]> git.ipfire.org Git - thirdparty/glibc.git/blame - elf/dl-load.c
projects / thirdparty / glibc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Move libc_freeres_ptrs and libc_subfreeres to hidden/weak functions
[thirdparty/glibc.git] / elf / dl-load.c
CommitLineData
0a54e401 1/* Map in a shared object's segments from the file.
6d7e8eda 2 Copyright (C) 1995-2023 Free Software Foundation, Inc.
718fdd87 3 Copyright The GNU Toolchain Authors.
afd4eb37 4 This file is part of the GNU C Library.
d66e34cd 5
afd4eb37 6 The GNU C Library is free software; you can redistribute it and/or
41bdb6e2
AJ		 7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
d66e34cd 10
afd4eb37
UD		 11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2 14 Lesser General Public License for more details.
d66e34cd 15
41bdb6e2 16 You should have received a copy of the GNU Lesser General Public
59ba27a6 17 License along with the GNU C Library; if not, see
5a82c748 18 <https://www.gnu.org/licenses/>. */
d66e34cd 19
14e9dd67 20#include <elf.h>
0a54e401
UD		 21#include <errno.h>
22#include <fcntl.h>
8e17ea58 23#include <libintl.h>
379d4ec4 24#include <stdbool.h>
0a54e401 25#include <stdlib.h>
d66e34cd 26#include <string.h>
d66e34cd 27#include <unistd.h>
a42195db 28#include <ldsodefs.h>
ca97fb53 29#include <bits/wordsize.h>
0a54e401 30#include <sys/mman.h>
f8f7e090 31#include <sys/param.h>
0a54e401
UD		 32#include <sys/stat.h>
33#include <sys/types.h>
89baed0b 34#include <gnu/lib-names.h>
f753fa7d
L		 35
36/* Type for the buffer we put the ELF header and hopefully the program
37 header. This buffer does not really have to be too large. In most
38 cases the program header follows the ELF header directly. If this
39 is not the case all bets are off and we can make the header
40 arbitrarily large and still won't get it read. This means the only
41 question is how large are the ELF and program header combined. The
42 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
43 bytes long. Each program header entry is again 32 and 56 bytes
44 long respectively. I.e., even with a file which has 10 program
45 header entries we only have to read 372B/624B respectively. Add to
46 this a bit of margin for program notes and reading 512B and 832B
47 for 32-bit and 64-bit files respecitvely is enough. If this
48 heuristic should really fail for some file the code in
49 `_dl_map_object_from_fd' knows how to recover. */
50struct filebuf
51{
52 ssize_t len;
53#if __WORDSIZE == 32
54# define FILEBUF_SIZE 512
55#else
56# define FILEBUF_SIZE 832
57#endif
58 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
59};
60
d66e34cd 61#include "dynamic-link.h"
4af6982e 62#include "get-dynamic-info.h"
a986484f 63#include <abi-tag.h>
664e7d93 64#include <stackinfo.h>
606832e6 65#include <sysdep.h>
815e6fa3 66#include <stap-probe.h>
9090848d 67#include <libc-pointer-arith.h>
8a0b17e4 68#include <array_length.h>
d66e34cd 69
dc5efe83 70#include <dl-dst.h>
fcccd512
RM		 71#include <dl-load.h>
72#include <dl-map-segments.h>
73#include <dl-unmap-segments.h>
d6f373d2 74#include <dl-machine-reject-phdr.h>
c0d6f2a3 75#include <dl-sysdep-open.h>
f753fa7d 76#include <dl-prop.h>
329ea513 77#include <not-cancel.h>
9b8a44cd 78
d66e34cd
RM		 79#include <endian.h>
80#if BYTE_ORDER == BIG_ENDIAN
fcf70d41 81# define byteorder ELFDATA2MSB
d66e34cd 82#elif BYTE_ORDER == LITTLE_ENDIAN
fcf70d41 83# define byteorder ELFDATA2LSB
d66e34cd 84#else
fcf70d41
UD		 85# error "Unknown BYTE_ORDER " BYTE_ORDER
86# define byteorder ELFDATANONE
d66e34cd
RM		 87#endif
88
14e9dd67 89#define STRING(x) __STRING (x)
d66e34cd 90
dcca3fe2 91
664e7d93 92int __stack_prot attribute_hidden attribute_relro
44828b9d 93#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
ecc1d0c3 94 = PROT_GROWSDOWN;
44828b9d 95#elif _STACK_GROWS_UP && defined PROT_GROWSUP
ecc1d0c3 96 = PROT_GROWSUP;
f8286ce6
RM		 97#else
98 = 0;
664e7d93
UD		 99#endif
100
dcca3fe2 101
7ef90c15 102/* This is the decomposed LD_LIBRARY_PATH search path. */
50b1b7a3 103struct r_search_path_struct __rtld_env_path_list attribute_relro;
40a55d20 104
12264bd7 105/* List of the hardware capabilities we might end up using. */
56f8d442 106#ifdef SHARED
392a6b52
UD		 107static const struct r_strlenpair *capstr attribute_relro;
108static size_t ncapstr attribute_relro;
109static size_t max_capstrlen attribute_relro;
56f8d442
FW		 110#else
111enum { ncapstr = 1, max_capstrlen = 0 };
112#endif
12264bd7 113
40a55d20 114
8a0b17e4
FW		 115/* Get the generated information about the trusted directories. Use
116 an array of concatenated strings to avoid relocations. See
117 gen-trusted-dirs.awk. */
ab7eb292
UD		 118#include "trusted-dirs.h"
119
120static const char system_dirs[] = SYSTEM_DIRS;
121static const size_t system_dirs_len[] =
122{
123 SYSTEM_DIRS_LEN
124};
8a0b17e4 125#define nsystem_dirs_len array_length (system_dirs_len)
32c85e43 126
47c3cd7a
UD		 127static bool
128is_trusted_path_normalize (const char *path, size_t len)
129{
22836f52
UD		 130 if (len == 0)
131 return false;
132
47c3cd7a
UD		 133 char *npath = (char *) alloca (len + 2);
134 char *wnp = npath;
47c3cd7a
UD		 135 while (*path != '\0')
136 {
137 if (path[0] == '/')
138 {
139 if (path[1] == '.')
140 {
141 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
142 {
143 while (wnp > npath && *--wnp != '/')
144 ;
145 path += 3;
146 continue;
147 }
148 else if (path[2] == '/' || path[2] == '\0')
149 {
150 path += 2;
151 continue;
152 }
153 }
154
155 if (wnp > npath && wnp[-1] == '/')
156 {
157 ++path;
158 continue;
159 }
160 }
161
162 *wnp++ = *path++;
163 }
22836f52
UD		 164
165 if (wnp == npath || wnp[-1] != '/')
47c3cd7a 166 *wnp++ = '/';
47c3cd7a 167
22836f52
UD		 168 const char *trun = system_dirs;
169
170 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
171 {
172 if (wnp - npath >= system_dirs_len[idx]
173 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
174 /* Found it. */
175 return true;
176
177 trun += system_dirs_len[idx] + 1;
178 }
179
180 return false;
47c3cd7a
UD		 181}
182
5aad5f61
CD		 183/* Given a substring starting at INPUT, just after the DST '$' start
184 token, determine if INPUT contains DST token REF, following the
185 ELF gABI rules for DSTs:
186
187 * Longest possible sequence using the rules (greedy).
188
189 * Must start with a $ (enforced by caller).
190
191 * Must follow $ with one underscore or ASCII [A-Za-z] (caller
192 follows these rules for REF) or '{' (start curly quoted name).
47c3cd7a 193
5aad5f61
CD		 194 * Must follow first two characters with zero or more [A-Za-z0-9_]
195 (enforced by caller) or '}' (end curly quoted name).
196
197 If the sequence is a DST matching REF then the length of the DST
198 (excluding the $ sign but including curly braces, if any) is
199 returned, otherwise 0. */
6d5d3ae3 200static size_t
5aad5f61 201is_dst (const char *input, const char *ref)
6d5d3ae3 202{
379d4ec4 203 bool is_curly = false;
6d5d3ae3 204
5aad5f61
CD		 205 /* Is a ${...} input sequence? */
206 if (input[0] == '{')
379d4ec4
UD		 207 {
208 is_curly = true;
5aad5f61 209 ++input;
379d4ec4 210 }
6d5d3ae3 211
5aad5f61
CD		 212 /* Check for matching name, following closing curly brace (if
213 required), or trailing characters which are part of an
214 identifier. */
215 size_t rlen = strlen (ref);
216 if (strncmp (input, ref, rlen) != 0
217 || (is_curly && input[rlen] != '}')
218 || ((input[rlen] >= 'A' && input[rlen] <= 'Z')
219 || (input[rlen] >= 'a' && input[rlen] <= 'z')
220 || (input[rlen] >= '0' && input[rlen] <= '9')
221 || (input[rlen] == '_')))
6d5d3ae3
UD		 222 return 0;
223
5aad5f61
CD		 224 if (is_curly)
225 /* Count the two curly braces. */
226 return rlen + 2;
227 else
228 return rlen;
6d5d3ae3
UD		 229}
230
a745c837
CD		 231/* INPUT should be the start of a path e.g DT_RPATH or name e.g.
232 DT_NEEDED. The return value is the number of known DSTs found. We
233 count all known DSTs regardless of __libc_enable_secure; the caller
234 is responsible for enforcing the security of the substitution rules
235 (usually _dl_dst_substitute). */
dc5efe83 236size_t
5aad5f61 237_dl_dst_count (const char *input)
f787edde 238{
f787edde 239 size_t cnt = 0;
f787edde 240
5aad5f61
CD		 241 input = strchr (input, '$');
242
243 /* Most likely there is no DST. */
244 if (__glibc_likely (input == NULL))
245 return 0;
246
dc5efe83 247 do
f787edde 248 {
379d4ec4 249 size_t len;
f787edde 250
5aad5f61
CD		 251 ++input;
252 /* All DSTs must follow ELF gABI rules, see is_dst (). */
253 if ((len = is_dst (input, "ORIGIN")) != 0
254 || (len = is_dst (input, "PLATFORM")) != 0
255 || (len = is_dst (input, "LIB")) != 0)
f787edde
UD		 256 ++cnt;
257
5aad5f61
CD		 258 /* There may be more than one DST in the input. */
259 input = strchr (input + len, '$');
f787edde 260 }
5aad5f61 261 while (input != NULL);
f787edde 262
dc5efe83
UD		 263 return cnt;
264}
f787edde 265
5aad5f61
CD		 266/* Process INPUT for DSTs and store in RESULT using the information
267 from link map L to resolve the DSTs. This function only handles one
268 path at a time and does not handle colon-separated path lists (see
269 fillin_rpath ()). Lastly the size of result in bytes should be at
270 least equal to the value returned by DL_DST_REQUIRED. Note that it
271 is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to
272 have colons, but we treat those as literal colons here, not as path
273 list delimeters. */
dc5efe83 274char *
5aad5f61 275_dl_dst_substitute (struct link_map *l, const char *input, char *result)
dc5efe83 276{
5aad5f61
CD		 277 /* Copy character-by-character from input into the working pointer
278 looking for any DSTs. We track the start of input and if we are
279 going to check for trusted paths, all of which are part of $ORIGIN
280 handling in SUID/SGID cases (see below). In some cases, like when
281 a DST cannot be replaced, we may set result to an empty string and
282 return. */
47c3cd7a 283 char *wp = result;
5aad5f61 284 const char *start = input;
47c3cd7a 285 bool check_for_trusted = false;
dc5efe83 286
f787edde
UD		 287 do
288 {
5aad5f61 289 if (__glibc_unlikely (*input == '$'))
f787edde 290 {
2541eda0 291 const char *repl = NULL;
379d4ec4 292 size_t len;
2541eda0 293
5aad5f61
CD		 294 ++input;
295 if ((len = is_dst (input, "ORIGIN")) != 0)
e7c8359e 296 {
5aad5f61
CD		 297 /* For SUID/GUID programs we normally ignore the path with
298 $ORIGIN in DT_RUNPATH, or DT_RPATH. However, there is
299 one exception to this rule, and it is:
300
301 * $ORIGIN appears as the first path element, and is
302 the only string in the path or is immediately
303 followed by a path separator and the rest of the
a745c837
CD		 304 path,
305
306 and ...
5aad5f61
CD		 307
308 * The path is rooted in a trusted directory.
309
310 This exception allows such programs to reference
311 shared libraries in subdirectories of trusted
312 directories. The use case is one of general
313 organization and deployment flexibility.
314 Trusted directories are usually such paths as "/lib64"
315 or "/usr/lib64", and the usual RPATHs take the form of
316 [$ORIGIN/../$LIB/somedir]. */
317 if (__glibc_unlikely (__libc_enable_secure)
318 && !(input == start + 1
319 && (input[len] == '\0' || input[len] == '/')))
320 repl = (const char *) -1;
321 else
322 repl = l->l_origin;
323
6bc6bd3b 324 check_for_trusted = (__libc_enable_secure
47c3cd7a 325 && l->l_type == lt_executable);
e7c8359e 326 }
5aad5f61 327 else if ((len = is_dst (input, "PLATFORM")) != 0)
afdca0f2 328 repl = GLRO(dl_platform);
5aad5f61 329 else if ((len = is_dst (input, "LIB")) != 0)
27af5372 330 repl = DL_DST_LIB;
2541eda0 331
2541eda0
UD		 332 if (repl != NULL && repl != (const char *) -1)
333 {
334 wp = __stpcpy (wp, repl);
5aad5f61 335 input += len;
2541eda0 336 }
5aad5f61 337 else if (len != 0)
f787edde 338 {
5aad5f61
CD		 339 /* We found a valid DST that we know about, but we could
340 not find a replacement value for it, therefore we
341 cannot use this path and discard it. */
342 *result = '\0';
343 return result;
f787edde
UD		 344 }
345 else
27aa0631 346 /* No DST we recognize. */
379d4ec4 347 *wp++ = '$';
f787edde 348 }
2541eda0 349 else
f787edde 350 {
5aad5f61 351 *wp++ = *input++;
f787edde 352 }
f787edde 353 }
5aad5f61 354 while (*input != '\0');
f787edde 355
47c3cd7a 356 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
5aad5f61
CD		 357 path must be rooted in one of the trusted directories. The $LIB
358 and $PLATFORM DST cannot in any way be manipulated by the caller
359 because they are fixed values that are set by the dynamic loader
360 and therefore any paths using just $LIB or $PLATFORM need not be
361 checked for trust, the authors of the binaries themselves are
362 trusted to have designed this correctly. Only $ORIGIN is tested in
363 this way because it may be manipulated in some ways with hard
364 links. */
1b26b855 365 if (__glibc_unlikely (check_for_trusted)
5aad5f61
CD		 366 && !is_trusted_path_normalize (result, wp - result))
367 {
368 *result = '\0';
369 return result;
370 }
47c3cd7a 371
f787edde
UD		 372 *wp = '\0';
373
374 return result;
375}
376
dc5efe83 377
5aad5f61
CD		 378/* Return a malloc allocated copy of INPUT with all recognized DSTs
379 replaced. On some platforms it might not be possible to determine the
380 path from which the object belonging to the map is loaded. In this
381 case the path containing the DST is left out. On error NULL
382 is returned. */
dc5efe83 383static char *
5aad5f61 384expand_dynamic_string_token (struct link_map *l, const char *input)
dc5efe83
UD		 385{
386 /* We make two runs over the string. First we determine how large the
844c394a 387 resulting string is and then we copy it over. Since this is no
dc5efe83
UD		 388 frequently executed operation we are looking here not for performance
389 but rather for code size. */
390 size_t cnt;
391 size_t total;
392 char *result;
393
5aad5f61
CD		 394 /* Determine the number of DSTs. */
395 cnt = _dl_dst_count (input);
dc5efe83
UD		 396
397 /* If we do not have to replace anything simply copy the string. */
1b26b855 398 if (__glibc_likely (cnt == 0))
5aad5f61 399 return __strdup (input);
dc5efe83
UD		 400
401 /* Determine the length of the substituted string. */
5aad5f61 402 total = DL_DST_REQUIRED (l, input, strlen (input), cnt);
dc5efe83
UD		 403
404 /* Allocate the necessary memory. */
405 result = (char *) malloc (total + 1);
406 if (result == NULL)
407 return NULL;
408
5aad5f61 409 return _dl_dst_substitute (l, input, result);
dc5efe83
UD		 410}
411
412
0413b54c
UD		 413/* Add `name' to the list of names for a particular shared object.
414 `name' is expected to have been allocated with malloc and will
415 be freed if the shared object already has this name.
416 Returns false if the object already had this name. */
76156ea1 417static void
76156ea1 418add_name_to_object (struct link_map *l, const char *name)
0a54e401 419{
0413b54c
UD		 420 struct libname_list *lnp, *lastp;
421 struct libname_list *newname;
76156ea1 422 size_t name_len;
0413b54c
UD		 423
424 lastp = NULL;
425 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
426 if (strcmp (name, lnp->name) == 0)
76156ea1 427 return;
0413b54c 428
76156ea1 429 name_len = strlen (name) + 1;
839be784 430 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
0413b54c 431 if (newname == NULL)
da832465
UD		 432 {
433 /* No more memory. */
154d10bd 434 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
76156ea1 435 return;
da832465 436 }
0413b54c
UD		 437 /* The object should have a libname set from _dl_new_object. */
438 assert (lastp != NULL);
439
76156ea1 440 newname->name = memcpy (newname + 1, name, name_len);
0413b54c 441 newname->next = NULL;
752a2a50 442 newname->dont_free = 0;
395be7c2
MS		 443 /* CONCURRENCY NOTES:
444
445 Make sure the initialization of newname happens before its address is
446 read from the lastp->next store below.
447
448 GL(dl_load_lock) is held here (and by other writers, e.g. dlclose), so
449 readers of libname_list->next (e.g. _dl_check_caller or the reads above)
450 can use that for synchronization, however the read in _dl_name_match_p
451 may be executed without holding the lock during _dl_runtime_resolve
452 (i.e. lazy symbol resolution when a function of library l is called).
453
454 The release MO store below synchronizes with the acquire MO load in
455 _dl_name_match_p. Other writes need to synchronize with that load too,
456 however those happen either early when the process is single threaded
457 (dl_main) or when the library is unloaded (dlclose) and the user has to
458 synchronize library calls with unloading. */
459 atomic_store_release (&lastp->next, newname);
0413b54c
UD		 460}
461
12264bd7 462/* Standard search directories. */
50b1b7a3 463struct r_search_path_struct __rtld_search_dirs attribute_relro;
0a54e401 464
a658675d 465static size_t max_dirnamelen;
0a54e401 466
dd9423a6 467static struct r_search_path_elem **
0a54e401 468fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
10e93d96 469 const char *what, const char *where, struct link_map *l)
0a54e401
UD		 470{
471 char *cp;
472 size_t nelems = 0;
473
474 while ((cp = __strsep (&rpath, sep)) != NULL)
475 {
476 struct r_search_path_elem *dirp;
3e3c904d
AJ		 477 char *to_free = NULL;
478 size_t len = 0;
2a939a7e 479
3e3c904d
AJ		 480 /* `strsep' can pass an empty string. */
481 if (*cp != '\0')
482 {
483 to_free = cp = expand_dynamic_string_token (l, cp);
2a939a7e 484
3e3c904d
AJ		 485 /* expand_dynamic_string_token can return NULL in case of empty
486 path or memory allocation failure. */
487 if (cp == NULL)
488 continue;
12264bd7 489
3e3c904d
AJ		 490 /* Compute the length after dynamic string token expansion and
491 ignore empty paths. */
492 len = strlen (cp);
493 if (len == 0)
494 {
495 free (to_free);
496 continue;
497 }
12264bd7 498
3e3c904d
AJ		 499 /* Remove trailing slashes (except for "/"). */
500 while (len > 1 && cp[len - 1] == '/')
501 --len;
0a54e401 502
3e3c904d
AJ		 503 /* Now add one if there is none so far. */
504 if (len > 0 && cp[len - 1] != '/')
505 cp[len++] = '/';
506 }
ab7eb292 507
0a54e401 508 /* See if this directory is already known. */
d6b5d570 509 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
12264bd7 510 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
0a54e401
UD		 511 break;
512
513 if (dirp != NULL)
514 {
12264bd7 515 /* It is available, see whether it's on our own list. */
0a54e401
UD		 516 size_t cnt;
517 for (cnt = 0; cnt < nelems; ++cnt)
518 if (result[cnt] == dirp)
519 break;
520
521 if (cnt == nelems)
522 result[nelems++] = dirp;
523 }
524 else
525 {
12264bd7 526 size_t cnt;
839be784 527 enum r_dir_status init_val;
4a6d1198 528 size_t where_len = where ? strlen (where) + 1 : 0;
12264bd7 529
0a54e401 530 /* It's a new directory. Create an entry and add it. */
12264bd7 531 dirp = (struct r_search_path_elem *)
32ee8d95 532 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
f55727ca 533 + where_len + len + 1);
0a54e401 534 if (dirp == NULL)
154d10bd
UD		 535 _dl_signal_error (ENOMEM, NULL, NULL,
536 N_("cannot create cache for search path"));
0a54e401 537
f55727ca
UD		 538 dirp->dirname = ((char *) dirp + sizeof (*dirp)
539 + ncapstr * sizeof (enum r_dir_status));
104d0bd3 540 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
0a54e401 541 dirp->dirnamelen = len;
12264bd7
UD		 542
543 if (len > max_dirnamelen)
544 max_dirnamelen = len;
545
07ba7349
UD		 546 /* We have to make sure all the relative directories are
547 never ignored. The current directory might change and
548 all our saved information would be void. */
549 init_val = cp[0] != '/' ? existing : unknown;
839be784
UD		 550 for (cnt = 0; cnt < ncapstr; ++cnt)
551 dirp->status[cnt] = init_val;
0a54e401 552
b5efde2f 553 dirp->what = what;
a1ffb40e 554 if (__glibc_likely (where != NULL))
f55727ca 555 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
d6b5d570 556 + (ncapstr * sizeof (enum r_dir_status)),
4a6d1198
UD		 557 where, where_len);
558 else
559 dirp->where = NULL;
b5efde2f 560
d6b5d570
UD		 561 dirp->next = GL(dl_all_dirs);
562 GL(dl_all_dirs) = dirp;
0a54e401
UD		 563
564 /* Put it in the result array. */
565 result[nelems++] = dirp;
566 }
2a939a7e 567 free (to_free);
0a54e401
UD		 568 }
569
570 /* Terminate the array. */
571 result[nelems] = NULL;
572
573 return result;
574}
575
576
2692deea 577static bool
f55727ca
UD		 578decompose_rpath (struct r_search_path_struct *sps,
579 const char *rpath, struct link_map *l, const char *what)
0a54e401
UD		 580{
581 /* Make a copy we can work with. */
f787edde 582 const char *where = l->l_name;
0a54e401
UD		 583 char *cp;
584 struct r_search_path_elem **result;
310930c1 585 size_t nelems;
39b3385d
UD		 586 /* Initialize to please the compiler. */
587 const char *errstring = NULL;
310930c1 588
fcf70d41
UD		 589 /* First see whether we must forget the RUNPATH and RPATH from this
590 object. */
1b26b855 591 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
6bc6bd3b 592 && !__libc_enable_secure)
310930c1 593 {
afdca0f2 594 const char *inhp = GLRO(dl_inhibit_rpath);
9710f75d
UD		 595
596 do
310930c1 597 {
9710f75d
UD		 598 const char *wp = where;
599
600 while (*inhp == *wp && *wp != '\0')
601 {
602 ++inhp;
603 ++wp;
604 }
605
606 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
310930c1 607 {
fcf70d41
UD		 608 /* This object is on the list of objects for which the
609 RUNPATH and RPATH must not be used. */
2692deea
UD		 610 sps->dirs = (void *) -1;
611 return false;
310930c1 612 }
9710f75d
UD		 613
614 while (*inhp != '\0')
615 if (*inhp++ == ':')
616 break;
310930c1 617 }
9710f75d 618 while (*inhp != '\0');
310930c1 619 }
0a54e401 620
dbba87d5
DL		 621 /* Ignore empty rpaths. */
622 if (*rpath == '\0')
623 {
624 sps->dirs = (struct r_search_path_elem **) -1;
625 return false;
626 }
627
2a939a7e 628 /* Make a writable copy. */
dbba87d5 629 char *copy = __strdup (rpath);
f787edde 630 if (copy == NULL)
39b3385d
UD		 631 {
632 errstring = N_("cannot create RUNPATH/RPATH copy");
633 goto signal_error;
634 }
f787edde 635
310930c1 636 /* Count the number of necessary elements in the result array. */
310930c1 637 nelems = 0;
0a54e401
UD		 638 for (cp = copy; *cp != '\0'; ++cp)
639 if (*cp == ':')
640 ++nelems;
641
7ef90c15
UD		 642 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
643 number of necessary entries. */
644 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
0a54e401
UD		 645 * sizeof (*result));
646 if (result == NULL)
2692deea 647 {
ce31a3b1 648 free (copy);
2692deea
UD		 649 errstring = N_("cannot create cache for search path");
650 signal_error:
651 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
652 }
0a54e401 653
10e93d96 654 fillin_rpath (copy, result, ":", what, where, l);
f55727ca
UD		 655
656 /* Free the copied RPATH string. `fillin_rpath' make own copies if
657 necessary. */
658 free (copy);
659
3e3c904d
AJ		 660 /* There is no path after expansion. */
661 if (result[0] == NULL)
662 {
663 free (result);
664 sps->dirs = (struct r_search_path_elem **) -1;
665 return false;
666 }
667
f55727ca
UD		 668 sps->dirs = result;
669 /* The caller will change this value if we haven't used a real malloc. */
670 sps->malloced = 1;
2692deea 671 return true;
0a54e401
UD		 672}
673
45e4762c
RM		 674/* Make sure cached path information is stored in *SP
675 and return true if there are any paths to search there. */
25337753 676static bool
45e4762c
RM		 677cache_rpath (struct link_map *l,
678 struct r_search_path_struct *sp,
679 int tag,
680 const char *what)
681{
682 if (sp->dirs == (void *) -1)
683 return false;
684
685 if (sp->dirs != NULL)
686 return true;
687
688 if (l->l_info[tag] == NULL)
689 {
690 /* There is no path. */
691 sp->dirs = (void *) -1;
692 return false;
693 }
694
695 /* Make sure the cache information is available. */
2692deea
UD		 696 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
697 + l->l_info[tag]->d_un.d_val),
698 l, what);
45e4762c
RM		 699}
700
0a54e401
UD		 701
702void
dad90d52
FW		 703_dl_init_paths (const char *llp, const char *source,
704 const char *glibc_hwcaps_prepend,
705 const char *glibc_hwcaps_mask)
0a54e401 706{
ab7eb292
UD		 707 size_t idx;
708 const char *strp;
12264bd7
UD		 709 struct r_search_path_elem *pelem, **aelem;
710 size_t round_size;
2a939a7e 711 struct link_map __attribute__ ((unused)) *l = NULL;
39b3385d
UD		 712 /* Initialize to please the compiler. */
713 const char *errstring = NULL;
0a54e401 714
7ef90c15
UD		 715 /* Fill in the information about the application's RPATH and the
716 directories addressed by the LD_LIBRARY_PATH environment variable. */
0a54e401 717
56f8d442 718#ifdef SHARED
4317f9e1 719 /* Get the capabilities. */
dad90d52
FW		 720 capstr = _dl_important_hwcaps (glibc_hwcaps_prepend, glibc_hwcaps_mask,
721 &ncapstr, &max_capstrlen);
56f8d442 722#endif
12264bd7
UD		 723
724 /* First set up the rest of the default search directory entries. */
50b1b7a3 725 aelem = __rtld_search_dirs.dirs = (struct r_search_path_elem **)
4a6d1198 726 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
50b1b7a3 727 if (__rtld_search_dirs.dirs == NULL)
39b3385d
UD		 728 {
729 errstring = N_("cannot create search path array");
730 signal_error:
154d10bd 731 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
39b3385d 732 }
12264bd7
UD		 733
734 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
735 + ncapstr * sizeof (enum r_dir_status))
736 / sizeof (struct r_search_path_elem));
737
50b1b7a3
FW		 738 __rtld_search_dirs.dirs[0]
739 = malloc (nsystem_dirs_len * round_size
740 * sizeof (*__rtld_search_dirs.dirs[0]));
741 if (__rtld_search_dirs.dirs[0] == NULL)
39b3385d
UD		 742 {
743 errstring = N_("cannot create cache for search path");
744 goto signal_error;
745 }
12264bd7 746
50b1b7a3
FW		 747 __rtld_search_dirs.malloced = 0;
748 pelem = GL(dl_all_dirs) = __rtld_search_dirs.dirs[0];
ab7eb292
UD		 749 strp = system_dirs;
750 idx = 0;
751
752 do
12264bd7
UD		 753 {
754 size_t cnt;
755
756 *aelem++ = pelem;
757
12264bd7
UD		 758 pelem->what = "system search path";
759 pelem->where = NULL;
760
ab7eb292
UD		 761 pelem->dirname = strp;
762 pelem->dirnamelen = system_dirs_len[idx];
763 strp += system_dirs_len[idx] + 1;
12264bd7 764
f55727ca
UD		 765 /* System paths must be absolute. */
766 assert (pelem->dirname[0] == '/');
767 for (cnt = 0; cnt < ncapstr; ++cnt)
768 pelem->status[cnt] = unknown;
ab7eb292 769
4a6d1198 770 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
ab7eb292
UD		 771
772 pelem += round_size;
12264bd7 773 }
4a6d1198 774 while (idx < nsystem_dirs_len);
ab7eb292
UD		 775
776 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
12264bd7 777 *aelem = NULL;
4317f9e1 778
4e6db99c
FW		 779 /* This points to the map of the main object. If there is no main
780 object (e.g., under --help, use the dynamic loader itself as a
781 stand-in. */
c0f62c56 782 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
4e6db99c
FW		 783#ifdef SHARED
784 if (l == NULL)
785 l = &GL (dl_rtld_map);
786#endif
33242131
CD		 787 assert (l->l_type != lt_loaded);
788
789 if (l->l_info[DT_RUNPATH])
790 {
791 /* Allocate room for the search path and fill in information
792 from RUNPATH. */
793 decompose_rpath (&l->l_runpath_dirs,
794 (const void *) (D_PTR (l, l_info[DT_STRTAB])
795 + l->l_info[DT_RUNPATH]->d_un.d_val),
796 l, "RUNPATH");
797 /* During rtld init the memory is allocated by the stub malloc,
798 prevent any attempt to free it by the normal malloc. */
799 l->l_runpath_dirs.malloced = 0;
800
801 /* The RPATH is ignored. */
802 l->l_rpath_dirs.dirs = (void *) -1;
803 }
804 else
011ce8ed 805 {
33242131 806 l->l_runpath_dirs.dirs = (void *) -1;
40a55d20 807
33242131 808 if (l->l_info[DT_RPATH])
fcf70d41
UD		 809 {
810 /* Allocate room for the search path and fill in information
33242131
CD		 811 from RPATH. */
812 decompose_rpath (&l->l_rpath_dirs,
f55727ca 813 (const void *) (D_PTR (l, l_info[DT_STRTAB])
33242131
CD		 814 + l->l_info[DT_RPATH]->d_un.d_val),
815 l, "RPATH");
816 /* During rtld init the memory is allocated by the stub
817 malloc, prevent any attempt to free it by the normal
818 malloc. */
819 l->l_rpath_dirs.malloced = 0;
fcf70d41 820 }
011ce8ed 821 else
33242131 822 l->l_rpath_dirs.dirs = (void *) -1;
0a54e401 823 }
7ef90c15
UD		 824
825 if (llp != NULL && *llp != '\0')
0a54e401 826 {
bb195224 827 char *llp_tmp = strdupa (llp);
011ce8ed 828
7ef90c15
UD		 829 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
830 elements it has. */
3ff3dfa5
FW		 831 size_t nllp = 1;
832 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
833 if (*cp == ':' || *cp == ';')
834 ++nllp;
7ef90c15 835
50b1b7a3 836 __rtld_env_path_list.dirs = (struct r_search_path_elem **)
7ef90c15 837 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
50b1b7a3 838 if (__rtld_env_path_list.dirs == NULL)
39b3385d
UD		 839 {
840 errstring = N_("cannot create cache for search path");
841 goto signal_error;
842 }
7ef90c15 843
50b1b7a3 844 (void) fillin_rpath (llp_tmp, __rtld_env_path_list.dirs, ":;",
27316f4a 845 source, NULL, l);
6a7c9bb4 846
50b1b7a3 847 if (__rtld_env_path_list.dirs[0] == NULL)
6a7c9bb4 848 {
50b1b7a3
FW		 849 free (__rtld_env_path_list.dirs);
850 __rtld_env_path_list.dirs = (void *) -1;
6a7c9bb4 851 }
f55727ca 852
50b1b7a3 853 __rtld_env_path_list.malloced = 0;
81e0cb2d 854 }
152e7964 855 else
50b1b7a3 856 __rtld_env_path_list.dirs = (void *) -1;
0a54e401
UD		 857}
858
859
c7aa8596
SN		 860/* Process PT_GNU_PROPERTY program header PH in module L after
861 PT_LOAD segments are mapped. Only one NT_GNU_PROPERTY_TYPE_0
c00452d7
SN		 862 note is handled which contains processor specific properties.
863 FD is -1 for the kernel mapped main executable otherwise it is
864 the fd used for loading module L. */
c7aa8596
SN		 865
866void
c00452d7 867_dl_process_pt_gnu_property (struct link_map *l, int fd, const ElfW(Phdr) *ph)
c7aa8596
SN		 868{
869 const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr);
870 const ElfW(Addr) size = ph->p_memsz;
871 const ElfW(Addr) align = ph->p_align;
872
873 /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes in
874 32-bit objects and to 8 bytes in 64-bit objects. Skip notes
875 with incorrect alignment. */
876 if (align != (__ELF_NATIVE_CLASS / 8))
877 return;
878
879 const ElfW(Addr) start = (ElfW(Addr)) note;
880 unsigned int last_type = 0;
881
882 while ((ElfW(Addr)) (note + 1) - start < size)
883 {
884 /* Find the NT_GNU_PROPERTY_TYPE_0 note. */
885 if (note->n_namesz == 4
886 && note->n_type == NT_GNU_PROPERTY_TYPE_0
887 && memcmp (note + 1, "GNU", 4) == 0)
888 {
889 /* Check for invalid property. */
890 if (note->n_descsz < 8
891 || (note->n_descsz % sizeof (ElfW(Addr))) != 0)
892 return;
893
894 /* Start and end of property array. */
895 unsigned char *ptr = (unsigned char *) (note + 1) + 4;
896 unsigned char *ptr_end = ptr + note->n_descsz;
897
898 do
899 {
900 unsigned int type = *(unsigned int *) ptr;
901 unsigned int datasz = *(unsigned int *) (ptr + 4);
902
903 /* Property type must be in ascending order. */
904 if (type < last_type)
905 return;
906
907 ptr += 8;
908 if ((ptr + datasz) > ptr_end)
909 return;
910
911 last_type = type;
912
913 /* Target specific property processing. */
c00452d7 914 if (_dl_process_gnu_property (l, fd, type, datasz, ptr) == 0)
c7aa8596
SN		 915 return;
916
917 /* Check the next property item. */
918 ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr)));
919 }
920 while ((ptr_end - ptr) >= 8);
921
922 /* Only handle one NT_GNU_PROPERTY_TYPE_0. */
923 return;
924 }
925
926 note = ((const void *) note
927 + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz,
928 align));
929 }
930}
931
932
ea03559a
RM		 933/* Map in the shared object NAME, actually located in REALNAME, and already
934 opened on FD. */
935
f787edde
UD		 936#ifndef EXTERNAL_MAP_FROM_FD
937static
938#endif
ea03559a 939struct link_map *
a1b85ae8
FW		 940_dl_map_object_from_fd (const char *name, const char *origname, int fd,
941 struct filebuf *fbp, char *realname,
942 struct link_map *loader, int l_type, int mode,
943 void **stack_endp, Lmid_t nsid)
ea03559a 944{
622586fb 945 struct link_map *l = NULL;
266180eb
RM		 946 const ElfW(Ehdr) *header;
947 const ElfW(Phdr) *phdr;
948 const ElfW(Phdr) *ph;
8193034b 949 size_t maplength;
b122c703 950 int type;
39b3385d
UD		 951 /* Initialize to keep the compiler happy. */
952 const char *errstring = NULL;
953 int errval = 0;
61e0617a 954
2b26b084
FW		 955 /* Get file information. To match the kernel behavior, do not fill
956 in this information for the executable in case of an explicit
957 loader invocation. */
c01ae97e 958 struct r_file_id id;
2b26b084 959 if (mode & __RTLD_OPENEXEC)
39b3385d 960 {
2b26b084
FW		 961 assert (nsid == LM_ID_BASE);
962 memset (&id, 0, sizeof (id));
39b3385d 963 }
2b26b084
FW		 964 else
965 {
966 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
967 {
968 errstring = N_("cannot stat shared object");
cb5648b0 969 lose_errno:
2b26b084 970 errval = errno;
cb5648b0
SN		 971 lose:
972 /* The file might already be closed. */
973 if (fd != -1)
974 __close_nocancel (fd);
c6b01653
SN		 975 if (l != NULL && l->l_map_start != 0)
976 _dl_unmap_segments (l);
cb5648b0
SN		 977 if (l != NULL && l->l_origin != (char *) -1l)
978 free ((char *) l->l_origin);
c6b01653
SN		 979 if (l != NULL && !l->l_libname->dont_free)
980 free (l->l_libname);
981 if (l != NULL && l->l_phdr_allocated)
982 free ((void *) l->l_phdr);
cb5648b0
SN		 983 free (l);
984 free (realname);
cb5648b0 985 _dl_signal_error (errval, name, NULL, errstring);
2b26b084 986 }
d66e34cd 987
2b26b084
FW		 988 /* Look again to see if the real name matched another already loaded. */
989 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
990 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
991 {
992 /* The object is already loaded.
993 Just bump its reference count and return it. */
994 __close_nocancel (fd);
995
996 /* If the name is not in the list of names for this object add
997 it. */
998 free (realname);
999 add_name_to_object (l, name);
1000
1001 return l;
1002 }
1003 }
d66e34cd 1004
c0f62c56
UD		 1005#ifdef SHARED
1006 /* When loading into a namespace other than the base one we must
1007 avoid loading ld.so since there can only be one copy. Ever. */
1b26b855 1008 if (__glibc_unlikely (nsid != LM_ID_BASE)
c01ae97e 1009 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
c0f62c56
UD		 1010 || _dl_name_match_p (name, &GL(dl_rtld_map))))
1011 {
1012 /* This is indeed ld.so. Create a new link_map which refers to
1013 the real one for almost everything. */
1014 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1015 if (l == NULL)
1016 goto fail_new;
1017
1018 /* Refer to the real descriptor. */
1019 l->l_real = &GL(dl_rtld_map);
1020
88361b40
L		 1021 /* Copy l_addr and l_ld to avoid a GDB warning with dlmopen(). */
1022 l->l_addr = l->l_real->l_addr;
1023 l->l_ld = l->l_real->l_ld;
1024
c0f62c56
UD		 1025 /* No need to bump the refcount of the real object, ld.so will
1026 never be unloaded. */
329ea513 1027 __close_nocancel (fd);
c0f62c56 1028
f0967738
AK		 1029 /* Add the map for the mirrored object to the object list. */
1030 _dl_add_to_namespace_list (l, nsid);
1031
c0f62c56
UD		 1032 return l;
1033 }
1034#endif
1035
2f54c82d 1036 if (mode & RTLD_NOLOAD)
96961bf7
AS		 1037 {
1038 /* We are not supposed to load the object unless it is already
1039 loaded. So return now. */
4bff6e01 1040 free (realname);
329ea513 1041 __close_nocancel (fd);
96961bf7
AS		 1042 return NULL;
1043 }
bf8b3e74 1044
8193034b 1045 /* Print debugging message. */
a1ffb40e 1046 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
c0f62c56 1047 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
8193034b 1048
a35e137a
UD		 1049 /* This is the ELF header. We read it in `open_verify'. */
1050 header = (void *) fbp->buf;
d66e34cd 1051
ba79d61b 1052 /* Enter the new object in the list of loaded objects. */
c0f62c56 1053 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
a1ffb40e 1054 if (__glibc_unlikely (l == NULL))
39b3385d 1055 {
7cb92a99 1056#ifdef SHARED
c0f62c56 1057 fail_new:
7cb92a99 1058#endif
39b3385d 1059 errstring = N_("cannot create shared object descriptor");
cb5648b0 1060 goto lose_errno;
39b3385d 1061 }
ba79d61b 1062
b122c703 1063 /* Extract the remaining details we need from the ELF header
32c85e43 1064 and then read in the program header table. */
b122c703
RM		 1065 l->l_entry = header->e_entry;
1066 type = header->e_type;
1067 l->l_phnum = header->e_phnum;
32c85e43
UD		 1068
1069 maplength = header->e_phnum * sizeof (ElfW(Phdr));
6dd67bd5 1070 if (header->e_phoff + maplength <= (size_t) fbp->len)
a35e137a 1071 phdr = (void *) (fbp->buf + header->e_phoff);
32c85e43
UD		 1072 else
1073 {
1074 phdr = alloca (maplength);
95c10569
LP		 1075 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1076 header->e_phoff) != maplength)
39b3385d
UD		 1077 {
1078 errstring = N_("cannot read file data");
cb5648b0 1079 goto lose_errno;
39b3385d 1080 }
32c85e43 1081 }
879bf2e6 1082
30950a5f
RA		 1083 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1084 * executable. Other platforms default to a nonexecutable stack and don't
1085 * need PT_GNU_STACK to do so. */
535e935a 1086 unsigned int stack_flags = DEFAULT_STACK_PERMS;
ecdeaac0 1087
b122c703
RM		 1088 {
1089 /* Scan the program header table, collecting its load commands. */
fcccd512 1090 struct loadcmd loadcmds[l->l_phnum];
b122c703 1091 size_t nloadcmds = 0;
6fffb9a2 1092 bool has_holes = false;
ea32ec35 1093 bool empty_dynamic = false;
e22a4557 1094 ElfW(Addr) p_align_max = 0;
d66e34cd 1095
126b06f9 1096 /* The struct is initialized to zero so this is not necessary:
d66e34cd 1097 l->l_ld = 0;
b122c703 1098 l->l_phdr = 0;
126b06f9 1099 l->l_addr = 0; */
d66e34cd
RM		 1100 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1101 switch (ph->p_type)
1102 {
1103 /* These entries tell us where to find things once the file's
1104 segments are mapped in. We record the addresses it says
1105 verbatim, and later correct for the run-time load address. */
1106 case PT_DYNAMIC:
ea32ec35
FW		 1107 if (ph->p_filesz == 0)
1108 empty_dynamic = true; /* Usually separate debuginfo. */
1109 else
592d5c75
L		 1110 {
1111 /* Debuginfo only files from "objcopy --only-keep-debug"
1112 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
1113 such a segment to avoid a crash later. */
1114 l->l_ld = (void *) ph->p_vaddr;
1115 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
b413280c 1116 l->l_ld_readonly = (ph->p_flags & PF_W) == 0;
592d5c75 1117 }
d66e34cd 1118 break;
39b3385d 1119
d66e34cd
RM		 1120 case PT_PHDR:
1121 l->l_phdr = (void *) ph->p_vaddr;
1122 break;
1123
1124 case PT_LOAD:
b122c703
RM		 1125 /* A load command tells us to map in part of the file.
1126 We record the load commands and process them all later. */
1b26b855 1127 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
163f625c 1128 & (GLRO(dl_pagesize) - 1)) != 0))
39b3385d
UD		 1129 {
1130 errstring
163f625c 1131 = N_("ELF load command address/offset not page-aligned");
cb5648b0 1132 goto lose;
39b3385d
UD		 1133 }
1134
fcccd512 1135 struct loadcmd *c = &loadcmds[nloadcmds++];
60084e34
CD		 1136 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1137 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
cc12f2a4
UD		 1138 c->dataend = ph->p_vaddr + ph->p_filesz;
1139 c->allocend = ph->p_vaddr + ph->p_memsz;
e22a4557
L		 1140 /* Remember the maximum p_align. */
1141 if (powerof2 (ph->p_align) && ph->p_align > p_align_max)
1142 p_align_max = ph->p_align;
60084e34 1143 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
cc12f2a4 1144
33ead027
L		 1145 DIAG_PUSH_NEEDS_COMMENT;
1146
1147#if __GNUC_PREREQ (11, 0)
1148 /* Suppress invalid GCC warning:
1149 ‘(((char *)loadcmds.113_68 + _933 + 16))[329406144173384849].mapend’ may be used uninitialized [-Wmaybe-uninitialized]
1150 See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106008
1151 */
1152 DIAG_IGNORE_NEEDS_COMMENT (11, "-Wmaybe-uninitialized");
1153#endif
6fffb9a2
UD		 1154 /* Determine whether there is a gap between the last segment
1155 and this one. */
1156 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1157 has_holes = true;
33ead027 1158 DIAG_POP_NEEDS_COMMENT;
6fffb9a2 1159
cc12f2a4 1160 /* Optimize a common case. */
94a758fe 1161#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
cc12f2a4
UD		 1162 c->prot = (PF_TO_PROT
1163 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
94a758fe 1164#else
cc12f2a4
UD		 1165 c->prot = 0;
1166 if (ph->p_flags & PF_R)
1167 c->prot |= PROT_READ;
1168 if (ph->p_flags & PF_W)
1169 c->prot |= PROT_WRITE;
1170 if (ph->p_flags & PF_X)
1171 c->prot |= PROT_EXEC;
94a758fe 1172#endif
55c91021 1173 break;
96f208a4 1174
96f208a4 1175 case PT_TLS:
2d148689
RM		 1176 if (ph->p_memsz == 0)
1177 /* Nothing to do for an empty segment. */
1178 break;
1179
216455bc
RM		 1180 l->l_tls_blocksize = ph->p_memsz;
1181 l->l_tls_align = ph->p_align;
99fe3b0e
UD		 1182 if (ph->p_align == 0)
1183 l->l_tls_firstbyte_offset = 0;
1184 else
1185 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
216455bc
RM		 1186 l->l_tls_initimage_size = ph->p_filesz;
1187 /* Since we don't know the load address yet only store the
1188 offset. We will adjust it later. */
1189 l->l_tls_initimage = (void *) ph->p_vaddr;
1190
77523d5e
FW		 1191 /* l->l_tls_modid is assigned below, once there is no
1192 possibility for failure. */
2d148689 1193
77523d5e
FW		 1194 if (l->l_type != lt_library
1195 && GL(dl_tls_dtv_slotinfo_list) == NULL)
1196 {
11bf311e 1197#ifdef SHARED
77523d5e
FW		 1198 /* We are loading the executable itself when the dynamic
1199 linker was executed directly. The setup will happen
1200 later. */
1201 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
7a5e3d9d 1202#else
77523d5e 1203 assert (false && "TLS not initialized in static application");
11bf311e 1204#endif
77523d5e 1205 }
807bce82 1206 break;
ecdeaac0
RM		 1207
1208 case PT_GNU_STACK:
1209 stack_flags = ph->p_flags;
1210 break;
ed20b3d9
UD		 1211
1212 case PT_GNU_RELRO:
1213 l->l_relro_addr = ph->p_vaddr;
1214 l->l_relro_size = ph->p_memsz;
1215 break;
b122c703 1216 }
d66e34cd 1217
a1ffb40e 1218 if (__glibc_unlikely (nloadcmds == 0))
d8a5edc2
RM		 1219 {
1220 /* This only happens for a bogus object that will be caught with
1221 another error below. But we don't want to go through the
1222 calculations below using NLOADCMDS - 1. */
1223 errstring = N_("object file has no loadable segments");
cb5648b0 1224 goto lose;
d8a5edc2
RM		 1225 }
1226
e22a4557
L		 1227 /* Align all PT_LOAD segments to the maximum p_align. */
1228 for (size_t i = 0; i < nloadcmds; i++)
1229 loadcmds[i].mapalign = p_align_max;
1230
2c75b545
FW		 1231 /* dlopen of an executable is not valid because it is not possible
1232 to perform proper relocations, handle static TLS, or run the
1233 ELF constructors. For PIE, the check needs the dynamic
1234 section, so there is another check below. */
fcccd512
RM		 1235 if (__glibc_unlikely (type != ET_DYN)
1236 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
efec5079 1237 {
fcccd512
RM		 1238 /* This object is loaded at a fixed address. This must never
1239 happen for objects loaded with dlopen. */
efec5079 1240 errstring = N_("cannot dynamically load executable");
cb5648b0 1241 goto lose;
4cca6b86 1242 }
b122c703 1243
ea32ec35
FW		 1244 /* This check recognizes most separate debuginfo files. */
1245 if (__glibc_unlikely ((l->l_ld == 0 && type == ET_DYN) || empty_dynamic))
1246 {
1247 errstring = N_("object file has no dynamic section");
1248 goto lose;
1249 }
1250
fcccd512
RM		 1251 /* Length of the sections to be loaded. */
1252 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1253
1254 /* Now process the load commands and map segments into memory.
1255 This is responsible for filling in:
1256 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1257 */
1258 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
c01ae97e 1259 maplength, has_holes, loader);
fcccd512 1260 if (__glibc_unlikely (errstring != NULL))
c6b01653
SN		 1261 {
1262 /* Mappings can be in an inconsistent state: avoid unmap. */
1263 l->l_map_start = l->l_map_end = 0;
1264 goto lose;
1265 }
b122c703 1266 }
d66e34cd 1267
ea32ec35 1268 if (l->l_ld != 0)
14755b91 1269 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
879bf2e6 1270
5118dcac 1271 elf_get_dynamic_info (l, false, false);
2f54c82d 1272
efec5079 1273 /* Make sure we are not dlopen'ing an object that has the
2c75b545
FW		 1274 DF_1_NOOPEN flag set, or a PIE object. */
1275 if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1276 && (mode & __RTLD_DLOPEN))
1277 || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE)
1278 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)))
2f54c82d 1279 {
2c75b545
FW		 1280 if (l->l_flags_1 & DF_1_PIE)
1281 errstring
1282 = N_("cannot dynamically load position-independent executable");
1283 else
1284 errstring = N_("shared object cannot be dlopen()ed");
cb5648b0 1285 goto lose;
2f54c82d
UD		 1286 }
1287
efec5079
UD		 1288 if (l->l_phdr == NULL)
1289 {
1290 /* The program header is not contained in any of the segments.
1291 We have to allocate memory ourself and copy it over from out
1292 temporary place. */
1293 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1294 * sizeof (ElfW(Phdr)));
1295 if (newp == NULL)
1296 {
1297 errstring = N_("cannot allocate memory for program header");
cb5648b0 1298 goto lose_errno;
efec5079
UD		 1299 }
1300
1301 l->l_phdr = memcpy (newp, phdr,
1302 (header->e_phnum * sizeof (ElfW(Phdr))));
1303 l->l_phdr_allocated = 1;
1304 }
1305 else
1306 /* Adjust the PT_PHDR value by the runtime load address. */
1307 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1308
a1ffb40e 1309 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
dcca3fe2
UD		 1310 {
1311 /* The stack is presently not executable, but this module
1312 requires that it be executable. We must change the
1313 protection of the variable which contains the flags used in
1314 the mprotect calls. */
11bf311e 1315#ifdef SHARED
3e539cb4 1316 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
dcca3fe2 1317 {
e751d282
RM		 1318 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1319 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1320
1321 struct link_map *const m = &GL(dl_rtld_map);
1322 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1323 + m->l_relro_size)
1324 & -GLRO(dl_pagesize));
a1ffb40e 1325 if (__glibc_likely (p + s <= relro_end))
e751d282
RM		 1326 {
1327 /* The variable lies in the region protected by RELRO. */
0432680e
PY		 1328 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1329 {
1330 errstring = N_("cannot change memory protections");
cb5648b0 1331 goto lose_errno;
0432680e 1332 }
e751d282
RM		 1333 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1334 __mprotect ((void *) p, s, PROT_READ);
1335 }
1336 else
ecc1d0c3 1337 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
dcca3fe2
UD		 1338 }
1339 else
1340#endif
ecc1d0c3 1341 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
dcca3fe2 1342
606832e6
UD		 1343#ifdef check_consistency
1344 check_consistency ();
1345#endif
1346
2dd87703
FW		 1347#if PTHREAD_IN_LIBC
1348 errval = _dl_make_stacks_executable (stack_endp);
1349#else
dcca3fe2 1350 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
2dd87703 1351#endif
dcca3fe2
UD		 1352 if (errval)
1353 {
1354 errstring = N_("\
1355cannot enable executable stack as shared object requires");
cb5648b0 1356 goto lose;
dcca3fe2
UD		 1357 }
1358 }
1359
efec5079
UD		 1360 /* Adjust the address of the TLS initialization image. */
1361 if (l->l_tls_initimage != NULL)
1362 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
efec5079 1363
38a38360
SN		 1364 /* Process program headers again after load segments are mapped in
1365 case processing requires accessing those segments. Scan program
1366 headers backward so that PT_NOTE can be skipped if PT_GNU_PROPERTY
1367 exits. */
1368 for (ph = &l->l_phdr[l->l_phnum]; ph != l->l_phdr; --ph)
1369 switch (ph[-1].p_type)
1370 {
1371 case PT_NOTE:
c00452d7 1372 _dl_process_pt_note (l, fd, &ph[-1]);
38a38360
SN		 1373 break;
1374 case PT_GNU_PROPERTY:
c00452d7 1375 _dl_process_pt_gnu_property (l, fd, &ph[-1]);
38a38360
SN		 1376 break;
1377 }
1378
efec5079 1379 /* We are done mapping in the file. We no longer need the descriptor. */
329ea513 1380 if (__glibc_unlikely (__close_nocancel (fd) != 0))
efec5079
UD		 1381 {
1382 errstring = N_("cannot close file descriptor");
cb5648b0 1383 goto lose_errno;
efec5079
UD		 1384 }
1385 /* Signal that we closed the file. */
1386 fd = -1;
1387
c6b01653
SN		 1388 /* Failures before this point are handled locally via lose.
1389 There are no more failures in this function until return,
1390 to change that the cleanup handling needs to be updated. */
1391
798212a0
PP		 1392 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1393 assert (type != ET_EXEC || l->l_type == lt_executable);
efec5079
UD		 1394
1395 l->l_entry += l->l_addr;
1396
a1ffb40e 1397 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
efec5079 1398 _dl_debug_printf ("\
de477abc 1399 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*zx\n\
efec5079
UD		 1400 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1401 (int) sizeof (void *) * 2,
1402 (unsigned long int) l->l_ld,
1403 (int) sizeof (void *) * 2,
1404 (unsigned long int) l->l_addr,
1405 (int) sizeof (void *) * 2, maplength,
1406 (int) sizeof (void *) * 2,
1407 (unsigned long int) l->l_entry,
1408 (int) sizeof (void *) * 2,
1409 (unsigned long int) l->l_phdr,
1410 (int) sizeof (void *) * 2, l->l_phnum);
1411
1412 /* Set up the symbol hash table. */
1413 _dl_setup_hash (l);
d66e34cd 1414
be935610
UD		 1415 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1416 have to do this for the main map. */
1fc07491 1417 if ((mode & RTLD_DEEPBIND) == 0
1b26b855 1418 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
c0a777e8 1419 && &l->l_searchlist != l->l_scope[0])
be935610
UD		 1420 {
1421 /* Create an appropriate searchlist. It contains only this map.
1fc07491 1422 This is the definition of DT_SYMBOLIC in SysVr4. */
be935610
UD		 1423 l->l_symbolic_searchlist.r_list[0] = l;
1424 l->l_symbolic_searchlist.r_nlist = 1;
be935610
UD		 1425
1426 /* Now move the existing entries one back. */
c0a777e8
UD		 1427 memmove (&l->l_scope[1], &l->l_scope[0],
1428 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
be935610
UD		 1429
1430 /* Now add the new entry. */
c0a777e8 1431 l->l_scope[0] = &l->l_symbolic_searchlist;
be935610
UD		 1432 }
1433
5d916713 1434 /* Remember whether this object must be initialized first. */
39b3385d 1435 if (l->l_flags_1 & DF_1_INITFIRST)
d6b5d570 1436 GL(dl_initfirst) = l;
5d916713 1437
61e0617a 1438 /* Finally the file information. */
c01ae97e 1439 l->l_file_id = id;
61e0617a 1440
a1b85ae8
FW		 1441#ifdef SHARED
1442 /* When auditing is used the recorded names might not include the
1443 name by which the DSO is actually known. Add that as well. */
1444 if (__glibc_unlikely (origname != NULL))
1445 add_name_to_object (l, origname);
1446#else
1447 /* Audit modules only exist when linking is dynamic so ORIGNAME
1448 cannot be non-NULL. */
1449 assert (origname == NULL);
1450#endif
1451
51f38e87
UD		 1452 /* When we profile the SONAME might be needed for something else but
1453 loading. Add it right away. */
1b26b855 1454 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
51f38e87
UD		 1455 && l->l_info[DT_SONAME] != NULL)
1456 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1457 + l->l_info[DT_SONAME]->d_un.d_val));
1458
89baed0b
FW		 1459 /* If we have newly loaded libc.so, update the namespace
1460 description. */
1461 if (GL(dl_ns)[nsid].libc_map == NULL
1462 && l->l_info[DT_SONAME] != NULL
1463 && strcmp (((const char *) D_PTR (l, l_info[DT_STRTAB])
1464 + l->l_info[DT_SONAME]->d_un.d_val), LIBC_SO) == 0)
1465 GL(dl_ns)[nsid].libc_map = l;
1466
77523d5e
FW		 1467 /* _dl_close can only eventually undo the module ID assignment (via
1468 remove_slotinfo) if this function returns a pointer to a link
1469 map. Therefore, delay this step until all possibilities for
1470 failure have been excluded. */
1471 if (l->l_tls_blocksize > 0
1472 && (__glibc_likely (l->l_type == lt_library)
1473 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1474 not set up TLS data structures, so don't use them now. */
1475 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL)))
1476 /* Assign the next available module ID. */
ba33937b 1477 _dl_assign_tls_modid (l);
77523d5e 1478
47cc1490
CM		 1479#ifdef DL_AFTER_LOAD
1480 DL_AFTER_LOAD (l);
1481#endif
1482
f0967738
AK		 1483 /* Now that the object is fully initialized add it to the object list. */
1484 _dl_add_to_namespace_list (l, nsid);
1485
ed3ce71f 1486 /* Signal that we are going to add new objects. */
152f8639 1487 struct r_debug *r = _dl_debug_update (nsid);
ed3ce71f
AZ		 1488 if (r->r_state == RT_CONSISTENT)
1489 {
1490#ifdef SHARED
1491 /* Auditing checkpoint: we are going to add new objects. Since this
1492 is called after _dl_add_to_namespace_list the namespace is guaranteed
1493 to not be empty. */
3dac3959
AZ		 1494 if ((mode & __RTLD_AUDIT) == 0)
1495 _dl_audit_activity_nsid (nsid, LA_ACT_ADD);
ed3ce71f
AZ		 1496#endif
1497
1498 /* Notify the debugger we have added some objects. We need to
1499 call _dl_debug_initialize in a static program in case dynamic
1500 linking has not been used before. */
1501 r->r_state = RT_ADD;
1502 _dl_debug_state ();
1503 LIBC_PROBE (map_start, 2, nsid, r);
ed3ce71f
AZ		 1504 }
1505 else
1506 assert (r->r_state == RT_ADD);
1507
9dcafc55
UD		 1508#ifdef SHARED
1509 /* Auditing checkpoint: we have a new object. */
aee6e90f
AZ		 1510 if (!GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1511 _dl_audit_objopen (l, nsid);
9dcafc55
UD		 1512#endif
1513
d66e34cd
RM		 1514 return l;
1515}
ba79d61b 1516\f
b5efde2f
UD		 1517/* Print search path. */
1518static void
1519print_search_path (struct r_search_path_elem **list,
844c394a 1520 const char *what, const char *name)
b5efde2f 1521{
12264bd7 1522 char buf[max_dirnamelen + max_capstrlen];
b5efde2f
UD		 1523 int first = 1;
1524
154d10bd 1525 _dl_debug_printf (" search path=");
b5efde2f
UD		 1526
1527 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1528 {
12264bd7
UD		 1529 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1530 size_t cnt;
1531
1532 for (cnt = 0; cnt < ncapstr; ++cnt)
1533 if ((*list)->status[cnt] != nonexisting)
1534 {
56f8d442 1535#ifdef SHARED
12264bd7 1536 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
143e2b96
UD		 1537 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1538 cp[0] = '\0';
1539 else
1540 cp[-1] = '\0';
56f8d442
FW		 1541#else
1542 *endp = '\0';
1543#endif
fb0356b9
UD		 1544
1545 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1546 first = 0;
12264bd7 1547 }
b5efde2f 1548
b5efde2f
UD		 1549 ++list;
1550 }
1551
1552 if (name != NULL)
35fc382a 1553 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
b9375348 1554 DSO_FILENAME (name));
b5efde2f 1555 else
35fc382a 1556 _dl_debug_printf_c ("\t\t(%s)\n", what);
b5efde2f
UD		 1557}
1558\f
a35e137a
UD		 1559/* Open a file and verify it is an ELF file for this architecture. We
1560 ignore only ELF files for other architectures. Non-ELF files and
1561 ELF files with different header information cause fatal errors since
1562 this could mean there is something wrong in the installation and the
c0d6f2a3
RM		 1563 user might want to know about this.
1564
1565 If FD is not -1, then the file is already open and FD refers to it.
1566 In that case, FD is consumed for both successful and error returns. */
a35e137a 1567static int
c0d6f2a3
RM		 1568open_verify (const char *name, int fd,
1569 struct filebuf *fbp, struct link_map *loader,
a42faf59 1570 int whatcode, int mode, bool *found_other_class, bool free_name)
a35e137a
UD		 1571{
1572 /* This is the expected ELF header. */
1573#define ELF32_CLASS ELFCLASS32
1574#define ELF64_CLASS ELFCLASS64
1575#ifndef VALID_ELF_HEADER
1576# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1577# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
d8c47894 1578# define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
40e2fc8b
UD		 1579#elif defined MORE_ELF_HEADER_DATA
1580 MORE_ELF_HEADER_DATA;
a35e137a 1581#endif
04f2902d 1582 static const unsigned char expected[EI_NIDENT] =
a35e137a
UD		 1583 {
1584 [EI_MAG0] = ELFMAG0,
1585 [EI_MAG1] = ELFMAG1,
1586 [EI_MAG2] = ELFMAG2,
1587 [EI_MAG3] = ELFMAG3,
1588 [EI_CLASS] = ELFW(CLASS),
1589 [EI_DATA] = byteorder,
1590 [EI_VERSION] = EV_CURRENT,
1591 [EI_OSABI] = ELFOSABI_SYSV,
1592 [EI_ABIVERSION] = 0
1593 };
39b3385d
UD		 1594 /* Initialize it to make the compiler happy. */
1595 const char *errstring = NULL;
1596 int errval = 0;
a35e137a 1597
9dcafc55
UD		 1598#ifdef SHARED
1599 /* Give the auditing libraries a chance. */
c91008d3 1600 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
9dcafc55 1601 {
c0d6f2a3 1602 const char *original_name = name;
c91008d3
AZ		 1603 name = _dl_audit_objsearch (name, loader, whatcode);
1604 if (name == NULL)
1605 return -1;
c0d6f2a3
RM		 1606
1607 if (fd != -1 && name != original_name && strcmp (name, original_name))
c91008d3
AZ		 1608 {
1609 /* An audit library changed what we're supposed to open,
1610 so FD no longer matches it. */
1611 __close_nocancel (fd);
1612 fd = -1;
1613 }
9dcafc55
UD		 1614 }
1615#endif
1616
c0d6f2a3
RM		 1617 if (fd == -1)
1618 /* Open the file. We always open files read-only. */
329ea513 1619 fd = __open64_nocancel (name, O_RDONLY | O_CLOEXEC);
c0d6f2a3 1620
a35e137a
UD		 1621 if (fd != -1)
1622 {
1623 ElfW(Ehdr) *ehdr;
b46d2506 1624 ElfW(Phdr) *phdr;
a986484f 1625 size_t maplength;
a35e137a 1626
9f236c49 1627 /* We successfully opened the file. Now verify it is a file
a35e137a
UD		 1628 we can use. */
1629 __set_errno (0);
88481c16
SP		 1630 fbp->len = 0;
1631 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1632 /* Read in the header. */
1633 do
fcccd512 1634 {
329ea513
ZW		 1635 ssize_t retlen = __read_nocancel (fd, fbp->buf + fbp->len,
1636 sizeof (fbp->buf) - fbp->len);
88481c16
SP		 1637 if (retlen <= 0)
1638 break;
1639 fbp->len += retlen;
1640 }
1b26b855 1641 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
a35e137a
UD		 1642
1643 /* This is where the ELF header is loaded. */
a35e137a
UD		 1644 ehdr = (ElfW(Ehdr) *) fbp->buf;
1645
1646 /* Now run the tests. */
a1ffb40e 1647 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
39b3385d
UD		 1648 {
1649 errval = errno;
1650 errstring = (errval == 0
1651 ? N_("file too short") : N_("cannot read file data"));
cb5648b0 1652 lose:
2e0fc40c
UD		 1653 if (free_name)
1654 {
1655 char *realname = (char *) name;
1656 name = strdupa (realname);
1657 free (realname);
1658 }
cb5648b0
SN		 1659 __close_nocancel (fd);
1660 _dl_signal_error (errval, name, NULL, errstring);
39b3385d 1661 }
a35e137a
UD		 1662
1663 /* See whether the ELF header is what we expect. */
277ae3f1 1664 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
92ad15a8 1665 EI_ABIVERSION)
d8c47894 1666 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
04f2902d
UD		 1667 ehdr->e_ident[EI_ABIVERSION])
1668 || memcmp (&ehdr->e_ident[EI_PAD],
1669 &expected[EI_PAD],
277ae3f1 1670 EI_NIDENT - EI_PAD) != 0))
a35e137a
UD		 1671 {
1672 /* Something is wrong. */
6cc8844f
UD		 1673 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1674 if (*magp !=
a35e137a 1675#if BYTE_ORDER == LITTLE_ENDIAN
34a5a146
JM		 1676 ((ELFMAG0 << (EI_MAG0 * 8))
1677 | (ELFMAG1 << (EI_MAG1 * 8))
1678 | (ELFMAG2 << (EI_MAG2 * 8))
1679 | (ELFMAG3 << (EI_MAG3 * 8)))
a35e137a 1680#else
34a5a146
JM		 1681 ((ELFMAG0 << (EI_MAG3 * 8))
1682 | (ELFMAG1 << (EI_MAG2 * 8))
1683 | (ELFMAG2 << (EI_MAG1 * 8))
1684 | (ELFMAG3 << (EI_MAG0 * 8)))
a35e137a
UD		 1685#endif
1686 )
39b3385d 1687 errstring = N_("invalid ELF header");
b46d2506 1688
39b3385d 1689 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
7f71c55d
UD		 1690 {
1691 /* This is not a fatal error. On architectures where
1692 32-bit and 64-bit binaries can be run this might
1693 happen. */
1694 *found_other_class = true;
b46d2506
AZ		 1695 __close_nocancel (fd);
1696 __set_errno (ENOENT);
1697 return -1;
7f71c55d 1698 }
39b3385d 1699 else if (ehdr->e_ident[EI_DATA] != byteorder)
a35e137a
UD		 1700 {
1701 if (BYTE_ORDER == BIG_ENDIAN)
39b3385d 1702 errstring = N_("ELF file data encoding not big-endian");
a35e137a 1703 else
39b3385d 1704 errstring = N_("ELF file data encoding not little-endian");
a35e137a 1705 }
39b3385d
UD		 1706 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1707 errstring
1708 = N_("ELF file version ident does not match current one");
a35e137a
UD		 1709 /* XXX We should be able so set system specific versions which are
1710 allowed here. */
39b3385d
UD		 1711 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1712 errstring = N_("ELF file OS ABI invalid");
d8c47894
UD		 1713 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1714 ehdr->e_ident[EI_ABIVERSION]))
39b3385d 1715 errstring = N_("ELF file ABI version invalid");
04f2902d
UD		 1716 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1717 EI_NIDENT - EI_PAD) != 0)
1718 errstring = N_("nonzero padding in e_ident");
39b3385d
UD		 1719 else
1720 /* Otherwise we don't know what went wrong. */
1721 errstring = N_("internal error");
1722
cb5648b0 1723 goto lose;
a35e137a
UD		 1724 }
1725
1b26b855 1726 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
39b3385d
UD		 1727 {
1728 errstring = N_("ELF file version does not match current one");
cb5648b0 1729 goto lose;
39b3385d 1730 }
277ae3f1 1731 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
b46d2506
AZ		 1732 {
1733 __close_nocancel (fd);
1734 __set_errno (ENOENT);
1735 return -1;
1736 }
277ae3f1
PP		 1737 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1738 && ehdr->e_type != ET_EXEC))
39b3385d
UD		 1739 {
1740 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
cb5648b0 1741 goto lose;
39b3385d 1742 }
1b26b855 1743 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
5ce98c3f
UD		 1744 {
1745 errstring = N_("ELF file's phentsize not the expected size");
cb5648b0 1746 goto lose;
5ce98c3f 1747 }
a986484f
UD		 1748
1749 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
6dd67bd5 1750 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
a986484f
UD		 1751 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1752 else
1753 {
1754 phdr = alloca (maplength);
95c10569
LP		 1755 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1756 ehdr->e_phoff) != maplength)
39b3385d 1757 {
39b3385d
UD		 1758 errval = errno;
1759 errstring = N_("cannot read file data");
cb5648b0 1760 goto lose;
39b3385d 1761 }
a986484f
UD		 1762 }
1763
d6f373d2
MF		 1764 if (__glibc_unlikely (elf_machine_reject_phdr_p
1765 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1766 loader, fd)))
b46d2506
AZ		 1767 {
1768 __close_nocancel (fd);
1769 __set_errno (ENOENT);
1770 return -1;
1771 }
a986484f 1772
a35e137a
UD		 1773 }
1774
1775 return fd;
1776}
1777\f
04ea3b0f 1778/* Try to open NAME in one of the directories in *DIRSP.
ba79d61b 1779 Return the fd, or -1. If successful, fill in *REALNAME
04ea3b0f
UD		 1780 with the malloc'd full directory name. If it turns out
1781 that none of the directories in *DIRSP exists, *DIRSP is
1782 replaced with (void *) -1, and the old value is free()d
1783 if MAY_FREE_DIRS is true. */
ba79d61b
RM		 1784
1785static int
a42faf59 1786open_path (const char *name, size_t namelen, int mode,
a35e137a 1787 struct r_search_path_struct *sps, char **realname,
7f71c55d
UD		 1788 struct filebuf *fbp, struct link_map *loader, int whatcode,
1789 bool *found_other_class)
ba79d61b 1790{
f55727ca 1791 struct r_search_path_elem **dirs = sps->dirs;
ba79d61b 1792 char *buf;
0a54e401 1793 int fd = -1;
b5efde2f 1794 const char *current_what = NULL;
152e7964 1795 int any = 0;
ba79d61b 1796
a1ffb40e 1797 if (__glibc_unlikely (dirs == NULL))
ab1d521d
RM		 1798 /* We're called before _dl_init_paths when loading the main executable
1799 given on the command line when rtld is run directly. */
1800 return -1;
1801
5431ece5 1802 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
ba79d61b
RM		 1803 do
1804 {
0a54e401
UD		 1805 struct r_search_path_elem *this_dir = *dirs;
1806 size_t buflen = 0;
12264bd7 1807 size_t cnt;
b0b67c47 1808 char *edp;
f5858039 1809 int here_any = 0;
55c91021 1810 int err;
ba79d61b 1811
b5efde2f
UD		 1812 /* If we are debugging the search for libraries print the path
1813 now if it hasn't happened now. */
1b26b855 1814 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
cf197e41 1815 && current_what != this_dir->what)
b5efde2f
UD		 1816 {
1817 current_what = this_dir->what;
1818 print_search_path (dirs, current_what, this_dir->where);
1819 }
1820
b0b67c47 1821 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
12264bd7 1822 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
fd26970f 1823 {
12264bd7
UD		 1824 /* Skip this directory if we know it does not exist. */
1825 if (this_dir->status[cnt] == nonexisting)
1826 continue;
0a54e401 1827
56f8d442 1828#ifdef SHARED
12264bd7 1829 buflen =
d6b5d570
UD		 1830 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1831 capstr[cnt].len),
12264bd7
UD		 1832 name, namelen)
1833 - buf);
56f8d442
FW		 1834#else
1835 buflen = (char *) __mempcpy (edp, name, namelen) - buf;
1836#endif
12264bd7
UD		 1837
1838 /* Print name we try if this is wanted. */
a1ffb40e 1839 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
154d10bd 1840 _dl_debug_printf (" trying file=%s\n", buf);
b5efde2f 1841
c0d6f2a3 1842 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
a42faf59 1843 found_other_class, false);
12264bd7 1844 if (this_dir->status[cnt] == unknown)
6e4c40ba
UD		 1845 {
1846 if (fd != -1)
1847 this_dir->status[cnt] = existing;
9dcafc55
UD		 1848 /* Do not update the directory information when loading
1849 auditing code. We must try to disturb the program as
1850 little as possible. */
1851 else if (loader == NULL
361a3706 1852 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
6e4c40ba
UD		 1853 {
1854 /* We failed to open machine dependent library. Let's
1855 test whether there is any directory at all. */
52a5fe70 1856 struct __stat64_t64 st;
6e4c40ba
UD		 1857
1858 buf[buflen - namelen - 1] = '\0';
1859
52a5fe70 1860 if (__stat64_time64 (buf, &st) != 0
6e4c40ba
UD		 1861 || ! S_ISDIR (st.st_mode))
1862 /* The directory does not exist or it is no directory. */
1863 this_dir->status[cnt] = nonexisting;
1864 else
1865 this_dir->status[cnt] = existing;
1866 }
1867 }
fd26970f 1868
152e7964 1869 /* Remember whether we found any existing directory. */
9dcafc55 1870 here_any |= this_dir->status[cnt] != nonexisting;
152e7964 1871
1b26b855 1872 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
6bc6bd3b 1873 && __libc_enable_secure)
c6222ab9
UD		 1874 {
1875 /* This is an extra security effort to make sure nobody can
1876 preload broken shared objects which are in the trusted
1877 directories and so exploit the bugs. */
52a5fe70 1878 struct __stat64_t64 st;
c6222ab9 1879
52a5fe70 1880 if (__fstat64_time64 (fd, &st) != 0
c6222ab9
UD		 1881 || (st.st_mode & S_ISUID) == 0)
1882 {
1883 /* The shared object cannot be tested for being SUID
1884 or this bit is not set. In this case we must not
1885 use this object. */
329ea513 1886 __close_nocancel (fd);
c6222ab9
UD		 1887 fd = -1;
1888 /* We simply ignore the file, signal this by setting
1889 the error value which would have been set by `open'. */
1890 errno = ENOENT;
1891 }
1892 }
ba79d61b
RM		 1893 }
1894
ba79d61b
RM		 1895 if (fd != -1)
1896 {
2f653c01 1897 *realname = (char *) malloc (buflen);
c6222ab9 1898 if (*realname != NULL)
ba79d61b
RM		 1899 {
1900 memcpy (*realname, buf, buflen);
1901 return fd;
1902 }
1903 else
1904 {
1905 /* No memory for the name, we certainly won't be able
1906 to load and link it. */
329ea513 1907 __close_nocancel (fd);
ba79d61b
RM		 1908 return -1;
1909 }
1910 }
55c91021 1911 if (here_any && (err = errno) != ENOENT && err != EACCES)
ba79d61b
RM		 1912 /* The file exists and is readable, but something went wrong. */
1913 return -1;
f5858039
UD		 1914
1915 /* Remember whether we found anything. */
1916 any |= here_any;
ba79d61b 1917 }
0a54e401 1918 while (*++dirs != NULL);
ba79d61b 1919
152e7964 1920 /* Remove the whole path if none of the directories exists. */
a1ffb40e 1921 if (__glibc_unlikely (! any))
152e7964 1922 {
04ea3b0f
UD		 1923 /* Paths which were allocated using the minimal malloc() in ld.so
1924 must not be freed using the general free() in libc. */
f55727ca
UD		 1925 if (sps->malloced)
1926 free (sps->dirs);
11bf311e 1927
50b1b7a3
FW		 1928 /* __rtld_search_dirs and __rtld_env_path_list are
1929 attribute_relro, therefore avoid writing to them. */
1930 if (sps != &__rtld_search_dirs && sps != &__rtld_env_path_list)
ecc1d0c3 1931 sps->dirs = (void *) -1;
152e7964
UD		 1932 }
1933
ba79d61b
RM		 1934 return -1;
1935}
1936
1937/* Map in the shared object file NAME. */
1938
1939struct link_map *
8e9f92e9 1940_dl_map_object (struct link_map *loader, const char *name,
c0f62c56 1941 int type, int trace_mode, int mode, Lmid_t nsid)
ba79d61b
RM		 1942{
1943 int fd;
a1b85ae8 1944 const char *origname = NULL;
ba79d61b 1945 char *realname;
14bab8de 1946 char *name_copy;
ba79d61b 1947 struct link_map *l;
a35e137a 1948 struct filebuf fb;
ba79d61b 1949
c0f62c56 1950 assert (nsid >= 0);
22c83193 1951 assert (nsid < GL(dl_nns));
c0f62c56 1952
ba79d61b 1953 /* Look for this name among those already loaded. */
c0f62c56 1954 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
f41c8091
UD		 1955 {
1956 /* If the requested name matches the soname of a loaded object,
1957 use that object. Elide this check for names that have not
1958 yet been opened. */
277ae3f1 1959 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
f41c8091
UD		 1960 continue;
1961 if (!_dl_name_match_p (name, l))
1962 {
1963 const char *soname;
1964
1b26b855 1965 if (__glibc_likely (l->l_soname_added)
c91bc73e 1966 || l->l_info[DT_SONAME] == NULL)
f41c8091
UD		 1967 continue;
1968
8699e7b1
UD		 1969 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1970 + l->l_info[DT_SONAME]->d_un.d_val);
f41c8091
UD		 1971 if (strcmp (name, soname) != 0)
1972 continue;
1973
1974 /* We have a match on a new name -- cache it. */
76156ea1 1975 add_name_to_object (l, soname);
c91bc73e 1976 l->l_soname_added = 1;
f41c8091
UD		 1977 }
1978
42c4f32a 1979 /* We have a match. */
f41c8091
UD		 1980 return l;
1981 }
ba79d61b 1982
8193034b 1983 /* Display information if we are debugging. */
1b26b855 1984 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
7969407a 1985 && loader != NULL)
07df30d9 1986 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
9ac533d3
UD		 1987 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1988 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
b9375348 1989 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
8193034b 1990
9dcafc55
UD		 1991#ifdef SHARED
1992 /* Give the auditing libraries a chance to change the name before we
1993 try anything. */
c91008d3 1994 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
9dcafc55 1995 {
c91008d3
AZ		 1996 const char *before = name;
1997 name = _dl_audit_objsearch (name, loader, LA_SER_ORIG);
1998 if (name == NULL)
9dcafc55 1999 {
c91008d3
AZ		 2000 fd = -1;
2001 goto no_file;
9dcafc55 2002 }
c91008d3
AZ		 2003 if (before != name && strcmp (before, name) != 0)
2004 origname = before;
9dcafc55
UD		 2005 }
2006#endif
2007
7f71c55d
UD		 2008 /* Will be true if we found a DSO which is of the other ELF class. */
2009 bool found_other_class = false;
2010
ba79d61b
RM		 2011 if (strchr (name, '/') == NULL)
2012 {
2013 /* Search for NAME in several places. */
2014
2015 size_t namelen = strlen (name) + 1;
2016
a1ffb40e 2017 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
c0f62c56 2018 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
b5efde2f 2019
ba79d61b 2020 fd = -1;
a23db8e4 2021
fcf70d41 2022 /* When the object has the RUNPATH information we don't use any
844c394a 2023 RPATHs. */
4c540916 2024 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
fcf70d41 2025 {
a1f0de82
UD		 2026 /* This is the executable's map (if there is one). Make sure that
2027 we do not look at it twice. */
2028 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2029 bool did_main_map = false;
2030
fcf70d41
UD		 2031 /* First try the DT_RPATH of the dependent object that caused NAME
2032 to be loaded. Then that object's dependent, and on up. */
a1f0de82 2033 for (l = loader; l; l = l->l_loader)
45e4762c 2034 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
a1f0de82 2035 {
a42faf59 2036 fd = open_path (name, namelen, mode,
8e9f92e9 2037 &l->l_rpath_dirs,
a1f0de82
UD		 2038 &realname, &fb, loader, LA_SER_RUNPATH,
2039 &found_other_class);
2040 if (fd != -1)
2041 break;
2042
2043 did_main_map |= l == main_map;
2044 }
0a54e401 2045
fcf70d41 2046 /* If dynamically linked, try the DT_RPATH of the executable
844c394a 2047 itself. NB: we do this for lookups in any namespace. */
a1f0de82
UD		 2048 if (fd == -1 && !did_main_map
2049 && main_map != NULL && main_map->l_type != lt_loaded
2050 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2051 "RPATH"))
a42faf59 2052 fd = open_path (name, namelen, mode,
8e9f92e9 2053 &main_map->l_rpath_dirs,
a1f0de82
UD		 2054 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2055 &found_other_class);
bfb5ed5d
L		 2056
2057 /* Also try DT_RUNPATH in the executable for LD_AUDIT dlopen
2058 call. */
2059 if (__glibc_unlikely (mode & __RTLD_AUDIT)
2060 && fd == -1 && !did_main_map
2061 && main_map != NULL && main_map->l_type != lt_loaded)
2062 {
2063 struct r_search_path_struct l_rpath_dirs;
2064 l_rpath_dirs.dirs = NULL;
2065 if (cache_rpath (main_map, &l_rpath_dirs,
2066 DT_RUNPATH, "RUNPATH"))
2067 fd = open_path (name, namelen, mode, &l_rpath_dirs,
2068 &realname, &fb, loader ?: main_map,
2069 LA_SER_RUNPATH, &found_other_class);
2070 }
fcf70d41 2071 }
fd26970f 2072
7ef90c15 2073 /* Try the LD_LIBRARY_PATH environment variable. */
50b1b7a3
FW		 2074 if (fd == -1 && __rtld_env_path_list.dirs != (void *) -1)
2075 fd = open_path (name, namelen, mode, &__rtld_env_path_list,
9dcafc55
UD		 2076 &realname, &fb,
2077 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
7f71c55d 2078 LA_SER_LIBPATH, &found_other_class);
40a55d20 2079
45e4762c
RM		 2080 /* Look at the RUNPATH information for this binary. */
2081 if (fd == -1 && loader != NULL
2082 && cache_rpath (loader, &loader->l_runpath_dirs,
2083 DT_RUNPATH, "RUNPATH"))
a42faf59 2084 fd = open_path (name, namelen, mode,
9dcafc55 2085 &loader->l_runpath_dirs, &realname, &fb, loader,
7f71c55d 2086 LA_SER_RUNPATH, &found_other_class);
fcf70d41 2087
c0d6f2a3
RM		 2088 if (fd == -1)
2089 {
2090 realname = _dl_sysdep_open_object (name, namelen, &fd);
2091 if (realname != NULL)
2092 {
2093 fd = open_verify (realname, fd,
2094 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2095 LA_SER_CONFIG, mode, &found_other_class,
2096 false);
2097 if (fd == -1)
2098 free (realname);
2099 }
2100 }
2101
f57f8055 2102#ifdef USE_LDCONFIG
55c91021 2103 if (fd == -1
277ae3f1 2104 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
6bc6bd3b 2105 || ! __libc_enable_secure)
1b26b855 2106 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
f18edac3
RM		 2107 {
2108 /* Check the list of libraries in the file /etc/ld.so.cache,
2109 for compatibility with Linux's ldconfig program. */
ccdb048d 2110 char *cached = _dl_load_cache_lookup (name);
0f6b172f 2111
2f653c01
UD		 2112 if (cached != NULL)
2113 {
c0f62c56 2114 // XXX Correct to unconditionally default to namespace 0?
6a5ee102
UD		 2115 l = (loader
2116 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
0d23a5c1
MR		 2117# ifdef SHARED
2118 ?: &GL(dl_rtld_map)
f57f8055 2119# endif
0d23a5c1 2120 );
0f6b172f 2121
266bb989
UD		 2122 /* If the loader has the DF_1_NODEFLIB flag set we must not
2123 use a cache entry from any of these directories. */
1b26b855 2124 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
266bb989
UD		 2125 {
2126 const char *dirp = system_dirs;
2e47aff5 2127 unsigned int cnt = 0;
266bb989
UD		 2128
2129 do
2130 {
2131 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2132 {
2133 /* The prefix matches. Don't use the entry. */
ccdb048d 2134 free (cached);
266bb989
UD		 2135 cached = NULL;
2136 break;
2137 }
2138
2139 dirp += system_dirs_len[cnt] + 1;
2140 ++cnt;
2141 }
4a6d1198 2142 while (cnt < nsystem_dirs_len);
266bb989
UD		 2143 }
2144
2f653c01 2145 if (cached != NULL)
f18edac3 2146 {
c0d6f2a3 2147 fd = open_verify (cached, -1,
9dcafc55 2148 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
a42faf59
PP		 2149 LA_SER_CONFIG, mode, &found_other_class,
2150 false);
a1ffb40e 2151 if (__glibc_likely (fd != -1))
ccdb048d
CD		 2152 realname = cached;
2153 else
2154 free (cached);
f18edac3
RM		 2155 }
2156 }
2157 }
f57f8055 2158#endif
0a54e401 2159
a23db8e4 2160 /* Finally, try the default path. */
266bb989 2161 if (fd == -1
c0f62c56 2162 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
1b26b855 2163 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
50b1b7a3
FW		 2164 && __rtld_search_dirs.dirs != (void *) -1)
2165 fd = open_path (name, namelen, mode, &__rtld_search_dirs,
7f71c55d 2166 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
b5efde2f 2167
fd77c361 2168 /* Add another newline when we are tracing the library loading. */
a1ffb40e 2169 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
844c394a 2170 _dl_debug_printf ("\n");
ba79d61b
RM		 2171 }
2172 else
2173 {
f787edde
UD		 2174 /* The path may contain dynamic string tokens. */
2175 realname = (loader
2bd86632 2176 ? expand_dynamic_string_token (loader, name)
cc00cece 2177 : __strdup (name));
f787edde
UD		 2178 if (realname == NULL)
2179 fd = -1;
2180 else
ba79d61b 2181 {
c0d6f2a3 2182 fd = open_verify (realname, -1, &fb,
a42faf59 2183 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2e0fc40c 2184 &found_other_class, true);
1b26b855 2185 if (__glibc_unlikely (fd == -1))
f787edde 2186 free (realname);
ba79d61b
RM		 2187 }
2188 }
2189
9dcafc55
UD		 2190#ifdef SHARED
2191 no_file:
2192#endif
c14e9135
UD		 2193 /* In case the LOADER information has only been provided to get to
2194 the appropriate RUNPATH/RPATH information we do not need it
2195 anymore. */
2196 if (mode & __RTLD_CALLMAP)
2197 loader = NULL;
2198
1b26b855 2199 if (__glibc_unlikely (fd == -1))
46ec036d 2200 {
6628c742 2201 if (trace_mode)
46ec036d
UD		 2202 {
2203 /* We haven't found an appropriate library. But since we
2204 are only interested in the list of libraries this isn't
2205 so severe. Fake an entry with all the information we
1ef32c3d 2206 have. */
a1eca9f3 2207 static const Elf_Symndx dummy_bucket = STN_UNDEF;
46ec036d 2208
f0967738 2209 /* Allocate a new object map. */
cc00cece 2210 if ((name_copy = __strdup (name)) == NULL
1fc07491 2211 || (l = _dl_new_object (name_copy, name, type, loader,
c0f62c56 2212 mode, nsid)) == NULL)
2e0fc40c
UD		 2213 {
2214 free (name_copy);
2215 _dl_signal_error (ENOMEM, name, NULL,
2216 N_("cannot create shared object descriptor"));
2217 }
a881e0a0
UD		 2218 /* Signal that this is a faked entry. */
2219 l->l_faked = 1;
2220 /* Since the descriptor is initialized with zero we do not
126b06f9 2221 have do this here.
126b06f9 2222 l->l_reserved = 0; */
fd26970f
UD		 2223 l->l_buckets = &dummy_bucket;
2224 l->l_nbuckets = 1;
2225 l->l_relocated = 1;
2226
f0967738
AK		 2227 /* Enter the object in the object list. */
2228 _dl_add_to_namespace_list (l, nsid);
2229
fd26970f 2230 return l;
46ec036d 2231 }
7f71c55d
UD		 2232 else if (found_other_class)
2233 _dl_signal_error (0, name, NULL,
2234 ELFW(CLASS) == ELFCLASS32
2235 ? N_("wrong ELF class: ELFCLASS64")
2236 : N_("wrong ELF class: ELFCLASS32"));
46ec036d 2237 else
154d10bd
UD		 2238 _dl_signal_error (errno, name, NULL,
2239 N_("cannot open shared object file"));
46ec036d 2240 }
ba79d61b 2241
d1fc817e 2242 void *stack_end = __libc_stack_end;
a1b85ae8
FW		 2243 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2244 type, mode, &stack_end, nsid);
ba79d61b 2245}
154d10bd 2246
b8c80a7e
KS		 2247struct add_path_state
2248{
2249 bool counting;
2250 unsigned int idx;
2251 Dl_serinfo *si;
2252 char *allocptr;
2253};
2254
2255static void
2256add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2257 unsigned int flags)
2258{
2259 if (sps->dirs != (void *) -1)
2260 {
2261 struct r_search_path_elem **dirs = sps->dirs;
2262 do
2263 {
2264 const struct r_search_path_elem *const r = *dirs++;
2265 if (p->counting)
2266 {
2267 p->si->dls_cnt++;
2268 p->si->dls_size += MAX (2, r->dirnamelen);
2269 }
2270 else
2271 {
2272 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2273 sp->dls_name = p->allocptr;
2274 if (r->dirnamelen < 2)
2275 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2276 else
2277 p->allocptr = __mempcpy (p->allocptr,
2278 r->dirname, r->dirnamelen - 1);
2279 *p->allocptr++ = '\0';
2280 sp->dls_flags = flags;
2281 }
2282 }
2283 while (*dirs != NULL);
2284 }
2285}
45e4762c
RM		 2286
2287void
45e4762c
RM		 2288_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2289{
2290 if (counting)
2291 {
2292 si->dls_cnt = 0;
2293 si->dls_size = 0;
2294 }
2295
b8c80a7e 2296 struct add_path_state p =
45e4762c 2297 {
b8c80a7e
KS		 2298 .counting = counting,
2299 .idx = 0,
2300 .si = si,
2301 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2302 };
2303
2304# define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
45e4762c
RM		 2305
2306 /* When the object has the RUNPATH information we don't use any RPATHs. */
2307 if (loader->l_info[DT_RUNPATH] == NULL)
2308 {
2309 /* First try the DT_RPATH of the dependent object that caused NAME
2310 to be loaded. Then that object's dependent, and on up. */
2311
2312 struct link_map *l = loader;
2313 do
2314 {
2315 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
b8c80a7e 2316 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
45e4762c
RM		 2317 l = l->l_loader;
2318 }
2319 while (l != NULL);
2320
2321 /* If dynamically linked, try the DT_RPATH of the executable itself. */
c0f62c56
UD		 2322 if (loader->l_ns == LM_ID_BASE)
2323 {
2324 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2325 if (l != NULL && l->l_type != lt_loaded && l != loader)
2326 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
b8c80a7e 2327 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
c0f62c56 2328 }
45e4762c
RM		 2329 }
2330
2331 /* Try the LD_LIBRARY_PATH environment variable. */
50b1b7a3 2332 add_path (&p, &__rtld_env_path_list, XXX_ENV);
45e4762c
RM		 2333
2334 /* Look at the RUNPATH information for this binary. */
2335 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
b8c80a7e 2336 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
45e4762c
RM		 2337
2338 /* XXX
2339 Here is where ld.so.cache gets checked, but we don't have
2340 a way to indicate that in the results for Dl_serinfo. */
2341
2342 /* Finally, try the default path. */
2343 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
50b1b7a3 2344 add_path (&p, &__rtld_search_dirs, XXX_default);
45e4762c
RM		 2345
2346 if (counting)
2347 /* Count the struct size before the string area, which we didn't
2348 know before we completed dls_cnt. */
2349 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2350}
A mirror of the official glibc repository