1 /* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
28 #include <bits/wordsize.h>
30 #include <sys/param.h>
32 #include <sys/types.h>
33 #include "dynamic-link.h"
35 #include <stackinfo.h>
38 #include <stap-probe.h>
39 #include <libc-pointer-arith.h>
40 #include <array_length.h>
44 #include <dl-map-segments.h>
45 #include <dl-unmap-segments.h>
46 #include <dl-machine-reject-phdr.h>
47 #include <dl-sysdep-open.h>
51 #if BYTE_ORDER == BIG_ENDIAN
52 # define byteorder ELFDATA2MSB
53 #elif BYTE_ORDER == LITTLE_ENDIAN
54 # define byteorder ELFDATA2LSB
56 # error "Unknown BYTE_ORDER " BYTE_ORDER
57 # define byteorder ELFDATANONE
60 #define STRING(x) __STRING (x)
63 int __stack_prot attribute_hidden attribute_relro
64 #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
66 #elif _STACK_GROWS_UP && defined PROT_GROWSUP
73 /* Type for the buffer we put the ELF header and hopefully the program
74 header. This buffer does not really have to be too large. In most
75 cases the program header follows the ELF header directly. If this
76 is not the case all bets are off and we can make the header
77 arbitrarily large and still won't get it read. This means the only
78 question is how large are the ELF and program header combined. The
79 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
80 bytes long. Each program header entry is again 32 and 56 bytes
81 long respectively. I.e., even with a file which has 10 program
82 header entries we only have to read 372B/624B respectively. Add to
83 this a bit of margin for program notes and reading 512B and 832B
84 for 32-bit and 64-bit files respecitvely is enough. If this
85 heuristic should really fail for some file the code in
86 `_dl_map_object_from_fd' knows how to recover. */
91 # define FILEBUF_SIZE 512
93 # define FILEBUF_SIZE 832
95 char buf
[FILEBUF_SIZE
] __attribute__ ((aligned (__alignof (ElfW(Ehdr
)))));
98 /* This is the decomposed LD_LIBRARY_PATH search path. */
99 static struct r_search_path_struct env_path_list attribute_relro
;
101 /* List of the hardware capabilities we might end up using. */
102 static const struct r_strlenpair
*capstr attribute_relro
;
103 static size_t ncapstr attribute_relro
;
104 static size_t max_capstrlen attribute_relro
;
107 /* Get the generated information about the trusted directories. Use
108 an array of concatenated strings to avoid relocations. See
109 gen-trusted-dirs.awk. */
110 #include "trusted-dirs.h"
112 static const char system_dirs
[] = SYSTEM_DIRS
;
113 static const size_t system_dirs_len
[] =
117 #define nsystem_dirs_len array_length (system_dirs_len)
120 is_trusted_path (const char *path
, size_t len
)
122 const char *trun
= system_dirs
;
124 for (size_t idx
= 0; idx
< nsystem_dirs_len
; ++idx
)
126 if (len
== system_dirs_len
[idx
] && memcmp (trun
, path
, len
) == 0)
130 trun
+= system_dirs_len
[idx
] + 1;
138 is_trusted_path_normalize (const char *path
, size_t len
)
149 char *npath
= (char *) alloca (len
+ 2);
151 while (*path
!= '\0')
157 if (path
[2] == '.' && (path
[3] == '/' || path
[3] == '\0'))
159 while (wnp
> npath
&& *--wnp
!= '/')
164 else if (path
[2] == '/' || path
[2] == '\0')
171 if (wnp
> npath
&& wnp
[-1] == '/')
181 if (wnp
== npath
|| wnp
[-1] != '/')
184 const char *trun
= system_dirs
;
186 for (size_t idx
= 0; idx
< nsystem_dirs_len
; ++idx
)
188 if (wnp
- npath
>= system_dirs_len
[idx
]
189 && memcmp (trun
, npath
, system_dirs_len
[idx
]) == 0)
193 trun
+= system_dirs_len
[idx
] + 1;
201 is_dst (const char *start
, const char *name
, const char *str
,
202 int is_path
, int secure
)
205 bool is_curly
= false;
214 while (name
[len
] == str
[len
] && name
[len
] != '\0')
219 if (name
[len
] != '}')
222 /* Point again at the beginning of the name. */
224 /* Skip over closing curly brace and adjust for the --name. */
227 else if (name
[len
] != '\0' && name
[len
] != '/'
228 && (!is_path
|| name
[len
] != ':'))
231 if (__glibc_unlikely (secure
)
232 && ((name
[len
] != '\0' && name
[len
] != '/'
233 && (!is_path
|| name
[len
] != ':'))
234 || (name
!= start
+ 1 && (!is_path
|| name
[-2] != ':'))))
242 _dl_dst_count (const char *name
, int is_path
)
244 const char *const start
= name
;
251 /* $ORIGIN is not expanded for SUID/GUID programs (except if it
252 is $ORIGIN alone) and it must always appear first in path. */
254 if ((len
= is_dst (start
, name
, "ORIGIN", is_path
,
255 __libc_enable_secure
)) != 0
256 || (len
= is_dst (start
, name
, "PLATFORM", is_path
, 0)) != 0
257 || (len
= is_dst (start
, name
, "LIB", is_path
, 0)) != 0)
260 name
= strchr (name
+ len
, '$');
262 while (name
!= NULL
);
269 _dl_dst_substitute (struct link_map
*l
, const char *name
, char *result
,
272 const char *const start
= name
;
274 /* Now fill the result path. While copying over the string we keep
275 track of the start of the last path element. When we come across
276 a DST we copy over the value or (if the value is not available)
277 leave the entire path element out. */
279 char *last_elem
= result
;
280 bool check_for_trusted
= false;
284 if (__glibc_unlikely (*name
== '$'))
286 const char *repl
= NULL
;
290 if ((len
= is_dst (start
, name
, "ORIGIN", is_path
,
291 __libc_enable_secure
)) != 0)
294 check_for_trusted
= (__libc_enable_secure
295 && l
->l_type
== lt_executable
);
297 else if ((len
= is_dst (start
, name
, "PLATFORM", is_path
, 0)) != 0)
298 repl
= GLRO(dl_platform
);
299 else if ((len
= is_dst (start
, name
, "LIB", is_path
, 0)) != 0)
302 if (repl
!= NULL
&& repl
!= (const char *) -1)
304 wp
= __stpcpy (wp
, repl
);
309 /* We cannot use this path element, the value of the
310 replacement is unknown. */
313 while (*name
!= '\0' && (!is_path
|| *name
!= ':'))
315 /* Also skip following colon if this is the first rpath
316 element, but keep an empty element at the end. */
317 if (wp
== result
&& is_path
&& *name
== ':' && name
[1] != '\0')
321 /* No DST we recognize. */
327 if (is_path
&& *name
== ':')
329 /* In SUID/SGID programs, after $ORIGIN expansion the
330 normalized path must be rooted in one of the trusted
332 if (__glibc_unlikely (check_for_trusted
)
333 && !is_trusted_path_normalize (last_elem
, wp
- last_elem
))
338 check_for_trusted
= false;
342 while (*name
!= '\0');
344 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
345 path must be rooted in one of the trusted directories. */
346 if (__glibc_unlikely (check_for_trusted
)
347 && !is_trusted_path_normalize (last_elem
, wp
- last_elem
))
356 /* Return copy of argument with all recognized dynamic string tokens
357 ($ORIGIN and $PLATFORM for now) replaced. On some platforms it
358 might not be possible to determine the path from which the object
359 belonging to the map is loaded. In this case the path element
360 containing $ORIGIN is left out. */
362 expand_dynamic_string_token (struct link_map
*l
, const char *s
, int is_path
)
364 /* We make two runs over the string. First we determine how large the
365 resulting string is and then we copy it over. Since this is no
366 frequently executed operation we are looking here not for performance
367 but rather for code size. */
372 /* Determine the number of DST elements. */
373 cnt
= DL_DST_COUNT (s
, is_path
);
375 /* If we do not have to replace anything simply copy the string. */
376 if (__glibc_likely (cnt
== 0))
379 /* Determine the length of the substituted string. */
380 total
= DL_DST_REQUIRED (l
, s
, strlen (s
), cnt
);
382 /* Allocate the necessary memory. */
383 result
= (char *) malloc (total
+ 1);
387 return _dl_dst_substitute (l
, s
, result
, is_path
);
391 /* Add `name' to the list of names for a particular shared object.
392 `name' is expected to have been allocated with malloc and will
393 be freed if the shared object already has this name.
394 Returns false if the object already had this name. */
396 add_name_to_object (struct link_map
*l
, const char *name
)
398 struct libname_list
*lnp
, *lastp
;
399 struct libname_list
*newname
;
403 for (lnp
= l
->l_libname
; lnp
!= NULL
; lastp
= lnp
, lnp
= lnp
->next
)
404 if (strcmp (name
, lnp
->name
) == 0)
407 name_len
= strlen (name
) + 1;
408 newname
= (struct libname_list
*) malloc (sizeof *newname
+ name_len
);
411 /* No more memory. */
412 _dl_signal_error (ENOMEM
, name
, NULL
, N_("cannot allocate name record"));
415 /* The object should have a libname set from _dl_new_object. */
416 assert (lastp
!= NULL
);
418 newname
->name
= memcpy (newname
+ 1, name
, name_len
);
419 newname
->next
= NULL
;
420 newname
->dont_free
= 0;
421 lastp
->next
= newname
;
424 /* Standard search directories. */
425 static struct r_search_path_struct rtld_search_dirs attribute_relro
;
427 static size_t max_dirnamelen
;
429 static struct r_search_path_elem
**
430 fillin_rpath (char *rpath
, struct r_search_path_elem
**result
, const char *sep
,
431 int check_trusted
, const char *what
, const char *where
,
438 while ((cp
= __strsep (&rpath
, sep
)) != NULL
)
440 struct r_search_path_elem
*dirp
;
442 to_free
= cp
= expand_dynamic_string_token (l
, cp
, 1);
444 size_t len
= strlen (cp
);
446 /* `strsep' can pass an empty string. This has to be
447 interpreted as `use the current directory'. */
450 static const char curwd
[] = "./";
454 /* Remove trailing slashes (except for "/"). */
455 while (len
> 1 && cp
[len
- 1] == '/')
458 /* Now add one if there is none so far. */
459 if (len
> 0 && cp
[len
- 1] != '/')
462 /* Make sure we don't use untrusted directories if we run SUID. */
463 if (__glibc_unlikely (check_trusted
) && !is_trusted_path (cp
, len
))
469 /* See if this directory is already known. */
470 for (dirp
= GL(dl_all_dirs
); dirp
!= NULL
; dirp
= dirp
->next
)
471 if (dirp
->dirnamelen
== len
&& memcmp (cp
, dirp
->dirname
, len
) == 0)
476 /* It is available, see whether it's on our own list. */
478 for (cnt
= 0; cnt
< nelems
; ++cnt
)
479 if (result
[cnt
] == dirp
)
483 result
[nelems
++] = dirp
;
488 enum r_dir_status init_val
;
489 size_t where_len
= where
? strlen (where
) + 1 : 0;
491 /* It's a new directory. Create an entry and add it. */
492 dirp
= (struct r_search_path_elem
*)
493 malloc (sizeof (*dirp
) + ncapstr
* sizeof (enum r_dir_status
)
494 + where_len
+ len
+ 1);
496 _dl_signal_error (ENOMEM
, NULL
, NULL
,
497 N_("cannot create cache for search path"));
499 dirp
->dirname
= ((char *) dirp
+ sizeof (*dirp
)
500 + ncapstr
* sizeof (enum r_dir_status
));
501 *((char *) __mempcpy ((char *) dirp
->dirname
, cp
, len
)) = '\0';
502 dirp
->dirnamelen
= len
;
504 if (len
> max_dirnamelen
)
505 max_dirnamelen
= len
;
507 /* We have to make sure all the relative directories are
508 never ignored. The current directory might change and
509 all our saved information would be void. */
510 init_val
= cp
[0] != '/' ? existing
: unknown
;
511 for (cnt
= 0; cnt
< ncapstr
; ++cnt
)
512 dirp
->status
[cnt
] = init_val
;
515 if (__glibc_likely (where
!= NULL
))
516 dirp
->where
= memcpy ((char *) dirp
+ sizeof (*dirp
) + len
+ 1
517 + (ncapstr
* sizeof (enum r_dir_status
)),
522 dirp
->next
= GL(dl_all_dirs
);
523 GL(dl_all_dirs
) = dirp
;
525 /* Put it in the result array. */
526 result
[nelems
++] = dirp
;
531 /* Terminate the array. */
532 result
[nelems
] = NULL
;
539 decompose_rpath (struct r_search_path_struct
*sps
,
540 const char *rpath
, struct link_map
*l
, const char *what
)
542 /* Make a copy we can work with. */
543 const char *where
= l
->l_name
;
546 struct r_search_path_elem
**result
;
548 /* Initialize to please the compiler. */
549 const char *errstring
= NULL
;
551 /* First see whether we must forget the RUNPATH and RPATH from this
553 if (__glibc_unlikely (GLRO(dl_inhibit_rpath
) != NULL
)
554 && !__libc_enable_secure
)
556 const char *inhp
= GLRO(dl_inhibit_rpath
);
560 const char *wp
= where
;
562 while (*inhp
== *wp
&& *wp
!= '\0')
568 if (*wp
== '\0' && (*inhp
== '\0' || *inhp
== ':'))
570 /* This object is on the list of objects for which the
571 RUNPATH and RPATH must not be used. */
572 sps
->dirs
= (void *) -1;
576 while (*inhp
!= '\0')
580 while (*inhp
!= '\0');
583 /* Make a writable copy. */
584 copy
= __strdup (rpath
);
587 errstring
= N_("cannot create RUNPATH/RPATH copy");
591 /* Ignore empty rpaths. */
595 sps
->dirs
= (struct r_search_path_elem
**) -1;
599 /* Count the number of necessary elements in the result array. */
601 for (cp
= copy
; *cp
!= '\0'; ++cp
)
605 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
606 number of necessary entries. */
607 result
= (struct r_search_path_elem
**) malloc ((nelems
+ 1 + 1)
612 errstring
= N_("cannot create cache for search path");
614 _dl_signal_error (ENOMEM
, NULL
, NULL
, errstring
);
617 fillin_rpath (copy
, result
, ":", 0, what
, where
, l
);
619 /* Free the copied RPATH string. `fillin_rpath' make own copies if
624 /* The caller will change this value if we haven't used a real malloc. */
629 /* Make sure cached path information is stored in *SP
630 and return true if there are any paths to search there. */
632 cache_rpath (struct link_map
*l
,
633 struct r_search_path_struct
*sp
,
637 if (sp
->dirs
== (void *) -1)
640 if (sp
->dirs
!= NULL
)
643 if (l
->l_info
[tag
] == NULL
)
645 /* There is no path. */
646 sp
->dirs
= (void *) -1;
650 /* Make sure the cache information is available. */
651 return decompose_rpath (sp
, (const char *) (D_PTR (l
, l_info
[DT_STRTAB
])
652 + l
->l_info
[tag
]->d_un
.d_val
),
658 _dl_init_paths (const char *llp
)
662 struct r_search_path_elem
*pelem
, **aelem
;
664 struct link_map
__attribute__ ((unused
)) *l
= NULL
;
665 /* Initialize to please the compiler. */
666 const char *errstring
= NULL
;
668 /* Fill in the information about the application's RPATH and the
669 directories addressed by the LD_LIBRARY_PATH environment variable. */
671 /* Get the capabilities. */
672 capstr
= _dl_important_hwcaps (GLRO(dl_platform
), GLRO(dl_platformlen
),
673 &ncapstr
, &max_capstrlen
);
675 /* First set up the rest of the default search directory entries. */
676 aelem
= rtld_search_dirs
.dirs
= (struct r_search_path_elem
**)
677 malloc ((nsystem_dirs_len
+ 1) * sizeof (struct r_search_path_elem
*));
678 if (rtld_search_dirs
.dirs
== NULL
)
680 errstring
= N_("cannot create search path array");
682 _dl_signal_error (ENOMEM
, NULL
, NULL
, errstring
);
685 round_size
= ((2 * sizeof (struct r_search_path_elem
) - 1
686 + ncapstr
* sizeof (enum r_dir_status
))
687 / sizeof (struct r_search_path_elem
));
689 rtld_search_dirs
.dirs
[0] = malloc (nsystem_dirs_len
* round_size
690 * sizeof (*rtld_search_dirs
.dirs
[0]));
691 if (rtld_search_dirs
.dirs
[0] == NULL
)
693 errstring
= N_("cannot create cache for search path");
697 rtld_search_dirs
.malloced
= 0;
698 pelem
= GL(dl_all_dirs
) = rtld_search_dirs
.dirs
[0];
708 pelem
->what
= "system search path";
711 pelem
->dirname
= strp
;
712 pelem
->dirnamelen
= system_dirs_len
[idx
];
713 strp
+= system_dirs_len
[idx
] + 1;
715 /* System paths must be absolute. */
716 assert (pelem
->dirname
[0] == '/');
717 for (cnt
= 0; cnt
< ncapstr
; ++cnt
)
718 pelem
->status
[cnt
] = unknown
;
720 pelem
->next
= (++idx
== nsystem_dirs_len
? NULL
: (pelem
+ round_size
));
724 while (idx
< nsystem_dirs_len
);
726 max_dirnamelen
= SYSTEM_DIRS_MAX_LEN
;
730 /* This points to the map of the main object. */
731 l
= GL(dl_ns
)[LM_ID_BASE
]._ns_loaded
;
734 assert (l
->l_type
!= lt_loaded
);
736 if (l
->l_info
[DT_RUNPATH
])
738 /* Allocate room for the search path and fill in information
740 decompose_rpath (&l
->l_runpath_dirs
,
741 (const void *) (D_PTR (l
, l_info
[DT_STRTAB
])
742 + l
->l_info
[DT_RUNPATH
]->d_un
.d_val
),
744 /* During rtld init the memory is allocated by the stub malloc,
745 prevent any attempt to free it by the normal malloc. */
746 l
->l_runpath_dirs
.malloced
= 0;
748 /* The RPATH is ignored. */
749 l
->l_rpath_dirs
.dirs
= (void *) -1;
753 l
->l_runpath_dirs
.dirs
= (void *) -1;
755 if (l
->l_info
[DT_RPATH
])
757 /* Allocate room for the search path and fill in information
759 decompose_rpath (&l
->l_rpath_dirs
,
760 (const void *) (D_PTR (l
, l_info
[DT_STRTAB
])
761 + l
->l_info
[DT_RPATH
]->d_un
.d_val
),
763 /* During rtld init the memory is allocated by the stub
764 malloc, prevent any attempt to free it by the normal
766 l
->l_rpath_dirs
.malloced
= 0;
769 l
->l_rpath_dirs
.dirs
= (void *) -1;
774 if (llp
!= NULL
&& *llp
!= '\0')
776 char *llp_tmp
= strdupa (llp
);
778 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
781 for (const char *cp
= llp_tmp
; *cp
!= '\0'; ++cp
)
782 if (*cp
== ':' || *cp
== ';')
785 env_path_list
.dirs
= (struct r_search_path_elem
**)
786 malloc ((nllp
+ 1) * sizeof (struct r_search_path_elem
*));
787 if (env_path_list
.dirs
== NULL
)
789 errstring
= N_("cannot create cache for search path");
793 (void) fillin_rpath (llp_tmp
, env_path_list
.dirs
, ":;",
794 __libc_enable_secure
, "LD_LIBRARY_PATH",
797 if (env_path_list
.dirs
[0] == NULL
)
799 free (env_path_list
.dirs
);
800 env_path_list
.dirs
= (void *) -1;
803 env_path_list
.malloced
= 0;
806 env_path_list
.dirs
= (void *) -1;
811 __attribute__ ((noreturn
, noinline
))
812 lose (int code
, int fd
, const char *name
, char *realname
, struct link_map
*l
,
813 const char *msg
, struct r_debug
*r
, Lmid_t nsid
)
815 /* The file might already be closed. */
818 if (l
!= NULL
&& l
->l_origin
!= (char *) -1l)
819 free ((char *) l
->l_origin
);
825 r
->r_state
= RT_CONSISTENT
;
827 LIBC_PROBE (map_failed
, 2, nsid
, r
);
830 _dl_signal_error (code
, name
, NULL
, msg
);
834 /* Map in the shared object NAME, actually located in REALNAME, and already
837 #ifndef EXTERNAL_MAP_FROM_FD
841 _dl_map_object_from_fd (const char *name
, const char *origname
, int fd
,
842 struct filebuf
*fbp
, char *realname
,
843 struct link_map
*loader
, int l_type
, int mode
,
844 void **stack_endp
, Lmid_t nsid
)
846 struct link_map
*l
= NULL
;
847 const ElfW(Ehdr
) *header
;
848 const ElfW(Phdr
) *phdr
;
849 const ElfW(Phdr
) *ph
;
852 /* Initialize to keep the compiler happy. */
853 const char *errstring
= NULL
;
855 struct r_debug
*r
= _dl_debug_initialize (0, nsid
);
856 bool make_consistent
= false;
858 /* Get file information. */
860 if (__glibc_unlikely (!_dl_get_file_id (fd
, &id
)))
862 errstring
= N_("cannot stat shared object");
866 lose (errval
, fd
, name
, realname
, l
, errstring
,
867 make_consistent
? r
: NULL
, nsid
);
870 /* Look again to see if the real name matched another already loaded. */
871 for (l
= GL(dl_ns
)[nsid
]._ns_loaded
; l
!= NULL
; l
= l
->l_next
)
872 if (!l
->l_removed
&& _dl_file_id_match_p (&l
->l_file_id
, &id
))
874 /* The object is already loaded.
875 Just bump its reference count and return it. */
878 /* If the name is not in the list of names for this object add
881 add_name_to_object (l
, name
);
887 /* When loading into a namespace other than the base one we must
888 avoid loading ld.so since there can only be one copy. Ever. */
889 if (__glibc_unlikely (nsid
!= LM_ID_BASE
)
890 && (_dl_file_id_match_p (&id
, &GL(dl_rtld_map
).l_file_id
)
891 || _dl_name_match_p (name
, &GL(dl_rtld_map
))))
893 /* This is indeed ld.so. Create a new link_map which refers to
894 the real one for almost everything. */
895 l
= _dl_new_object (realname
, name
, l_type
, loader
, mode
, nsid
);
899 /* Refer to the real descriptor. */
900 l
->l_real
= &GL(dl_rtld_map
);
902 /* No need to bump the refcount of the real object, ld.so will
903 never be unloaded. */
906 /* Add the map for the mirrored object to the object list. */
907 _dl_add_to_namespace_list (l
, nsid
);
913 if (mode
& RTLD_NOLOAD
)
915 /* We are not supposed to load the object unless it is already
916 loaded. So return now. */
922 /* Print debugging message. */
923 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_FILES
))
924 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name
, nsid
);
926 /* This is the ELF header. We read it in `open_verify'. */
927 header
= (void *) fbp
->buf
;
931 if (_dl_zerofd
== -1)
933 _dl_zerofd
= _dl_sysdep_open_zero_fill ();
934 if (_dl_zerofd
== -1)
938 _dl_signal_error (errno
, NULL
, NULL
,
939 N_("cannot open zero fill device"));
944 /* Signal that we are going to add new objects. */
945 if (r
->r_state
== RT_CONSISTENT
)
948 /* Auditing checkpoint: we are going to add new objects. */
949 if ((mode
& __RTLD_AUDIT
) == 0
950 && __glibc_unlikely (GLRO(dl_naudit
) > 0))
952 struct link_map
*head
= GL(dl_ns
)[nsid
]._ns_loaded
;
953 /* Do not call the functions for any auditing object. */
954 if (head
->l_auditing
== 0)
956 struct audit_ifaces
*afct
= GLRO(dl_audit
);
957 for (unsigned int cnt
= 0; cnt
< GLRO(dl_naudit
); ++cnt
)
959 if (afct
->activity
!= NULL
)
960 afct
->activity (&head
->l_audit
[cnt
].cookie
, LA_ACT_ADD
);
968 /* Notify the debugger we have added some objects. We need to
969 call _dl_debug_initialize in a static program in case dynamic
970 linking has not been used before. */
973 LIBC_PROBE (map_start
, 2, nsid
, r
);
974 make_consistent
= true;
977 assert (r
->r_state
== RT_ADD
);
979 /* Enter the new object in the list of loaded objects. */
980 l
= _dl_new_object (realname
, name
, l_type
, loader
, mode
, nsid
);
981 if (__glibc_unlikely (l
== NULL
))
986 errstring
= N_("cannot create shared object descriptor");
987 goto call_lose_errno
;
990 /* Extract the remaining details we need from the ELF header
991 and then read in the program header table. */
992 l
->l_entry
= header
->e_entry
;
993 type
= header
->e_type
;
994 l
->l_phnum
= header
->e_phnum
;
996 maplength
= header
->e_phnum
* sizeof (ElfW(Phdr
));
997 if (header
->e_phoff
+ maplength
<= (size_t) fbp
->len
)
998 phdr
= (void *) (fbp
->buf
+ header
->e_phoff
);
1001 phdr
= alloca (maplength
);
1002 __lseek (fd
, header
->e_phoff
, SEEK_SET
);
1003 if ((size_t) __libc_read (fd
, (void *) phdr
, maplength
) != maplength
)
1005 errstring
= N_("cannot read file data");
1006 goto call_lose_errno
;
1010 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1011 * executable. Other platforms default to a nonexecutable stack and don't
1012 * need PT_GNU_STACK to do so. */
1013 uint_fast16_t stack_flags
= DEFAULT_STACK_PERMS
;
1016 /* Scan the program header table, collecting its load commands. */
1017 struct loadcmd loadcmds
[l
->l_phnum
];
1018 size_t nloadcmds
= 0;
1019 bool has_holes
= false;
1021 /* The struct is initialized to zero so this is not necessary:
1025 for (ph
= phdr
; ph
< &phdr
[l
->l_phnum
]; ++ph
)
1028 /* These entries tell us where to find things once the file's
1029 segments are mapped in. We record the addresses it says
1030 verbatim, and later correct for the run-time load address. */
1034 /* Debuginfo only files from "objcopy --only-keep-debug"
1035 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
1036 such a segment to avoid a crash later. */
1037 l
->l_ld
= (void *) ph
->p_vaddr
;
1038 l
->l_ldnum
= ph
->p_memsz
/ sizeof (ElfW(Dyn
));
1043 l
->l_phdr
= (void *) ph
->p_vaddr
;
1047 /* A load command tells us to map in part of the file.
1048 We record the load commands and process them all later. */
1049 if (__glibc_unlikely ((ph
->p_align
& (GLRO(dl_pagesize
) - 1)) != 0))
1051 errstring
= N_("ELF load command alignment not page-aligned");
1054 if (__glibc_unlikely (((ph
->p_vaddr
- ph
->p_offset
)
1055 & (ph
->p_align
- 1)) != 0))
1058 = N_("ELF load command address/offset not properly aligned");
1062 struct loadcmd
*c
= &loadcmds
[nloadcmds
++];
1063 c
->mapstart
= ALIGN_DOWN (ph
->p_vaddr
, GLRO(dl_pagesize
));
1064 c
->mapend
= ALIGN_UP (ph
->p_vaddr
+ ph
->p_filesz
, GLRO(dl_pagesize
));
1065 c
->dataend
= ph
->p_vaddr
+ ph
->p_filesz
;
1066 c
->allocend
= ph
->p_vaddr
+ ph
->p_memsz
;
1067 c
->mapoff
= ALIGN_DOWN (ph
->p_offset
, GLRO(dl_pagesize
));
1069 /* Determine whether there is a gap between the last segment
1071 if (nloadcmds
> 1 && c
[-1].mapend
!= c
->mapstart
)
1074 /* Optimize a common case. */
1075 #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1076 c
->prot
= (PF_TO_PROT
1077 >> ((ph
->p_flags
& (PF_R
| PF_W
| PF_X
)) * 4)) & 0xf;
1080 if (ph
->p_flags
& PF_R
)
1081 c
->prot
|= PROT_READ
;
1082 if (ph
->p_flags
& PF_W
)
1083 c
->prot
|= PROT_WRITE
;
1084 if (ph
->p_flags
& PF_X
)
1085 c
->prot
|= PROT_EXEC
;
1090 if (ph
->p_memsz
== 0)
1091 /* Nothing to do for an empty segment. */
1094 l
->l_tls_blocksize
= ph
->p_memsz
;
1095 l
->l_tls_align
= ph
->p_align
;
1096 if (ph
->p_align
== 0)
1097 l
->l_tls_firstbyte_offset
= 0;
1099 l
->l_tls_firstbyte_offset
= ph
->p_vaddr
& (ph
->p_align
- 1);
1100 l
->l_tls_initimage_size
= ph
->p_filesz
;
1101 /* Since we don't know the load address yet only store the
1102 offset. We will adjust it later. */
1103 l
->l_tls_initimage
= (void *) ph
->p_vaddr
;
1105 /* If not loading the initial set of shared libraries,
1106 check whether we should permit loading a TLS segment. */
1107 if (__glibc_likely (l
->l_type
== lt_library
)
1108 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1109 not set up TLS data structures, so don't use them now. */
1110 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list
) != NULL
))
1112 /* Assign the next available module ID. */
1113 l
->l_tls_modid
= _dl_next_tls_modid ();
1118 /* We are loading the executable itself when the dynamic
1119 linker was executed directly. The setup will happen
1120 later. Otherwise, the TLS data structures are already
1121 initialized, and we assigned a TLS modid above. */
1122 assert (l
->l_prev
== NULL
|| (mode
& __RTLD_AUDIT
) != 0);
1124 assert (false && "TLS not initialized in static application");
1129 stack_flags
= ph
->p_flags
;
1133 l
->l_relro_addr
= ph
->p_vaddr
;
1134 l
->l_relro_size
= ph
->p_memsz
;
1138 if (__glibc_unlikely (nloadcmds
== 0))
1140 /* This only happens for a bogus object that will be caught with
1141 another error below. But we don't want to go through the
1142 calculations below using NLOADCMDS - 1. */
1143 errstring
= N_("object file has no loadable segments");
1147 if (__glibc_unlikely (type
!= ET_DYN
)
1148 && __glibc_unlikely ((mode
& __RTLD_OPENEXEC
) == 0))
1150 /* This object is loaded at a fixed address. This must never
1151 happen for objects loaded with dlopen. */
1152 errstring
= N_("cannot dynamically load executable");
1156 /* Length of the sections to be loaded. */
1157 maplength
= loadcmds
[nloadcmds
- 1].allocend
- loadcmds
[0].mapstart
;
1159 /* Now process the load commands and map segments into memory.
1160 This is responsible for filling in:
1161 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1163 errstring
= _dl_map_segments (l
, fd
, header
, type
, loadcmds
, nloadcmds
,
1164 maplength
, has_holes
, loader
);
1165 if (__glibc_unlikely (errstring
!= NULL
))
1171 if (__glibc_unlikely (type
== ET_DYN
))
1173 errstring
= N_("object file has no dynamic section");
1178 l
->l_ld
= (ElfW(Dyn
) *) ((ElfW(Addr
)) l
->l_ld
+ l
->l_addr
);
1180 elf_get_dynamic_info (l
, NULL
);
1182 /* Make sure we are not dlopen'ing an object that has the
1183 DF_1_NOOPEN flag set. */
1184 if (__glibc_unlikely (l
->l_flags_1
& DF_1_NOOPEN
)
1185 && (mode
& __RTLD_DLOPEN
))
1187 /* We are not supposed to load this object. Free all resources. */
1188 _dl_unmap_segments (l
);
1190 if (!l
->l_libname
->dont_free
)
1191 free (l
->l_libname
);
1193 if (l
->l_phdr_allocated
)
1194 free ((void *) l
->l_phdr
);
1196 errstring
= N_("shared object cannot be dlopen()ed");
1200 if (l
->l_phdr
== NULL
)
1202 /* The program header is not contained in any of the segments.
1203 We have to allocate memory ourself and copy it over from out
1205 ElfW(Phdr
) *newp
= (ElfW(Phdr
) *) malloc (header
->e_phnum
1206 * sizeof (ElfW(Phdr
)));
1209 errstring
= N_("cannot allocate memory for program header");
1210 goto call_lose_errno
;
1213 l
->l_phdr
= memcpy (newp
, phdr
,
1214 (header
->e_phnum
* sizeof (ElfW(Phdr
))));
1215 l
->l_phdr_allocated
= 1;
1218 /* Adjust the PT_PHDR value by the runtime load address. */
1219 l
->l_phdr
= (ElfW(Phdr
) *) ((ElfW(Addr
)) l
->l_phdr
+ l
->l_addr
);
1221 if (__glibc_unlikely ((stack_flags
&~ GL(dl_stack_flags
)) & PF_X
))
1223 if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso
) != 0))
1225 errstring
= N_("invalid caller");
1229 /* The stack is presently not executable, but this module
1230 requires that it be executable. We must change the
1231 protection of the variable which contains the flags used in
1232 the mprotect calls. */
1234 if ((mode
& (__RTLD_DLOPEN
| __RTLD_AUDIT
)) == __RTLD_DLOPEN
)
1236 const uintptr_t p
= (uintptr_t) &__stack_prot
& -GLRO(dl_pagesize
);
1237 const size_t s
= (uintptr_t) (&__stack_prot
+ 1) - p
;
1239 struct link_map
*const m
= &GL(dl_rtld_map
);
1240 const uintptr_t relro_end
= ((m
->l_addr
+ m
->l_relro_addr
1242 & -GLRO(dl_pagesize
));
1243 if (__glibc_likely (p
+ s
<= relro_end
))
1245 /* The variable lies in the region protected by RELRO. */
1246 if (__mprotect ((void *) p
, s
, PROT_READ
|PROT_WRITE
) < 0)
1248 errstring
= N_("cannot change memory protections");
1249 goto call_lose_errno
;
1251 __stack_prot
|= PROT_READ
|PROT_WRITE
|PROT_EXEC
;
1252 __mprotect ((void *) p
, s
, PROT_READ
);
1255 __stack_prot
|= PROT_READ
|PROT_WRITE
|PROT_EXEC
;
1259 __stack_prot
|= PROT_READ
|PROT_WRITE
|PROT_EXEC
;
1261 #ifdef check_consistency
1262 check_consistency ();
1265 errval
= (*GL(dl_make_stack_executable_hook
)) (stack_endp
);
1269 cannot enable executable stack as shared object requires");
1274 /* Adjust the address of the TLS initialization image. */
1275 if (l
->l_tls_initimage
!= NULL
)
1276 l
->l_tls_initimage
= (char *) l
->l_tls_initimage
+ l
->l_addr
;
1278 /* We are done mapping in the file. We no longer need the descriptor. */
1279 if (__glibc_unlikely (__close (fd
) != 0))
1281 errstring
= N_("cannot close file descriptor");
1282 goto call_lose_errno
;
1284 /* Signal that we closed the file. */
1287 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1288 assert (type
!= ET_EXEC
|| l
->l_type
== lt_executable
);
1290 l
->l_entry
+= l
->l_addr
;
1292 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_FILES
))
1293 _dl_debug_printf ("\
1294 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1295 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1296 (int) sizeof (void *) * 2,
1297 (unsigned long int) l
->l_ld
,
1298 (int) sizeof (void *) * 2,
1299 (unsigned long int) l
->l_addr
,
1300 (int) sizeof (void *) * 2, maplength
,
1301 (int) sizeof (void *) * 2,
1302 (unsigned long int) l
->l_entry
,
1303 (int) sizeof (void *) * 2,
1304 (unsigned long int) l
->l_phdr
,
1305 (int) sizeof (void *) * 2, l
->l_phnum
);
1307 /* Set up the symbol hash table. */
1310 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1311 have to do this for the main map. */
1312 if ((mode
& RTLD_DEEPBIND
) == 0
1313 && __glibc_unlikely (l
->l_info
[DT_SYMBOLIC
] != NULL
)
1314 && &l
->l_searchlist
!= l
->l_scope
[0])
1316 /* Create an appropriate searchlist. It contains only this map.
1317 This is the definition of DT_SYMBOLIC in SysVr4. */
1318 l
->l_symbolic_searchlist
.r_list
[0] = l
;
1319 l
->l_symbolic_searchlist
.r_nlist
= 1;
1321 /* Now move the existing entries one back. */
1322 memmove (&l
->l_scope
[1], &l
->l_scope
[0],
1323 (l
->l_scope_max
- 1) * sizeof (l
->l_scope
[0]));
1325 /* Now add the new entry. */
1326 l
->l_scope
[0] = &l
->l_symbolic_searchlist
;
1329 /* Remember whether this object must be initialized first. */
1330 if (l
->l_flags_1
& DF_1_INITFIRST
)
1331 GL(dl_initfirst
) = l
;
1333 /* Finally the file information. */
1337 /* When auditing is used the recorded names might not include the
1338 name by which the DSO is actually known. Add that as well. */
1339 if (__glibc_unlikely (origname
!= NULL
))
1340 add_name_to_object (l
, origname
);
1342 /* Audit modules only exist when linking is dynamic so ORIGNAME
1343 cannot be non-NULL. */
1344 assert (origname
== NULL
);
1347 /* When we profile the SONAME might be needed for something else but
1348 loading. Add it right away. */
1349 if (__glibc_unlikely (GLRO(dl_profile
) != NULL
)
1350 && l
->l_info
[DT_SONAME
] != NULL
)
1351 add_name_to_object (l
, ((const char *) D_PTR (l
, l_info
[DT_STRTAB
])
1352 + l
->l_info
[DT_SONAME
]->d_un
.d_val
));
1354 #ifdef DL_AFTER_LOAD
1358 /* Now that the object is fully initialized add it to the object list. */
1359 _dl_add_to_namespace_list (l
, nsid
);
1362 /* Auditing checkpoint: we have a new object. */
1363 if (__glibc_unlikely (GLRO(dl_naudit
) > 0)
1364 && !GL(dl_ns
)[l
->l_ns
]._ns_loaded
->l_auditing
)
1366 struct audit_ifaces
*afct
= GLRO(dl_audit
);
1367 for (unsigned int cnt
= 0; cnt
< GLRO(dl_naudit
); ++cnt
)
1369 if (afct
->objopen
!= NULL
)
1371 l
->l_audit
[cnt
].bindflags
1372 = afct
->objopen (l
, nsid
, &l
->l_audit
[cnt
].cookie
);
1374 l
->l_audit_any_plt
|= l
->l_audit
[cnt
].bindflags
!= 0;
1385 /* Print search path. */
1387 print_search_path (struct r_search_path_elem
**list
,
1388 const char *what
, const char *name
)
1390 char buf
[max_dirnamelen
+ max_capstrlen
];
1393 _dl_debug_printf (" search path=");
1395 while (*list
!= NULL
&& (*list
)->what
== what
) /* Yes, ==. */
1397 char *endp
= __mempcpy (buf
, (*list
)->dirname
, (*list
)->dirnamelen
);
1400 for (cnt
= 0; cnt
< ncapstr
; ++cnt
)
1401 if ((*list
)->status
[cnt
] != nonexisting
)
1403 char *cp
= __mempcpy (endp
, capstr
[cnt
].str
, capstr
[cnt
].len
);
1404 if (cp
== buf
|| (cp
== buf
+ 1 && buf
[0] == '/'))
1409 _dl_debug_printf_c (first
? "%s" : ":%s", buf
);
1417 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what
,
1418 DSO_FILENAME (name
));
1420 _dl_debug_printf_c ("\t\t(%s)\n", what
);
1423 /* Open a file and verify it is an ELF file for this architecture. We
1424 ignore only ELF files for other architectures. Non-ELF files and
1425 ELF files with different header information cause fatal errors since
1426 this could mean there is something wrong in the installation and the
1427 user might want to know about this.
1429 If FD is not -1, then the file is already open and FD refers to it.
1430 In that case, FD is consumed for both successful and error returns. */
1432 open_verify (const char *name
, int fd
,
1433 struct filebuf
*fbp
, struct link_map
*loader
,
1434 int whatcode
, int mode
, bool *found_other_class
, bool free_name
)
1436 /* This is the expected ELF header. */
1437 #define ELF32_CLASS ELFCLASS32
1438 #define ELF64_CLASS ELFCLASS64
1439 #ifndef VALID_ELF_HEADER
1440 # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1441 # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1442 # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1443 #elif defined MORE_ELF_HEADER_DATA
1444 MORE_ELF_HEADER_DATA
;
1446 static const unsigned char expected
[EI_NIDENT
] =
1448 [EI_MAG0
] = ELFMAG0
,
1449 [EI_MAG1
] = ELFMAG1
,
1450 [EI_MAG2
] = ELFMAG2
,
1451 [EI_MAG3
] = ELFMAG3
,
1452 [EI_CLASS
] = ELFW(CLASS
),
1453 [EI_DATA
] = byteorder
,
1454 [EI_VERSION
] = EV_CURRENT
,
1455 [EI_OSABI
] = ELFOSABI_SYSV
,
1460 ElfW(Word
) vendorlen
;
1464 } expected_note
= { 4, 16, 1, "GNU" };
1465 /* Initialize it to make the compiler happy. */
1466 const char *errstring
= NULL
;
1470 /* Give the auditing libraries a chance. */
1471 if (__glibc_unlikely (GLRO(dl_naudit
) > 0) && whatcode
!= 0
1472 && loader
->l_auditing
== 0)
1474 const char *original_name
= name
;
1475 struct audit_ifaces
*afct
= GLRO(dl_audit
);
1476 for (unsigned int cnt
= 0; cnt
< GLRO(dl_naudit
); ++cnt
)
1478 if (afct
->objsearch
!= NULL
)
1480 name
= afct
->objsearch (name
, &loader
->l_audit
[cnt
].cookie
,
1483 /* Ignore the path. */
1490 if (fd
!= -1 && name
!= original_name
&& strcmp (name
, original_name
))
1492 /* An audit library changed what we're supposed to open,
1493 so FD no longer matches it. */
1501 /* Open the file. We always open files read-only. */
1502 fd
= __open (name
, O_RDONLY
| O_CLOEXEC
);
1507 ElfW(Phdr
) *phdr
, *ph
;
1508 ElfW(Word
) *abi_note
;
1509 unsigned int osversion
;
1512 /* We successfully opened the file. Now verify it is a file
1516 assert (sizeof (fbp
->buf
) > sizeof (ElfW(Ehdr
)));
1517 /* Read in the header. */
1520 ssize_t retlen
= __libc_read (fd
, fbp
->buf
+ fbp
->len
,
1521 sizeof (fbp
->buf
) - fbp
->len
);
1526 while (__glibc_unlikely (fbp
->len
< sizeof (ElfW(Ehdr
))));
1528 /* This is where the ELF header is loaded. */
1529 ehdr
= (ElfW(Ehdr
) *) fbp
->buf
;
1531 /* Now run the tests. */
1532 if (__glibc_unlikely (fbp
->len
< (ssize_t
) sizeof (ElfW(Ehdr
))))
1535 errstring
= (errval
== 0
1536 ? N_("file too short") : N_("cannot read file data"));
1540 char *realname
= (char *) name
;
1541 name
= strdupa (realname
);
1544 lose (errval
, fd
, name
, NULL
, NULL
, errstring
, NULL
, 0);
1547 /* See whether the ELF header is what we expect. */
1548 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr
->e_ident
, expected
,
1550 || !VALID_ELF_ABIVERSION (ehdr
->e_ident
[EI_OSABI
],
1551 ehdr
->e_ident
[EI_ABIVERSION
])
1552 || memcmp (&ehdr
->e_ident
[EI_PAD
],
1554 EI_NIDENT
- EI_PAD
) != 0))
1556 /* Something is wrong. */
1557 const Elf32_Word
*magp
= (const void *) ehdr
->e_ident
;
1559 #if BYTE_ORDER == LITTLE_ENDIAN
1560 ((ELFMAG0
<< (EI_MAG0
* 8)) |
1561 (ELFMAG1
<< (EI_MAG1
* 8)) |
1562 (ELFMAG2
<< (EI_MAG2
* 8)) |
1563 (ELFMAG3
<< (EI_MAG3
* 8)))
1565 ((ELFMAG0
<< (EI_MAG3
* 8)) |
1566 (ELFMAG1
<< (EI_MAG2
* 8)) |
1567 (ELFMAG2
<< (EI_MAG1
* 8)) |
1568 (ELFMAG3
<< (EI_MAG0
* 8)))
1571 errstring
= N_("invalid ELF header");
1572 else if (ehdr
->e_ident
[EI_CLASS
] != ELFW(CLASS
))
1574 /* This is not a fatal error. On architectures where
1575 32-bit and 64-bit binaries can be run this might
1577 *found_other_class
= true;
1580 else if (ehdr
->e_ident
[EI_DATA
] != byteorder
)
1582 if (BYTE_ORDER
== BIG_ENDIAN
)
1583 errstring
= N_("ELF file data encoding not big-endian");
1585 errstring
= N_("ELF file data encoding not little-endian");
1587 else if (ehdr
->e_ident
[EI_VERSION
] != EV_CURRENT
)
1589 = N_("ELF file version ident does not match current one");
1590 /* XXX We should be able so set system specific versions which are
1592 else if (!VALID_ELF_OSABI (ehdr
->e_ident
[EI_OSABI
]))
1593 errstring
= N_("ELF file OS ABI invalid");
1594 else if (!VALID_ELF_ABIVERSION (ehdr
->e_ident
[EI_OSABI
],
1595 ehdr
->e_ident
[EI_ABIVERSION
]))
1596 errstring
= N_("ELF file ABI version invalid");
1597 else if (memcmp (&ehdr
->e_ident
[EI_PAD
], &expected
[EI_PAD
],
1598 EI_NIDENT
- EI_PAD
) != 0)
1599 errstring
= N_("nonzero padding in e_ident");
1601 /* Otherwise we don't know what went wrong. */
1602 errstring
= N_("internal error");
1607 if (__glibc_unlikely (ehdr
->e_version
!= EV_CURRENT
))
1609 errstring
= N_("ELF file version does not match current one");
1612 if (! __glibc_likely (elf_machine_matches_host (ehdr
)))
1614 else if (__glibc_unlikely (ehdr
->e_type
!= ET_DYN
1615 && ehdr
->e_type
!= ET_EXEC
))
1617 errstring
= N_("only ET_DYN and ET_EXEC can be loaded");
1620 else if (__glibc_unlikely (ehdr
->e_type
== ET_EXEC
1621 && (mode
& __RTLD_OPENEXEC
) == 0))
1623 /* BZ #16634. It is an error to dlopen ET_EXEC (unless
1624 __RTLD_OPENEXEC is explicitly set). We return error here
1625 so that code in _dl_map_object_from_fd does not try to set
1626 l_tls_modid for this module. */
1628 errstring
= N_("cannot dynamically load executable");
1631 else if (__glibc_unlikely (ehdr
->e_phentsize
!= sizeof (ElfW(Phdr
))))
1633 errstring
= N_("ELF file's phentsize not the expected size");
1637 maplength
= ehdr
->e_phnum
* sizeof (ElfW(Phdr
));
1638 if (ehdr
->e_phoff
+ maplength
<= (size_t) fbp
->len
)
1639 phdr
= (void *) (fbp
->buf
+ ehdr
->e_phoff
);
1642 phdr
= alloca (maplength
);
1643 __lseek (fd
, ehdr
->e_phoff
, SEEK_SET
);
1644 if ((size_t) __libc_read (fd
, (void *) phdr
, maplength
) != maplength
)
1648 errstring
= N_("cannot read file data");
1653 if (__glibc_unlikely (elf_machine_reject_phdr_p
1654 (phdr
, ehdr
->e_phnum
, fbp
->buf
, fbp
->len
,
1658 /* Check .note.ABI-tag if present. */
1659 for (ph
= phdr
; ph
< &phdr
[ehdr
->e_phnum
]; ++ph
)
1660 if (ph
->p_type
== PT_NOTE
&& ph
->p_filesz
>= 32 && ph
->p_align
>= 4)
1662 ElfW(Addr
) size
= ph
->p_filesz
;
1663 /* NB: Some PT_NOTE segment may have alignment value of 0
1664 or 1. gABI specifies that PT_NOTE segments should be
1665 aligned to 4 bytes in 32-bit objects and to 8 bytes in
1666 64-bit objects. As a Linux extension, we also support
1667 4 byte alignment in 64-bit objects. If p_align is less
1668 than 4, we treate alignment as 4 bytes since some note
1669 segments have 0 or 1 byte alignment. */
1670 ElfW(Addr
) align
= ph
->p_align
;
1673 else if (align
!= 4 && align
!= 8)
1676 if (ph
->p_offset
+ size
<= (size_t) fbp
->len
)
1677 abi_note
= (void *) (fbp
->buf
+ ph
->p_offset
);
1680 abi_note
= alloca (size
);
1681 __lseek (fd
, ph
->p_offset
, SEEK_SET
);
1682 if (__libc_read (fd
, (void *) abi_note
, size
) != size
)
1686 while (memcmp (abi_note
, &expected_note
, sizeof (expected_note
)))
1688 ElfW(Addr
) note_size
1689 = ELF_NOTE_NEXT_OFFSET (abi_note
[0], abi_note
[1],
1692 if (size
- 32 < note_size
)
1698 abi_note
= (void *) abi_note
+ note_size
;
1704 osversion
= (abi_note
[5] & 0xff) * 65536
1705 + (abi_note
[6] & 0xff) * 256
1706 + (abi_note
[7] & 0xff);
1707 if (abi_note
[4] != __ABI_TAG_OS
1708 || (GLRO(dl_osversion
) && GLRO(dl_osversion
) < osversion
))
1712 __set_errno (ENOENT
);
1723 /* Try to open NAME in one of the directories in *DIRSP.
1724 Return the fd, or -1. If successful, fill in *REALNAME
1725 with the malloc'd full directory name. If it turns out
1726 that none of the directories in *DIRSP exists, *DIRSP is
1727 replaced with (void *) -1, and the old value is free()d
1728 if MAY_FREE_DIRS is true. */
1731 open_path (const char *name
, size_t namelen
, int mode
,
1732 struct r_search_path_struct
*sps
, char **realname
,
1733 struct filebuf
*fbp
, struct link_map
*loader
, int whatcode
,
1734 bool *found_other_class
)
1736 struct r_search_path_elem
**dirs
= sps
->dirs
;
1739 const char *current_what
= NULL
;
1742 if (__glibc_unlikely (dirs
== NULL
))
1743 /* We're called before _dl_init_paths when loading the main executable
1744 given on the command line when rtld is run directly. */
1747 buf
= alloca (max_dirnamelen
+ max_capstrlen
+ namelen
);
1750 struct r_search_path_elem
*this_dir
= *dirs
;
1757 /* If we are debugging the search for libraries print the path
1758 now if it hasn't happened now. */
1759 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_LIBS
)
1760 && current_what
!= this_dir
->what
)
1762 current_what
= this_dir
->what
;
1763 print_search_path (dirs
, current_what
, this_dir
->where
);
1766 edp
= (char *) __mempcpy (buf
, this_dir
->dirname
, this_dir
->dirnamelen
);
1767 for (cnt
= 0; fd
== -1 && cnt
< ncapstr
; ++cnt
)
1769 /* Skip this directory if we know it does not exist. */
1770 if (this_dir
->status
[cnt
] == nonexisting
)
1774 ((char *) __mempcpy (__mempcpy (edp
, capstr
[cnt
].str
,
1779 /* Print name we try if this is wanted. */
1780 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_LIBS
))
1781 _dl_debug_printf (" trying file=%s\n", buf
);
1783 fd
= open_verify (buf
, -1, fbp
, loader
, whatcode
, mode
,
1784 found_other_class
, false);
1785 if (this_dir
->status
[cnt
] == unknown
)
1788 this_dir
->status
[cnt
] = existing
;
1789 /* Do not update the directory information when loading
1790 auditing code. We must try to disturb the program as
1791 little as possible. */
1792 else if (loader
== NULL
1793 || GL(dl_ns
)[loader
->l_ns
]._ns_loaded
->l_auditing
== 0)
1795 /* We failed to open machine dependent library. Let's
1796 test whether there is any directory at all. */
1799 buf
[buflen
- namelen
- 1] = '\0';
1801 if (__xstat64 (_STAT_VER
, buf
, &st
) != 0
1802 || ! S_ISDIR (st
.st_mode
))
1803 /* The directory does not exist or it is no directory. */
1804 this_dir
->status
[cnt
] = nonexisting
;
1806 this_dir
->status
[cnt
] = existing
;
1810 /* Remember whether we found any existing directory. */
1811 here_any
|= this_dir
->status
[cnt
] != nonexisting
;
1813 if (fd
!= -1 && __glibc_unlikely (mode
& __RTLD_SECURE
)
1814 && __libc_enable_secure
)
1816 /* This is an extra security effort to make sure nobody can
1817 preload broken shared objects which are in the trusted
1818 directories and so exploit the bugs. */
1821 if (__fxstat64 (_STAT_VER
, fd
, &st
) != 0
1822 || (st
.st_mode
& S_ISUID
) == 0)
1824 /* The shared object cannot be tested for being SUID
1825 or this bit is not set. In this case we must not
1829 /* We simply ignore the file, signal this by setting
1830 the error value which would have been set by `open'. */
1838 *realname
= (char *) malloc (buflen
);
1839 if (*realname
!= NULL
)
1841 memcpy (*realname
, buf
, buflen
);
1846 /* No memory for the name, we certainly won't be able
1847 to load and link it. */
1852 if (here_any
&& (err
= errno
) != ENOENT
&& err
!= EACCES
)
1853 /* The file exists and is readable, but something went wrong. */
1856 /* Remember whether we found anything. */
1859 while (*++dirs
!= NULL
);
1861 /* Remove the whole path if none of the directories exists. */
1862 if (__glibc_unlikely (! any
))
1864 /* Paths which were allocated using the minimal malloc() in ld.so
1865 must not be freed using the general free() in libc. */
1869 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1870 avoid writing into it. */
1871 if (sps
!= &rtld_search_dirs
&& sps
!= &env_path_list
)
1872 sps
->dirs
= (void *) -1;
1878 /* Map in the shared object file NAME. */
1881 _dl_map_object (struct link_map
*loader
, const char *name
,
1882 int type
, int trace_mode
, int mode
, Lmid_t nsid
)
1885 const char *origname
= NULL
;
1892 assert (nsid
< GL(dl_nns
));
1894 /* Look for this name among those already loaded. */
1895 for (l
= GL(dl_ns
)[nsid
]._ns_loaded
; l
; l
= l
->l_next
)
1897 /* If the requested name matches the soname of a loaded object,
1898 use that object. Elide this check for names that have not
1900 if (__glibc_unlikely ((l
->l_faked
| l
->l_removed
) != 0))
1902 if (!_dl_name_match_p (name
, l
))
1906 if (__glibc_likely (l
->l_soname_added
)
1907 || l
->l_info
[DT_SONAME
] == NULL
)
1910 soname
= ((const char *) D_PTR (l
, l_info
[DT_STRTAB
])
1911 + l
->l_info
[DT_SONAME
]->d_un
.d_val
);
1912 if (strcmp (name
, soname
) != 0)
1915 /* We have a match on a new name -- cache it. */
1916 add_name_to_object (l
, soname
);
1917 l
->l_soname_added
= 1;
1920 /* We have a match. */
1924 /* Display information if we are debugging. */
1925 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_FILES
)
1927 _dl_debug_printf ((mode
& __RTLD_CALLMAP
) == 0
1928 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1929 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1930 name
, nsid
, DSO_FILENAME (loader
->l_name
), loader
->l_ns
);
1933 /* Give the auditing libraries a chance to change the name before we
1935 if (__glibc_unlikely (GLRO(dl_naudit
) > 0)
1936 && (loader
== NULL
|| loader
->l_auditing
== 0))
1938 struct audit_ifaces
*afct
= GLRO(dl_audit
);
1939 for (unsigned int cnt
= 0; cnt
< GLRO(dl_naudit
); ++cnt
)
1941 if (afct
->objsearch
!= NULL
)
1943 const char *before
= name
;
1944 name
= afct
->objsearch (name
, &loader
->l_audit
[cnt
].cookie
,
1948 /* Do not try anything further. */
1952 if (before
!= name
&& strcmp (before
, name
) != 0)
1954 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_FILES
))
1955 _dl_debug_printf ("audit changed filename %s -> %s\n",
1958 if (origname
== NULL
)
1968 /* Will be true if we found a DSO which is of the other ELF class. */
1969 bool found_other_class
= false;
1971 if (strchr (name
, '/') == NULL
)
1973 /* Search for NAME in several places. */
1975 size_t namelen
= strlen (name
) + 1;
1977 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_LIBS
))
1978 _dl_debug_printf ("find library=%s [%lu]; searching\n", name
, nsid
);
1982 /* When the object has the RUNPATH information we don't use any
1984 if (loader
== NULL
|| loader
->l_info
[DT_RUNPATH
] == NULL
)
1986 /* This is the executable's map (if there is one). Make sure that
1987 we do not look at it twice. */
1988 struct link_map
*main_map
= GL(dl_ns
)[LM_ID_BASE
]._ns_loaded
;
1989 bool did_main_map
= false;
1991 /* First try the DT_RPATH of the dependent object that caused NAME
1992 to be loaded. Then that object's dependent, and on up. */
1993 for (l
= loader
; l
; l
= l
->l_loader
)
1994 if (cache_rpath (l
, &l
->l_rpath_dirs
, DT_RPATH
, "RPATH"))
1996 fd
= open_path (name
, namelen
, mode
,
1998 &realname
, &fb
, loader
, LA_SER_RUNPATH
,
1999 &found_other_class
);
2003 did_main_map
|= l
== main_map
;
2006 /* If dynamically linked, try the DT_RPATH of the executable
2007 itself. NB: we do this for lookups in any namespace. */
2008 if (fd
== -1 && !did_main_map
2009 && main_map
!= NULL
&& main_map
->l_type
!= lt_loaded
2010 && cache_rpath (main_map
, &main_map
->l_rpath_dirs
, DT_RPATH
,
2012 fd
= open_path (name
, namelen
, mode
,
2013 &main_map
->l_rpath_dirs
,
2014 &realname
, &fb
, loader
?: main_map
, LA_SER_RUNPATH
,
2015 &found_other_class
);
2018 /* Try the LD_LIBRARY_PATH environment variable. */
2019 if (fd
== -1 && env_path_list
.dirs
!= (void *) -1)
2020 fd
= open_path (name
, namelen
, mode
, &env_path_list
,
2022 loader
?: GL(dl_ns
)[LM_ID_BASE
]._ns_loaded
,
2023 LA_SER_LIBPATH
, &found_other_class
);
2025 /* Look at the RUNPATH information for this binary. */
2026 if (fd
== -1 && loader
!= NULL
2027 && cache_rpath (loader
, &loader
->l_runpath_dirs
,
2028 DT_RUNPATH
, "RUNPATH"))
2029 fd
= open_path (name
, namelen
, mode
,
2030 &loader
->l_runpath_dirs
, &realname
, &fb
, loader
,
2031 LA_SER_RUNPATH
, &found_other_class
);
2035 realname
= _dl_sysdep_open_object (name
, namelen
, &fd
);
2036 if (realname
!= NULL
)
2038 fd
= open_verify (realname
, fd
,
2039 &fb
, loader
?: GL(dl_ns
)[nsid
]._ns_loaded
,
2040 LA_SER_CONFIG
, mode
, &found_other_class
,
2049 && (__glibc_likely ((mode
& __RTLD_SECURE
) == 0)
2050 || ! __libc_enable_secure
)
2051 && __glibc_likely (GLRO(dl_inhibit_cache
) == 0))
2053 /* Check the list of libraries in the file /etc/ld.so.cache,
2054 for compatibility with Linux's ldconfig program. */
2055 char *cached
= _dl_load_cache_lookup (name
);
2059 // XXX Correct to unconditionally default to namespace 0?
2061 ?: GL(dl_ns
)[LM_ID_BASE
]._ns_loaded
2067 /* If the loader has the DF_1_NODEFLIB flag set we must not
2068 use a cache entry from any of these directories. */
2069 if (__glibc_unlikely (l
->l_flags_1
& DF_1_NODEFLIB
))
2071 const char *dirp
= system_dirs
;
2072 unsigned int cnt
= 0;
2076 if (memcmp (cached
, dirp
, system_dirs_len
[cnt
]) == 0)
2078 /* The prefix matches. Don't use the entry. */
2084 dirp
+= system_dirs_len
[cnt
] + 1;
2087 while (cnt
< nsystem_dirs_len
);
2092 fd
= open_verify (cached
, -1,
2093 &fb
, loader
?: GL(dl_ns
)[nsid
]._ns_loaded
,
2094 LA_SER_CONFIG
, mode
, &found_other_class
,
2096 if (__glibc_likely (fd
!= -1))
2105 /* Finally, try the default path. */
2107 && ((l
= loader
?: GL(dl_ns
)[nsid
]._ns_loaded
) == NULL
2108 || __glibc_likely (!(l
->l_flags_1
& DF_1_NODEFLIB
)))
2109 && rtld_search_dirs
.dirs
!= (void *) -1)
2110 fd
= open_path (name
, namelen
, mode
, &rtld_search_dirs
,
2111 &realname
, &fb
, l
, LA_SER_DEFAULT
, &found_other_class
);
2113 /* Add another newline when we are tracing the library loading. */
2114 if (__glibc_unlikely (GLRO(dl_debug_mask
) & DL_DEBUG_LIBS
))
2115 _dl_debug_printf ("\n");
2119 /* The path may contain dynamic string tokens. */
2121 ? expand_dynamic_string_token (loader
, name
, 0)
2123 if (realname
== NULL
)
2127 fd
= open_verify (realname
, -1, &fb
,
2128 loader
?: GL(dl_ns
)[nsid
]._ns_loaded
, 0, mode
,
2129 &found_other_class
, true);
2130 if (__glibc_unlikely (fd
== -1))
2138 /* In case the LOADER information has only been provided to get to
2139 the appropriate RUNPATH/RPATH information we do not need it
2141 if (mode
& __RTLD_CALLMAP
)
2144 if (__glibc_unlikely (fd
== -1))
2147 && __glibc_likely ((GLRO(dl_debug_mask
) & DL_DEBUG_PRELINK
) == 0))
2149 /* We haven't found an appropriate library. But since we
2150 are only interested in the list of libraries this isn't
2151 so severe. Fake an entry with all the information we
2153 static const Elf_Symndx dummy_bucket
= STN_UNDEF
;
2155 /* Allocate a new object map. */
2156 if ((name_copy
= __strdup (name
)) == NULL
2157 || (l
= _dl_new_object (name_copy
, name
, type
, loader
,
2158 mode
, nsid
)) == NULL
)
2161 _dl_signal_error (ENOMEM
, name
, NULL
,
2162 N_("cannot create shared object descriptor"));
2164 /* Signal that this is a faked entry. */
2166 /* Since the descriptor is initialized with zero we do not
2168 l->l_reserved = 0; */
2169 l
->l_buckets
= &dummy_bucket
;
2173 /* Enter the object in the object list. */
2174 _dl_add_to_namespace_list (l
, nsid
);
2178 else if (found_other_class
)
2179 _dl_signal_error (0, name
, NULL
,
2180 ELFW(CLASS
) == ELFCLASS32
2181 ? N_("wrong ELF class: ELFCLASS64")
2182 : N_("wrong ELF class: ELFCLASS32"));
2184 _dl_signal_error (errno
, name
, NULL
,
2185 N_("cannot open shared object file"));
2188 void *stack_end
= __libc_stack_end
;
2189 return _dl_map_object_from_fd (name
, origname
, fd
, &fb
, realname
, loader
,
2190 type
, mode
, &stack_end
, nsid
);
2193 struct add_path_state
2202 add_path (struct add_path_state
*p
, const struct r_search_path_struct
*sps
,
2205 if (sps
->dirs
!= (void *) -1)
2207 struct r_search_path_elem
**dirs
= sps
->dirs
;
2210 const struct r_search_path_elem
*const r
= *dirs
++;
2214 p
->si
->dls_size
+= MAX (2, r
->dirnamelen
);
2218 Dl_serpath
*const sp
= &p
->si
->dls_serpath
[p
->idx
++];
2219 sp
->dls_name
= p
->allocptr
;
2220 if (r
->dirnamelen
< 2)
2221 *p
->allocptr
++ = r
->dirnamelen
? '/' : '.';
2223 p
->allocptr
= __mempcpy (p
->allocptr
,
2224 r
->dirname
, r
->dirnamelen
- 1);
2225 *p
->allocptr
++ = '\0';
2226 sp
->dls_flags
= flags
;
2229 while (*dirs
!= NULL
);
2234 _dl_rtld_di_serinfo (struct link_map
*loader
, Dl_serinfo
*si
, bool counting
)
2242 struct add_path_state p
=
2244 .counting
= counting
,
2247 .allocptr
= (char *) &si
->dls_serpath
[si
->dls_cnt
]
2250 # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2252 /* When the object has the RUNPATH information we don't use any RPATHs. */
2253 if (loader
->l_info
[DT_RUNPATH
] == NULL
)
2255 /* First try the DT_RPATH of the dependent object that caused NAME
2256 to be loaded. Then that object's dependent, and on up. */
2258 struct link_map
*l
= loader
;
2261 if (cache_rpath (l
, &l
->l_rpath_dirs
, DT_RPATH
, "RPATH"))
2262 add_path (&p
, &l
->l_rpath_dirs
, XXX_RPATH
);
2267 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2268 if (loader
->l_ns
== LM_ID_BASE
)
2270 l
= GL(dl_ns
)[LM_ID_BASE
]._ns_loaded
;
2271 if (l
!= NULL
&& l
->l_type
!= lt_loaded
&& l
!= loader
)
2272 if (cache_rpath (l
, &l
->l_rpath_dirs
, DT_RPATH
, "RPATH"))
2273 add_path (&p
, &l
->l_rpath_dirs
, XXX_RPATH
);
2277 /* Try the LD_LIBRARY_PATH environment variable. */
2278 add_path (&p
, &env_path_list
, XXX_ENV
);
2280 /* Look at the RUNPATH information for this binary. */
2281 if (cache_rpath (loader
, &loader
->l_runpath_dirs
, DT_RUNPATH
, "RUNPATH"))
2282 add_path (&p
, &loader
->l_runpath_dirs
, XXX_RUNPATH
);
2285 Here is where ld.so.cache gets checked, but we don't have
2286 a way to indicate that in the results for Dl_serinfo. */
2288 /* Finally, try the default path. */
2289 if (!(loader
->l_flags_1
& DF_1_NODEFLIB
))
2290 add_path (&p
, &rtld_search_dirs
, XXX_default
);
2293 /* Count the struct size before the string area, which we didn't
2294 know before we completed dls_cnt. */
2295 si
->dls_size
+= (char *) &si
->dls_serpath
[si
->dls_cnt
] - (char *) si
;