1/* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2016 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19#include <elf.h>
20#include <errno.h>
21#include <fcntl.h>
22#include <libintl.h>
23#include <stdbool.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27#include <ldsodefs.h>
28#include <bits/wordsize.h>
29#include <sys/mman.h>
30#include <sys/param.h>
31#include <sys/stat.h>
32#include <sys/types.h>
33#include "dynamic-link.h"
34#include <abi-tag.h>
35#include <stackinfo.h>
36#include <caller.h>
37#include <sysdep.h>
38#include <stap-probe.h>
39#include <libc-internal.h>
40#include <array_length.h>
41
42#include <dl-dst.h>
43#include <dl-load.h>
44#include <dl-map-segments.h>
45#include <dl-unmap-segments.h>
46#include <dl-machine-reject-phdr.h>
47#include <dl-sysdep-open.h>
48
49
50#include <endian.h>
51#if BYTE_ORDER == BIG_ENDIAN
52# define byteorder ELFDATA2MSB
53#elif BYTE_ORDER == LITTLE_ENDIAN
54# define byteorder ELFDATA2LSB
55#else
56# error "Unknown BYTE_ORDER " BYTE_ORDER
57# define byteorder ELFDATANONE
58#endif
59
60#define STRING(x) __STRING (x)
61
62
63int __stack_prot attribute_hidden attribute_relro
64#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
65 = PROT_GROWSDOWN;
66#elif _STACK_GROWS_UP && defined PROT_GROWSUP
67 = PROT_GROWSUP;
68#else
69 = 0;
70#endif
71
72
73/* Type for the buffer we put the ELF header and hopefully the program
74 header. This buffer does not really have to be too large. In most
75 cases the program header follows the ELF header directly. If this
76 is not the case all bets are off and we can make the header
77 arbitrarily large and still won't get it read. This means the only
78 question is how large are the ELF and program header combined. The
79 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
80 bytes long. Each program header entry is again 32 and 56 bytes
81 long respectively. I.e., even with a file which has 10 program
82 header entries we only have to read 372B/624B respectively. Add to
83 this a bit of margin for program notes and reading 512B and 832B
84 for 32-bit and 64-bit files respecitvely is enough. If this
85 heuristic should really fail for some file the code in
86 `_dl_map_object_from_fd' knows how to recover. */
87struct filebuf
88{
89 ssize_t len;
90#if __WORDSIZE == 32
91# define FILEBUF_SIZE 512
92#else
93# define FILEBUF_SIZE 832
94#endif
95 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
96};
97
98/* This is the decomposed LD_LIBRARY_PATH search path. */
99static struct r_search_path_struct env_path_list attribute_relro;
100
101/* List of the hardware capabilities we might end up using. */
102static const struct r_strlenpair *capstr attribute_relro;
103static size_t ncapstr attribute_relro;
104static size_t max_capstrlen attribute_relro;
105
106
107/* Get the generated information about the trusted directories. Use
108 an array of concatenated strings to avoid relocations. See
109 gen-trusted-dirs.awk. */
110#include "trusted-dirs.h"
111
112static const char system_dirs[] = SYSTEM_DIRS;
113static const size_t system_dirs_len[] =
114{
115 SYSTEM_DIRS_LEN
116};
117#define nsystem_dirs_len array_length (system_dirs_len)
118
119static bool
120is_trusted_path (const char *path, size_t len)
121{
122 const char *trun = system_dirs;
123
124 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
125 {
126 if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
127 /* Found it. */
128 return true;
129
130 trun += system_dirs_len[idx] + 1;
131 }
132
133 return false;
134}
135
136
137static bool
138is_trusted_path_normalize (const char *path, size_t len)
139{
140 if (len == 0)
141 return false;
142
143 if (*path == ':')
144 {
145 ++path;
146 --len;
147 }
148
149 char *npath = (char *) alloca (len + 2);
150 char *wnp = npath;
151 while (*path != '\0')
152 {
153 if (path[0] == '/')
154 {
155 if (path[1] == '.')
156 {
157 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
158 {
159 while (wnp > npath && *--wnp != '/')
160 ;
161 path += 3;
162 continue;
163 }
164 else if (path[2] == '/' || path[2] == '\0')
165 {
166 path += 2;
167 continue;
168 }
169 }
170
171 if (wnp > npath && wnp[-1] == '/')
172 {
173 ++path;
174 continue;
175 }
176 }
177
178 *wnp++ = *path++;
179 }
180
181 if (wnp == npath || wnp[-1] != '/')
182 *wnp++ = '/';
183
184 const char *trun = system_dirs;
185
186 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
187 {
188 if (wnp - npath >= system_dirs_len[idx]
189 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
190 /* Found it. */
191 return true;
192
193 trun += system_dirs_len[idx] + 1;
194 }
195
196 return false;
197}
198
199
200static size_t
201is_dst (const char *start, const char *name, const char *str,
202 int is_path, int secure)
203{
204 size_t len;
205 bool is_curly = false;
206
207 if (name[0] == '{')
208 {
209 is_curly = true;
210 ++name;
211 }
212
213 len = 0;
214 while (name[len] == str[len] && name[len] != '\0')
215 ++len;
216
217 if (is_curly)
218 {
219 if (name[len] != '}')
220 return 0;
221
222 /* Point again at the beginning of the name. */
223 --name;
224 /* Skip over closing curly brace and adjust for the --name. */
225 len += 2;
226 }
227 else if (name[len] != '\0' && name[len] != '/'
228 && (!is_path || name[len] != ':'))
229 return 0;
230
231 if (__glibc_unlikely (secure)
232 && ((name[len] != '\0' && name[len] != '/'
233 && (!is_path || name[len] != ':'))
234 || (name != start + 1 && (!is_path || name[-2] != ':'))))
235 return 0;
236
237 return len;
238}
239
240
241size_t
242_dl_dst_count (const char *name, int is_path)
243{
244 const char *const start = name;
245 size_t cnt = 0;
246
247 do
248 {
249 size_t len;
250
251 /* $ORIGIN is not expanded for SUID/GUID programs (except if it
252 is $ORIGIN alone) and it must always appear first in path. */
253 ++name;
254 if ((len = is_dst (start, name, "ORIGIN", is_path,
255 __libc_enable_secure)) != 0
256 || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
257 || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
258 ++cnt;
259
260 name = strchr (name + len, '$');
261 }
262 while (name != NULL);
263
264 return cnt;
265}
266
267
268char *
269_dl_dst_substitute (struct link_map *l, const char *name, char *result,
270 int is_path)
271{
272 const char *const start = name;
273
274 /* Now fill the result path. While copying over the string we keep
275 track of the start of the last path element. When we come across
276 a DST we copy over the value or (if the value is not available)
277 leave the entire path element out. */
278 char *wp = result;
279 char *last_elem = result;
280 bool check_for_trusted = false;
281
282 do
283 {
284 if (__glibc_unlikely (*name == '$'))
285 {
286 const char *repl = NULL;
287 size_t len;
288
289 ++name;
290 if ((len = is_dst (start, name, "ORIGIN", is_path,
291 __libc_enable_secure)) != 0)
292 {
293 repl = l->l_origin;
294 check_for_trusted = (__libc_enable_secure
295 && l->l_type == lt_executable);
296 }
297 else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
298 repl = GLRO(dl_platform);
299 else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
300 repl = DL_DST_LIB;
301
302 if (repl != NULL && repl != (const char *) -1)
303 {
304 wp = __stpcpy (wp, repl);
305 name += len;
306 }
307 else if (len > 1)
308 {
309 /* We cannot use this path element, the value of the
310 replacement is unknown. */
311 wp = last_elem;
312 name += len;
313 while (*name != '\0' && (!is_path || *name != ':'))
314 ++name;
315 /* Also skip following colon if this is the first rpath
316 element, but keep an empty element at the end. */
317 if (wp == result && is_path && *name == ':' && name[1] != '\0')
318 ++name;
319 }
320 else
321 /* No DST we recognize. */
322 *wp++ = '$';
323 }
324 else
325 {
326 *wp++ = *name++;
327 if (is_path && *name == ':')
328 {
329 /* In SUID/SGID programs, after $ORIGIN expansion the
330 normalized path must be rooted in one of the trusted
331 directories. */
332 if (__glibc_unlikely (check_for_trusted)
333 && !is_trusted_path_normalize (last_elem, wp - last_elem))
334 wp = last_elem;
335 else
336 last_elem = wp;
337
338 check_for_trusted = false;
339 }
340 }
341 }
342 while (*name != '\0');
343
344 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
345 path must be rooted in one of the trusted directories. */
346 if (__glibc_unlikely (check_for_trusted)
347 && !is_trusted_path_normalize (last_elem, wp - last_elem))
348 wp = last_elem;
349
350 *wp = '\0';
351
352 return result;
353}
354
355
356/* Return copy of argument with all recognized dynamic string tokens
357 ($ORIGIN and $PLATFORM for now) replaced. On some platforms it
358 might not be possible to determine the path from which the object
359 belonging to the map is loaded. In this case the path element
360 containing $ORIGIN is left out. */
361static char *
362expand_dynamic_string_token (struct link_map *l, const char *s, int is_path)
363{
364 /* We make two runs over the string. First we determine how large the
365 resulting string is and then we copy it over. Since this is no
366 frequently executed operation we are looking here not for performance
367 but rather for code size. */
368 size_t cnt;
369 size_t total;
370 char *result;
371
372 /* Determine the number of DST elements. */
373 cnt = DL_DST_COUNT (s, is_path);
374
375 /* If we do not have to replace anything simply copy the string. */
376 if (__glibc_likely (cnt == 0))
377 return __strdup (s);
378
379 /* Determine the length of the substituted string. */
380 total = DL_DST_REQUIRED (l, s, strlen (s), cnt);
381
382 /* Allocate the necessary memory. */
383 result = (char *) malloc (total + 1);
384 if (result == NULL)
385 return NULL;
386
387 return _dl_dst_substitute (l, s, result, is_path);
388}
389
390
391/* Add `name' to the list of names for a particular shared object.
392 `name' is expected to have been allocated with malloc and will
393 be freed if the shared object already has this name.
394 Returns false if the object already had this name. */
395static void
396internal_function
397add_name_to_object (struct link_map *l, const char *name)
398{
399 struct libname_list *lnp, *lastp;
400 struct libname_list *newname;
401 size_t name_len;
402
403 lastp = NULL;
404 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
405 if (strcmp (name, lnp->name) == 0)
406 return;
407
408 name_len = strlen (name) + 1;
409 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
410 if (newname == NULL)
411 {
412 /* No more memory. */
413 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
414 return;
415 }
416 /* The object should have a libname set from _dl_new_object. */
417 assert (lastp != NULL);
418
419 newname->name = memcpy (newname + 1, name, name_len);
420 newname->next = NULL;
421 newname->dont_free = 0;
422 lastp->next = newname;
423}
424
425/* Standard search directories. */
426static struct r_search_path_struct rtld_search_dirs attribute_relro;
427
428static size_t max_dirnamelen;
429
430static struct r_search_path_elem **
431fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
432 int check_trusted, const char *what, const char *where,
433 struct link_map *l)
434{
435 char *cp;
436 size_t nelems = 0;
437
438 while ((cp = __strsep (&rpath, sep)) != NULL)
439 {
440 struct r_search_path_elem *dirp;
441 char *to_free = NULL;
442 size_t len = 0;
443
444 /* `strsep' can pass an empty string. */
445 if (*cp != '\0')
446 {
447 to_free = cp = expand_dynamic_string_token (l, cp, 1);
448
449 /* expand_dynamic_string_token can return NULL in case of empty
450 path or memory allocation failure. */
451 if (cp == NULL)
452 continue;
453
454 /* Compute the length after dynamic string token expansion and
455 ignore empty paths. */
456 len = strlen (cp);
457 if (len == 0)
458 {
459 free (to_free);
460 continue;
461 }
462
463 /* Remove trailing slashes (except for "/"). */
464 while (len > 1 && cp[len - 1] == '/')
465 --len;
466
467 /* Now add one if there is none so far. */
468 if (len > 0 && cp[len - 1] != '/')
469 cp[len++] = '/';
470 }
471
472 /* Make sure we don't use untrusted directories if we run SUID. */
473 if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
474 {
475 free (to_free);
476 continue;
477 }
478
479 /* See if this directory is already known. */
480 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
481 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
482 break;
483
484 if (dirp != NULL)
485 {
486 /* It is available, see whether it's on our own list. */
487 size_t cnt;
488 for (cnt = 0; cnt < nelems; ++cnt)
489 if (result[cnt] == dirp)
490 break;
491
492 if (cnt == nelems)
493 result[nelems++] = dirp;
494 }
495 else
496 {
497 size_t cnt;
498 enum r_dir_status init_val;
499 size_t where_len = where ? strlen (where) + 1 : 0;
500
501 /* It's a new directory. Create an entry and add it. */
502 dirp = (struct r_search_path_elem *)
503 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
504 + where_len + len + 1);
505 if (dirp == NULL)
506 _dl_signal_error (ENOMEM, NULL, NULL,
507 N_("cannot create cache for search path"));
508
509 dirp->dirname = ((char *) dirp + sizeof (*dirp)
510 + ncapstr * sizeof (enum r_dir_status));
511 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
512 dirp->dirnamelen = len;
513
514 if (len > max_dirnamelen)
515 max_dirnamelen = len;
516
517 /* We have to make sure all the relative directories are
518 never ignored. The current directory might change and
519 all our saved information would be void. */
520 init_val = cp[0] != '/' ? existing : unknown;
521 for (cnt = 0; cnt < ncapstr; ++cnt)
522 dirp->status[cnt] = init_val;
523
524 dirp->what = what;
525 if (__glibc_likely (where != NULL))
526 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
527 + (ncapstr * sizeof (enum r_dir_status)),
528 where, where_len);
529 else
530 dirp->where = NULL;
531
532 dirp->next = GL(dl_all_dirs);
533 GL(dl_all_dirs) = dirp;
534
535 /* Put it in the result array. */
536 result[nelems++] = dirp;
537 }
538 free (to_free);
539 }
540
541 /* Terminate the array. */
542 result[nelems] = NULL;
543
544 return result;
545}
546
547
548static bool
549internal_function
550decompose_rpath (struct r_search_path_struct *sps,
551 const char *rpath, struct link_map *l, const char *what)
552{
553 /* Make a copy we can work with. */
554 const char *where = l->l_name;
555 char *copy;
556 char *cp;
557 struct r_search_path_elem **result;
558 size_t nelems;
559 /* Initialize to please the compiler. */
560 const char *errstring = NULL;
561
562 /* First see whether we must forget the RUNPATH and RPATH from this
563 object. */
564 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
565 && !__libc_enable_secure)
566 {
567 const char *inhp = GLRO(dl_inhibit_rpath);
568
569 do
570 {
571 const char *wp = where;
572
573 while (*inhp == *wp && *wp != '\0')
574 {
575 ++inhp;
576 ++wp;
577 }
578
579 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
580 {
581 /* This object is on the list of objects for which the
582 RUNPATH and RPATH must not be used. */
583 sps->dirs = (void *) -1;
584 return false;
585 }
586
587 while (*inhp != '\0')
588 if (*inhp++ == ':')
589 break;
590 }
591 while (*inhp != '\0');
592 }
593
594 /* Make a writable copy. */
595 copy = __strdup (rpath);
596 if (copy == NULL)
597 {
598 errstring = N_("cannot create RUNPATH/RPATH copy");
599 goto signal_error;
600 }
601
602 /* Ignore empty rpaths. */
603 if (*copy == 0)
604 {
605 free (copy);
606 sps->dirs = (struct r_search_path_elem **) -1;
607 return false;
608 }
609
610 /* Count the number of necessary elements in the result array. */
611 nelems = 0;
612 for (cp = copy; *cp != '\0'; ++cp)
613 if (*cp == ':')
614 ++nelems;
615
616 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
617 number of necessary entries. */
618 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
619 * sizeof (*result));
620 if (result == NULL)
621 {
622 free (copy);
623 errstring = N_("cannot create cache for search path");
624 signal_error:
625 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
626 }
627
628 fillin_rpath (copy, result, ":", 0, what, where, l);
629
630 /* Free the copied RPATH string. `fillin_rpath' make own copies if
631 necessary. */
632 free (copy);
633
634 /* There is no path after expansion. */
635 if (result[0] == NULL)
636 {
637 free (result);
638 sps->dirs = (struct r_search_path_elem **) -1;
639 return false;
640 }
641
642 sps->dirs = result;
643 /* The caller will change this value if we haven't used a real malloc. */
644 sps->malloced = 1;
645 return true;
646}
647
648/* Make sure cached path information is stored in *SP
649 and return true if there are any paths to search there. */
650static bool
651cache_rpath (struct link_map *l,
652 struct r_search_path_struct *sp,
653 int tag,
654 const char *what)
655{
656 if (sp->dirs == (void *) -1)
657 return false;
658
659 if (sp->dirs != NULL)
660 return true;
661
662 if (l->l_info[tag] == NULL)
663 {
664 /* There is no path. */
665 sp->dirs = (void *) -1;
666 return false;
667 }
668
669 /* Make sure the cache information is available. */
670 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
671 + l->l_info[tag]->d_un.d_val),
672 l, what);
673}
674
675
676void
677internal_function
678_dl_init_paths (const char *llp)
679{
680 size_t idx;
681 const char *strp;
682 struct r_search_path_elem *pelem, **aelem;
683 size_t round_size;
684 struct link_map __attribute__ ((unused)) *l = NULL;
685 /* Initialize to please the compiler. */
686 const char *errstring = NULL;
687
688 /* Fill in the information about the application's RPATH and the
689 directories addressed by the LD_LIBRARY_PATH environment variable. */
690
691 /* Get the capabilities. */
692 capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
693 &ncapstr, &max_capstrlen);
694
695 /* First set up the rest of the default search directory entries. */
696 aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
697 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
698 if (rtld_search_dirs.dirs == NULL)
699 {
700 errstring = N_("cannot create search path array");
701 signal_error:
702 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
703 }
704
705 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
706 + ncapstr * sizeof (enum r_dir_status))
707 / sizeof (struct r_search_path_elem));
708
709 rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
710 * sizeof (*rtld_search_dirs.dirs[0]));
711 if (rtld_search_dirs.dirs[0] == NULL)
712 {
713 errstring = N_("cannot create cache for search path");
714 goto signal_error;
715 }
716
717 rtld_search_dirs.malloced = 0;
718 pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
719 strp = system_dirs;
720 idx = 0;
721
722 do
723 {
724 size_t cnt;
725
726 *aelem++ = pelem;
727
728 pelem->what = "system search path";
729 pelem->where = NULL;
730
731 pelem->dirname = strp;
732 pelem->dirnamelen = system_dirs_len[idx];
733 strp += system_dirs_len[idx] + 1;
734
735 /* System paths must be absolute. */
736 assert (pelem->dirname[0] == '/');
737 for (cnt = 0; cnt < ncapstr; ++cnt)
738 pelem->status[cnt] = unknown;
739
740 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
741
742 pelem += round_size;
743 }
744 while (idx < nsystem_dirs_len);
745
746 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
747 *aelem = NULL;
748
749#ifdef SHARED
750 /* This points to the map of the main object. */
751 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
752 if (l != NULL)
753 {
754 assert (l->l_type != lt_loaded);
755
756 if (l->l_info[DT_RUNPATH])
757 {
758 /* Allocate room for the search path and fill in information
759 from RUNPATH. */
760 decompose_rpath (&l->l_runpath_dirs,
761 (const void *) (D_PTR (l, l_info[DT_STRTAB])
762 + l->l_info[DT_RUNPATH]->d_un.d_val),
763 l, "RUNPATH");
764 /* During rtld init the memory is allocated by the stub malloc,
765 prevent any attempt to free it by the normal malloc. */
766 l->l_runpath_dirs.malloced = 0;
767
768 /* The RPATH is ignored. */
769 l->l_rpath_dirs.dirs = (void *) -1;
770 }
771 else
772 {
773 l->l_runpath_dirs.dirs = (void *) -1;
774
775 if (l->l_info[DT_RPATH])
776 {
777 /* Allocate room for the search path and fill in information
778 from RPATH. */
779 decompose_rpath (&l->l_rpath_dirs,
780 (const void *) (D_PTR (l, l_info[DT_STRTAB])
781 + l->l_info[DT_RPATH]->d_un.d_val),
782 l, "RPATH");
783 /* During rtld init the memory is allocated by the stub
784 malloc, prevent any attempt to free it by the normal
785 malloc. */
786 l->l_rpath_dirs.malloced = 0;
787 }
788 else
789 l->l_rpath_dirs.dirs = (void *) -1;
790 }
791 }
792#endif /* SHARED */
793
794 if (llp != NULL && *llp != '\0')
795 {
796 char *llp_tmp = strdupa (llp);
797
798 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
799 elements it has. */
800 size_t nllp = 1;
801 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
802 if (*cp == ':' || *cp == ';')
803 ++nllp;
804
805 env_path_list.dirs = (struct r_search_path_elem **)
806 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
807 if (env_path_list.dirs == NULL)
808 {
809 errstring = N_("cannot create cache for search path");
810 goto signal_error;
811 }
812
813 (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
814 __libc_enable_secure, "LD_LIBRARY_PATH",
815 NULL, l);
816
817 if (env_path_list.dirs[0] == NULL)
818 {
819 free (env_path_list.dirs);
820 env_path_list.dirs = (void *) -1;
821 }
822
823 env_path_list.malloced = 0;
824 }
825 else
826 env_path_list.dirs = (void *) -1;
827}
828
829
830static void
831__attribute__ ((noreturn, noinline))
832lose (int code, int fd, const char *name, char *realname, struct link_map *l,
833 const char *msg, struct r_debug *r, Lmid_t nsid)
834{
835 /* The file might already be closed. */
836 if (fd != -1)
837 (void) __close (fd);
838 if (l != NULL && l->l_origin != (char *) -1l)
839 free ((char *) l->l_origin);
840 free (l);
841 free (realname);
842
843 if (r != NULL)
844 {
845 r->r_state = RT_CONSISTENT;
846 _dl_debug_state ();
847 LIBC_PROBE (map_failed, 2, nsid, r);
848 }
849
850 _dl_signal_error (code, name, NULL, msg);
851}
852
853
854/* Map in the shared object NAME, actually located in REALNAME, and already
855 opened on FD. */
856
857#ifndef EXTERNAL_MAP_FROM_FD
858static
859#endif
860struct link_map *
861_dl_map_object_from_fd (const char *name, const char *origname, int fd,
862 struct filebuf *fbp, char *realname,
863 struct link_map *loader, int l_type, int mode,
864 void **stack_endp, Lmid_t nsid)
865{
866 struct link_map *l = NULL;
867 const ElfW(Ehdr) *header;
868 const ElfW(Phdr) *phdr;
869 const ElfW(Phdr) *ph;
870 size_t maplength;
871 int type;
872 /* Initialize to keep the compiler happy. */
873 const char *errstring = NULL;
874 int errval = 0;
875 struct r_debug *r = _dl_debug_initialize (0, nsid);
876 bool make_consistent = false;
877
878 /* Get file information. */
879 struct r_file_id id;
880 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
881 {
882 errstring = N_("cannot stat shared object");
883 call_lose_errno:
884 errval = errno;
885 call_lose:
886 lose (errval, fd, name, realname, l, errstring,
887 make_consistent ? r : NULL, nsid);
888 }
889
890 /* Look again to see if the real name matched another already loaded. */
891 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
892 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
893 {
894 /* The object is already loaded.
895 Just bump its reference count and return it. */
896 __close (fd);
897
898 /* If the name is not in the list of names for this object add
899 it. */
900 free (realname);
901 add_name_to_object (l, name);
902
903 return l;
904 }
905
906#ifdef SHARED
907 /* When loading into a namespace other than the base one we must
908 avoid loading ld.so since there can only be one copy. Ever. */
909 if (__glibc_unlikely (nsid != LM_ID_BASE)
910 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
911 || _dl_name_match_p (name, &GL(dl_rtld_map))))
912 {
913 /* This is indeed ld.so. Create a new link_map which refers to
914 the real one for almost everything. */
915 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
916 if (l == NULL)
917 goto fail_new;
918
919 /* Refer to the real descriptor. */
920 l->l_real = &GL(dl_rtld_map);
921
922 /* No need to bump the refcount of the real object, ld.so will
923 never be unloaded. */
924 __close (fd);
925
926 /* Add the map for the mirrored object to the object list. */
927 _dl_add_to_namespace_list (l, nsid);
928
929 return l;
930 }
931#endif
932
933 if (mode & RTLD_NOLOAD)
934 {
935 /* We are not supposed to load the object unless it is already
936 loaded. So return now. */
937 free (realname);
938 __close (fd);
939 return NULL;
940 }
941
942 /* Print debugging message. */
943 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
944 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
945
946 /* This is the ELF header. We read it in `open_verify'. */
947 header = (void *) fbp->buf;
948
949#ifndef MAP_ANON
950# define MAP_ANON 0
951 if (_dl_zerofd == -1)
952 {
953 _dl_zerofd = _dl_sysdep_open_zero_fill ();
954 if (_dl_zerofd == -1)
955 {
956 free (realname);
957 __close (fd);
958 _dl_signal_error (errno, NULL, NULL,
959 N_("cannot open zero fill device"));
960 }
961 }
962#endif
963
964 /* Signal that we are going to add new objects. */
965 if (r->r_state == RT_CONSISTENT)
966 {
967#ifdef SHARED
968 /* Auditing checkpoint: we are going to add new objects. */
969 if ((mode & __RTLD_AUDIT) == 0
970 && __glibc_unlikely (GLRO(dl_naudit) > 0))
971 {
972 struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
973 /* Do not call the functions for any auditing object. */
974 if (head->l_auditing == 0)
975 {
976 struct audit_ifaces *afct = GLRO(dl_audit);
977 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
978 {
979 if (afct->activity != NULL)
980 afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD);
981
982 afct = afct->next;
983 }
984 }
985 }
986#endif
987
988 /* Notify the debugger we have added some objects. We need to
989 call _dl_debug_initialize in a static program in case dynamic
990 linking has not been used before. */
991 r->r_state = RT_ADD;
992 _dl_debug_state ();
993 LIBC_PROBE (map_start, 2, nsid, r);
994 make_consistent = true;
995 }
996 else
997 assert (r->r_state == RT_ADD);
998
999 /* Enter the new object in the list of loaded objects. */
1000 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1001 if (__glibc_unlikely (l == NULL))
1002 {
1003#ifdef SHARED
1004 fail_new:
1005#endif
1006 errstring = N_("cannot create shared object descriptor");
1007 goto call_lose_errno;
1008 }
1009
1010 /* Extract the remaining details we need from the ELF header
1011 and then read in the program header table. */
1012 l->l_entry = header->e_entry;
1013 type = header->e_type;
1014 l->l_phnum = header->e_phnum;
1015
1016 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1017 if (header->e_phoff + maplength <= (size_t) fbp->len)
1018 phdr = (void *) (fbp->buf + header->e_phoff);
1019 else
1020 {
1021 phdr = alloca (maplength);
1022 __lseek (fd, header->e_phoff, SEEK_SET);
1023 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1024 {
1025 errstring = N_("cannot read file data");
1026 goto call_lose_errno;
1027 }
1028 }
1029
1030 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1031 * executable. Other platforms default to a nonexecutable stack and don't
1032 * need PT_GNU_STACK to do so. */
1033 uint_fast16_t stack_flags = DEFAULT_STACK_PERMS;
1034
1035 {
1036 /* Scan the program header table, collecting its load commands. */
1037 struct loadcmd loadcmds[l->l_phnum];
1038 size_t nloadcmds = 0;
1039 bool has_holes = false;
1040
1041 /* The struct is initialized to zero so this is not necessary:
1042 l->l_ld = 0;
1043 l->l_phdr = 0;
1044 l->l_addr = 0; */
1045 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1046 switch (ph->p_type)
1047 {
1048 /* These entries tell us where to find things once the file's
1049 segments are mapped in. We record the addresses it says
1050 verbatim, and later correct for the run-time load address. */
1051 case PT_DYNAMIC:
1052 l->l_ld = (void *) ph->p_vaddr;
1053 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1054 break;
1055
1056 case PT_PHDR:
1057 l->l_phdr = (void *) ph->p_vaddr;
1058 break;
1059
1060 case PT_LOAD:
1061 /* A load command tells us to map in part of the file.
1062 We record the load commands and process them all later. */
1063 if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0))
1064 {
1065 errstring = N_("ELF load command alignment not page-aligned");
1066 goto call_lose;
1067 }
1068 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1069 & (ph->p_align - 1)) != 0))
1070 {
1071 errstring
1072 = N_("ELF load command address/offset not properly aligned");
1073 goto call_lose;
1074 }
1075
1076 struct loadcmd *c = &loadcmds[nloadcmds++];
1077 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1078 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1079 c->dataend = ph->p_vaddr + ph->p_filesz;
1080 c->allocend = ph->p_vaddr + ph->p_memsz;
1081 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1082
1083 /* Determine whether there is a gap between the last segment
1084 and this one. */
1085 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1086 has_holes = true;
1087
1088 /* Optimize a common case. */
1089#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1090 c->prot = (PF_TO_PROT
1091 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1092#else
1093 c->prot = 0;
1094 if (ph->p_flags & PF_R)
1095 c->prot |= PROT_READ;
1096 if (ph->p_flags & PF_W)
1097 c->prot |= PROT_WRITE;
1098 if (ph->p_flags & PF_X)
1099 c->prot |= PROT_EXEC;
1100#endif
1101 break;
1102
1103 case PT_TLS:
1104 if (ph->p_memsz == 0)
1105 /* Nothing to do for an empty segment. */
1106 break;
1107
1108 l->l_tls_blocksize = ph->p_memsz;
1109 l->l_tls_align = ph->p_align;
1110 if (ph->p_align == 0)
1111 l->l_tls_firstbyte_offset = 0;
1112 else
1113 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1114 l->l_tls_initimage_size = ph->p_filesz;
1115 /* Since we don't know the load address yet only store the
1116 offset. We will adjust it later. */
1117 l->l_tls_initimage = (void *) ph->p_vaddr;
1118
1119 /* If not loading the initial set of shared libraries,
1120 check whether we should permit loading a TLS segment. */
1121 if (__glibc_likely (l->l_type == lt_library)
1122 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1123 not set up TLS data structures, so don't use them now. */
1124 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))
1125 {
1126 /* Assign the next available module ID. */
1127 l->l_tls_modid = _dl_next_tls_modid ();
1128 break;
1129 }
1130
1131#ifdef SHARED
1132 if (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0)
1133 /* We are loading the executable itself when the dynamic linker
1134 was executed directly. The setup will happen later. */
1135 break;
1136
1137# ifdef _LIBC_REENTRANT
1138 /* In a static binary there is no way to tell if we dynamically
1139 loaded libpthread. */
1140 if (GL(dl_error_catch_tsd) == &_dl_initial_error_catch_tsd)
1141# endif
1142#endif
1143 {
1144 /* We have not yet loaded libpthread.
1145 We can do the TLS setup right now! */
1146
1147 void *tcb;
1148
1149 /* The first call allocates TLS bookkeeping data structures.
1150 Then we allocate the TCB for the initial thread. */
1151 if (__glibc_unlikely (_dl_tls_setup ())
1152 || __glibc_unlikely ((tcb = _dl_allocate_tls (NULL)) == NULL))
1153 {
1154 errval = ENOMEM;
1155 errstring = N_("\
1156cannot allocate TLS data structures for initial thread");
1157 goto call_lose;
1158 }
1159
1160 /* Now we install the TCB in the thread register. */
1161 errstring = TLS_INIT_TP (tcb);
1162 if (__glibc_likely (errstring == NULL))
1163 {
1164 /* Now we are all good. */
1165 l->l_tls_modid = ++GL(dl_tls_max_dtv_idx);
1166 break;
1167 }
1168
1169 /* The kernel is too old or somesuch. */
1170 errval = 0;
1171 _dl_deallocate_tls (tcb, 1);
1172 goto call_lose;
1173 }
1174
1175 /* Uh-oh, the binary expects TLS support but we cannot
1176 provide it. */
1177 errval = 0;
1178 errstring = N_("cannot handle TLS data");
1179 goto call_lose;
1180 break;
1181
1182 case PT_GNU_STACK:
1183 stack_flags = ph->p_flags;
1184 break;
1185
1186 case PT_GNU_RELRO:
1187 l->l_relro_addr = ph->p_vaddr;
1188 l->l_relro_size = ph->p_memsz;
1189 break;
1190 }
1191
1192 if (__glibc_unlikely (nloadcmds == 0))
1193 {
1194 /* This only happens for a bogus object that will be caught with
1195 another error below. But we don't want to go through the
1196 calculations below using NLOADCMDS - 1. */
1197 errstring = N_("object file has no loadable segments");
1198 goto call_lose;
1199 }
1200
1201 if (__glibc_unlikely (type != ET_DYN)
1202 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1203 {
1204 /* This object is loaded at a fixed address. This must never
1205 happen for objects loaded with dlopen. */
1206 errstring = N_("cannot dynamically load executable");
1207 goto call_lose;
1208 }
1209
1210 /* Length of the sections to be loaded. */
1211 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1212
1213 /* Now process the load commands and map segments into memory.
1214 This is responsible for filling in:
1215 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1216 */
1217 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1218 maplength, has_holes, loader);
1219 if (__glibc_unlikely (errstring != NULL))
1220 goto call_lose;
1221 }
1222
1223 if (l->l_ld == 0)
1224 {
1225 if (__glibc_unlikely (type == ET_DYN))
1226 {
1227 errstring = N_("object file has no dynamic section");
1228 goto call_lose;
1229 }
1230 }
1231 else
1232 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1233
1234 elf_get_dynamic_info (l, NULL);
1235
1236 /* Make sure we are not dlopen'ing an object that has the
1237 DF_1_NOOPEN flag set. */
1238 if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1239 && (mode & __RTLD_DLOPEN))
1240 {
1241 /* We are not supposed to load this object. Free all resources. */
1242 _dl_unmap_segments (l);
1243
1244 if (!l->l_libname->dont_free)
1245 free (l->l_libname);
1246
1247 if (l->l_phdr_allocated)
1248 free ((void *) l->l_phdr);
1249
1250 errstring = N_("shared object cannot be dlopen()ed");
1251 goto call_lose;
1252 }
1253
1254 if (l->l_phdr == NULL)
1255 {
1256 /* The program header is not contained in any of the segments.
1257 We have to allocate memory ourself and copy it over from out
1258 temporary place. */
1259 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1260 * sizeof (ElfW(Phdr)));
1261 if (newp == NULL)
1262 {
1263 errstring = N_("cannot allocate memory for program header");
1264 goto call_lose_errno;
1265 }
1266
1267 l->l_phdr = memcpy (newp, phdr,
1268 (header->e_phnum * sizeof (ElfW(Phdr))));
1269 l->l_phdr_allocated = 1;
1270 }
1271 else
1272 /* Adjust the PT_PHDR value by the runtime load address. */
1273 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1274
1275 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1276 {
1277 if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso) != 0))
1278 {
1279 errstring = N_("invalid caller");
1280 goto call_lose;
1281 }
1282
1283 /* The stack is presently not executable, but this module
1284 requires that it be executable. We must change the
1285 protection of the variable which contains the flags used in
1286 the mprotect calls. */
1287#ifdef SHARED
1288 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1289 {
1290 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1291 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1292
1293 struct link_map *const m = &GL(dl_rtld_map);
1294 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1295 + m->l_relro_size)
1296 & -GLRO(dl_pagesize));
1297 if (__glibc_likely (p + s <= relro_end))
1298 {
1299 /* The variable lies in the region protected by RELRO. */
1300 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1301 {
1302 errstring = N_("cannot change memory protections");
1303 goto call_lose_errno;
1304 }
1305 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1306 __mprotect ((void *) p, s, PROT_READ);
1307 }
1308 else
1309 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1310 }
1311 else
1312#endif
1313 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1314
1315#ifdef check_consistency
1316 check_consistency ();
1317#endif
1318
1319 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1320 if (errval)
1321 {
1322 errstring = N_("\
1323cannot enable executable stack as shared object requires");
1324 goto call_lose;
1325 }
1326 }
1327
1328 /* Adjust the address of the TLS initialization image. */
1329 if (l->l_tls_initimage != NULL)
1330 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1331
1332 /* We are done mapping in the file. We no longer need the descriptor. */
1333 if (__glibc_unlikely (__close (fd) != 0))
1334 {
1335 errstring = N_("cannot close file descriptor");
1336 goto call_lose_errno;
1337 }
1338 /* Signal that we closed the file. */
1339 fd = -1;
1340
1341 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1342 assert (type != ET_EXEC || l->l_type == lt_executable);
1343
1344 l->l_entry += l->l_addr;
1345
1346 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1347 _dl_debug_printf ("\
1348 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1349 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1350 (int) sizeof (void *) * 2,
1351 (unsigned long int) l->l_ld,
1352 (int) sizeof (void *) * 2,
1353 (unsigned long int) l->l_addr,
1354 (int) sizeof (void *) * 2, maplength,
1355 (int) sizeof (void *) * 2,
1356 (unsigned long int) l->l_entry,
1357 (int) sizeof (void *) * 2,
1358 (unsigned long int) l->l_phdr,
1359 (int) sizeof (void *) * 2, l->l_phnum);
1360
1361 /* Set up the symbol hash table. */
1362 _dl_setup_hash (l);
1363
1364 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1365 have to do this for the main map. */
1366 if ((mode & RTLD_DEEPBIND) == 0
1367 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1368 && &l->l_searchlist != l->l_scope[0])
1369 {
1370 /* Create an appropriate searchlist. It contains only this map.
1371 This is the definition of DT_SYMBOLIC in SysVr4. */
1372 l->l_symbolic_searchlist.r_list[0] = l;
1373 l->l_symbolic_searchlist.r_nlist = 1;
1374
1375 /* Now move the existing entries one back. */
1376 memmove (&l->l_scope[1], &l->l_scope[0],
1377 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1378
1379 /* Now add the new entry. */
1380 l->l_scope[0] = &l->l_symbolic_searchlist;
1381 }
1382
1383 /* Remember whether this object must be initialized first. */
1384 if (l->l_flags_1 & DF_1_INITFIRST)
1385 GL(dl_initfirst) = l;
1386
1387 /* Finally the file information. */
1388 l->l_file_id = id;
1389
1390#ifdef SHARED
1391 /* When auditing is used the recorded names might not include the
1392 name by which the DSO is actually known. Add that as well. */
1393 if (__glibc_unlikely (origname != NULL))
1394 add_name_to_object (l, origname);
1395#else
1396 /* Audit modules only exist when linking is dynamic so ORIGNAME
1397 cannot be non-NULL. */
1398 assert (origname == NULL);
1399#endif
1400
1401 /* When we profile the SONAME might be needed for something else but
1402 loading. Add it right away. */
1403 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1404 && l->l_info[DT_SONAME] != NULL)
1405 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1406 + l->l_info[DT_SONAME]->d_un.d_val));
1407
1408#ifdef DL_AFTER_LOAD
1409 DL_AFTER_LOAD (l);
1410#endif
1411
1412 /* Now that the object is fully initialized add it to the object list. */
1413 _dl_add_to_namespace_list (l, nsid);
1414
1415#ifdef SHARED
1416 /* Auditing checkpoint: we have a new object. */
1417 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1418 && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1419 {
1420 struct audit_ifaces *afct = GLRO(dl_audit);
1421 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1422 {
1423 if (afct->objopen != NULL)
1424 {
1425 l->l_audit[cnt].bindflags
1426 = afct->objopen (l, nsid, &l->l_audit[cnt].cookie);
1427
1428 l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0;
1429 }
1430
1431 afct = afct->next;
1432 }
1433 }
1434#endif
1435
1436 return l;
1437}
1438
1439/* Print search path. */
1440static void
1441print_search_path (struct r_search_path_elem **list,
1442 const char *what, const char *name)
1443{
1444 char buf[max_dirnamelen + max_capstrlen];
1445 int first = 1;
1446
1447 _dl_debug_printf (" search path=");
1448
1449 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1450 {
1451 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1452 size_t cnt;
1453
1454 for (cnt = 0; cnt < ncapstr; ++cnt)
1455 if ((*list)->status[cnt] != nonexisting)
1456 {
1457 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1458 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1459 cp[0] = '\0';
1460 else
1461 cp[-1] = '\0';
1462
1463 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1464 first = 0;
1465 }
1466
1467 ++list;
1468 }
1469
1470 if (name != NULL)
1471 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1472 DSO_FILENAME (name));
1473 else
1474 _dl_debug_printf_c ("\t\t(%s)\n", what);
1475}
1476
1477/* Open a file and verify it is an ELF file for this architecture. We
1478 ignore only ELF files for other architectures. Non-ELF files and
1479 ELF files with different header information cause fatal errors since
1480 this could mean there is something wrong in the installation and the
1481 user might want to know about this.
1482
1483 If FD is not -1, then the file is already open and FD refers to it.
1484 In that case, FD is consumed for both successful and error returns. */
1485static int
1486open_verify (const char *name, int fd,
1487 struct filebuf *fbp, struct link_map *loader,
1488 int whatcode, int mode, bool *found_other_class, bool free_name)
1489{
1490 /* This is the expected ELF header. */
1491#define ELF32_CLASS ELFCLASS32
1492#define ELF64_CLASS ELFCLASS64
1493#ifndef VALID_ELF_HEADER
1494# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1495# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1496# define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1497#elif defined MORE_ELF_HEADER_DATA
1498 MORE_ELF_HEADER_DATA;
1499#endif
1500 static const unsigned char expected[EI_NIDENT] =
1501 {
1502 [EI_MAG0] = ELFMAG0,
1503 [EI_MAG1] = ELFMAG1,
1504 [EI_MAG2] = ELFMAG2,
1505 [EI_MAG3] = ELFMAG3,
1506 [EI_CLASS] = ELFW(CLASS),
1507 [EI_DATA] = byteorder,
1508 [EI_VERSION] = EV_CURRENT,
1509 [EI_OSABI] = ELFOSABI_SYSV,
1510 [EI_ABIVERSION] = 0
1511 };
1512 static const struct
1513 {
1514 ElfW(Word) vendorlen;
1515 ElfW(Word) datalen;
1516 ElfW(Word) type;
1517 char vendor[4];
1518 } expected_note = { 4, 16, 1, "GNU" };
1519 /* Initialize it to make the compiler happy. */
1520 const char *errstring = NULL;
1521 int errval = 0;
1522
1523#ifdef SHARED
1524 /* Give the auditing libraries a chance. */
1525 if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0
1526 && loader->l_auditing == 0)
1527 {
1528 const char *original_name = name;
1529 struct audit_ifaces *afct = GLRO(dl_audit);
1530 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1531 {
1532 if (afct->objsearch != NULL)
1533 {
1534 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1535 whatcode);
1536 if (name == NULL)
1537 /* Ignore the path. */
1538 return -1;
1539 }
1540
1541 afct = afct->next;
1542 }
1543
1544 if (fd != -1 && name != original_name && strcmp (name, original_name))
1545 {
1546 /* An audit library changed what we're supposed to open,
1547 so FD no longer matches it. */
1548 __close (fd);
1549 fd = -1;
1550 }
1551 }
1552#endif
1553
1554 if (fd == -1)
1555 /* Open the file. We always open files read-only. */
1556 fd = __open (name, O_RDONLY | O_CLOEXEC);
1557
1558 if (fd != -1)
1559 {
1560 ElfW(Ehdr) *ehdr;
1561 ElfW(Phdr) *phdr, *ph;
1562 ElfW(Word) *abi_note;
1563 unsigned int osversion;
1564 size_t maplength;
1565
1566 /* We successfully opened the file. Now verify it is a file
1567 we can use. */
1568 __set_errno (0);
1569 fbp->len = 0;
1570 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1571 /* Read in the header. */
1572 do
1573 {
1574 ssize_t retlen = __libc_read (fd, fbp->buf + fbp->len,
1575 sizeof (fbp->buf) - fbp->len);
1576 if (retlen <= 0)
1577 break;
1578 fbp->len += retlen;
1579 }
1580 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1581
1582 /* This is where the ELF header is loaded. */
1583 ehdr = (ElfW(Ehdr) *) fbp->buf;
1584
1585 /* Now run the tests. */
1586 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1587 {
1588 errval = errno;
1589 errstring = (errval == 0
1590 ? N_("file too short") : N_("cannot read file data"));
1591 call_lose:
1592 if (free_name)
1593 {
1594 char *realname = (char *) name;
1595 name = strdupa (realname);
1596 free (realname);
1597 }
1598 lose (errval, fd, name, NULL, NULL, errstring, NULL, 0);
1599 }
1600
1601 /* See whether the ELF header is what we expect. */
1602 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1603 EI_ABIVERSION)
1604 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1605 ehdr->e_ident[EI_ABIVERSION])
1606 || memcmp (&ehdr->e_ident[EI_PAD],
1607 &expected[EI_PAD],
1608 EI_NIDENT - EI_PAD) != 0))
1609 {
1610 /* Something is wrong. */
1611 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1612 if (*magp !=
1613#if BYTE_ORDER == LITTLE_ENDIAN
1614 ((ELFMAG0 << (EI_MAG0 * 8)) |
1615 (ELFMAG1 << (EI_MAG1 * 8)) |
1616 (ELFMAG2 << (EI_MAG2 * 8)) |
1617 (ELFMAG3 << (EI_MAG3 * 8)))
1618#else
1619 ((ELFMAG0 << (EI_MAG3 * 8)) |
1620 (ELFMAG1 << (EI_MAG2 * 8)) |
1621 (ELFMAG2 << (EI_MAG1 * 8)) |
1622 (ELFMAG3 << (EI_MAG0 * 8)))
1623#endif
1624 )
1625 errstring = N_("invalid ELF header");
1626 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1627 {
1628 /* This is not a fatal error. On architectures where
1629 32-bit and 64-bit binaries can be run this might
1630 happen. */
1631 *found_other_class = true;
1632 goto close_and_out;
1633 }
1634 else if (ehdr->e_ident[EI_DATA] != byteorder)
1635 {
1636 if (BYTE_ORDER == BIG_ENDIAN)
1637 errstring = N_("ELF file data encoding not big-endian");
1638 else
1639 errstring = N_("ELF file data encoding not little-endian");
1640 }
1641 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1642 errstring
1643 = N_("ELF file version ident does not match current one");
1644 /* XXX We should be able so set system specific versions which are
1645 allowed here. */
1646 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1647 errstring = N_("ELF file OS ABI invalid");
1648 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1649 ehdr->e_ident[EI_ABIVERSION]))
1650 errstring = N_("ELF file ABI version invalid");
1651 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1652 EI_NIDENT - EI_PAD) != 0)
1653 errstring = N_("nonzero padding in e_ident");
1654 else
1655 /* Otherwise we don't know what went wrong. */
1656 errstring = N_("internal error");
1657
1658 goto call_lose;
1659 }
1660
1661 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1662 {
1663 errstring = N_("ELF file version does not match current one");
1664 goto call_lose;
1665 }
1666 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1667 goto close_and_out;
1668 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1669 && ehdr->e_type != ET_EXEC))
1670 {
1671 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1672 goto call_lose;
1673 }
1674 else if (__glibc_unlikely (ehdr->e_type == ET_EXEC
1675 && (mode & __RTLD_OPENEXEC) == 0))
1676 {
1677 /* BZ #16634. It is an error to dlopen ET_EXEC (unless
1678 __RTLD_OPENEXEC is explicitly set). We return error here
1679 so that code in _dl_map_object_from_fd does not try to set
1680 l_tls_modid for this module. */
1681
1682 errstring = N_("cannot dynamically load executable");
1683 goto call_lose;
1684 }
1685 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1686 {
1687 errstring = N_("ELF file's phentsize not the expected size");
1688 goto call_lose;
1689 }
1690
1691 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1692 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1693 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1694 else
1695 {
1696 phdr = alloca (maplength);
1697 __lseek (fd, ehdr->e_phoff, SEEK_SET);
1698 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1699 {
1700 read_error:
1701 errval = errno;
1702 errstring = N_("cannot read file data");
1703 goto call_lose;
1704 }
1705 }
1706
1707 if (__glibc_unlikely (elf_machine_reject_phdr_p
1708 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1709 loader, fd)))
1710 goto close_and_out;
1711
1712 /* Check .note.ABI-tag if present. */
1713 for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
1714 if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
1715 {
1716 ElfW(Addr) size = ph->p_filesz;
1717
1718 if (ph->p_offset + size <= (size_t) fbp->len)
1719 abi_note = (void *) (fbp->buf + ph->p_offset);
1720 else
1721 {
1722 abi_note = alloca (size);
1723 __lseek (fd, ph->p_offset, SEEK_SET);
1724 if (__libc_read (fd, (void *) abi_note, size) != size)
1725 goto read_error;
1726 }
1727
1728 while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
1729 {
1730#define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
1731 ElfW(Addr) note_size = 3 * sizeof (ElfW(Word))
1732 + ROUND (abi_note[0])
1733 + ROUND (abi_note[1]);
1734
1735 if (size - 32 < note_size)
1736 {
1737 size = 0;
1738 break;
1739 }
1740 size -= note_size;
1741 abi_note = (void *) abi_note + note_size;
1742 }
1743
1744 if (size == 0)
1745 continue;
1746
1747 osversion = (abi_note[5] & 0xff) * 65536
1748 + (abi_note[6] & 0xff) * 256
1749 + (abi_note[7] & 0xff);
1750 if (abi_note[4] != __ABI_TAG_OS
1751 || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
1752 {
1753 close_and_out:
1754 __close (fd);
1755 __set_errno (ENOENT);
1756 fd = -1;
1757 }
1758
1759 break;
1760 }
1761 }
1762
1763 return fd;
1764}
1765
1766/* Try to open NAME in one of the directories in *DIRSP.
1767 Return the fd, or -1. If successful, fill in *REALNAME
1768 with the malloc'd full directory name. If it turns out
1769 that none of the directories in *DIRSP exists, *DIRSP is
1770 replaced with (void *) -1, and the old value is free()d
1771 if MAY_FREE_DIRS is true. */
1772
1773static int
1774open_path (const char *name, size_t namelen, int mode,
1775 struct r_search_path_struct *sps, char **realname,
1776 struct filebuf *fbp, struct link_map *loader, int whatcode,
1777 bool *found_other_class)
1778{
1779 struct r_search_path_elem **dirs = sps->dirs;
1780 char *buf;
1781 int fd = -1;
1782 const char *current_what = NULL;
1783 int any = 0;
1784
1785 if (__glibc_unlikely (dirs == NULL))
1786 /* We're called before _dl_init_paths when loading the main executable
1787 given on the command line when rtld is run directly. */
1788 return -1;
1789
1790 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1791 do
1792 {
1793 struct r_search_path_elem *this_dir = *dirs;
1794 size_t buflen = 0;
1795 size_t cnt;
1796 char *edp;
1797 int here_any = 0;
1798 int err;
1799
1800 /* If we are debugging the search for libraries print the path
1801 now if it hasn't happened now. */
1802 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1803 && current_what != this_dir->what)
1804 {
1805 current_what = this_dir->what;
1806 print_search_path (dirs, current_what, this_dir->where);
1807 }
1808
1809 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1810 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1811 {
1812 /* Skip this directory if we know it does not exist. */
1813 if (this_dir->status[cnt] == nonexisting)
1814 continue;
1815
1816 buflen =
1817 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1818 capstr[cnt].len),
1819 name, namelen)
1820 - buf);
1821
1822 /* Print name we try if this is wanted. */
1823 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1824 _dl_debug_printf (" trying file=%s\n", buf);
1825
1826 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1827 found_other_class, false);
1828 if (this_dir->status[cnt] == unknown)
1829 {
1830 if (fd != -1)
1831 this_dir->status[cnt] = existing;
1832 /* Do not update the directory information when loading
1833 auditing code. We must try to disturb the program as
1834 little as possible. */
1835 else if (loader == NULL
1836 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1837 {
1838 /* We failed to open machine dependent library. Let's
1839 test whether there is any directory at all. */
1840 struct stat64 st;
1841
1842 buf[buflen - namelen - 1] = '\0';
1843
1844 if (__xstat64 (_STAT_VER, buf, &st) != 0
1845 || ! S_ISDIR (st.st_mode))
1846 /* The directory does not exist or it is no directory. */
1847 this_dir->status[cnt] = nonexisting;
1848 else
1849 this_dir->status[cnt] = existing;
1850 }
1851 }
1852
1853 /* Remember whether we found any existing directory. */
1854 here_any |= this_dir->status[cnt] != nonexisting;
1855
1856 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1857 && __libc_enable_secure)
1858 {
1859 /* This is an extra security effort to make sure nobody can
1860 preload broken shared objects which are in the trusted
1861 directories and so exploit the bugs. */
1862 struct stat64 st;
1863
1864 if (__fxstat64 (_STAT_VER, fd, &st) != 0
1865 || (st.st_mode & S_ISUID) == 0)
1866 {
1867 /* The shared object cannot be tested for being SUID
1868 or this bit is not set. In this case we must not
1869 use this object. */
1870 __close (fd);
1871 fd = -1;
1872 /* We simply ignore the file, signal this by setting
1873 the error value which would have been set by `open'. */
1874 errno = ENOENT;
1875 }
1876 }
1877 }
1878
1879 if (fd != -1)
1880 {
1881 *realname = (char *) malloc (buflen);
1882 if (*realname != NULL)
1883 {
1884 memcpy (*realname, buf, buflen);
1885 return fd;
1886 }
1887 else
1888 {
1889 /* No memory for the name, we certainly won't be able
1890 to load and link it. */
1891 __close (fd);
1892 return -1;
1893 }
1894 }
1895 if (here_any && (err = errno) != ENOENT && err != EACCES)
1896 /* The file exists and is readable, but something went wrong. */
1897 return -1;
1898
1899 /* Remember whether we found anything. */
1900 any |= here_any;
1901 }
1902 while (*++dirs != NULL);
1903
1904 /* Remove the whole path if none of the directories exists. */
1905 if (__glibc_unlikely (! any))
1906 {
1907 /* Paths which were allocated using the minimal malloc() in ld.so
1908 must not be freed using the general free() in libc. */
1909 if (sps->malloced)
1910 free (sps->dirs);
1911
1912 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1913 avoid writing into it. */
1914 if (sps != &rtld_search_dirs && sps != &env_path_list)
1915 sps->dirs = (void *) -1;
1916 }
1917
1918 return -1;
1919}
1920
1921/* Map in the shared object file NAME. */
1922
1923struct link_map *
1924internal_function
1925_dl_map_object (struct link_map *loader, const char *name,
1926 int type, int trace_mode, int mode, Lmid_t nsid)
1927{
1928 int fd;
1929 const char *origname = NULL;
1930 char *realname;
1931 char *name_copy;
1932 struct link_map *l;
1933 struct filebuf fb;
1934
1935 assert (nsid >= 0);
1936 assert (nsid < GL(dl_nns));
1937
1938 /* Look for this name among those already loaded. */
1939 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1940 {
1941 /* If the requested name matches the soname of a loaded object,
1942 use that object. Elide this check for names that have not
1943 yet been opened. */
1944 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1945 continue;
1946 if (!_dl_name_match_p (name, l))
1947 {
1948 const char *soname;
1949
1950 if (__glibc_likely (l->l_soname_added)
1951 || l->l_info[DT_SONAME] == NULL)
1952 continue;
1953
1954 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1955 + l->l_info[DT_SONAME]->d_un.d_val);
1956 if (strcmp (name, soname) != 0)
1957 continue;
1958
1959 /* We have a match on a new name -- cache it. */
1960 add_name_to_object (l, soname);
1961 l->l_soname_added = 1;
1962 }
1963
1964 /* We have a match. */
1965 return l;
1966 }
1967
1968 /* Display information if we are debugging. */
1969 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1970 && loader != NULL)
1971 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1972 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1973 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1974 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
1975
1976#ifdef SHARED
1977 /* Give the auditing libraries a chance to change the name before we
1978 try anything. */
1979 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1980 && (loader == NULL || loader->l_auditing == 0))
1981 {
1982 struct audit_ifaces *afct = GLRO(dl_audit);
1983 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1984 {
1985 if (afct->objsearch != NULL)
1986 {
1987 const char *before = name;
1988 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1989 LA_SER_ORIG);
1990 if (name == NULL)
1991 {
1992 /* Do not try anything further. */
1993 fd = -1;
1994 goto no_file;
1995 }
1996 if (before != name && strcmp (before, name) != 0)
1997 {
1998 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1999 _dl_debug_printf ("audit changed filename %s -> %s\n",
2000 before, name);
2001
2002 if (origname == NULL)
2003 origname = before;
2004 }
2005 }
2006
2007 afct = afct->next;
2008 }
2009 }
2010#endif
2011
2012 /* Will be true if we found a DSO which is of the other ELF class. */
2013 bool found_other_class = false;
2014
2015 if (strchr (name, '/') == NULL)
2016 {
2017 /* Search for NAME in several places. */
2018
2019 size_t namelen = strlen (name) + 1;
2020
2021 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2022 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
2023
2024 fd = -1;
2025
2026 /* When the object has the RUNPATH information we don't use any
2027 RPATHs. */
2028 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
2029 {
2030 /* This is the executable's map (if there is one). Make sure that
2031 we do not look at it twice. */
2032 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2033 bool did_main_map = false;
2034
2035 /* First try the DT_RPATH of the dependent object that caused NAME
2036 to be loaded. Then that object's dependent, and on up. */
2037 for (l = loader; l; l = l->l_loader)
2038 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2039 {
2040 fd = open_path (name, namelen, mode,
2041 &l->l_rpath_dirs,
2042 &realname, &fb, loader, LA_SER_RUNPATH,
2043 &found_other_class);
2044 if (fd != -1)
2045 break;
2046
2047 did_main_map |= l == main_map;
2048 }
2049
2050 /* If dynamically linked, try the DT_RPATH of the executable
2051 itself. NB: we do this for lookups in any namespace. */
2052 if (fd == -1 && !did_main_map
2053 && main_map != NULL && main_map->l_type != lt_loaded
2054 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2055 "RPATH"))
2056 fd = open_path (name, namelen, mode,
2057 &main_map->l_rpath_dirs,
2058 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2059 &found_other_class);
2060 }
2061
2062 /* Try the LD_LIBRARY_PATH environment variable. */
2063 if (fd == -1 && env_path_list.dirs != (void *) -1)
2064 fd = open_path (name, namelen, mode, &env_path_list,
2065 &realname, &fb,
2066 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2067 LA_SER_LIBPATH, &found_other_class);
2068
2069 /* Look at the RUNPATH information for this binary. */
2070 if (fd == -1 && loader != NULL
2071 && cache_rpath (loader, &loader->l_runpath_dirs,
2072 DT_RUNPATH, "RUNPATH"))
2073 fd = open_path (name, namelen, mode,
2074 &loader->l_runpath_dirs, &realname, &fb, loader,
2075 LA_SER_RUNPATH, &found_other_class);
2076
2077 if (fd == -1)
2078 {
2079 realname = _dl_sysdep_open_object (name, namelen, &fd);
2080 if (realname != NULL)
2081 {
2082 fd = open_verify (realname, fd,
2083 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2084 LA_SER_CONFIG, mode, &found_other_class,
2085 false);
2086 if (fd == -1)
2087 free (realname);
2088 }
2089 }
2090
2091#ifdef USE_LDCONFIG
2092 if (fd == -1
2093 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2094 || ! __libc_enable_secure)
2095 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2096 {
2097 /* Check the list of libraries in the file /etc/ld.so.cache,
2098 for compatibility with Linux's ldconfig program. */
2099 char *cached = _dl_load_cache_lookup (name);
2100
2101 if (cached != NULL)
2102 {
2103 // XXX Correct to unconditionally default to namespace 0?
2104 l = (loader
2105 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2106# ifdef SHARED
2107 ?: &GL(dl_rtld_map)
2108# endif
2109 );
2110
2111 /* If the loader has the DF_1_NODEFLIB flag set we must not
2112 use a cache entry from any of these directories. */
2113 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2114 {
2115 const char *dirp = system_dirs;
2116 unsigned int cnt = 0;
2117
2118 do
2119 {
2120 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2121 {
2122 /* The prefix matches. Don't use the entry. */
2123 free (cached);
2124 cached = NULL;
2125 break;
2126 }
2127
2128 dirp += system_dirs_len[cnt] + 1;
2129 ++cnt;
2130 }
2131 while (cnt < nsystem_dirs_len);
2132 }
2133
2134 if (cached != NULL)
2135 {
2136 fd = open_verify (cached, -1,
2137 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2138 LA_SER_CONFIG, mode, &found_other_class,
2139 false);
2140 if (__glibc_likely (fd != -1))
2141 realname = cached;
2142 else
2143 free (cached);
2144 }
2145 }
2146 }
2147#endif
2148
2149 /* Finally, try the default path. */
2150 if (fd == -1
2151 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2152 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2153 && rtld_search_dirs.dirs != (void *) -1)
2154 fd = open_path (name, namelen, mode, &rtld_search_dirs,
2155 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2156
2157 /* Add another newline when we are tracing the library loading. */
2158 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2159 _dl_debug_printf ("\n");
2160 }
2161 else
2162 {
2163 /* The path may contain dynamic string tokens. */
2164 realname = (loader
2165 ? expand_dynamic_string_token (loader, name, 0)
2166 : __strdup (name));
2167 if (realname == NULL)
2168 fd = -1;
2169 else
2170 {
2171 fd = open_verify (realname, -1, &fb,
2172 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2173 &found_other_class, true);
2174 if (__glibc_unlikely (fd == -1))
2175 free (realname);
2176 }
2177 }
2178
2179#ifdef SHARED
2180 no_file:
2181#endif
2182 /* In case the LOADER information has only been provided to get to
2183 the appropriate RUNPATH/RPATH information we do not need it
2184 anymore. */
2185 if (mode & __RTLD_CALLMAP)
2186 loader = NULL;
2187
2188 if (__glibc_unlikely (fd == -1))
2189 {
2190 if (trace_mode
2191 && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0))
2192 {
2193 /* We haven't found an appropriate library. But since we
2194 are only interested in the list of libraries this isn't
2195 so severe. Fake an entry with all the information we
2196 have. */
2197 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2198
2199 /* Allocate a new object map. */
2200 if ((name_copy = __strdup (name)) == NULL
2201 || (l = _dl_new_object (name_copy, name, type, loader,
2202 mode, nsid)) == NULL)
2203 {
2204 free (name_copy);
2205 _dl_signal_error (ENOMEM, name, NULL,
2206 N_("cannot create shared object descriptor"));
2207 }
2208 /* Signal that this is a faked entry. */
2209 l->l_faked = 1;
2210 /* Since the descriptor is initialized with zero we do not
2211 have do this here.
2212 l->l_reserved = 0; */
2213 l->l_buckets = &dummy_bucket;
2214 l->l_nbuckets = 1;
2215 l->l_relocated = 1;
2216
2217 /* Enter the object in the object list. */
2218 _dl_add_to_namespace_list (l, nsid);
2219
2220 return l;
2221 }
2222 else if (found_other_class)
2223 _dl_signal_error (0, name, NULL,
2224 ELFW(CLASS) == ELFCLASS32
2225 ? N_("wrong ELF class: ELFCLASS64")
2226 : N_("wrong ELF class: ELFCLASS32"));
2227 else
2228 _dl_signal_error (errno, name, NULL,
2229 N_("cannot open shared object file"));
2230 }
2231
2232 void *stack_end = __libc_stack_end;
2233 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2234 type, mode, &stack_end, nsid);
2235}
2236
2237struct add_path_state
2238{
2239 bool counting;
2240 unsigned int idx;
2241 Dl_serinfo *si;
2242 char *allocptr;
2243};
2244
2245static void
2246add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2247 unsigned int flags)
2248{
2249 if (sps->dirs != (void *) -1)
2250 {
2251 struct r_search_path_elem **dirs = sps->dirs;
2252 do
2253 {
2254 const struct r_search_path_elem *const r = *dirs++;
2255 if (p->counting)
2256 {
2257 p->si->dls_cnt++;
2258 p->si->dls_size += MAX (2, r->dirnamelen);
2259 }
2260 else
2261 {
2262 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2263 sp->dls_name = p->allocptr;
2264 if (r->dirnamelen < 2)
2265 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2266 else
2267 p->allocptr = __mempcpy (p->allocptr,
2268 r->dirname, r->dirnamelen - 1);
2269 *p->allocptr++ = '\0';
2270 sp->dls_flags = flags;
2271 }
2272 }
2273 while (*dirs != NULL);
2274 }
2275}
2276
2277void
2278internal_function
2279_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2280{
2281 if (counting)
2282 {
2283 si->dls_cnt = 0;
2284 si->dls_size = 0;
2285 }
2286
2287 struct add_path_state p =
2288 {
2289 .counting = counting,
2290 .idx = 0,
2291 .si = si,
2292 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2293 };
2294
2295# define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2296
2297 /* When the object has the RUNPATH information we don't use any RPATHs. */
2298 if (loader->l_info[DT_RUNPATH] == NULL)
2299 {
2300 /* First try the DT_RPATH of the dependent object that caused NAME
2301 to be loaded. Then that object's dependent, and on up. */
2302
2303 struct link_map *l = loader;
2304 do
2305 {
2306 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2307 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2308 l = l->l_loader;
2309 }
2310 while (l != NULL);
2311
2312 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2313 if (loader->l_ns == LM_ID_BASE)
2314 {
2315 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2316 if (l != NULL && l->l_type != lt_loaded && l != loader)
2317 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2318 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2319 }
2320 }
2321
2322 /* Try the LD_LIBRARY_PATH environment variable. */
2323 add_path (&p, &env_path_list, XXX_ENV);
2324
2325 /* Look at the RUNPATH information for this binary. */
2326 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2327 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2328
2329 /* XXX
2330 Here is where ld.so.cache gets checked, but we don't have
2331 a way to indicate that in the results for Dl_serinfo. */
2332
2333 /* Finally, try the default path. */
2334 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2335 add_path (&p, &rtld_search_dirs, XXX_default);
2336
2337 if (counting)
2338 /* Count the struct size before the string area, which we didn't
2339 know before we completed dls_cnt. */
2340 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2341}
2342