250 if (buckets[bi] != 0) { 251 maxchain = buckets[bi]; 252 break; 253 } 254 } 255 if (maxchain == 0 || maxchain < symndx) 256 break; 257 258 /* 259 * Then, traverse the last chain and count symbols. 260 */ 261 262 cursymcount = maxchain; 263 ptr = buckets + nbuck + (maxchain - symndx); 264 do { 265 cursymcount++; 266 } while ((*ptr++ & 1) == 0); 267 } 268 break; 269 #endif 270 case DT_SYMENT: 271 DYNn_GETMEMBER(ed_base, i, d_un.d_val, edval); 272 assert(edval == SYM_GETSIZE()); 273 break; 274 default: 275 break; 276 } 277 i++; 278 DYNn_GETMEMBER(ed_base, i, d_tag, ed_tag); 279 } 280 281 if (str_base == NULL || syms_base == NULL || 282 curstrsize == 0 || cursymcount == 0) { 283 fprintf(stderr, "could not find strtab, symtab or their sizes " 284 "in %s\n", map->l_name); 285 return ENOEXEC; 286 } 287 288 /* 289 * Make sure we have enough space for the contents of the symbol 290 * and string tables we are currently processing. The total used 291 * space will be smaller due to undefined symbols we are not 292 * interested in. 293 */ 294 symtab = reservespace(symtab, &symtabsize, 295 symtaboff, cursymcount * SYM_GETSIZE()); 296 strtab = reservespace(strtab, &strtabsize, strtaboff, curstrsize); 297 if (symtab == NULL || strtab == NULL) { 298 fprintf(stderr, "failed to reserve memory"); 299 return ENOMEM; 300 } 301 302 /* iterate over all symbols in current symtab */ 303 for (i = 0; i < cursymcount; i++) { 304 const char *cursymname; 305 int shndx, name; 306 uintptr_t value; 307 void *csym; 308 309 SYMn_GETMEMBER(syms_base, i, st_shndx, shndx); 310 SYMn_GETMEMBER(syms_base, i, st_value, value); 311 if (shndx == SHN_UNDEF || value == 0) 312 continue; 313 314 /* get symbol name */ 315 SYMn_GETMEMBER(syms_base, i, st_name, name); 316 cursymname = name + str_base; 317 318 /* 319 * Only accept symbols which are decidedly in 320 * the rump kernel namespace. 321 * XXX: quirks, but they wouldn't matter here 322 */ 323 if (strncmp(cursymname, "rump", 4) != 0 && 324 strncmp(cursymname, "RUMP", 4) != 0 && 325 strncmp(cursymname, "__", 2) != 0) { 326 continue; 327 } 328 329 memcpy(symtab + symtaboff, 330 (const uint8_t *)syms_base + i*SYM_GETSIZE(),SYM_GETSIZE()); 331 332 /* 333 * set name to point at new strtab, offset symbol value 334 * with lib base address. 335 */ 336 csym = symtab + symtaboff; 337 SYMn_SETMEMBER(csym, 0, st_name, strtaboff); 338 SYMn_GETMEMBER(csym, 0, st_value, value); 339 SYMn_SETMEMBER(csym, 0, st_value,(intptr_t)(value+map->l_addr)); 340 symtaboff += SYM_GETSIZE(); 341 342 strcpy(strtab + strtaboff, cursymname); 343 strtaboff += strlen(cursymname)+1; 344 } 345 346 return 0; 347 } 348 349 static void 350 process_object(void *handle, 351 rump_modinit_fn domodinit, rump_compload_fn docompload) 352 { 353 const struct modinfo *const *mi_start, *const *mi_end; 354 struct rump_component *const *rc, *const *rc_end; 355 356 mi_start = dlsym(handle, "__start_link_set_modules"); 357 mi_end = dlsym(handle, "__stop_link_set_modules"); 358 if (mi_start && mi_end) 359 domodinit(mi_start, (size_t)(mi_end-mi_start)); 360 361 rc = dlsym(handle, "__start_link_set_rump_components"); 362 rc_end = dlsym(handle, "__stop_link_set_rump_components"); 363 if (rc && rc_end) { 364 for (; rc < rc_end; rc++) 365 docompload(*rc); 366 assert(rc == rc_end); 367 } 368 } 369 370 /* 371 * Get the linkmap from the dynlinker. Try to load kernel modules 372 * from all objects in the linkmap. 373 */ 374 void 375 rumpuser_dl_bootstrap(rump_modinit_fn domodinit, 376 rump_symload_fn symload, rump_compload_fn compload) 377 { 378 struct link_map *map, *origmap, *mainmap; 379 void *mainhandle; 380 int error; 381 382 mainhandle = dlopen(NULL, RTLD_NOW); 383 /* Will be null if statically linked so just return */ 384 if (mainhandle == NULL) 385 return; 386 if (dlinfo(mainhandle, RTLD_DI_LINKMAP, &mainmap) == -1) { 387 fprintf(stderr, "warning: rumpuser module bootstrap " 388 "failed: %s\n", dlerror()); 389 return; 390 } 391 origmap = mainmap; 392 393 /* 394 * Use a heuristic to determine if we are static linked. 395 * A dynamically linked binary should always have at least 396 * two objects: itself and ld.so. 397 * 398 * In a statically linked binary with glibc the linkmap 399 * contains some "info" that leads to a segfault. Since we 400 * can't really do anything useful in here without ld.so, just 401 * simply bail and let the symbol references in librump do the 402 * right things. 403 */ 404 if (origmap->l_next == NULL && origmap->l_prev == NULL) { 405 dlclose(mainhandle); 406 return; 407 } 408 409 /* 410 * Process last->first because that's the most probable 411 * order for dependencies 412 */ 413 for (; origmap->l_next; origmap = origmap->l_next) 414 continue; 415 416 /* 417 * Build symbol table to hand to the rump kernel. Do this by 418 * iterating over all rump libraries and collecting symbol 419 * addresses and relocation info. 420 */ 421 error = 0; 422 for (map = origmap; map && !error; map = map->l_prev) { 423 if (strstr(map->l_name, "librump") != NULL || map == mainmap) 424 error = getsymbols(map, map == mainmap); 425 } 426 427 if (error == 0) { 428 void *trimmedsym, *trimmedstr; 429 430 /* 431 * Allocate optimum-sized memory for storing tables 432 * and feed to kernel. If memory allocation fails, 433 * just give the ones with extra context (although 434 * I'm pretty sure we'll die moments later due to 435 * memory running out). 436 */ 437 if ((trimmedsym = malloc(symtaboff)) != NULL) { 438 memcpy(trimmedsym, symtab, symtaboff); 439 } else { 440 trimmedsym = symtab; 441 symtab = NULL; 442 } 443 if ((trimmedstr = malloc(strtaboff)) != NULL) { 444 memcpy(trimmedstr, strtab, strtaboff); 445 } else { 446 trimmedstr = strtab; 447 strtab = NULL; 448 } 449 symload(trimmedsym, symtaboff, trimmedstr, strtaboff); 450 } 451 free(symtab); 452 free(strtab); 453 454 /* 455 * Next, load modules and components. 456 * 457 * Simply loop through all objects, ones unrelated to rump kernels 458 * will not contain link_set_rump_components (well, not including 459 * "sabotage", but that needs to be solved at another level anyway). 460 */ 461 for (map = origmap; map; map = map->l_prev) { 462 void *handle; 463 464 if (map == mainmap) { 465 handle = mainhandle; 466 } else { 467 handle = dlopen(map->l_name, RTLD_LAZY); 468 if (handle == NULL) 469 continue; 470 } 471 process_object(handle, domodinit, compload); 472 if (map != mainmap) 473 dlclose(handle); 474 } 475 } 476 #else 477 /* 478 * no dynamic linking supported 479 */ 480 void 481 rumpuser_dl_bootstrap(rump_modinit_fn domodinit, 482 rump_symload_fn symload, rump_compload_fn compload) 483 { 484 485 return; 486 } 487 #endif 488