1 /* $NetBSD: symbol.c,v 1.64 2014/03/21 01:40:41 matt Exp $ */ 2 3 /* 4 * Copyright 1996 John D. Polstra. 5 * Copyright 1996 Matt Thomas <matt@3am-software.com> 6 * Copyright 2002 Charles M. Hannum <root@ihack.net> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by John Polstra. 20 * 4. The name of the author may not be used to endorse or promote products 21 * derived from this software without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * Dynamic linker for ELF. 37 * 38 * John Polstra <jdp@polstra.com>. 39 */ 40 41 #include <sys/cdefs.h> 42 #ifndef lint 43 __RCSID("$NetBSD: symbol.c,v 1.64 2014/03/21 01:40:41 matt Exp $"); 44 #endif /* not lint */ 45 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <stdarg.h> 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 #include <sys/types.h> 55 #include <sys/mman.h> 56 #include <sys/bitops.h> 57 #include <dirent.h> 58 59 #include "debug.h" 60 #include "rtld.h" 61 62 /* 63 * If the given object is already in the donelist, return true. Otherwise 64 * add the object to the list and return false. 65 */ 66 static bool 67 _rtld_donelist_check(DoneList *dlp, const Obj_Entry *obj) 68 { 69 unsigned int i; 70 71 for (i = 0; i < dlp->num_used; i++) 72 if (dlp->objs[i] == obj) 73 return true; 74 /* 75 * Our donelist allocation may not always be sufficient as we're not 76 * thread safe. We'll handle it properly anyway. 77 */ 78 if (dlp->num_used < dlp->num_alloc) 79 dlp->objs[dlp->num_used++] = obj; 80 return false; 81 } 82 83 static bool 84 _rtld_is_exported(const Elf_Sym *def) 85 { 86 static const fptr_t _rtld_exports[] = { 87 (fptr_t)dlopen, 88 (fptr_t)dlclose, 89 (fptr_t)dlsym, 90 (fptr_t)dlvsym, 91 (fptr_t)dlerror, 92 (fptr_t)dladdr, 93 (fptr_t)dlinfo, 94 (fptr_t)dl_iterate_phdr, 95 (fptr_t)_dlauxinfo, 96 #if defined(__HAVE_TLS_VARIANT_I) || defined(__HAVE_TLS_VARIANT_II) 97 (fptr_t)_rtld_tls_allocate, 98 (fptr_t)_rtld_tls_free, 99 (fptr_t)__tls_get_addr, 100 #ifdef __i386__ 101 (fptr_t)___tls_get_addr, 102 #endif 103 #endif 104 #ifdef __ARM_EABI__ 105 (fptr_t)__gnu_Unwind_Find_exidx, /* for gcc EHABI */ 106 #endif 107 NULL 108 }; 109 int i; 110 fptr_t value; 111 112 value = (fptr_t)(_rtld_objself.relocbase + def->st_value); 113 for (i = 0; _rtld_exports[i] != NULL; i++) { 114 if (value == _rtld_exports[i]) 115 return true; 116 } 117 return false; 118 } 119 120 /* 121 * Hash function for symbol table lookup. Don't even think about changing 122 * this. It is specified by the System V ABI. 123 */ 124 unsigned long 125 _rtld_elf_hash(const char *name) 126 { 127 const unsigned char *p = (const unsigned char *) name; 128 unsigned long h = 0; 129 unsigned long g; 130 unsigned long c; 131 132 for (; __predict_true((c = *p) != '\0'); p++) { 133 h <<= 4; 134 h += c; 135 if ((g = h & 0xf0000000) != 0) { 136 h ^= g; 137 h ^= g >> 24; 138 } 139 } 140 return (h); 141 } 142 143 const Elf_Sym * 144 _rtld_symlook_list(const char *name, unsigned long hash, const Objlist *objlist, 145 const Obj_Entry **defobj_out, u_int flags, const Ver_Entry *ventry, 146 DoneList *dlp) 147 { 148 const Elf_Sym *symp; 149 const Elf_Sym *def; 150 const Obj_Entry *defobj; 151 const Objlist_Entry *elm; 152 153 def = NULL; 154 defobj = NULL; 155 SIMPLEQ_FOREACH(elm, objlist, link) { 156 if (_rtld_donelist_check(dlp, elm->obj)) 157 continue; 158 rdbg(("search object %p (%s) for %s", elm->obj, elm->obj->path, 159 name)); 160 symp = _rtld_symlook_obj(name, hash, elm->obj, flags, ventry); 161 if (symp != NULL) { 162 if ((def == NULL) || 163 (ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 164 def = symp; 165 defobj = elm->obj; 166 if (ELF_ST_BIND(def->st_info) != STB_WEAK) 167 break; 168 } 169 } 170 } 171 if (def != NULL) 172 *defobj_out = defobj; 173 return def; 174 } 175 176 /* 177 * Search the symbol table of a shared object and all objects needed by it for 178 * a symbol of the given name. Search order is breadth-first. Returns a pointer 179 * to the symbol, or NULL if no definition was found. 180 */ 181 const Elf_Sym * 182 _rtld_symlook_needed(const char *name, unsigned long hash, 183 const Needed_Entry *needed, const Obj_Entry **defobj_out, u_int flags, 184 const Ver_Entry *ventry, DoneList *breadth, DoneList *depth) 185 { 186 const Elf_Sym *def, *def_w; 187 const Needed_Entry *n; 188 const Obj_Entry *obj, *defobj, *defobj1; 189 190 def = def_w = NULL; 191 defobj = NULL; 192 for (n = needed; n != NULL; n = n->next) { 193 if ((obj = n->obj) == NULL) 194 continue; 195 if (_rtld_donelist_check(breadth, obj)) 196 continue; 197 def = _rtld_symlook_obj(name, hash, obj, flags, ventry); 198 if (def == NULL) 199 continue; 200 defobj = obj; 201 if (ELF_ST_BIND(def->st_info) != STB_WEAK) { 202 *defobj_out = defobj; 203 204 return (def); 205 } 206 } 207 /* 208 * Either the symbol definition has not been found in directly needed 209 * objects, or the found symbol is weak. 210 */ 211 for (n = needed; n != NULL; n = n->next) { 212 if ((obj = n->obj) == NULL) 213 continue; 214 if (_rtld_donelist_check(depth, obj)) 215 continue; 216 def_w = _rtld_symlook_needed(name, hash, obj->needed, &defobj1, 217 flags, ventry, breadth, depth); 218 if (def_w == NULL) 219 continue; 220 if (def == NULL || ELF_ST_BIND(def_w->st_info) != STB_WEAK) { 221 def = def_w; 222 defobj = defobj1; 223 if (ELF_ST_BIND(def_w->st_info) != STB_WEAK) 224 break; 225 } 226 } 227 if (def != NULL) 228 *defobj_out = defobj; 229 230 return def; 231 } 232 233 /* 234 * Search the symbol table of a single shared object for a symbol of 235 * the given name. Returns a pointer to the symbol, or NULL if no 236 * definition was found. 237 * 238 * The symbol's hash value is passed in for efficiency reasons; that 239 * eliminates many recomputations of the hash value. 240 */ 241 const Elf_Sym * 242 _rtld_symlook_obj(const char *name, unsigned long hash, 243 const Obj_Entry *obj, u_int flags, const Ver_Entry *ventry) 244 { 245 unsigned long symnum; 246 const Elf_Sym *vsymp = NULL; 247 Elf_Half verndx; 248 int vcount = 0; 249 250 for (symnum = obj->buckets[fast_remainder32(hash, obj->nbuckets, 251 obj->nbuckets_m, obj->nbuckets_s1, obj->nbuckets_s2)]; 252 symnum != ELF_SYM_UNDEFINED; 253 symnum = obj->chains[symnum]) { 254 const Elf_Sym *symp; 255 const char *strp; 256 257 assert(symnum < obj->nchains); 258 symp = obj->symtab + symnum; 259 strp = obj->strtab + symp->st_name; 260 rdbg(("check \"%s\" vs \"%s\" in %s", name, strp, obj->path)); 261 if (name[1] != strp[1] || strcmp(name, strp)) 262 continue; 263 #if defined(__mips__) || defined(__vax__) 264 if (symp->st_shndx == SHN_UNDEF) 265 continue; 266 #else 267 /* 268 * XXX DANGER WILL ROBINSON! 269 * If we have a function pointer in the executable's 270 * data section, it points to the executable's PLT 271 * slot, and there is NO relocation emitted. To make 272 * the function pointer comparable to function pointers 273 * in shared libraries, we must resolve data references 274 * in the libraries to point to PLT slots in the 275 * executable, if they exist. 276 */ 277 if (symp->st_shndx == SHN_UNDEF && 278 ((flags & SYMLOOK_IN_PLT) || 279 symp->st_value == 0 || 280 ELF_ST_TYPE(symp->st_info) != STT_FUNC)) 281 continue; 282 #endif 283 284 if (ventry == NULL) { 285 if (obj->versyms != NULL) { 286 verndx = VER_NDX(obj->versyms[symnum].vs_vers); 287 if (verndx > obj->vertabnum) { 288 _rtld_error("%s: symbol %s references " 289 "wrong version %d", obj->path, 290 &obj->strtab[symnum], verndx); 291 continue; 292 } 293 294 /* 295 * If we are not called from dlsym (i.e. this 296 * is a normal relocation from unversioned 297 * binary), accept the symbol immediately 298 * if it happens to have first version after 299 * this shared object became versioned. 300 * Otherwise, if symbol is versioned and not 301 * hidden, remember it. If it is the only 302 * symbol with this name exported by the shared 303 * object, it will be returned as a match at the 304 * end of the function. If symbol is global 305 * (verndx < 2) accept it unconditionally. 306 */ 307 if (!(flags & SYMLOOK_DLSYM) && 308 verndx == VER_NDX_GIVEN) { 309 return symp; 310 } else if (verndx >= VER_NDX_GIVEN) { 311 if (!(obj->versyms[symnum].vs_vers & VER_NDX_HIDDEN)) { 312 if (vsymp == NULL) 313 vsymp = symp; 314 vcount++; 315 } 316 continue; 317 } 318 } 319 return symp; 320 } else { 321 if (obj->versyms == NULL) { 322 if (_rtld_object_match_name(obj, ventry->name)){ 323 _rtld_error("%s: object %s should " 324 "provide version %s for symbol %s", 325 _rtld_objself.path, obj->path, 326 ventry->name, &obj->strtab[symnum]); 327 continue; 328 } 329 } else { 330 verndx = VER_NDX(obj->versyms[symnum].vs_vers); 331 if (verndx > obj->vertabnum) { 332 _rtld_error("%s: symbol %s references " 333 "wrong version %d", obj->path, 334 &obj->strtab[symnum], verndx); 335 continue; 336 } 337 if (obj->vertab[verndx].hash != ventry->hash || 338 strcmp(obj->vertab[verndx].name, ventry->name)) { 339 /* 340 * Version does not match. Look if this 341 * is a global symbol and if it is not 342 * hidden. If global symbol (verndx < 2) 343 * is available, use it. Do not return 344 * symbol if we are called by dlvsym, 345 * because dlvsym looks for a specific 346 * version and default one is not what 347 * dlvsym wants. 348 */ 349 if ((flags & SYMLOOK_DLSYM) || 350 (obj->versyms[symnum].vs_vers & VER_NDX_HIDDEN) || 351 (verndx >= VER_NDX_GIVEN)) 352 continue; 353 } 354 } 355 return symp; 356 } 357 } 358 if (vcount == 1) 359 return vsymp; 360 return NULL; 361 } 362 363 #ifdef COMBRELOC 364 static const Obj_Entry *_rtld_last_refobj; 365 366 /* 367 * Called when an object is freed. Reset the cached symbol look up if 368 * our last referencing or definition object just got unloaded. 369 */ 370 void 371 _rtld_combreloc_reset(const Obj_Entry *obj) 372 { 373 if (_rtld_last_refobj == obj) 374 _rtld_last_refobj = NULL; 375 } 376 #endif 377 378 /* 379 * Given a symbol number in a referencing object, find the corresponding 380 * definition of the symbol. Returns a pointer to the symbol, or NULL if 381 * no definition was found. Returns a pointer to the Obj_Entry of the 382 * defining object via the reference parameter DEFOBJ_OUT. 383 */ 384 const Elf_Sym * 385 _rtld_find_symdef(unsigned long symnum, const Obj_Entry *refobj, 386 const Obj_Entry **defobj_out, u_int flags) 387 { 388 const Elf_Sym *ref; 389 const Elf_Sym *def; 390 const Obj_Entry *defobj; 391 const char *name; 392 unsigned long hash; 393 394 #ifdef COMBRELOC 395 /* 396 * COMBRELOC combines multiple reloc sections and sorts them to make 397 * dynamic symbol lookup caching possible. 398 * 399 * So if the lookup we are doing is the same as the previous lookup 400 * return the cached results. 401 */ 402 static unsigned long last_symnum; 403 static const Obj_Entry *last_defobj; 404 static const Elf_Sym *last_def; 405 406 if (symnum == last_symnum && refobj == _rtld_last_refobj 407 && !(flags & SYMLOOK_IN_PLT)) { 408 *defobj_out = last_defobj; 409 return last_def; 410 } 411 #endif 412 413 ref = refobj->symtab + symnum; 414 name = refobj->strtab + ref->st_name; 415 416 /* 417 * We don't have to do a full scale lookup if the symbol is local. 418 * We know it will bind to the instance in this load module; to 419 * which we already have a pointer (ie ref). 420 */ 421 if (ELF_ST_BIND(ref->st_info) != STB_LOCAL) { 422 if (ELF_ST_TYPE(ref->st_info) == STT_SECTION) { 423 _rtld_error("%s: Bogus symbol table entry %lu", 424 refobj->path, symnum); 425 } 426 427 hash = _rtld_elf_hash(name); 428 defobj = NULL; 429 def = _rtld_symlook_default(name, hash, refobj, &defobj, flags, 430 _rtld_fetch_ventry(refobj, symnum)); 431 } else { 432 rdbg(("STB_LOCAL symbol %s in %s", name, refobj->path)); 433 def = ref; 434 defobj = refobj; 435 } 436 437 /* 438 * If we found no definition and the reference is weak, treat the 439 * symbol as having the value zero. 440 */ 441 if (def == NULL && ELF_ST_BIND(ref->st_info) == STB_WEAK) { 442 rdbg((" returning _rtld_sym_zero@_rtld_objself")); 443 def = &_rtld_sym_zero; 444 defobj = &_rtld_objself; 445 } 446 447 if (def != NULL) { 448 *defobj_out = defobj; 449 #ifdef COMBRELOC 450 if (!(flags & SYMLOOK_IN_PLT)) { 451 /* 452 * Cache the lookup arguments and results if this was 453 * non-PLT lookup. 454 */ 455 last_symnum = symnum; 456 _rtld_last_refobj = refobj; 457 last_def = def; 458 last_defobj = defobj; 459 } 460 #endif 461 } else { 462 rdbg(("lookup failed")); 463 _rtld_error("%s: Undefined %ssymbol \"%s\" (symnum = %ld)", 464 refobj->path, (flags & SYMLOOK_IN_PLT) ? "PLT " : "", 465 name, symnum); 466 } 467 return def; 468 } 469 470 const Elf_Sym * 471 _rtld_find_plt_symdef(unsigned long symnum, const Obj_Entry *obj, 472 const Obj_Entry **defobj, bool imm) 473 { 474 const Elf_Sym *def = _rtld_find_symdef(symnum, obj, defobj, 475 SYMLOOK_IN_PLT); 476 if (__predict_false(def == NULL)) 477 return NULL; 478 479 if (__predict_false(def == &_rtld_sym_zero)) { 480 /* tp is set during lazy binding. */ 481 if (imm) { 482 const Elf_Sym *ref = obj->symtab + symnum; 483 const char *name = obj->strtab + ref->st_name; 484 485 _rtld_error( 486 "%s: Trying to call undefined weak symbol `%s'", 487 obj->path, name); 488 return NULL; 489 } 490 } 491 return def; 492 } 493 494 /* 495 * Given a symbol name in a referencing object, find the corresponding 496 * definition of the symbol. Returns a pointer to the symbol, or NULL if 497 * no definition was found. Returns a pointer to the Obj_Entry of the 498 * defining object via the reference parameter DEFOBJ_OUT. 499 */ 500 const Elf_Sym * 501 _rtld_symlook_default(const char *name, unsigned long hash, 502 const Obj_Entry *refobj, const Obj_Entry **defobj_out, u_int flags, 503 const Ver_Entry *ventry) 504 { 505 const Elf_Sym *def; 506 const Elf_Sym *symp; 507 const Obj_Entry *obj; 508 const Obj_Entry *defobj; 509 const Objlist_Entry *elm; 510 def = NULL; 511 defobj = NULL; 512 DoneList donelist; 513 514 _rtld_donelist_init(&donelist); 515 516 /* Look first in the referencing object if linked symbolically. */ 517 if (refobj->symbolic && !_rtld_donelist_check(&donelist, refobj)) { 518 rdbg(("search referencing object for %s", name)); 519 symp = _rtld_symlook_obj(name, hash, refobj, flags, ventry); 520 if (symp != NULL) { 521 def = symp; 522 defobj = refobj; 523 } 524 } 525 526 /* Search all objects loaded at program start up. */ 527 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 528 rdbg(("search _rtld_list_main for %s", name)); 529 symp = _rtld_symlook_list(name, hash, &_rtld_list_main, &obj, 530 flags, ventry, &donelist); 531 if (symp != NULL && 532 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 533 def = symp; 534 defobj = obj; 535 } 536 } 537 538 /* Search all RTLD_GLOBAL objects. */ 539 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 540 rdbg(("search _rtld_list_global for %s", name)); 541 symp = _rtld_symlook_list(name, hash, &_rtld_list_global, 542 &obj, flags, ventry, &donelist); 543 if (symp != NULL && 544 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 545 def = symp; 546 defobj = obj; 547 } 548 } 549 550 /* Search all dlopened DAGs containing the referencing object. */ 551 SIMPLEQ_FOREACH(elm, &refobj->dldags, link) { 552 if (def != NULL && ELF_ST_BIND(def->st_info) != STB_WEAK) 553 break; 554 rdbg(("search DAG with root %p (%s) for %s", elm->obj, 555 elm->obj->path, name)); 556 symp = _rtld_symlook_list(name, hash, &elm->obj->dagmembers, 557 &obj, flags, ventry, &donelist); 558 if (symp != NULL && 559 (def == NULL || ELF_ST_BIND(symp->st_info) != STB_WEAK)) { 560 def = symp; 561 defobj = obj; 562 } 563 } 564 565 /* 566 * Search the dynamic linker itself, and possibly resolve the 567 * symbol from there. This is how the application links to 568 * dynamic linker services such as dlopen. Only the values listed 569 * in the "_rtld_exports" array can be resolved from the dynamic 570 * linker. 571 */ 572 if (def == NULL || ELF_ST_BIND(def->st_info) == STB_WEAK) { 573 rdbg(("Search the dynamic linker itself.")); 574 symp = _rtld_symlook_obj(name, hash, &_rtld_objself, flags, 575 ventry); 576 if (symp != NULL && _rtld_is_exported(symp)) { 577 def = symp; 578 defobj = &_rtld_objself; 579 } 580 } 581 582 if (def != NULL) 583 *defobj_out = defobj; 584 return def; 585 } 586