1 | /* Map in a shared object's segments from the file. |
2 | Copyright (C) 1995-2017 Free Software Foundation, Inc. |
3 | This file is part of the GNU C Library. |
4 | |
5 | The GNU C Library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public |
7 | License as published by the Free Software Foundation; either |
8 | version 2.1 of the License, or (at your option) any later version. |
9 | |
10 | The GNU C Library is distributed in the hope that it will be useful, |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Lesser General Public License for more details. |
14 | |
15 | You should have received a copy of the GNU Lesser General Public |
16 | License along with the GNU C Library; if not, see |
17 | <http://www.gnu.org/licenses/>. */ |
18 | |
19 | #include <elf.h> |
20 | #include <errno.h> |
21 | #include <fcntl.h> |
22 | #include <libintl.h> |
23 | #include <stdbool.h> |
24 | #include <stdlib.h> |
25 | #include <string.h> |
26 | #include <unistd.h> |
27 | #include <ldsodefs.h> |
28 | #include <bits/wordsize.h> |
29 | #include <sys/mman.h> |
30 | #include <sys/param.h> |
31 | #include <sys/stat.h> |
32 | #include <sys/types.h> |
33 | #include "dynamic-link.h" |
34 | #include <abi-tag.h> |
35 | #include <stackinfo.h> |
36 | #include <caller.h> |
37 | #include <sysdep.h> |
38 | #include <stap-probe.h> |
39 | #include <libc-internal.h> |
40 | #include <array_length.h> |
41 | |
42 | #include <dl-dst.h> |
43 | #include <dl-load.h> |
44 | #include <dl-map-segments.h> |
45 | #include <dl-unmap-segments.h> |
46 | #include <dl-machine-reject-phdr.h> |
47 | #include <dl-sysdep-open.h> |
48 | |
49 | |
50 | #include <endian.h> |
51 | #if BYTE_ORDER == BIG_ENDIAN |
52 | # define byteorder ELFDATA2MSB |
53 | #elif BYTE_ORDER == LITTLE_ENDIAN |
54 | # define byteorder ELFDATA2LSB |
55 | #else |
56 | # error "Unknown BYTE_ORDER " BYTE_ORDER |
57 | # define byteorder ELFDATANONE |
58 | #endif |
59 | |
60 | #define STRING(x) __STRING (x) |
61 | |
62 | |
63 | int __stack_prot attribute_hidden attribute_relro |
64 | #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN |
65 | = PROT_GROWSDOWN; |
66 | #elif _STACK_GROWS_UP && defined PROT_GROWSUP |
67 | = PROT_GROWSUP; |
68 | #else |
69 | = 0; |
70 | #endif |
71 | |
72 | |
73 | /* Type for the buffer we put the ELF header and hopefully the program |
74 | header. This buffer does not really have to be too large. In most |
75 | cases the program header follows the ELF header directly. If this |
76 | is not the case all bets are off and we can make the header |
77 | arbitrarily large and still won't get it read. This means the only |
78 | question is how large are the ELF and program header combined. The |
79 | ELF header 32-bit files is 52 bytes long and in 64-bit files is 64 |
80 | bytes long. Each program header entry is again 32 and 56 bytes |
81 | long respectively. I.e., even with a file which has 10 program |
82 | header entries we only have to read 372B/624B respectively. Add to |
83 | this a bit of margin for program notes and reading 512B and 832B |
84 | for 32-bit and 64-bit files respecitvely is enough. If this |
85 | heuristic should really fail for some file the code in |
86 | `_dl_map_object_from_fd' knows how to recover. */ |
87 | struct filebuf |
88 | { |
89 | ssize_t len; |
90 | #if __WORDSIZE == 32 |
91 | # define FILEBUF_SIZE 512 |
92 | #else |
93 | # define FILEBUF_SIZE 832 |
94 | #endif |
95 | char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr))))); |
96 | }; |
97 | |
98 | /* This is the decomposed LD_LIBRARY_PATH search path. */ |
99 | static struct r_search_path_struct env_path_list attribute_relro; |
100 | |
101 | /* List of the hardware capabilities we might end up using. */ |
102 | static const struct r_strlenpair *capstr attribute_relro; |
103 | static size_t ncapstr attribute_relro; |
104 | static size_t max_capstrlen attribute_relro; |
105 | |
106 | |
107 | /* Get the generated information about the trusted directories. Use |
108 | an array of concatenated strings to avoid relocations. See |
109 | gen-trusted-dirs.awk. */ |
110 | #include "trusted-dirs.h" |
111 | |
112 | static const char system_dirs[] = SYSTEM_DIRS; |
113 | static const size_t system_dirs_len[] = |
114 | { |
115 | SYSTEM_DIRS_LEN |
116 | }; |
117 | #define nsystem_dirs_len array_length (system_dirs_len) |
118 | |
119 | static bool |
120 | is_trusted_path (const char *path, size_t len) |
121 | { |
122 | const char *trun = system_dirs; |
123 | |
124 | for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) |
125 | { |
126 | if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0) |
127 | /* Found it. */ |
128 | return true; |
129 | |
130 | trun += system_dirs_len[idx] + 1; |
131 | } |
132 | |
133 | return false; |
134 | } |
135 | |
136 | |
137 | static bool |
138 | is_trusted_path_normalize (const char *path, size_t len) |
139 | { |
140 | if (len == 0) |
141 | return false; |
142 | |
143 | if (*path == ':') |
144 | { |
145 | ++path; |
146 | --len; |
147 | } |
148 | |
149 | char *npath = (char *) alloca (len + 2); |
150 | char *wnp = npath; |
151 | while (*path != '\0') |
152 | { |
153 | if (path[0] == '/') |
154 | { |
155 | if (path[1] == '.') |
156 | { |
157 | if (path[2] == '.' && (path[3] == '/' || path[3] == '\0')) |
158 | { |
159 | while (wnp > npath && *--wnp != '/') |
160 | ; |
161 | path += 3; |
162 | continue; |
163 | } |
164 | else if (path[2] == '/' || path[2] == '\0') |
165 | { |
166 | path += 2; |
167 | continue; |
168 | } |
169 | } |
170 | |
171 | if (wnp > npath && wnp[-1] == '/') |
172 | { |
173 | ++path; |
174 | continue; |
175 | } |
176 | } |
177 | |
178 | *wnp++ = *path++; |
179 | } |
180 | |
181 | if (wnp == npath || wnp[-1] != '/') |
182 | *wnp++ = '/'; |
183 | |
184 | const char *trun = system_dirs; |
185 | |
186 | for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) |
187 | { |
188 | if (wnp - npath >= system_dirs_len[idx] |
189 | && memcmp (trun, npath, system_dirs_len[idx]) == 0) |
190 | /* Found it. */ |
191 | return true; |
192 | |
193 | trun += system_dirs_len[idx] + 1; |
194 | } |
195 | |
196 | return false; |
197 | } |
198 | |
199 | |
200 | static size_t |
201 | is_dst (const char *start, const char *name, const char *str, |
202 | int is_path, int secure) |
203 | { |
204 | size_t len; |
205 | bool is_curly = false; |
206 | |
207 | if (name[0] == '{') |
208 | { |
209 | is_curly = true; |
210 | ++name; |
211 | } |
212 | |
213 | len = 0; |
214 | while (name[len] == str[len] && name[len] != '\0') |
215 | ++len; |
216 | |
217 | if (is_curly) |
218 | { |
219 | if (name[len] != '}') |
220 | return 0; |
221 | |
222 | /* Point again at the beginning of the name. */ |
223 | --name; |
224 | /* Skip over closing curly brace and adjust for the --name. */ |
225 | len += 2; |
226 | } |
227 | else if (name[len] != '\0' && name[len] != '/' |
228 | && (!is_path || name[len] != ':')) |
229 | return 0; |
230 | |
231 | if (__glibc_unlikely (secure) |
232 | && ((name[len] != '\0' && name[len] != '/' |
233 | && (!is_path || name[len] != ':')) |
234 | || (name != start + 1 && (!is_path || name[-2] != ':')))) |
235 | return 0; |
236 | |
237 | return len; |
238 | } |
239 | |
240 | |
241 | size_t |
242 | _dl_dst_count (const char *name, int is_path) |
243 | { |
244 | const char *const start = name; |
245 | size_t cnt = 0; |
246 | |
247 | do |
248 | { |
249 | size_t len; |
250 | |
251 | /* $ORIGIN is not expanded for SUID/GUID programs (except if it |
252 | is $ORIGIN alone) and it must always appear first in path. */ |
253 | ++name; |
254 | if ((len = is_dst (start, name, "ORIGIN" , is_path, |
255 | __libc_enable_secure)) != 0 |
256 | || (len = is_dst (start, name, "PLATFORM" , is_path, 0)) != 0 |
257 | || (len = is_dst (start, name, "LIB" , is_path, 0)) != 0) |
258 | ++cnt; |
259 | |
260 | name = strchr (name + len, '$'); |
261 | } |
262 | while (name != NULL); |
263 | |
264 | return cnt; |
265 | } |
266 | |
267 | |
268 | char * |
269 | _dl_dst_substitute (struct link_map *l, const char *name, char *result, |
270 | int is_path) |
271 | { |
272 | const char *const start = name; |
273 | |
274 | /* Now fill the result path. While copying over the string we keep |
275 | track of the start of the last path element. When we come across |
276 | a DST we copy over the value or (if the value is not available) |
277 | leave the entire path element out. */ |
278 | char *wp = result; |
279 | char *last_elem = result; |
280 | bool check_for_trusted = false; |
281 | |
282 | do |
283 | { |
284 | if (__glibc_unlikely (*name == '$')) |
285 | { |
286 | const char *repl = NULL; |
287 | size_t len; |
288 | |
289 | ++name; |
290 | if ((len = is_dst (start, name, "ORIGIN" , is_path, |
291 | __libc_enable_secure)) != 0) |
292 | { |
293 | repl = l->l_origin; |
294 | check_for_trusted = (__libc_enable_secure |
295 | && l->l_type == lt_executable); |
296 | } |
297 | else if ((len = is_dst (start, name, "PLATFORM" , is_path, 0)) != 0) |
298 | repl = GLRO(dl_platform); |
299 | else if ((len = is_dst (start, name, "LIB" , is_path, 0)) != 0) |
300 | repl = DL_DST_LIB; |
301 | |
302 | if (repl != NULL && repl != (const char *) -1) |
303 | { |
304 | wp = __stpcpy (wp, repl); |
305 | name += len; |
306 | } |
307 | else if (len > 1) |
308 | { |
309 | /* We cannot use this path element, the value of the |
310 | replacement is unknown. */ |
311 | wp = last_elem; |
312 | name += len; |
313 | while (*name != '\0' && (!is_path || *name != ':')) |
314 | ++name; |
315 | /* Also skip following colon if this is the first rpath |
316 | element, but keep an empty element at the end. */ |
317 | if (wp == result && is_path && *name == ':' && name[1] != '\0') |
318 | ++name; |
319 | } |
320 | else |
321 | /* No DST we recognize. */ |
322 | *wp++ = '$'; |
323 | } |
324 | else |
325 | { |
326 | *wp++ = *name++; |
327 | if (is_path && *name == ':') |
328 | { |
329 | /* In SUID/SGID programs, after $ORIGIN expansion the |
330 | normalized path must be rooted in one of the trusted |
331 | directories. */ |
332 | if (__glibc_unlikely (check_for_trusted) |
333 | && !is_trusted_path_normalize (last_elem, wp - last_elem)) |
334 | wp = last_elem; |
335 | else |
336 | last_elem = wp; |
337 | |
338 | check_for_trusted = false; |
339 | } |
340 | } |
341 | } |
342 | while (*name != '\0'); |
343 | |
344 | /* In SUID/SGID programs, after $ORIGIN expansion the normalized |
345 | path must be rooted in one of the trusted directories. */ |
346 | if (__glibc_unlikely (check_for_trusted) |
347 | && !is_trusted_path_normalize (last_elem, wp - last_elem)) |
348 | wp = last_elem; |
349 | |
350 | *wp = '\0'; |
351 | |
352 | return result; |
353 | } |
354 | |
355 | |
356 | /* Return copy of argument with all recognized dynamic string tokens |
357 | ($ORIGIN and $PLATFORM for now) replaced. On some platforms it |
358 | might not be possible to determine the path from which the object |
359 | belonging to the map is loaded. In this case the path element |
360 | containing $ORIGIN is left out. */ |
361 | static char * |
362 | expand_dynamic_string_token (struct link_map *l, const char *s, int is_path) |
363 | { |
364 | /* We make two runs over the string. First we determine how large the |
365 | resulting string is and then we copy it over. Since this is no |
366 | frequently executed operation we are looking here not for performance |
367 | but rather for code size. */ |
368 | size_t cnt; |
369 | size_t total; |
370 | char *result; |
371 | |
372 | /* Determine the number of DST elements. */ |
373 | cnt = DL_DST_COUNT (s, is_path); |
374 | |
375 | /* If we do not have to replace anything simply copy the string. */ |
376 | if (__glibc_likely (cnt == 0)) |
377 | return __strdup (s); |
378 | |
379 | /* Determine the length of the substituted string. */ |
380 | total = DL_DST_REQUIRED (l, s, strlen (s), cnt); |
381 | |
382 | /* Allocate the necessary memory. */ |
383 | result = (char *) malloc (total + 1); |
384 | if (result == NULL) |
385 | return NULL; |
386 | |
387 | return _dl_dst_substitute (l, s, result, is_path); |
388 | } |
389 | |
390 | |
391 | /* Add `name' to the list of names for a particular shared object. |
392 | `name' is expected to have been allocated with malloc and will |
393 | be freed if the shared object already has this name. |
394 | Returns false if the object already had this name. */ |
395 | static void |
396 | internal_function |
397 | add_name_to_object (struct link_map *l, const char *name) |
398 | { |
399 | struct libname_list *lnp, *lastp; |
400 | struct libname_list *newname; |
401 | size_t name_len; |
402 | |
403 | lastp = NULL; |
404 | for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next) |
405 | if (strcmp (name, lnp->name) == 0) |
406 | return; |
407 | |
408 | name_len = strlen (name) + 1; |
409 | newname = (struct libname_list *) malloc (sizeof *newname + name_len); |
410 | if (newname == NULL) |
411 | { |
412 | /* No more memory. */ |
413 | _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record" )); |
414 | return; |
415 | } |
416 | /* The object should have a libname set from _dl_new_object. */ |
417 | assert (lastp != NULL); |
418 | |
419 | newname->name = memcpy (newname + 1, name, name_len); |
420 | newname->next = NULL; |
421 | newname->dont_free = 0; |
422 | lastp->next = newname; |
423 | } |
424 | |
425 | /* Standard search directories. */ |
426 | static struct r_search_path_struct rtld_search_dirs attribute_relro; |
427 | |
428 | static size_t max_dirnamelen; |
429 | |
430 | static struct r_search_path_elem ** |
431 | fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, |
432 | int check_trusted, const char *what, const char *where, |
433 | struct link_map *l) |
434 | { |
435 | char *cp; |
436 | size_t nelems = 0; |
437 | |
438 | while ((cp = __strsep (&rpath, sep)) != NULL) |
439 | { |
440 | struct r_search_path_elem *dirp; |
441 | char *to_free = NULL; |
442 | size_t len = 0; |
443 | |
444 | /* `strsep' can pass an empty string. */ |
445 | if (*cp != '\0') |
446 | { |
447 | to_free = cp = expand_dynamic_string_token (l, cp, 1); |
448 | |
449 | /* expand_dynamic_string_token can return NULL in case of empty |
450 | path or memory allocation failure. */ |
451 | if (cp == NULL) |
452 | continue; |
453 | |
454 | /* Compute the length after dynamic string token expansion and |
455 | ignore empty paths. */ |
456 | len = strlen (cp); |
457 | if (len == 0) |
458 | { |
459 | free (to_free); |
460 | continue; |
461 | } |
462 | |
463 | /* Remove trailing slashes (except for "/"). */ |
464 | while (len > 1 && cp[len - 1] == '/') |
465 | --len; |
466 | |
467 | /* Now add one if there is none so far. */ |
468 | if (len > 0 && cp[len - 1] != '/') |
469 | cp[len++] = '/'; |
470 | } |
471 | |
472 | /* Make sure we don't use untrusted directories if we run SUID. */ |
473 | if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len)) |
474 | { |
475 | free (to_free); |
476 | continue; |
477 | } |
478 | |
479 | /* See if this directory is already known. */ |
480 | for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) |
481 | if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0) |
482 | break; |
483 | |
484 | if (dirp != NULL) |
485 | { |
486 | /* It is available, see whether it's on our own list. */ |
487 | size_t cnt; |
488 | for (cnt = 0; cnt < nelems; ++cnt) |
489 | if (result[cnt] == dirp) |
490 | break; |
491 | |
492 | if (cnt == nelems) |
493 | result[nelems++] = dirp; |
494 | } |
495 | else |
496 | { |
497 | size_t cnt; |
498 | enum r_dir_status init_val; |
499 | size_t where_len = where ? strlen (where) + 1 : 0; |
500 | |
501 | /* It's a new directory. Create an entry and add it. */ |
502 | dirp = (struct r_search_path_elem *) |
503 | malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status) |
504 | + where_len + len + 1); |
505 | if (dirp == NULL) |
506 | _dl_signal_error (ENOMEM, NULL, NULL, |
507 | N_("cannot create cache for search path" )); |
508 | |
509 | dirp->dirname = ((char *) dirp + sizeof (*dirp) |
510 | + ncapstr * sizeof (enum r_dir_status)); |
511 | *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0'; |
512 | dirp->dirnamelen = len; |
513 | |
514 | if (len > max_dirnamelen) |
515 | max_dirnamelen = len; |
516 | |
517 | /* We have to make sure all the relative directories are |
518 | never ignored. The current directory might change and |
519 | all our saved information would be void. */ |
520 | init_val = cp[0] != '/' ? existing : unknown; |
521 | for (cnt = 0; cnt < ncapstr; ++cnt) |
522 | dirp->status[cnt] = init_val; |
523 | |
524 | dirp->what = what; |
525 | if (__glibc_likely (where != NULL)) |
526 | dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1 |
527 | + (ncapstr * sizeof (enum r_dir_status)), |
528 | where, where_len); |
529 | else |
530 | dirp->where = NULL; |
531 | |
532 | dirp->next = GL(dl_all_dirs); |
533 | GL(dl_all_dirs) = dirp; |
534 | |
535 | /* Put it in the result array. */ |
536 | result[nelems++] = dirp; |
537 | } |
538 | free (to_free); |
539 | } |
540 | |
541 | /* Terminate the array. */ |
542 | result[nelems] = NULL; |
543 | |
544 | return result; |
545 | } |
546 | |
547 | |
548 | static bool |
549 | internal_function |
550 | decompose_rpath (struct r_search_path_struct *sps, |
551 | const char *rpath, struct link_map *l, const char *what) |
552 | { |
553 | /* Make a copy we can work with. */ |
554 | const char *where = l->l_name; |
555 | char *copy; |
556 | char *cp; |
557 | struct r_search_path_elem **result; |
558 | size_t nelems; |
559 | /* Initialize to please the compiler. */ |
560 | const char *errstring = NULL; |
561 | |
562 | /* First see whether we must forget the RUNPATH and RPATH from this |
563 | object. */ |
564 | if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL) |
565 | && !__libc_enable_secure) |
566 | { |
567 | const char *inhp = GLRO(dl_inhibit_rpath); |
568 | |
569 | do |
570 | { |
571 | const char *wp = where; |
572 | |
573 | while (*inhp == *wp && *wp != '\0') |
574 | { |
575 | ++inhp; |
576 | ++wp; |
577 | } |
578 | |
579 | if (*wp == '\0' && (*inhp == '\0' || *inhp == ':')) |
580 | { |
581 | /* This object is on the list of objects for which the |
582 | RUNPATH and RPATH must not be used. */ |
583 | sps->dirs = (void *) -1; |
584 | return false; |
585 | } |
586 | |
587 | while (*inhp != '\0') |
588 | if (*inhp++ == ':') |
589 | break; |
590 | } |
591 | while (*inhp != '\0'); |
592 | } |
593 | |
594 | /* Make a writable copy. */ |
595 | copy = __strdup (rpath); |
596 | if (copy == NULL) |
597 | { |
598 | errstring = N_("cannot create RUNPATH/RPATH copy" ); |
599 | goto signal_error; |
600 | } |
601 | |
602 | /* Ignore empty rpaths. */ |
603 | if (*copy == 0) |
604 | { |
605 | free (copy); |
606 | sps->dirs = (struct r_search_path_elem **) -1; |
607 | return false; |
608 | } |
609 | |
610 | /* Count the number of necessary elements in the result array. */ |
611 | nelems = 0; |
612 | for (cp = copy; *cp != '\0'; ++cp) |
613 | if (*cp == ':') |
614 | ++nelems; |
615 | |
616 | /* Allocate room for the result. NELEMS + 1 is an upper limit for the |
617 | number of necessary entries. */ |
618 | result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1) |
619 | * sizeof (*result)); |
620 | if (result == NULL) |
621 | { |
622 | free (copy); |
623 | errstring = N_("cannot create cache for search path" ); |
624 | signal_error: |
625 | _dl_signal_error (ENOMEM, NULL, NULL, errstring); |
626 | } |
627 | |
628 | fillin_rpath (copy, result, ":" , 0, what, where, l); |
629 | |
630 | /* Free the copied RPATH string. `fillin_rpath' make own copies if |
631 | necessary. */ |
632 | free (copy); |
633 | |
634 | /* There is no path after expansion. */ |
635 | if (result[0] == NULL) |
636 | { |
637 | free (result); |
638 | sps->dirs = (struct r_search_path_elem **) -1; |
639 | return false; |
640 | } |
641 | |
642 | sps->dirs = result; |
643 | /* The caller will change this value if we haven't used a real malloc. */ |
644 | sps->malloced = 1; |
645 | return true; |
646 | } |
647 | |
648 | /* Make sure cached path information is stored in *SP |
649 | and return true if there are any paths to search there. */ |
650 | static bool |
651 | cache_rpath (struct link_map *l, |
652 | struct r_search_path_struct *sp, |
653 | int tag, |
654 | const char *what) |
655 | { |
656 | if (sp->dirs == (void *) -1) |
657 | return false; |
658 | |
659 | if (sp->dirs != NULL) |
660 | return true; |
661 | |
662 | if (l->l_info[tag] == NULL) |
663 | { |
664 | /* There is no path. */ |
665 | sp->dirs = (void *) -1; |
666 | return false; |
667 | } |
668 | |
669 | /* Make sure the cache information is available. */ |
670 | return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB]) |
671 | + l->l_info[tag]->d_un.d_val), |
672 | l, what); |
673 | } |
674 | |
675 | |
676 | void |
677 | internal_function |
678 | _dl_init_paths (const char *llp) |
679 | { |
680 | size_t idx; |
681 | const char *strp; |
682 | struct r_search_path_elem *pelem, **aelem; |
683 | size_t round_size; |
684 | struct link_map __attribute__ ((unused)) *l = NULL; |
685 | /* Initialize to please the compiler. */ |
686 | const char *errstring = NULL; |
687 | |
688 | /* Fill in the information about the application's RPATH and the |
689 | directories addressed by the LD_LIBRARY_PATH environment variable. */ |
690 | |
691 | /* Get the capabilities. */ |
692 | capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen), |
693 | &ncapstr, &max_capstrlen); |
694 | |
695 | /* First set up the rest of the default search directory entries. */ |
696 | aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **) |
697 | malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *)); |
698 | if (rtld_search_dirs.dirs == NULL) |
699 | { |
700 | errstring = N_("cannot create search path array" ); |
701 | signal_error: |
702 | _dl_signal_error (ENOMEM, NULL, NULL, errstring); |
703 | } |
704 | |
705 | round_size = ((2 * sizeof (struct r_search_path_elem) - 1 |
706 | + ncapstr * sizeof (enum r_dir_status)) |
707 | / sizeof (struct r_search_path_elem)); |
708 | |
709 | rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size |
710 | * sizeof (*rtld_search_dirs.dirs[0])); |
711 | if (rtld_search_dirs.dirs[0] == NULL) |
712 | { |
713 | errstring = N_("cannot create cache for search path" ); |
714 | goto signal_error; |
715 | } |
716 | |
717 | rtld_search_dirs.malloced = 0; |
718 | pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0]; |
719 | strp = system_dirs; |
720 | idx = 0; |
721 | |
722 | do |
723 | { |
724 | size_t cnt; |
725 | |
726 | *aelem++ = pelem; |
727 | |
728 | pelem->what = "system search path" ; |
729 | pelem->where = NULL; |
730 | |
731 | pelem->dirname = strp; |
732 | pelem->dirnamelen = system_dirs_len[idx]; |
733 | strp += system_dirs_len[idx] + 1; |
734 | |
735 | /* System paths must be absolute. */ |
736 | assert (pelem->dirname[0] == '/'); |
737 | for (cnt = 0; cnt < ncapstr; ++cnt) |
738 | pelem->status[cnt] = unknown; |
739 | |
740 | pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size)); |
741 | |
742 | pelem += round_size; |
743 | } |
744 | while (idx < nsystem_dirs_len); |
745 | |
746 | max_dirnamelen = SYSTEM_DIRS_MAX_LEN; |
747 | *aelem = NULL; |
748 | |
749 | #ifdef SHARED |
750 | /* This points to the map of the main object. */ |
751 | l = GL(dl_ns)[LM_ID_BASE]._ns_loaded; |
752 | if (l != NULL) |
753 | { |
754 | assert (l->l_type != lt_loaded); |
755 | |
756 | if (l->l_info[DT_RUNPATH]) |
757 | { |
758 | /* Allocate room for the search path and fill in information |
759 | from RUNPATH. */ |
760 | decompose_rpath (&l->l_runpath_dirs, |
761 | (const void *) (D_PTR (l, l_info[DT_STRTAB]) |
762 | + l->l_info[DT_RUNPATH]->d_un.d_val), |
763 | l, "RUNPATH" ); |
764 | /* During rtld init the memory is allocated by the stub malloc, |
765 | prevent any attempt to free it by the normal malloc. */ |
766 | l->l_runpath_dirs.malloced = 0; |
767 | |
768 | /* The RPATH is ignored. */ |
769 | l->l_rpath_dirs.dirs = (void *) -1; |
770 | } |
771 | else |
772 | { |
773 | l->l_runpath_dirs.dirs = (void *) -1; |
774 | |
775 | if (l->l_info[DT_RPATH]) |
776 | { |
777 | /* Allocate room for the search path and fill in information |
778 | from RPATH. */ |
779 | decompose_rpath (&l->l_rpath_dirs, |
780 | (const void *) (D_PTR (l, l_info[DT_STRTAB]) |
781 | + l->l_info[DT_RPATH]->d_un.d_val), |
782 | l, "RPATH" ); |
783 | /* During rtld init the memory is allocated by the stub |
784 | malloc, prevent any attempt to free it by the normal |
785 | malloc. */ |
786 | l->l_rpath_dirs.malloced = 0; |
787 | } |
788 | else |
789 | l->l_rpath_dirs.dirs = (void *) -1; |
790 | } |
791 | } |
792 | #endif /* SHARED */ |
793 | |
794 | if (llp != NULL && *llp != '\0') |
795 | { |
796 | char *llp_tmp = strdupa (llp); |
797 | |
798 | /* Decompose the LD_LIBRARY_PATH contents. First determine how many |
799 | elements it has. */ |
800 | size_t nllp = 1; |
801 | for (const char *cp = llp_tmp; *cp != '\0'; ++cp) |
802 | if (*cp == ':' || *cp == ';') |
803 | ++nllp; |
804 | |
805 | env_path_list.dirs = (struct r_search_path_elem **) |
806 | malloc ((nllp + 1) * sizeof (struct r_search_path_elem *)); |
807 | if (env_path_list.dirs == NULL) |
808 | { |
809 | errstring = N_("cannot create cache for search path" ); |
810 | goto signal_error; |
811 | } |
812 | |
813 | (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;" , |
814 | __libc_enable_secure, "LD_LIBRARY_PATH" , |
815 | NULL, l); |
816 | |
817 | if (env_path_list.dirs[0] == NULL) |
818 | { |
819 | free (env_path_list.dirs); |
820 | env_path_list.dirs = (void *) -1; |
821 | } |
822 | |
823 | env_path_list.malloced = 0; |
824 | } |
825 | else |
826 | env_path_list.dirs = (void *) -1; |
827 | } |
828 | |
829 | |
830 | static void |
831 | __attribute__ ((noreturn, noinline)) |
832 | lose (int code, int fd, const char *name, char *realname, struct link_map *l, |
833 | const char *msg, struct r_debug *r, Lmid_t nsid) |
834 | { |
835 | /* The file might already be closed. */ |
836 | if (fd != -1) |
837 | (void) __close (fd); |
838 | if (l != NULL && l->l_origin != (char *) -1l) |
839 | free ((char *) l->l_origin); |
840 | free (l); |
841 | free (realname); |
842 | |
843 | if (r != NULL) |
844 | { |
845 | r->r_state = RT_CONSISTENT; |
846 | _dl_debug_state (); |
847 | LIBC_PROBE (map_failed, 2, nsid, r); |
848 | } |
849 | |
850 | _dl_signal_error (code, name, NULL, msg); |
851 | } |
852 | |
853 | |
854 | /* Map in the shared object NAME, actually located in REALNAME, and already |
855 | opened on FD. */ |
856 | |
857 | #ifndef EXTERNAL_MAP_FROM_FD |
858 | static |
859 | #endif |
860 | struct link_map * |
861 | _dl_map_object_from_fd (const char *name, const char *origname, int fd, |
862 | struct filebuf *fbp, char *realname, |
863 | struct link_map *loader, int l_type, int mode, |
864 | void **stack_endp, Lmid_t nsid) |
865 | { |
866 | struct link_map *l = NULL; |
867 | const ElfW(Ehdr) *; |
868 | const ElfW(Phdr) *phdr; |
869 | const ElfW(Phdr) *ph; |
870 | size_t maplength; |
871 | int type; |
872 | /* Initialize to keep the compiler happy. */ |
873 | const char *errstring = NULL; |
874 | int errval = 0; |
875 | struct r_debug *r = _dl_debug_initialize (0, nsid); |
876 | bool make_consistent = false; |
877 | |
878 | /* Get file information. */ |
879 | struct r_file_id id; |
880 | if (__glibc_unlikely (!_dl_get_file_id (fd, &id))) |
881 | { |
882 | errstring = N_("cannot stat shared object" ); |
883 | call_lose_errno: |
884 | errval = errno; |
885 | call_lose: |
886 | lose (errval, fd, name, realname, l, errstring, |
887 | make_consistent ? r : NULL, nsid); |
888 | } |
889 | |
890 | /* Look again to see if the real name matched another already loaded. */ |
891 | for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next) |
892 | if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id)) |
893 | { |
894 | /* The object is already loaded. |
895 | Just bump its reference count and return it. */ |
896 | __close (fd); |
897 | |
898 | /* If the name is not in the list of names for this object add |
899 | it. */ |
900 | free (realname); |
901 | add_name_to_object (l, name); |
902 | |
903 | return l; |
904 | } |
905 | |
906 | #ifdef SHARED |
907 | /* When loading into a namespace other than the base one we must |
908 | avoid loading ld.so since there can only be one copy. Ever. */ |
909 | if (__glibc_unlikely (nsid != LM_ID_BASE) |
910 | && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id) |
911 | || _dl_name_match_p (name, &GL(dl_rtld_map)))) |
912 | { |
913 | /* This is indeed ld.so. Create a new link_map which refers to |
914 | the real one for almost everything. */ |
915 | l = _dl_new_object (realname, name, l_type, loader, mode, nsid); |
916 | if (l == NULL) |
917 | goto fail_new; |
918 | |
919 | /* Refer to the real descriptor. */ |
920 | l->l_real = &GL(dl_rtld_map); |
921 | |
922 | /* No need to bump the refcount of the real object, ld.so will |
923 | never be unloaded. */ |
924 | __close (fd); |
925 | |
926 | /* Add the map for the mirrored object to the object list. */ |
927 | _dl_add_to_namespace_list (l, nsid); |
928 | |
929 | return l; |
930 | } |
931 | #endif |
932 | |
933 | if (mode & RTLD_NOLOAD) |
934 | { |
935 | /* We are not supposed to load the object unless it is already |
936 | loaded. So return now. */ |
937 | free (realname); |
938 | __close (fd); |
939 | return NULL; |
940 | } |
941 | |
942 | /* Print debugging message. */ |
943 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) |
944 | _dl_debug_printf ("file=%s [%lu]; generating link map\n" , name, nsid); |
945 | |
946 | /* This is the ELF header. We read it in `open_verify'. */ |
947 | header = (void *) fbp->buf; |
948 | |
949 | #ifndef MAP_ANON |
950 | # define MAP_ANON 0 |
951 | if (_dl_zerofd == -1) |
952 | { |
953 | _dl_zerofd = _dl_sysdep_open_zero_fill (); |
954 | if (_dl_zerofd == -1) |
955 | { |
956 | free (realname); |
957 | __close (fd); |
958 | _dl_signal_error (errno, NULL, NULL, |
959 | N_("cannot open zero fill device" )); |
960 | } |
961 | } |
962 | #endif |
963 | |
964 | /* Signal that we are going to add new objects. */ |
965 | if (r->r_state == RT_CONSISTENT) |
966 | { |
967 | #ifdef SHARED |
968 | /* Auditing checkpoint: we are going to add new objects. */ |
969 | if ((mode & __RTLD_AUDIT) == 0 |
970 | && __glibc_unlikely (GLRO(dl_naudit) > 0)) |
971 | { |
972 | struct link_map *head = GL(dl_ns)[nsid]._ns_loaded; |
973 | /* Do not call the functions for any auditing object. */ |
974 | if (head->l_auditing == 0) |
975 | { |
976 | struct audit_ifaces *afct = GLRO(dl_audit); |
977 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) |
978 | { |
979 | if (afct->activity != NULL) |
980 | afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD); |
981 | |
982 | afct = afct->next; |
983 | } |
984 | } |
985 | } |
986 | #endif |
987 | |
988 | /* Notify the debugger we have added some objects. We need to |
989 | call _dl_debug_initialize in a static program in case dynamic |
990 | linking has not been used before. */ |
991 | r->r_state = RT_ADD; |
992 | _dl_debug_state (); |
993 | LIBC_PROBE (map_start, 2, nsid, r); |
994 | make_consistent = true; |
995 | } |
996 | else |
997 | assert (r->r_state == RT_ADD); |
998 | |
999 | /* Enter the new object in the list of loaded objects. */ |
1000 | l = _dl_new_object (realname, name, l_type, loader, mode, nsid); |
1001 | if (__glibc_unlikely (l == NULL)) |
1002 | { |
1003 | #ifdef SHARED |
1004 | fail_new: |
1005 | #endif |
1006 | errstring = N_("cannot create shared object descriptor" ); |
1007 | goto call_lose_errno; |
1008 | } |
1009 | |
1010 | /* Extract the remaining details we need from the ELF header |
1011 | and then read in the program header table. */ |
1012 | l->l_entry = header->e_entry; |
1013 | type = header->e_type; |
1014 | l->l_phnum = header->e_phnum; |
1015 | |
1016 | maplength = header->e_phnum * sizeof (ElfW(Phdr)); |
1017 | if (header->e_phoff + maplength <= (size_t) fbp->len) |
1018 | phdr = (void *) (fbp->buf + header->e_phoff); |
1019 | else |
1020 | { |
1021 | phdr = alloca (maplength); |
1022 | __lseek (fd, header->e_phoff, SEEK_SET); |
1023 | if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength) |
1024 | { |
1025 | errstring = N_("cannot read file data" ); |
1026 | goto call_lose_errno; |
1027 | } |
1028 | } |
1029 | |
1030 | /* On most platforms presume that PT_GNU_STACK is absent and the stack is |
1031 | * executable. Other platforms default to a nonexecutable stack and don't |
1032 | * need PT_GNU_STACK to do so. */ |
1033 | uint_fast16_t stack_flags = DEFAULT_STACK_PERMS; |
1034 | |
1035 | { |
1036 | /* Scan the program header table, collecting its load commands. */ |
1037 | struct loadcmd loadcmds[l->l_phnum]; |
1038 | size_t nloadcmds = 0; |
1039 | bool has_holes = false; |
1040 | |
1041 | /* The struct is initialized to zero so this is not necessary: |
1042 | l->l_ld = 0; |
1043 | l->l_phdr = 0; |
1044 | l->l_addr = 0; */ |
1045 | for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph) |
1046 | switch (ph->p_type) |
1047 | { |
1048 | /* These entries tell us where to find things once the file's |
1049 | segments are mapped in. We record the addresses it says |
1050 | verbatim, and later correct for the run-time load address. */ |
1051 | case PT_DYNAMIC: |
1052 | l->l_ld = (void *) ph->p_vaddr; |
1053 | l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn)); |
1054 | break; |
1055 | |
1056 | case PT_PHDR: |
1057 | l->l_phdr = (void *) ph->p_vaddr; |
1058 | break; |
1059 | |
1060 | case PT_LOAD: |
1061 | /* A load command tells us to map in part of the file. |
1062 | We record the load commands and process them all later. */ |
1063 | if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0)) |
1064 | { |
1065 | errstring = N_("ELF load command alignment not page-aligned" ); |
1066 | goto call_lose; |
1067 | } |
1068 | if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset) |
1069 | & (ph->p_align - 1)) != 0)) |
1070 | { |
1071 | errstring |
1072 | = N_("ELF load command address/offset not properly aligned" ); |
1073 | goto call_lose; |
1074 | } |
1075 | |
1076 | struct loadcmd *c = &loadcmds[nloadcmds++]; |
1077 | c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize)); |
1078 | c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize)); |
1079 | c->dataend = ph->p_vaddr + ph->p_filesz; |
1080 | c->allocend = ph->p_vaddr + ph->p_memsz; |
1081 | c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize)); |
1082 | |
1083 | /* Determine whether there is a gap between the last segment |
1084 | and this one. */ |
1085 | if (nloadcmds > 1 && c[-1].mapend != c->mapstart) |
1086 | has_holes = true; |
1087 | |
1088 | /* Optimize a common case. */ |
1089 | #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7 |
1090 | c->prot = (PF_TO_PROT |
1091 | >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf; |
1092 | #else |
1093 | c->prot = 0; |
1094 | if (ph->p_flags & PF_R) |
1095 | c->prot |= PROT_READ; |
1096 | if (ph->p_flags & PF_W) |
1097 | c->prot |= PROT_WRITE; |
1098 | if (ph->p_flags & PF_X) |
1099 | c->prot |= PROT_EXEC; |
1100 | #endif |
1101 | break; |
1102 | |
1103 | case PT_TLS: |
1104 | if (ph->p_memsz == 0) |
1105 | /* Nothing to do for an empty segment. */ |
1106 | break; |
1107 | |
1108 | l->l_tls_blocksize = ph->p_memsz; |
1109 | l->l_tls_align = ph->p_align; |
1110 | if (ph->p_align == 0) |
1111 | l->l_tls_firstbyte_offset = 0; |
1112 | else |
1113 | l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1); |
1114 | l->l_tls_initimage_size = ph->p_filesz; |
1115 | /* Since we don't know the load address yet only store the |
1116 | offset. We will adjust it later. */ |
1117 | l->l_tls_initimage = (void *) ph->p_vaddr; |
1118 | |
1119 | /* If not loading the initial set of shared libraries, |
1120 | check whether we should permit loading a TLS segment. */ |
1121 | if (__glibc_likely (l->l_type == lt_library) |
1122 | /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did |
1123 | not set up TLS data structures, so don't use them now. */ |
1124 | || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL)) |
1125 | { |
1126 | /* Assign the next available module ID. */ |
1127 | l->l_tls_modid = _dl_next_tls_modid (); |
1128 | break; |
1129 | } |
1130 | |
1131 | #ifdef SHARED |
1132 | /* We are loading the executable itself when the dynamic |
1133 | linker was executed directly. The setup will happen |
1134 | later. Otherwise, the TLS data structures are already |
1135 | initialized, and we assigned a TLS modid above. */ |
1136 | assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0); |
1137 | #else |
1138 | assert (false && "TLS not initialized in static application" ); |
1139 | #endif |
1140 | break; |
1141 | |
1142 | case PT_GNU_STACK: |
1143 | stack_flags = ph->p_flags; |
1144 | break; |
1145 | |
1146 | case PT_GNU_RELRO: |
1147 | l->l_relro_addr = ph->p_vaddr; |
1148 | l->l_relro_size = ph->p_memsz; |
1149 | break; |
1150 | } |
1151 | |
1152 | if (__glibc_unlikely (nloadcmds == 0)) |
1153 | { |
1154 | /* This only happens for a bogus object that will be caught with |
1155 | another error below. But we don't want to go through the |
1156 | calculations below using NLOADCMDS - 1. */ |
1157 | errstring = N_("object file has no loadable segments" ); |
1158 | goto call_lose; |
1159 | } |
1160 | |
1161 | if (__glibc_unlikely (type != ET_DYN) |
1162 | && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)) |
1163 | { |
1164 | /* This object is loaded at a fixed address. This must never |
1165 | happen for objects loaded with dlopen. */ |
1166 | errstring = N_("cannot dynamically load executable" ); |
1167 | goto call_lose; |
1168 | } |
1169 | |
1170 | /* Length of the sections to be loaded. */ |
1171 | maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart; |
1172 | |
1173 | /* Now process the load commands and map segments into memory. |
1174 | This is responsible for filling in: |
1175 | l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr |
1176 | */ |
1177 | errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, |
1178 | maplength, has_holes, loader); |
1179 | if (__glibc_unlikely (errstring != NULL)) |
1180 | goto call_lose; |
1181 | } |
1182 | |
1183 | if (l->l_ld == 0) |
1184 | { |
1185 | if (__glibc_unlikely (type == ET_DYN)) |
1186 | { |
1187 | errstring = N_("object file has no dynamic section" ); |
1188 | goto call_lose; |
1189 | } |
1190 | } |
1191 | else |
1192 | l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr); |
1193 | |
1194 | elf_get_dynamic_info (l, NULL); |
1195 | |
1196 | /* Make sure we are not dlopen'ing an object that has the |
1197 | DF_1_NOOPEN flag set. */ |
1198 | if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) |
1199 | && (mode & __RTLD_DLOPEN)) |
1200 | { |
1201 | /* We are not supposed to load this object. Free all resources. */ |
1202 | _dl_unmap_segments (l); |
1203 | |
1204 | if (!l->l_libname->dont_free) |
1205 | free (l->l_libname); |
1206 | |
1207 | if (l->l_phdr_allocated) |
1208 | free ((void *) l->l_phdr); |
1209 | |
1210 | errstring = N_("shared object cannot be dlopen()ed" ); |
1211 | goto call_lose; |
1212 | } |
1213 | |
1214 | if (l->l_phdr == NULL) |
1215 | { |
1216 | /* The program header is not contained in any of the segments. |
1217 | We have to allocate memory ourself and copy it over from out |
1218 | temporary place. */ |
1219 | ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum |
1220 | * sizeof (ElfW(Phdr))); |
1221 | if (newp == NULL) |
1222 | { |
1223 | errstring = N_("cannot allocate memory for program header" ); |
1224 | goto call_lose_errno; |
1225 | } |
1226 | |
1227 | l->l_phdr = memcpy (newp, phdr, |
1228 | (header->e_phnum * sizeof (ElfW(Phdr)))); |
1229 | l->l_phdr_allocated = 1; |
1230 | } |
1231 | else |
1232 | /* Adjust the PT_PHDR value by the runtime load address. */ |
1233 | l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr); |
1234 | |
1235 | if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X)) |
1236 | { |
1237 | if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso) != 0)) |
1238 | { |
1239 | errstring = N_("invalid caller" ); |
1240 | goto call_lose; |
1241 | } |
1242 | |
1243 | /* The stack is presently not executable, but this module |
1244 | requires that it be executable. We must change the |
1245 | protection of the variable which contains the flags used in |
1246 | the mprotect calls. */ |
1247 | #ifdef SHARED |
1248 | if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN) |
1249 | { |
1250 | const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize); |
1251 | const size_t s = (uintptr_t) (&__stack_prot + 1) - p; |
1252 | |
1253 | struct link_map *const m = &GL(dl_rtld_map); |
1254 | const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr |
1255 | + m->l_relro_size) |
1256 | & -GLRO(dl_pagesize)); |
1257 | if (__glibc_likely (p + s <= relro_end)) |
1258 | { |
1259 | /* The variable lies in the region protected by RELRO. */ |
1260 | if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0) |
1261 | { |
1262 | errstring = N_("cannot change memory protections" ); |
1263 | goto call_lose_errno; |
1264 | } |
1265 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
1266 | __mprotect ((void *) p, s, PROT_READ); |
1267 | } |
1268 | else |
1269 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
1270 | } |
1271 | else |
1272 | #endif |
1273 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
1274 | |
1275 | #ifdef check_consistency |
1276 | check_consistency (); |
1277 | #endif |
1278 | |
1279 | errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); |
1280 | if (errval) |
1281 | { |
1282 | errstring = N_("\ |
1283 | cannot enable executable stack as shared object requires" ); |
1284 | goto call_lose; |
1285 | } |
1286 | } |
1287 | |
1288 | /* Adjust the address of the TLS initialization image. */ |
1289 | if (l->l_tls_initimage != NULL) |
1290 | l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr; |
1291 | |
1292 | /* We are done mapping in the file. We no longer need the descriptor. */ |
1293 | if (__glibc_unlikely (__close (fd) != 0)) |
1294 | { |
1295 | errstring = N_("cannot close file descriptor" ); |
1296 | goto call_lose_errno; |
1297 | } |
1298 | /* Signal that we closed the file. */ |
1299 | fd = -1; |
1300 | |
1301 | /* If this is ET_EXEC, we should have loaded it as lt_executable. */ |
1302 | assert (type != ET_EXEC || l->l_type == lt_executable); |
1303 | |
1304 | l->l_entry += l->l_addr; |
1305 | |
1306 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) |
1307 | _dl_debug_printf ("\ |
1308 | dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\ |
1309 | entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n" , |
1310 | (int) sizeof (void *) * 2, |
1311 | (unsigned long int) l->l_ld, |
1312 | (int) sizeof (void *) * 2, |
1313 | (unsigned long int) l->l_addr, |
1314 | (int) sizeof (void *) * 2, maplength, |
1315 | (int) sizeof (void *) * 2, |
1316 | (unsigned long int) l->l_entry, |
1317 | (int) sizeof (void *) * 2, |
1318 | (unsigned long int) l->l_phdr, |
1319 | (int) sizeof (void *) * 2, l->l_phnum); |
1320 | |
1321 | /* Set up the symbol hash table. */ |
1322 | _dl_setup_hash (l); |
1323 | |
1324 | /* If this object has DT_SYMBOLIC set modify now its scope. We don't |
1325 | have to do this for the main map. */ |
1326 | if ((mode & RTLD_DEEPBIND) == 0 |
1327 | && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL) |
1328 | && &l->l_searchlist != l->l_scope[0]) |
1329 | { |
1330 | /* Create an appropriate searchlist. It contains only this map. |
1331 | This is the definition of DT_SYMBOLIC in SysVr4. */ |
1332 | l->l_symbolic_searchlist.r_list[0] = l; |
1333 | l->l_symbolic_searchlist.r_nlist = 1; |
1334 | |
1335 | /* Now move the existing entries one back. */ |
1336 | memmove (&l->l_scope[1], &l->l_scope[0], |
1337 | (l->l_scope_max - 1) * sizeof (l->l_scope[0])); |
1338 | |
1339 | /* Now add the new entry. */ |
1340 | l->l_scope[0] = &l->l_symbolic_searchlist; |
1341 | } |
1342 | |
1343 | /* Remember whether this object must be initialized first. */ |
1344 | if (l->l_flags_1 & DF_1_INITFIRST) |
1345 | GL(dl_initfirst) = l; |
1346 | |
1347 | /* Finally the file information. */ |
1348 | l->l_file_id = id; |
1349 | |
1350 | #ifdef SHARED |
1351 | /* When auditing is used the recorded names might not include the |
1352 | name by which the DSO is actually known. Add that as well. */ |
1353 | if (__glibc_unlikely (origname != NULL)) |
1354 | add_name_to_object (l, origname); |
1355 | #else |
1356 | /* Audit modules only exist when linking is dynamic so ORIGNAME |
1357 | cannot be non-NULL. */ |
1358 | assert (origname == NULL); |
1359 | #endif |
1360 | |
1361 | /* When we profile the SONAME might be needed for something else but |
1362 | loading. Add it right away. */ |
1363 | if (__glibc_unlikely (GLRO(dl_profile) != NULL) |
1364 | && l->l_info[DT_SONAME] != NULL) |
1365 | add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB]) |
1366 | + l->l_info[DT_SONAME]->d_un.d_val)); |
1367 | |
1368 | #ifdef DL_AFTER_LOAD |
1369 | DL_AFTER_LOAD (l); |
1370 | #endif |
1371 | |
1372 | /* Now that the object is fully initialized add it to the object list. */ |
1373 | _dl_add_to_namespace_list (l, nsid); |
1374 | |
1375 | #ifdef SHARED |
1376 | /* Auditing checkpoint: we have a new object. */ |
1377 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) |
1378 | && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing) |
1379 | { |
1380 | struct audit_ifaces *afct = GLRO(dl_audit); |
1381 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) |
1382 | { |
1383 | if (afct->objopen != NULL) |
1384 | { |
1385 | l->l_audit[cnt].bindflags |
1386 | = afct->objopen (l, nsid, &l->l_audit[cnt].cookie); |
1387 | |
1388 | l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0; |
1389 | } |
1390 | |
1391 | afct = afct->next; |
1392 | } |
1393 | } |
1394 | #endif |
1395 | |
1396 | return l; |
1397 | } |
1398 | |
1399 | /* Print search path. */ |
1400 | static void |
1401 | print_search_path (struct r_search_path_elem **list, |
1402 | const char *what, const char *name) |
1403 | { |
1404 | char buf[max_dirnamelen + max_capstrlen]; |
1405 | int first = 1; |
1406 | |
1407 | _dl_debug_printf (" search path=" ); |
1408 | |
1409 | while (*list != NULL && (*list)->what == what) /* Yes, ==. */ |
1410 | { |
1411 | char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen); |
1412 | size_t cnt; |
1413 | |
1414 | for (cnt = 0; cnt < ncapstr; ++cnt) |
1415 | if ((*list)->status[cnt] != nonexisting) |
1416 | { |
1417 | char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len); |
1418 | if (cp == buf || (cp == buf + 1 && buf[0] == '/')) |
1419 | cp[0] = '\0'; |
1420 | else |
1421 | cp[-1] = '\0'; |
1422 | |
1423 | _dl_debug_printf_c (first ? "%s" : ":%s" , buf); |
1424 | first = 0; |
1425 | } |
1426 | |
1427 | ++list; |
1428 | } |
1429 | |
1430 | if (name != NULL) |
1431 | _dl_debug_printf_c ("\t\t(%s from file %s)\n" , what, |
1432 | DSO_FILENAME (name)); |
1433 | else |
1434 | _dl_debug_printf_c ("\t\t(%s)\n" , what); |
1435 | } |
1436 | |
1437 | /* Open a file and verify it is an ELF file for this architecture. We |
1438 | ignore only ELF files for other architectures. Non-ELF files and |
1439 | ELF files with different header information cause fatal errors since |
1440 | this could mean there is something wrong in the installation and the |
1441 | user might want to know about this. |
1442 | |
1443 | If FD is not -1, then the file is already open and FD refers to it. |
1444 | In that case, FD is consumed for both successful and error returns. */ |
1445 | static int |
1446 | open_verify (const char *name, int fd, |
1447 | struct filebuf *fbp, struct link_map *loader, |
1448 | int whatcode, int mode, bool *found_other_class, bool free_name) |
1449 | { |
1450 | /* This is the expected ELF header. */ |
1451 | #define ELF32_CLASS ELFCLASS32 |
1452 | #define ELF64_CLASS ELFCLASS64 |
1453 | #ifndef VALID_ELF_HEADER |
1454 | # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0) |
1455 | # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV) |
1456 | # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0) |
1457 | #elif defined MORE_ELF_HEADER_DATA |
1458 | MORE_ELF_HEADER_DATA; |
1459 | #endif |
1460 | static const unsigned char expected[EI_NIDENT] = |
1461 | { |
1462 | [EI_MAG0] = ELFMAG0, |
1463 | [EI_MAG1] = ELFMAG1, |
1464 | [EI_MAG2] = ELFMAG2, |
1465 | [EI_MAG3] = ELFMAG3, |
1466 | [EI_CLASS] = ELFW(CLASS), |
1467 | [EI_DATA] = byteorder, |
1468 | [EI_VERSION] = EV_CURRENT, |
1469 | [EI_OSABI] = ELFOSABI_SYSV, |
1470 | [EI_ABIVERSION] = 0 |
1471 | }; |
1472 | static const struct |
1473 | { |
1474 | ElfW(Word) vendorlen; |
1475 | ElfW(Word) datalen; |
1476 | ElfW(Word) type; |
1477 | char vendor[4]; |
1478 | } expected_note = { 4, 16, 1, "GNU" }; |
1479 | /* Initialize it to make the compiler happy. */ |
1480 | const char *errstring = NULL; |
1481 | int errval = 0; |
1482 | |
1483 | #ifdef SHARED |
1484 | /* Give the auditing libraries a chance. */ |
1485 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0 |
1486 | && loader->l_auditing == 0) |
1487 | { |
1488 | const char *original_name = name; |
1489 | struct audit_ifaces *afct = GLRO(dl_audit); |
1490 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) |
1491 | { |
1492 | if (afct->objsearch != NULL) |
1493 | { |
1494 | name = afct->objsearch (name, &loader->l_audit[cnt].cookie, |
1495 | whatcode); |
1496 | if (name == NULL) |
1497 | /* Ignore the path. */ |
1498 | return -1; |
1499 | } |
1500 | |
1501 | afct = afct->next; |
1502 | } |
1503 | |
1504 | if (fd != -1 && name != original_name && strcmp (name, original_name)) |
1505 | { |
1506 | /* An audit library changed what we're supposed to open, |
1507 | so FD no longer matches it. */ |
1508 | __close (fd); |
1509 | fd = -1; |
1510 | } |
1511 | } |
1512 | #endif |
1513 | |
1514 | if (fd == -1) |
1515 | /* Open the file. We always open files read-only. */ |
1516 | fd = __open (name, O_RDONLY | O_CLOEXEC); |
1517 | |
1518 | if (fd != -1) |
1519 | { |
1520 | ElfW(Ehdr) *ehdr; |
1521 | ElfW(Phdr) *phdr, *ph; |
1522 | ElfW(Word) *abi_note; |
1523 | unsigned int osversion; |
1524 | size_t maplength; |
1525 | |
1526 | /* We successfully opened the file. Now verify it is a file |
1527 | we can use. */ |
1528 | __set_errno (0); |
1529 | fbp->len = 0; |
1530 | assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr))); |
1531 | /* Read in the header. */ |
1532 | do |
1533 | { |
1534 | ssize_t retlen = __libc_read (fd, fbp->buf + fbp->len, |
1535 | sizeof (fbp->buf) - fbp->len); |
1536 | if (retlen <= 0) |
1537 | break; |
1538 | fbp->len += retlen; |
1539 | } |
1540 | while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr)))); |
1541 | |
1542 | /* This is where the ELF header is loaded. */ |
1543 | ehdr = (ElfW(Ehdr) *) fbp->buf; |
1544 | |
1545 | /* Now run the tests. */ |
1546 | if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr)))) |
1547 | { |
1548 | errval = errno; |
1549 | errstring = (errval == 0 |
1550 | ? N_("file too short" ) : N_("cannot read file data" )); |
1551 | call_lose: |
1552 | if (free_name) |
1553 | { |
1554 | char *realname = (char *) name; |
1555 | name = strdupa (realname); |
1556 | free (realname); |
1557 | } |
1558 | lose (errval, fd, name, NULL, NULL, errstring, NULL, 0); |
1559 | } |
1560 | |
1561 | /* See whether the ELF header is what we expect. */ |
1562 | if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected, |
1563 | EI_ABIVERSION) |
1564 | || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI], |
1565 | ehdr->e_ident[EI_ABIVERSION]) |
1566 | || memcmp (&ehdr->e_ident[EI_PAD], |
1567 | &expected[EI_PAD], |
1568 | EI_NIDENT - EI_PAD) != 0)) |
1569 | { |
1570 | /* Something is wrong. */ |
1571 | const Elf32_Word *magp = (const void *) ehdr->e_ident; |
1572 | if (*magp != |
1573 | #if BYTE_ORDER == LITTLE_ENDIAN |
1574 | ((ELFMAG0 << (EI_MAG0 * 8)) | |
1575 | (ELFMAG1 << (EI_MAG1 * 8)) | |
1576 | (ELFMAG2 << (EI_MAG2 * 8)) | |
1577 | (ELFMAG3 << (EI_MAG3 * 8))) |
1578 | #else |
1579 | ((ELFMAG0 << (EI_MAG3 * 8)) | |
1580 | (ELFMAG1 << (EI_MAG2 * 8)) | |
1581 | (ELFMAG2 << (EI_MAG1 * 8)) | |
1582 | (ELFMAG3 << (EI_MAG0 * 8))) |
1583 | #endif |
1584 | ) |
1585 | errstring = N_("invalid ELF header" ); |
1586 | else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS)) |
1587 | { |
1588 | /* This is not a fatal error. On architectures where |
1589 | 32-bit and 64-bit binaries can be run this might |
1590 | happen. */ |
1591 | *found_other_class = true; |
1592 | goto close_and_out; |
1593 | } |
1594 | else if (ehdr->e_ident[EI_DATA] != byteorder) |
1595 | { |
1596 | if (BYTE_ORDER == BIG_ENDIAN) |
1597 | errstring = N_("ELF file data encoding not big-endian" ); |
1598 | else |
1599 | errstring = N_("ELF file data encoding not little-endian" ); |
1600 | } |
1601 | else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) |
1602 | errstring |
1603 | = N_("ELF file version ident does not match current one" ); |
1604 | /* XXX We should be able so set system specific versions which are |
1605 | allowed here. */ |
1606 | else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI])) |
1607 | errstring = N_("ELF file OS ABI invalid" ); |
1608 | else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI], |
1609 | ehdr->e_ident[EI_ABIVERSION])) |
1610 | errstring = N_("ELF file ABI version invalid" ); |
1611 | else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD], |
1612 | EI_NIDENT - EI_PAD) != 0) |
1613 | errstring = N_("nonzero padding in e_ident" ); |
1614 | else |
1615 | /* Otherwise we don't know what went wrong. */ |
1616 | errstring = N_("internal error" ); |
1617 | |
1618 | goto call_lose; |
1619 | } |
1620 | |
1621 | if (__glibc_unlikely (ehdr->e_version != EV_CURRENT)) |
1622 | { |
1623 | errstring = N_("ELF file version does not match current one" ); |
1624 | goto call_lose; |
1625 | } |
1626 | if (! __glibc_likely (elf_machine_matches_host (ehdr))) |
1627 | goto close_and_out; |
1628 | else if (__glibc_unlikely (ehdr->e_type != ET_DYN |
1629 | && ehdr->e_type != ET_EXEC)) |
1630 | { |
1631 | errstring = N_("only ET_DYN and ET_EXEC can be loaded" ); |
1632 | goto call_lose; |
1633 | } |
1634 | else if (__glibc_unlikely (ehdr->e_type == ET_EXEC |
1635 | && (mode & __RTLD_OPENEXEC) == 0)) |
1636 | { |
1637 | /* BZ #16634. It is an error to dlopen ET_EXEC (unless |
1638 | __RTLD_OPENEXEC is explicitly set). We return error here |
1639 | so that code in _dl_map_object_from_fd does not try to set |
1640 | l_tls_modid for this module. */ |
1641 | |
1642 | errstring = N_("cannot dynamically load executable" ); |
1643 | goto call_lose; |
1644 | } |
1645 | else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr)))) |
1646 | { |
1647 | errstring = N_("ELF file's phentsize not the expected size" ); |
1648 | goto call_lose; |
1649 | } |
1650 | |
1651 | maplength = ehdr->e_phnum * sizeof (ElfW(Phdr)); |
1652 | if (ehdr->e_phoff + maplength <= (size_t) fbp->len) |
1653 | phdr = (void *) (fbp->buf + ehdr->e_phoff); |
1654 | else |
1655 | { |
1656 | phdr = alloca (maplength); |
1657 | __lseek (fd, ehdr->e_phoff, SEEK_SET); |
1658 | if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength) |
1659 | { |
1660 | read_error: |
1661 | errval = errno; |
1662 | errstring = N_("cannot read file data" ); |
1663 | goto call_lose; |
1664 | } |
1665 | } |
1666 | |
1667 | if (__glibc_unlikely (elf_machine_reject_phdr_p |
1668 | (phdr, ehdr->e_phnum, fbp->buf, fbp->len, |
1669 | loader, fd))) |
1670 | goto close_and_out; |
1671 | |
1672 | /* Check .note.ABI-tag if present. */ |
1673 | for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph) |
1674 | if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4) |
1675 | { |
1676 | ElfW(Addr) size = ph->p_filesz; |
1677 | |
1678 | if (ph->p_offset + size <= (size_t) fbp->len) |
1679 | abi_note = (void *) (fbp->buf + ph->p_offset); |
1680 | else |
1681 | { |
1682 | abi_note = alloca (size); |
1683 | __lseek (fd, ph->p_offset, SEEK_SET); |
1684 | if (__libc_read (fd, (void *) abi_note, size) != size) |
1685 | goto read_error; |
1686 | } |
1687 | |
1688 | while (memcmp (abi_note, &expected_note, sizeof (expected_note))) |
1689 | { |
1690 | #define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word))) |
1691 | ElfW(Addr) note_size = 3 * sizeof (ElfW(Word)) |
1692 | + ROUND (abi_note[0]) |
1693 | + ROUND (abi_note[1]); |
1694 | |
1695 | if (size - 32 < note_size) |
1696 | { |
1697 | size = 0; |
1698 | break; |
1699 | } |
1700 | size -= note_size; |
1701 | abi_note = (void *) abi_note + note_size; |
1702 | } |
1703 | |
1704 | if (size == 0) |
1705 | continue; |
1706 | |
1707 | osversion = (abi_note[5] & 0xff) * 65536 |
1708 | + (abi_note[6] & 0xff) * 256 |
1709 | + (abi_note[7] & 0xff); |
1710 | if (abi_note[4] != __ABI_TAG_OS |
1711 | || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion)) |
1712 | { |
1713 | close_and_out: |
1714 | __close (fd); |
1715 | __set_errno (ENOENT); |
1716 | fd = -1; |
1717 | } |
1718 | |
1719 | break; |
1720 | } |
1721 | } |
1722 | |
1723 | return fd; |
1724 | } |
1725 | |
1726 | /* Try to open NAME in one of the directories in *DIRSP. |
1727 | Return the fd, or -1. If successful, fill in *REALNAME |
1728 | with the malloc'd full directory name. If it turns out |
1729 | that none of the directories in *DIRSP exists, *DIRSP is |
1730 | replaced with (void *) -1, and the old value is free()d |
1731 | if MAY_FREE_DIRS is true. */ |
1732 | |
1733 | static int |
1734 | open_path (const char *name, size_t namelen, int mode, |
1735 | struct r_search_path_struct *sps, char **realname, |
1736 | struct filebuf *fbp, struct link_map *loader, int whatcode, |
1737 | bool *found_other_class) |
1738 | { |
1739 | struct r_search_path_elem **dirs = sps->dirs; |
1740 | char *buf; |
1741 | int fd = -1; |
1742 | const char *current_what = NULL; |
1743 | int any = 0; |
1744 | |
1745 | if (__glibc_unlikely (dirs == NULL)) |
1746 | /* We're called before _dl_init_paths when loading the main executable |
1747 | given on the command line when rtld is run directly. */ |
1748 | return -1; |
1749 | |
1750 | buf = alloca (max_dirnamelen + max_capstrlen + namelen); |
1751 | do |
1752 | { |
1753 | struct r_search_path_elem *this_dir = *dirs; |
1754 | size_t buflen = 0; |
1755 | size_t cnt; |
1756 | char *edp; |
1757 | int here_any = 0; |
1758 | int err; |
1759 | |
1760 | /* If we are debugging the search for libraries print the path |
1761 | now if it hasn't happened now. */ |
1762 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS) |
1763 | && current_what != this_dir->what) |
1764 | { |
1765 | current_what = this_dir->what; |
1766 | print_search_path (dirs, current_what, this_dir->where); |
1767 | } |
1768 | |
1769 | edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen); |
1770 | for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt) |
1771 | { |
1772 | /* Skip this directory if we know it does not exist. */ |
1773 | if (this_dir->status[cnt] == nonexisting) |
1774 | continue; |
1775 | |
1776 | buflen = |
1777 | ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str, |
1778 | capstr[cnt].len), |
1779 | name, namelen) |
1780 | - buf); |
1781 | |
1782 | /* Print name we try if this is wanted. */ |
1783 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
1784 | _dl_debug_printf (" trying file=%s\n" , buf); |
1785 | |
1786 | fd = open_verify (buf, -1, fbp, loader, whatcode, mode, |
1787 | found_other_class, false); |
1788 | if (this_dir->status[cnt] == unknown) |
1789 | { |
1790 | if (fd != -1) |
1791 | this_dir->status[cnt] = existing; |
1792 | /* Do not update the directory information when loading |
1793 | auditing code. We must try to disturb the program as |
1794 | little as possible. */ |
1795 | else if (loader == NULL |
1796 | || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0) |
1797 | { |
1798 | /* We failed to open machine dependent library. Let's |
1799 | test whether there is any directory at all. */ |
1800 | struct stat64 st; |
1801 | |
1802 | buf[buflen - namelen - 1] = '\0'; |
1803 | |
1804 | if (__xstat64 (_STAT_VER, buf, &st) != 0 |
1805 | || ! S_ISDIR (st.st_mode)) |
1806 | /* The directory does not exist or it is no directory. */ |
1807 | this_dir->status[cnt] = nonexisting; |
1808 | else |
1809 | this_dir->status[cnt] = existing; |
1810 | } |
1811 | } |
1812 | |
1813 | /* Remember whether we found any existing directory. */ |
1814 | here_any |= this_dir->status[cnt] != nonexisting; |
1815 | |
1816 | if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE) |
1817 | && __libc_enable_secure) |
1818 | { |
1819 | /* This is an extra security effort to make sure nobody can |
1820 | preload broken shared objects which are in the trusted |
1821 | directories and so exploit the bugs. */ |
1822 | struct stat64 st; |
1823 | |
1824 | if (__fxstat64 (_STAT_VER, fd, &st) != 0 |
1825 | || (st.st_mode & S_ISUID) == 0) |
1826 | { |
1827 | /* The shared object cannot be tested for being SUID |
1828 | or this bit is not set. In this case we must not |
1829 | use this object. */ |
1830 | __close (fd); |
1831 | fd = -1; |
1832 | /* We simply ignore the file, signal this by setting |
1833 | the error value which would have been set by `open'. */ |
1834 | errno = ENOENT; |
1835 | } |
1836 | } |
1837 | } |
1838 | |
1839 | if (fd != -1) |
1840 | { |
1841 | *realname = (char *) malloc (buflen); |
1842 | if (*realname != NULL) |
1843 | { |
1844 | memcpy (*realname, buf, buflen); |
1845 | return fd; |
1846 | } |
1847 | else |
1848 | { |
1849 | /* No memory for the name, we certainly won't be able |
1850 | to load and link it. */ |
1851 | __close (fd); |
1852 | return -1; |
1853 | } |
1854 | } |
1855 | if (here_any && (err = errno) != ENOENT && err != EACCES) |
1856 | /* The file exists and is readable, but something went wrong. */ |
1857 | return -1; |
1858 | |
1859 | /* Remember whether we found anything. */ |
1860 | any |= here_any; |
1861 | } |
1862 | while (*++dirs != NULL); |
1863 | |
1864 | /* Remove the whole path if none of the directories exists. */ |
1865 | if (__glibc_unlikely (! any)) |
1866 | { |
1867 | /* Paths which were allocated using the minimal malloc() in ld.so |
1868 | must not be freed using the general free() in libc. */ |
1869 | if (sps->malloced) |
1870 | free (sps->dirs); |
1871 | |
1872 | /* rtld_search_dirs and env_path_list are attribute_relro, therefore |
1873 | avoid writing into it. */ |
1874 | if (sps != &rtld_search_dirs && sps != &env_path_list) |
1875 | sps->dirs = (void *) -1; |
1876 | } |
1877 | |
1878 | return -1; |
1879 | } |
1880 | |
1881 | /* Map in the shared object file NAME. */ |
1882 | |
1883 | struct link_map * |
1884 | internal_function |
1885 | _dl_map_object (struct link_map *loader, const char *name, |
1886 | int type, int trace_mode, int mode, Lmid_t nsid) |
1887 | { |
1888 | int fd; |
1889 | const char *origname = NULL; |
1890 | char *realname; |
1891 | char *name_copy; |
1892 | struct link_map *l; |
1893 | struct filebuf fb; |
1894 | |
1895 | assert (nsid >= 0); |
1896 | assert (nsid < GL(dl_nns)); |
1897 | |
1898 | /* Look for this name among those already loaded. */ |
1899 | for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next) |
1900 | { |
1901 | /* If the requested name matches the soname of a loaded object, |
1902 | use that object. Elide this check for names that have not |
1903 | yet been opened. */ |
1904 | if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0)) |
1905 | continue; |
1906 | if (!_dl_name_match_p (name, l)) |
1907 | { |
1908 | const char *soname; |
1909 | |
1910 | if (__glibc_likely (l->l_soname_added) |
1911 | || l->l_info[DT_SONAME] == NULL) |
1912 | continue; |
1913 | |
1914 | soname = ((const char *) D_PTR (l, l_info[DT_STRTAB]) |
1915 | + l->l_info[DT_SONAME]->d_un.d_val); |
1916 | if (strcmp (name, soname) != 0) |
1917 | continue; |
1918 | |
1919 | /* We have a match on a new name -- cache it. */ |
1920 | add_name_to_object (l, soname); |
1921 | l->l_soname_added = 1; |
1922 | } |
1923 | |
1924 | /* We have a match. */ |
1925 | return l; |
1926 | } |
1927 | |
1928 | /* Display information if we are debugging. */ |
1929 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES) |
1930 | && loader != NULL) |
1931 | _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0 |
1932 | ? "\nfile=%s [%lu]; needed by %s [%lu]\n" |
1933 | : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n" , |
1934 | name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns); |
1935 | |
1936 | #ifdef SHARED |
1937 | /* Give the auditing libraries a chance to change the name before we |
1938 | try anything. */ |
1939 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) |
1940 | && (loader == NULL || loader->l_auditing == 0)) |
1941 | { |
1942 | struct audit_ifaces *afct = GLRO(dl_audit); |
1943 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) |
1944 | { |
1945 | if (afct->objsearch != NULL) |
1946 | { |
1947 | const char *before = name; |
1948 | name = afct->objsearch (name, &loader->l_audit[cnt].cookie, |
1949 | LA_SER_ORIG); |
1950 | if (name == NULL) |
1951 | { |
1952 | /* Do not try anything further. */ |
1953 | fd = -1; |
1954 | goto no_file; |
1955 | } |
1956 | if (before != name && strcmp (before, name) != 0) |
1957 | { |
1958 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) |
1959 | _dl_debug_printf ("audit changed filename %s -> %s\n" , |
1960 | before, name); |
1961 | |
1962 | if (origname == NULL) |
1963 | origname = before; |
1964 | } |
1965 | } |
1966 | |
1967 | afct = afct->next; |
1968 | } |
1969 | } |
1970 | #endif |
1971 | |
1972 | /* Will be true if we found a DSO which is of the other ELF class. */ |
1973 | bool found_other_class = false; |
1974 | |
1975 | if (strchr (name, '/') == NULL) |
1976 | { |
1977 | /* Search for NAME in several places. */ |
1978 | |
1979 | size_t namelen = strlen (name) + 1; |
1980 | |
1981 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
1982 | _dl_debug_printf ("find library=%s [%lu]; searching\n" , name, nsid); |
1983 | |
1984 | fd = -1; |
1985 | |
1986 | /* When the object has the RUNPATH information we don't use any |
1987 | RPATHs. */ |
1988 | if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL) |
1989 | { |
1990 | /* This is the executable's map (if there is one). Make sure that |
1991 | we do not look at it twice. */ |
1992 | struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded; |
1993 | bool did_main_map = false; |
1994 | |
1995 | /* First try the DT_RPATH of the dependent object that caused NAME |
1996 | to be loaded. Then that object's dependent, and on up. */ |
1997 | for (l = loader; l; l = l->l_loader) |
1998 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH" )) |
1999 | { |
2000 | fd = open_path (name, namelen, mode, |
2001 | &l->l_rpath_dirs, |
2002 | &realname, &fb, loader, LA_SER_RUNPATH, |
2003 | &found_other_class); |
2004 | if (fd != -1) |
2005 | break; |
2006 | |
2007 | did_main_map |= l == main_map; |
2008 | } |
2009 | |
2010 | /* If dynamically linked, try the DT_RPATH of the executable |
2011 | itself. NB: we do this for lookups in any namespace. */ |
2012 | if (fd == -1 && !did_main_map |
2013 | && main_map != NULL && main_map->l_type != lt_loaded |
2014 | && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH, |
2015 | "RPATH" )) |
2016 | fd = open_path (name, namelen, mode, |
2017 | &main_map->l_rpath_dirs, |
2018 | &realname, &fb, loader ?: main_map, LA_SER_RUNPATH, |
2019 | &found_other_class); |
2020 | } |
2021 | |
2022 | /* Try the LD_LIBRARY_PATH environment variable. */ |
2023 | if (fd == -1 && env_path_list.dirs != (void *) -1) |
2024 | fd = open_path (name, namelen, mode, &env_path_list, |
2025 | &realname, &fb, |
2026 | loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, |
2027 | LA_SER_LIBPATH, &found_other_class); |
2028 | |
2029 | /* Look at the RUNPATH information for this binary. */ |
2030 | if (fd == -1 && loader != NULL |
2031 | && cache_rpath (loader, &loader->l_runpath_dirs, |
2032 | DT_RUNPATH, "RUNPATH" )) |
2033 | fd = open_path (name, namelen, mode, |
2034 | &loader->l_runpath_dirs, &realname, &fb, loader, |
2035 | LA_SER_RUNPATH, &found_other_class); |
2036 | |
2037 | if (fd == -1) |
2038 | { |
2039 | realname = _dl_sysdep_open_object (name, namelen, &fd); |
2040 | if (realname != NULL) |
2041 | { |
2042 | fd = open_verify (realname, fd, |
2043 | &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, |
2044 | LA_SER_CONFIG, mode, &found_other_class, |
2045 | false); |
2046 | if (fd == -1) |
2047 | free (realname); |
2048 | } |
2049 | } |
2050 | |
2051 | #ifdef USE_LDCONFIG |
2052 | if (fd == -1 |
2053 | && (__glibc_likely ((mode & __RTLD_SECURE) == 0) |
2054 | || ! __libc_enable_secure) |
2055 | && __glibc_likely (GLRO(dl_inhibit_cache) == 0)) |
2056 | { |
2057 | /* Check the list of libraries in the file /etc/ld.so.cache, |
2058 | for compatibility with Linux's ldconfig program. */ |
2059 | char *cached = _dl_load_cache_lookup (name); |
2060 | |
2061 | if (cached != NULL) |
2062 | { |
2063 | // XXX Correct to unconditionally default to namespace 0? |
2064 | l = (loader |
2065 | ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded |
2066 | # ifdef SHARED |
2067 | ?: &GL(dl_rtld_map) |
2068 | # endif |
2069 | ); |
2070 | |
2071 | /* If the loader has the DF_1_NODEFLIB flag set we must not |
2072 | use a cache entry from any of these directories. */ |
2073 | if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB)) |
2074 | { |
2075 | const char *dirp = system_dirs; |
2076 | unsigned int cnt = 0; |
2077 | |
2078 | do |
2079 | { |
2080 | if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0) |
2081 | { |
2082 | /* The prefix matches. Don't use the entry. */ |
2083 | free (cached); |
2084 | cached = NULL; |
2085 | break; |
2086 | } |
2087 | |
2088 | dirp += system_dirs_len[cnt] + 1; |
2089 | ++cnt; |
2090 | } |
2091 | while (cnt < nsystem_dirs_len); |
2092 | } |
2093 | |
2094 | if (cached != NULL) |
2095 | { |
2096 | fd = open_verify (cached, -1, |
2097 | &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, |
2098 | LA_SER_CONFIG, mode, &found_other_class, |
2099 | false); |
2100 | if (__glibc_likely (fd != -1)) |
2101 | realname = cached; |
2102 | else |
2103 | free (cached); |
2104 | } |
2105 | } |
2106 | } |
2107 | #endif |
2108 | |
2109 | /* Finally, try the default path. */ |
2110 | if (fd == -1 |
2111 | && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL |
2112 | || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB))) |
2113 | && rtld_search_dirs.dirs != (void *) -1) |
2114 | fd = open_path (name, namelen, mode, &rtld_search_dirs, |
2115 | &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); |
2116 | |
2117 | /* Add another newline when we are tracing the library loading. */ |
2118 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
2119 | _dl_debug_printf ("\n" ); |
2120 | } |
2121 | else |
2122 | { |
2123 | /* The path may contain dynamic string tokens. */ |
2124 | realname = (loader |
2125 | ? expand_dynamic_string_token (loader, name, 0) |
2126 | : __strdup (name)); |
2127 | if (realname == NULL) |
2128 | fd = -1; |
2129 | else |
2130 | { |
2131 | fd = open_verify (realname, -1, &fb, |
2132 | loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode, |
2133 | &found_other_class, true); |
2134 | if (__glibc_unlikely (fd == -1)) |
2135 | free (realname); |
2136 | } |
2137 | } |
2138 | |
2139 | #ifdef SHARED |
2140 | no_file: |
2141 | #endif |
2142 | /* In case the LOADER information has only been provided to get to |
2143 | the appropriate RUNPATH/RPATH information we do not need it |
2144 | anymore. */ |
2145 | if (mode & __RTLD_CALLMAP) |
2146 | loader = NULL; |
2147 | |
2148 | if (__glibc_unlikely (fd == -1)) |
2149 | { |
2150 | if (trace_mode |
2151 | && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0)) |
2152 | { |
2153 | /* We haven't found an appropriate library. But since we |
2154 | are only interested in the list of libraries this isn't |
2155 | so severe. Fake an entry with all the information we |
2156 | have. */ |
2157 | static const Elf_Symndx dummy_bucket = STN_UNDEF; |
2158 | |
2159 | /* Allocate a new object map. */ |
2160 | if ((name_copy = __strdup (name)) == NULL |
2161 | || (l = _dl_new_object (name_copy, name, type, loader, |
2162 | mode, nsid)) == NULL) |
2163 | { |
2164 | free (name_copy); |
2165 | _dl_signal_error (ENOMEM, name, NULL, |
2166 | N_("cannot create shared object descriptor" )); |
2167 | } |
2168 | /* Signal that this is a faked entry. */ |
2169 | l->l_faked = 1; |
2170 | /* Since the descriptor is initialized with zero we do not |
2171 | have do this here. |
2172 | l->l_reserved = 0; */ |
2173 | l->l_buckets = &dummy_bucket; |
2174 | l->l_nbuckets = 1; |
2175 | l->l_relocated = 1; |
2176 | |
2177 | /* Enter the object in the object list. */ |
2178 | _dl_add_to_namespace_list (l, nsid); |
2179 | |
2180 | return l; |
2181 | } |
2182 | else if (found_other_class) |
2183 | _dl_signal_error (0, name, NULL, |
2184 | ELFW(CLASS) == ELFCLASS32 |
2185 | ? N_("wrong ELF class: ELFCLASS64" ) |
2186 | : N_("wrong ELF class: ELFCLASS32" )); |
2187 | else |
2188 | _dl_signal_error (errno, name, NULL, |
2189 | N_("cannot open shared object file" )); |
2190 | } |
2191 | |
2192 | void *stack_end = __libc_stack_end; |
2193 | return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader, |
2194 | type, mode, &stack_end, nsid); |
2195 | } |
2196 | |
2197 | struct add_path_state |
2198 | { |
2199 | bool counting; |
2200 | unsigned int idx; |
2201 | Dl_serinfo *si; |
2202 | char *allocptr; |
2203 | }; |
2204 | |
2205 | static void |
2206 | add_path (struct add_path_state *p, const struct r_search_path_struct *sps, |
2207 | unsigned int flags) |
2208 | { |
2209 | if (sps->dirs != (void *) -1) |
2210 | { |
2211 | struct r_search_path_elem **dirs = sps->dirs; |
2212 | do |
2213 | { |
2214 | const struct r_search_path_elem *const r = *dirs++; |
2215 | if (p->counting) |
2216 | { |
2217 | p->si->dls_cnt++; |
2218 | p->si->dls_size += MAX (2, r->dirnamelen); |
2219 | } |
2220 | else |
2221 | { |
2222 | Dl_serpath *const sp = &p->si->dls_serpath[p->idx++]; |
2223 | sp->dls_name = p->allocptr; |
2224 | if (r->dirnamelen < 2) |
2225 | *p->allocptr++ = r->dirnamelen ? '/' : '.'; |
2226 | else |
2227 | p->allocptr = __mempcpy (p->allocptr, |
2228 | r->dirname, r->dirnamelen - 1); |
2229 | *p->allocptr++ = '\0'; |
2230 | sp->dls_flags = flags; |
2231 | } |
2232 | } |
2233 | while (*dirs != NULL); |
2234 | } |
2235 | } |
2236 | |
2237 | void |
2238 | internal_function |
2239 | _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting) |
2240 | { |
2241 | if (counting) |
2242 | { |
2243 | si->dls_cnt = 0; |
2244 | si->dls_size = 0; |
2245 | } |
2246 | |
2247 | struct add_path_state p = |
2248 | { |
2249 | .counting = counting, |
2250 | .idx = 0, |
2251 | .si = si, |
2252 | .allocptr = (char *) &si->dls_serpath[si->dls_cnt] |
2253 | }; |
2254 | |
2255 | # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */ |
2256 | |
2257 | /* When the object has the RUNPATH information we don't use any RPATHs. */ |
2258 | if (loader->l_info[DT_RUNPATH] == NULL) |
2259 | { |
2260 | /* First try the DT_RPATH of the dependent object that caused NAME |
2261 | to be loaded. Then that object's dependent, and on up. */ |
2262 | |
2263 | struct link_map *l = loader; |
2264 | do |
2265 | { |
2266 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH" )) |
2267 | add_path (&p, &l->l_rpath_dirs, XXX_RPATH); |
2268 | l = l->l_loader; |
2269 | } |
2270 | while (l != NULL); |
2271 | |
2272 | /* If dynamically linked, try the DT_RPATH of the executable itself. */ |
2273 | if (loader->l_ns == LM_ID_BASE) |
2274 | { |
2275 | l = GL(dl_ns)[LM_ID_BASE]._ns_loaded; |
2276 | if (l != NULL && l->l_type != lt_loaded && l != loader) |
2277 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH" )) |
2278 | add_path (&p, &l->l_rpath_dirs, XXX_RPATH); |
2279 | } |
2280 | } |
2281 | |
2282 | /* Try the LD_LIBRARY_PATH environment variable. */ |
2283 | add_path (&p, &env_path_list, XXX_ENV); |
2284 | |
2285 | /* Look at the RUNPATH information for this binary. */ |
2286 | if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH" )) |
2287 | add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH); |
2288 | |
2289 | /* XXX |
2290 | Here is where ld.so.cache gets checked, but we don't have |
2291 | a way to indicate that in the results for Dl_serinfo. */ |
2292 | |
2293 | /* Finally, try the default path. */ |
2294 | if (!(loader->l_flags_1 & DF_1_NODEFLIB)) |
2295 | add_path (&p, &rtld_search_dirs, XXX_default); |
2296 | |
2297 | if (counting) |
2298 | /* Count the struct size before the string area, which we didn't |
2299 | know before we completed dls_cnt. */ |
2300 | si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si; |
2301 | } |
2302 | |