1/* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2017 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19#include <elf.h>
20#include <errno.h>
21#include <fcntl.h>
22#include <libintl.h>
23#include <stdbool.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27#include <ldsodefs.h>
28#include <bits/wordsize.h>
29#include <sys/mman.h>
30#include <sys/param.h>
31#include <sys/stat.h>
32#include <sys/types.h>
33#include "dynamic-link.h"
34#include <abi-tag.h>
35#include <stackinfo.h>
36#include <caller.h>
37#include <sysdep.h>
38#include <stap-probe.h>
39#include <libc-pointer-arith.h>
40#include <array_length.h>
41
42#include <dl-dst.h>
43#include <dl-load.h>
44#include <dl-map-segments.h>
45#include <dl-unmap-segments.h>
46#include <dl-machine-reject-phdr.h>
47#include <dl-sysdep-open.h>
48
49
50#include <endian.h>
51#if BYTE_ORDER == BIG_ENDIAN
52# define byteorder ELFDATA2MSB
53#elif BYTE_ORDER == LITTLE_ENDIAN
54# define byteorder ELFDATA2LSB
55#else
56# error "Unknown BYTE_ORDER " BYTE_ORDER
57# define byteorder ELFDATANONE
58#endif
59
60#define STRING(x) __STRING (x)
61
62
63int __stack_prot attribute_hidden attribute_relro
64#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
65 = PROT_GROWSDOWN;
66#elif _STACK_GROWS_UP && defined PROT_GROWSUP
67 = PROT_GROWSUP;
68#else
69 = 0;
70#endif
71
72
73/* Type for the buffer we put the ELF header and hopefully the program
74 header. This buffer does not really have to be too large. In most
75 cases the program header follows the ELF header directly. If this
76 is not the case all bets are off and we can make the header
77 arbitrarily large and still won't get it read. This means the only
78 question is how large are the ELF and program header combined. The
79 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
80 bytes long. Each program header entry is again 32 and 56 bytes
81 long respectively. I.e., even with a file which has 10 program
82 header entries we only have to read 372B/624B respectively. Add to
83 this a bit of margin for program notes and reading 512B and 832B
84 for 32-bit and 64-bit files respecitvely is enough. If this
85 heuristic should really fail for some file the code in
86 `_dl_map_object_from_fd' knows how to recover. */
87struct filebuf
88{
89 ssize_t len;
90#if __WORDSIZE == 32
91# define FILEBUF_SIZE 512
92#else
93# define FILEBUF_SIZE 832
94#endif
95 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
96};
97
98/* This is the decomposed LD_LIBRARY_PATH search path. */
99static struct r_search_path_struct env_path_list attribute_relro;
100
101/* List of the hardware capabilities we might end up using. */
102static const struct r_strlenpair *capstr attribute_relro;
103static size_t ncapstr attribute_relro;
104static size_t max_capstrlen attribute_relro;
105
106
107/* Get the generated information about the trusted directories. Use
108 an array of concatenated strings to avoid relocations. See
109 gen-trusted-dirs.awk. */
110#include "trusted-dirs.h"
111
112static const char system_dirs[] = SYSTEM_DIRS;
113static const size_t system_dirs_len[] =
114{
115 SYSTEM_DIRS_LEN
116};
117#define nsystem_dirs_len array_length (system_dirs_len)
118
119static bool
120is_trusted_path (const char *path, size_t len)
121{
122 const char *trun = system_dirs;
123
124 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
125 {
126 if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
127 /* Found it. */
128 return true;
129
130 trun += system_dirs_len[idx] + 1;
131 }
132
133 return false;
134}
135
136
137static bool
138is_trusted_path_normalize (const char *path, size_t len)
139{
140 if (len == 0)
141 return false;
142
143 if (*path == ':')
144 {
145 ++path;
146 --len;
147 }
148
149 char *npath = (char *) alloca (len + 2);
150 char *wnp = npath;
151 while (*path != '\0')
152 {
153 if (path[0] == '/')
154 {
155 if (path[1] == '.')
156 {
157 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
158 {
159 while (wnp > npath && *--wnp != '/')
160 ;
161 path += 3;
162 continue;
163 }
164 else if (path[2] == '/' || path[2] == '\0')
165 {
166 path += 2;
167 continue;
168 }
169 }
170
171 if (wnp > npath && wnp[-1] == '/')
172 {
173 ++path;
174 continue;
175 }
176 }
177
178 *wnp++ = *path++;
179 }
180
181 if (wnp == npath || wnp[-1] != '/')
182 *wnp++ = '/';
183
184 const char *trun = system_dirs;
185
186 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
187 {
188 if (wnp - npath >= system_dirs_len[idx]
189 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
190 /* Found it. */
191 return true;
192
193 trun += system_dirs_len[idx] + 1;
194 }
195
196 return false;
197}
198
199
200static size_t
201is_dst (const char *start, const char *name, const char *str,
202 int is_path, int secure)
203{
204 size_t len;
205 bool is_curly = false;
206
207 if (name[0] == '{')
208 {
209 is_curly = true;
210 ++name;
211 }
212
213 len = 0;
214 while (name[len] == str[len] && name[len] != '\0')
215 ++len;
216
217 if (is_curly)
218 {
219 if (name[len] != '}')
220 return 0;
221
222 /* Point again at the beginning of the name. */
223 --name;
224 /* Skip over closing curly brace and adjust for the --name. */
225 len += 2;
226 }
227 else if (name[len] != '\0' && name[len] != '/'
228 && (!is_path || name[len] != ':'))
229 return 0;
230
231 if (__glibc_unlikely (secure)
232 && ((name[len] != '\0' && name[len] != '/'
233 && (!is_path || name[len] != ':'))
234 || (name != start + 1 && (!is_path || name[-2] != ':'))))
235 return 0;
236
237 return len;
238}
239
240
241size_t
242_dl_dst_count (const char *name, int is_path)
243{
244 const char *const start = name;
245 size_t cnt = 0;
246
247 do
248 {
249 size_t len;
250
251 /* $ORIGIN is not expanded for SUID/GUID programs (except if it
252 is $ORIGIN alone) and it must always appear first in path. */
253 ++name;
254 if ((len = is_dst (start, name, "ORIGIN", is_path,
255 __libc_enable_secure)) != 0
256 || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
257 || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
258 ++cnt;
259
260 name = strchr (name + len, '$');
261 }
262 while (name != NULL);
263
264 return cnt;
265}
266
267
268char *
269_dl_dst_substitute (struct link_map *l, const char *name, char *result,
270 int is_path)
271{
272 const char *const start = name;
273
274 /* Now fill the result path. While copying over the string we keep
275 track of the start of the last path element. When we come across
276 a DST we copy over the value or (if the value is not available)
277 leave the entire path element out. */
278 char *wp = result;
279 char *last_elem = result;
280 bool check_for_trusted = false;
281
282 do
283 {
284 if (__glibc_unlikely (*name == '$'))
285 {
286 const char *repl = NULL;
287 size_t len;
288
289 ++name;
290 if ((len = is_dst (start, name, "ORIGIN", is_path,
291 __libc_enable_secure)) != 0)
292 {
293 repl = l->l_origin;
294 check_for_trusted = (__libc_enable_secure
295 && l->l_type == lt_executable);
296 }
297 else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
298 repl = GLRO(dl_platform);
299 else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
300 repl = DL_DST_LIB;
301
302 if (repl != NULL && repl != (const char *) -1)
303 {
304 wp = __stpcpy (wp, repl);
305 name += len;
306 }
307 else if (len > 1)
308 {
309 /* We cannot use this path element, the value of the
310 replacement is unknown. */
311 wp = last_elem;
312 name += len;
313 while (*name != '\0' && (!is_path || *name != ':'))
314 ++name;
315 /* Also skip following colon if this is the first rpath
316 element, but keep an empty element at the end. */
317 if (wp == result && is_path && *name == ':' && name[1] != '\0')
318 ++name;
319 }
320 else
321 /* No DST we recognize. */
322 *wp++ = '$';
323 }
324 else
325 {
326 *wp++ = *name++;
327 if (is_path && *name == ':')
328 {
329 /* In SUID/SGID programs, after $ORIGIN expansion the
330 normalized path must be rooted in one of the trusted
331 directories. */
332 if (__glibc_unlikely (check_for_trusted)
333 && !is_trusted_path_normalize (last_elem, wp - last_elem))
334 wp = last_elem;
335 else
336 last_elem = wp;
337
338 check_for_trusted = false;
339 }
340 }
341 }
342 while (*name != '\0');
343
344 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
345 path must be rooted in one of the trusted directories. */
346 if (__glibc_unlikely (check_for_trusted)
347 && !is_trusted_path_normalize (last_elem, wp - last_elem))
348 wp = last_elem;
349
350 *wp = '\0';
351
352 return result;
353}
354
355
356/* Return copy of argument with all recognized dynamic string tokens
357 ($ORIGIN and $PLATFORM for now) replaced. On some platforms it
358 might not be possible to determine the path from which the object
359 belonging to the map is loaded. In this case the path element
360 containing $ORIGIN is left out. */
361static char *
362expand_dynamic_string_token (struct link_map *l, const char *s, int is_path)
363{
364 /* We make two runs over the string. First we determine how large the
365 resulting string is and then we copy it over. Since this is no
366 frequently executed operation we are looking here not for performance
367 but rather for code size. */
368 size_t cnt;
369 size_t total;
370 char *result;
371
372 /* Determine the number of DST elements. */
373 cnt = DL_DST_COUNT (s, is_path);
374
375 /* If we do not have to replace anything simply copy the string. */
376 if (__glibc_likely (cnt == 0))
377 return __strdup (s);
378
379 /* Determine the length of the substituted string. */
380 total = DL_DST_REQUIRED (l, s, strlen (s), cnt);
381
382 /* Allocate the necessary memory. */
383 result = (char *) malloc (total + 1);
384 if (result == NULL)
385 return NULL;
386
387 return _dl_dst_substitute (l, s, result, is_path);
388}
389
390
391/* Add `name' to the list of names for a particular shared object.
392 `name' is expected to have been allocated with malloc and will
393 be freed if the shared object already has this name.
394 Returns false if the object already had this name. */
395static void
396internal_function
397add_name_to_object (struct link_map *l, const char *name)
398{
399 struct libname_list *lnp, *lastp;
400 struct libname_list *newname;
401 size_t name_len;
402
403 lastp = NULL;
404 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
405 if (strcmp (name, lnp->name) == 0)
406 return;
407
408 name_len = strlen (name) + 1;
409 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
410 if (newname == NULL)
411 {
412 /* No more memory. */
413 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
414 return;
415 }
416 /* The object should have a libname set from _dl_new_object. */
417 assert (lastp != NULL);
418
419 newname->name = memcpy (newname + 1, name, name_len);
420 newname->next = NULL;
421 newname->dont_free = 0;
422 lastp->next = newname;
423}
424
425/* Standard search directories. */
426static struct r_search_path_struct rtld_search_dirs attribute_relro;
427
428static size_t max_dirnamelen;
429
430static struct r_search_path_elem **
431fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
432 int check_trusted, const char *what, const char *where,
433 struct link_map *l)
434{
435 char *cp;
436 size_t nelems = 0;
437
438 while ((cp = __strsep (&rpath, sep)) != NULL)
439 {
440 struct r_search_path_elem *dirp;
441 char *to_free = NULL;
442 size_t len = 0;
443
444 /* `strsep' can pass an empty string. */
445 if (*cp != '\0')
446 {
447 to_free = cp = expand_dynamic_string_token (l, cp, 1);
448
449 /* expand_dynamic_string_token can return NULL in case of empty
450 path or memory allocation failure. */
451 if (cp == NULL)
452 continue;
453
454 /* Compute the length after dynamic string token expansion and
455 ignore empty paths. */
456 len = strlen (cp);
457 if (len == 0)
458 {
459 free (to_free);
460 continue;
461 }
462
463 /* Remove trailing slashes (except for "/"). */
464 while (len > 1 && cp[len - 1] == '/')
465 --len;
466
467 /* Now add one if there is none so far. */
468 if (len > 0 && cp[len - 1] != '/')
469 cp[len++] = '/';
470 }
471
472 /* Make sure we don't use untrusted directories if we run SUID. */
473 if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len))
474 {
475 free (to_free);
476 continue;
477 }
478
479 /* See if this directory is already known. */
480 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
481 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
482 break;
483
484 if (dirp != NULL)
485 {
486 /* It is available, see whether it's on our own list. */
487 size_t cnt;
488 for (cnt = 0; cnt < nelems; ++cnt)
489 if (result[cnt] == dirp)
490 break;
491
492 if (cnt == nelems)
493 result[nelems++] = dirp;
494 }
495 else
496 {
497 size_t cnt;
498 enum r_dir_status init_val;
499 size_t where_len = where ? strlen (where) + 1 : 0;
500
501 /* It's a new directory. Create an entry and add it. */
502 dirp = (struct r_search_path_elem *)
503 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
504 + where_len + len + 1);
505 if (dirp == NULL)
506 _dl_signal_error (ENOMEM, NULL, NULL,
507 N_("cannot create cache for search path"));
508
509 dirp->dirname = ((char *) dirp + sizeof (*dirp)
510 + ncapstr * sizeof (enum r_dir_status));
511 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
512 dirp->dirnamelen = len;
513
514 if (len > max_dirnamelen)
515 max_dirnamelen = len;
516
517 /* We have to make sure all the relative directories are
518 never ignored. The current directory might change and
519 all our saved information would be void. */
520 init_val = cp[0] != '/' ? existing : unknown;
521 for (cnt = 0; cnt < ncapstr; ++cnt)
522 dirp->status[cnt] = init_val;
523
524 dirp->what = what;
525 if (__glibc_likely (where != NULL))
526 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
527 + (ncapstr * sizeof (enum r_dir_status)),
528 where, where_len);
529 else
530 dirp->where = NULL;
531
532 dirp->next = GL(dl_all_dirs);
533 GL(dl_all_dirs) = dirp;
534
535 /* Put it in the result array. */
536 result[nelems++] = dirp;
537 }
538 free (to_free);
539 }
540
541 /* Terminate the array. */
542 result[nelems] = NULL;
543
544 return result;
545}
546
547
548static bool
549internal_function
550decompose_rpath (struct r_search_path_struct *sps,
551 const char *rpath, struct link_map *l, const char *what)
552{
553 /* Make a copy we can work with. */
554 const char *where = l->l_name;
555 char *copy;
556 char *cp;
557 struct r_search_path_elem **result;
558 size_t nelems;
559 /* Initialize to please the compiler. */
560 const char *errstring = NULL;
561
562 /* First see whether we must forget the RUNPATH and RPATH from this
563 object. */
564 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
565 && !__libc_enable_secure)
566 {
567 const char *inhp = GLRO(dl_inhibit_rpath);
568
569 do
570 {
571 const char *wp = where;
572
573 while (*inhp == *wp && *wp != '\0')
574 {
575 ++inhp;
576 ++wp;
577 }
578
579 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
580 {
581 /* This object is on the list of objects for which the
582 RUNPATH and RPATH must not be used. */
583 sps->dirs = (void *) -1;
584 return false;
585 }
586
587 while (*inhp != '\0')
588 if (*inhp++ == ':')
589 break;
590 }
591 while (*inhp != '\0');
592 }
593
594 /* Make a writable copy. */
595 copy = __strdup (rpath);
596 if (copy == NULL)
597 {
598 errstring = N_("cannot create RUNPATH/RPATH copy");
599 goto signal_error;
600 }
601
602 /* Ignore empty rpaths. */
603 if (*copy == 0)
604 {
605 free (copy);
606 sps->dirs = (struct r_search_path_elem **) -1;
607 return false;
608 }
609
610 /* Count the number of necessary elements in the result array. */
611 nelems = 0;
612 for (cp = copy; *cp != '\0'; ++cp)
613 if (*cp == ':')
614 ++nelems;
615
616 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
617 number of necessary entries. */
618 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
619 * sizeof (*result));
620 if (result == NULL)
621 {
622 free (copy);
623 errstring = N_("cannot create cache for search path");
624 signal_error:
625 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
626 }
627
628 fillin_rpath (copy, result, ":", 0, what, where, l);
629
630 /* Free the copied RPATH string. `fillin_rpath' make own copies if
631 necessary. */
632 free (copy);
633
634 /* There is no path after expansion. */
635 if (result[0] == NULL)
636 {
637 free (result);
638 sps->dirs = (struct r_search_path_elem **) -1;
639 return false;
640 }
641
642 sps->dirs = result;
643 /* The caller will change this value if we haven't used a real malloc. */
644 sps->malloced = 1;
645 return true;
646}
647
648/* Make sure cached path information is stored in *SP
649 and return true if there are any paths to search there. */
650static bool
651cache_rpath (struct link_map *l,
652 struct r_search_path_struct *sp,
653 int tag,
654 const char *what)
655{
656 if (sp->dirs == (void *) -1)
657 return false;
658
659 if (sp->dirs != NULL)
660 return true;
661
662 if (l->l_info[tag] == NULL)
663 {
664 /* There is no path. */
665 sp->dirs = (void *) -1;
666 return false;
667 }
668
669 /* Make sure the cache information is available. */
670 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
671 + l->l_info[tag]->d_un.d_val),
672 l, what);
673}
674
675
676void
677internal_function
678_dl_init_paths (const char *llp)
679{
680 size_t idx;
681 const char *strp;
682 struct r_search_path_elem *pelem, **aelem;
683 size_t round_size;
684 struct link_map __attribute__ ((unused)) *l = NULL;
685 /* Initialize to please the compiler. */
686 const char *errstring = NULL;
687
688 /* Fill in the information about the application's RPATH and the
689 directories addressed by the LD_LIBRARY_PATH environment variable. */
690
691 /* Get the capabilities. */
692 capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
693 &ncapstr, &max_capstrlen);
694
695 /* First set up the rest of the default search directory entries. */
696 aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
697 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
698 if (rtld_search_dirs.dirs == NULL)
699 {
700 errstring = N_("cannot create search path array");
701 signal_error:
702 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
703 }
704
705 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
706 + ncapstr * sizeof (enum r_dir_status))
707 / sizeof (struct r_search_path_elem));
708
709 rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
710 * sizeof (*rtld_search_dirs.dirs[0]));
711 if (rtld_search_dirs.dirs[0] == NULL)
712 {
713 errstring = N_("cannot create cache for search path");
714 goto signal_error;
715 }
716
717 rtld_search_dirs.malloced = 0;
718 pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
719 strp = system_dirs;
720 idx = 0;
721
722 do
723 {
724 size_t cnt;
725
726 *aelem++ = pelem;
727
728 pelem->what = "system search path";
729 pelem->where = NULL;
730
731 pelem->dirname = strp;
732 pelem->dirnamelen = system_dirs_len[idx];
733 strp += system_dirs_len[idx] + 1;
734
735 /* System paths must be absolute. */
736 assert (pelem->dirname[0] == '/');
737 for (cnt = 0; cnt < ncapstr; ++cnt)
738 pelem->status[cnt] = unknown;
739
740 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
741
742 pelem += round_size;
743 }
744 while (idx < nsystem_dirs_len);
745
746 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
747 *aelem = NULL;
748
749#ifdef SHARED
750 /* This points to the map of the main object. */
751 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
752 if (l != NULL)
753 {
754 assert (l->l_type != lt_loaded);
755
756 if (l->l_info[DT_RUNPATH])
757 {
758 /* Allocate room for the search path and fill in information
759 from RUNPATH. */
760 decompose_rpath (&l->l_runpath_dirs,
761 (const void *) (D_PTR (l, l_info[DT_STRTAB])
762 + l->l_info[DT_RUNPATH]->d_un.d_val),
763 l, "RUNPATH");
764 /* During rtld init the memory is allocated by the stub malloc,
765 prevent any attempt to free it by the normal malloc. */
766 l->l_runpath_dirs.malloced = 0;
767
768 /* The RPATH is ignored. */
769 l->l_rpath_dirs.dirs = (void *) -1;
770 }
771 else
772 {
773 l->l_runpath_dirs.dirs = (void *) -1;
774
775 if (l->l_info[DT_RPATH])
776 {
777 /* Allocate room for the search path and fill in information
778 from RPATH. */
779 decompose_rpath (&l->l_rpath_dirs,
780 (const void *) (D_PTR (l, l_info[DT_STRTAB])
781 + l->l_info[DT_RPATH]->d_un.d_val),
782 l, "RPATH");
783 /* During rtld init the memory is allocated by the stub
784 malloc, prevent any attempt to free it by the normal
785 malloc. */
786 l->l_rpath_dirs.malloced = 0;
787 }
788 else
789 l->l_rpath_dirs.dirs = (void *) -1;
790 }
791 }
792#endif /* SHARED */
793
794 if (llp != NULL && *llp != '\0')
795 {
796 char *llp_tmp = strdupa (llp);
797
798 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
799 elements it has. */
800 size_t nllp = 1;
801 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
802 if (*cp == ':' || *cp == ';')
803 ++nllp;
804
805 env_path_list.dirs = (struct r_search_path_elem **)
806 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
807 if (env_path_list.dirs == NULL)
808 {
809 errstring = N_("cannot create cache for search path");
810 goto signal_error;
811 }
812
813 (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
814 __libc_enable_secure, "LD_LIBRARY_PATH",
815 NULL, l);
816
817 if (env_path_list.dirs[0] == NULL)
818 {
819 free (env_path_list.dirs);
820 env_path_list.dirs = (void *) -1;
821 }
822
823 env_path_list.malloced = 0;
824 }
825 else
826 env_path_list.dirs = (void *) -1;
827}
828
829
830static void
831__attribute__ ((noreturn, noinline))
832lose (int code, int fd, const char *name, char *realname, struct link_map *l,
833 const char *msg, struct r_debug *r, Lmid_t nsid)
834{
835 /* The file might already be closed. */
836 if (fd != -1)
837 (void) __close (fd);
838 if (l != NULL && l->l_origin != (char *) -1l)
839 free ((char *) l->l_origin);
840 free (l);
841 free (realname);
842
843 if (r != NULL)
844 {
845 r->r_state = RT_CONSISTENT;
846 _dl_debug_state ();
847 LIBC_PROBE (map_failed, 2, nsid, r);
848 }
849
850 _dl_signal_error (code, name, NULL, msg);
851}
852
853
854/* Map in the shared object NAME, actually located in REALNAME, and already
855 opened on FD. */
856
857#ifndef EXTERNAL_MAP_FROM_FD
858static
859#endif
860struct link_map *
861_dl_map_object_from_fd (const char *name, const char *origname, int fd,
862 struct filebuf *fbp, char *realname,
863 struct link_map *loader, int l_type, int mode,
864 void **stack_endp, Lmid_t nsid)
865{
866 struct link_map *l = NULL;
867 const ElfW(Ehdr) *header;
868 const ElfW(Phdr) *phdr;
869 const ElfW(Phdr) *ph;
870 size_t maplength;
871 int type;
872 /* Initialize to keep the compiler happy. */
873 const char *errstring = NULL;
874 int errval = 0;
875 struct r_debug *r = _dl_debug_initialize (0, nsid);
876 bool make_consistent = false;
877
878 /* Get file information. */
879 struct r_file_id id;
880 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
881 {
882 errstring = N_("cannot stat shared object");
883 call_lose_errno:
884 errval = errno;
885 call_lose:
886 lose (errval, fd, name, realname, l, errstring,
887 make_consistent ? r : NULL, nsid);
888 }
889
890 /* Look again to see if the real name matched another already loaded. */
891 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
892 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
893 {
894 /* The object is already loaded.
895 Just bump its reference count and return it. */
896 __close (fd);
897
898 /* If the name is not in the list of names for this object add
899 it. */
900 free (realname);
901 add_name_to_object (l, name);
902
903 return l;
904 }
905
906#ifdef SHARED
907 /* When loading into a namespace other than the base one we must
908 avoid loading ld.so since there can only be one copy. Ever. */
909 if (__glibc_unlikely (nsid != LM_ID_BASE)
910 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
911 || _dl_name_match_p (name, &GL(dl_rtld_map))))
912 {
913 /* This is indeed ld.so. Create a new link_map which refers to
914 the real one for almost everything. */
915 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
916 if (l == NULL)
917 goto fail_new;
918
919 /* Refer to the real descriptor. */
920 l->l_real = &GL(dl_rtld_map);
921
922 /* No need to bump the refcount of the real object, ld.so will
923 never be unloaded. */
924 __close (fd);
925
926 /* Add the map for the mirrored object to the object list. */
927 _dl_add_to_namespace_list (l, nsid);
928
929 return l;
930 }
931#endif
932
933 if (mode & RTLD_NOLOAD)
934 {
935 /* We are not supposed to load the object unless it is already
936 loaded. So return now. */
937 free (realname);
938 __close (fd);
939 return NULL;
940 }
941
942 /* Print debugging message. */
943 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
944 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
945
946 /* This is the ELF header. We read it in `open_verify'. */
947 header = (void *) fbp->buf;
948
949#ifndef MAP_ANON
950# define MAP_ANON 0
951 if (_dl_zerofd == -1)
952 {
953 _dl_zerofd = _dl_sysdep_open_zero_fill ();
954 if (_dl_zerofd == -1)
955 {
956 free (realname);
957 __close (fd);
958 _dl_signal_error (errno, NULL, NULL,
959 N_("cannot open zero fill device"));
960 }
961 }
962#endif
963
964 /* Signal that we are going to add new objects. */
965 if (r->r_state == RT_CONSISTENT)
966 {
967#ifdef SHARED
968 /* Auditing checkpoint: we are going to add new objects. */
969 if ((mode & __RTLD_AUDIT) == 0
970 && __glibc_unlikely (GLRO(dl_naudit) > 0))
971 {
972 struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
973 /* Do not call the functions for any auditing object. */
974 if (head->l_auditing == 0)
975 {
976 struct audit_ifaces *afct = GLRO(dl_audit);
977 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
978 {
979 if (afct->activity != NULL)
980 afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD);
981
982 afct = afct->next;
983 }
984 }
985 }
986#endif
987
988 /* Notify the debugger we have added some objects. We need to
989 call _dl_debug_initialize in a static program in case dynamic
990 linking has not been used before. */
991 r->r_state = RT_ADD;
992 _dl_debug_state ();
993 LIBC_PROBE (map_start, 2, nsid, r);
994 make_consistent = true;
995 }
996 else
997 assert (r->r_state == RT_ADD);
998
999 /* Enter the new object in the list of loaded objects. */
1000 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1001 if (__glibc_unlikely (l == NULL))
1002 {
1003#ifdef SHARED
1004 fail_new:
1005#endif
1006 errstring = N_("cannot create shared object descriptor");
1007 goto call_lose_errno;
1008 }
1009
1010 /* Extract the remaining details we need from the ELF header
1011 and then read in the program header table. */
1012 l->l_entry = header->e_entry;
1013 type = header->e_type;
1014 l->l_phnum = header->e_phnum;
1015
1016 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1017 if (header->e_phoff + maplength <= (size_t) fbp->len)
1018 phdr = (void *) (fbp->buf + header->e_phoff);
1019 else
1020 {
1021 phdr = alloca (maplength);
1022 __lseek (fd, header->e_phoff, SEEK_SET);
1023 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1024 {
1025 errstring = N_("cannot read file data");
1026 goto call_lose_errno;
1027 }
1028 }
1029
1030 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1031 * executable. Other platforms default to a nonexecutable stack and don't
1032 * need PT_GNU_STACK to do so. */
1033 uint_fast16_t stack_flags = DEFAULT_STACK_PERMS;
1034
1035 {
1036 /* Scan the program header table, collecting its load commands. */
1037 struct loadcmd loadcmds[l->l_phnum];
1038 size_t nloadcmds = 0;
1039 bool has_holes = false;
1040
1041 /* The struct is initialized to zero so this is not necessary:
1042 l->l_ld = 0;
1043 l->l_phdr = 0;
1044 l->l_addr = 0; */
1045 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1046 switch (ph->p_type)
1047 {
1048 /* These entries tell us where to find things once the file's
1049 segments are mapped in. We record the addresses it says
1050 verbatim, and later correct for the run-time load address. */
1051 case PT_DYNAMIC:
1052 l->l_ld = (void *) ph->p_vaddr;
1053 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1054 break;
1055
1056 case PT_PHDR:
1057 l->l_phdr = (void *) ph->p_vaddr;
1058 break;
1059
1060 case PT_LOAD:
1061 /* A load command tells us to map in part of the file.
1062 We record the load commands and process them all later. */
1063 if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0))
1064 {
1065 errstring = N_("ELF load command alignment not page-aligned");
1066 goto call_lose;
1067 }
1068 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1069 & (ph->p_align - 1)) != 0))
1070 {
1071 errstring
1072 = N_("ELF load command address/offset not properly aligned");
1073 goto call_lose;
1074 }
1075
1076 struct loadcmd *c = &loadcmds[nloadcmds++];
1077 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1078 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1079 c->dataend = ph->p_vaddr + ph->p_filesz;
1080 c->allocend = ph->p_vaddr + ph->p_memsz;
1081 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1082
1083 /* Determine whether there is a gap between the last segment
1084 and this one. */
1085 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1086 has_holes = true;
1087
1088 /* Optimize a common case. */
1089#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1090 c->prot = (PF_TO_PROT
1091 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1092#else
1093 c->prot = 0;
1094 if (ph->p_flags & PF_R)
1095 c->prot |= PROT_READ;
1096 if (ph->p_flags & PF_W)
1097 c->prot |= PROT_WRITE;
1098 if (ph->p_flags & PF_X)
1099 c->prot |= PROT_EXEC;
1100#endif
1101 break;
1102
1103 case PT_TLS:
1104 if (ph->p_memsz == 0)
1105 /* Nothing to do for an empty segment. */
1106 break;
1107
1108 l->l_tls_blocksize = ph->p_memsz;
1109 l->l_tls_align = ph->p_align;
1110 if (ph->p_align == 0)
1111 l->l_tls_firstbyte_offset = 0;
1112 else
1113 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1114 l->l_tls_initimage_size = ph->p_filesz;
1115 /* Since we don't know the load address yet only store the
1116 offset. We will adjust it later. */
1117 l->l_tls_initimage = (void *) ph->p_vaddr;
1118
1119 /* If not loading the initial set of shared libraries,
1120 check whether we should permit loading a TLS segment. */
1121 if (__glibc_likely (l->l_type == lt_library)
1122 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1123 not set up TLS data structures, so don't use them now. */
1124 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))
1125 {
1126 /* Assign the next available module ID. */
1127 l->l_tls_modid = _dl_next_tls_modid ();
1128 break;
1129 }
1130
1131#ifdef SHARED
1132 /* We are loading the executable itself when the dynamic
1133 linker was executed directly. The setup will happen
1134 later. Otherwise, the TLS data structures are already
1135 initialized, and we assigned a TLS modid above. */
1136 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
1137#else
1138 assert (false && "TLS not initialized in static application");
1139#endif
1140 break;
1141
1142 case PT_GNU_STACK:
1143 stack_flags = ph->p_flags;
1144 break;
1145
1146 case PT_GNU_RELRO:
1147 l->l_relro_addr = ph->p_vaddr;
1148 l->l_relro_size = ph->p_memsz;
1149 break;
1150 }
1151
1152 if (__glibc_unlikely (nloadcmds == 0))
1153 {
1154 /* This only happens for a bogus object that will be caught with
1155 another error below. But we don't want to go through the
1156 calculations below using NLOADCMDS - 1. */
1157 errstring = N_("object file has no loadable segments");
1158 goto call_lose;
1159 }
1160
1161 if (__glibc_unlikely (type != ET_DYN)
1162 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1163 {
1164 /* This object is loaded at a fixed address. This must never
1165 happen for objects loaded with dlopen. */
1166 errstring = N_("cannot dynamically load executable");
1167 goto call_lose;
1168 }
1169
1170 /* Length of the sections to be loaded. */
1171 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1172
1173 /* Now process the load commands and map segments into memory.
1174 This is responsible for filling in:
1175 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1176 */
1177 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1178 maplength, has_holes, loader);
1179 if (__glibc_unlikely (errstring != NULL))
1180 goto call_lose;
1181 }
1182
1183 if (l->l_ld == 0)
1184 {
1185 if (__glibc_unlikely (type == ET_DYN))
1186 {
1187 errstring = N_("object file has no dynamic section");
1188 goto call_lose;
1189 }
1190 }
1191 else
1192 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1193
1194 elf_get_dynamic_info (l, NULL);
1195
1196 /* Make sure we are not dlopen'ing an object that has the
1197 DF_1_NOOPEN flag set. */
1198 if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1199 && (mode & __RTLD_DLOPEN))
1200 {
1201 /* We are not supposed to load this object. Free all resources. */
1202 _dl_unmap_segments (l);
1203
1204 if (!l->l_libname->dont_free)
1205 free (l->l_libname);
1206
1207 if (l->l_phdr_allocated)
1208 free ((void *) l->l_phdr);
1209
1210 errstring = N_("shared object cannot be dlopen()ed");
1211 goto call_lose;
1212 }
1213
1214 if (l->l_phdr == NULL)
1215 {
1216 /* The program header is not contained in any of the segments.
1217 We have to allocate memory ourself and copy it over from out
1218 temporary place. */
1219 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1220 * sizeof (ElfW(Phdr)));
1221 if (newp == NULL)
1222 {
1223 errstring = N_("cannot allocate memory for program header");
1224 goto call_lose_errno;
1225 }
1226
1227 l->l_phdr = memcpy (newp, phdr,
1228 (header->e_phnum * sizeof (ElfW(Phdr))));
1229 l->l_phdr_allocated = 1;
1230 }
1231 else
1232 /* Adjust the PT_PHDR value by the runtime load address. */
1233 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1234
1235 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1236 {
1237 if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso) != 0))
1238 {
1239 errstring = N_("invalid caller");
1240 goto call_lose;
1241 }
1242
1243 /* The stack is presently not executable, but this module
1244 requires that it be executable. We must change the
1245 protection of the variable which contains the flags used in
1246 the mprotect calls. */
1247#ifdef SHARED
1248 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1249 {
1250 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1251 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1252
1253 struct link_map *const m = &GL(dl_rtld_map);
1254 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1255 + m->l_relro_size)
1256 & -GLRO(dl_pagesize));
1257 if (__glibc_likely (p + s <= relro_end))
1258 {
1259 /* The variable lies in the region protected by RELRO. */
1260 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1261 {
1262 errstring = N_("cannot change memory protections");
1263 goto call_lose_errno;
1264 }
1265 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1266 __mprotect ((void *) p, s, PROT_READ);
1267 }
1268 else
1269 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1270 }
1271 else
1272#endif
1273 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1274
1275#ifdef check_consistency
1276 check_consistency ();
1277#endif
1278
1279 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1280 if (errval)
1281 {
1282 errstring = N_("\
1283cannot enable executable stack as shared object requires");
1284 goto call_lose;
1285 }
1286 }
1287
1288 /* Adjust the address of the TLS initialization image. */
1289 if (l->l_tls_initimage != NULL)
1290 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1291
1292 /* We are done mapping in the file. We no longer need the descriptor. */
1293 if (__glibc_unlikely (__close (fd) != 0))
1294 {
1295 errstring = N_("cannot close file descriptor");
1296 goto call_lose_errno;
1297 }
1298 /* Signal that we closed the file. */
1299 fd = -1;
1300
1301 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1302 assert (type != ET_EXEC || l->l_type == lt_executable);
1303
1304 l->l_entry += l->l_addr;
1305
1306 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1307 _dl_debug_printf ("\
1308 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1309 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1310 (int) sizeof (void *) * 2,
1311 (unsigned long int) l->l_ld,
1312 (int) sizeof (void *) * 2,
1313 (unsigned long int) l->l_addr,
1314 (int) sizeof (void *) * 2, maplength,
1315 (int) sizeof (void *) * 2,
1316 (unsigned long int) l->l_entry,
1317 (int) sizeof (void *) * 2,
1318 (unsigned long int) l->l_phdr,
1319 (int) sizeof (void *) * 2, l->l_phnum);
1320
1321 /* Set up the symbol hash table. */
1322 _dl_setup_hash (l);
1323
1324 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1325 have to do this for the main map. */
1326 if ((mode & RTLD_DEEPBIND) == 0
1327 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1328 && &l->l_searchlist != l->l_scope[0])
1329 {
1330 /* Create an appropriate searchlist. It contains only this map.
1331 This is the definition of DT_SYMBOLIC in SysVr4. */
1332 l->l_symbolic_searchlist.r_list[0] = l;
1333 l->l_symbolic_searchlist.r_nlist = 1;
1334
1335 /* Now move the existing entries one back. */
1336 memmove (&l->l_scope[1], &l->l_scope[0],
1337 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1338
1339 /* Now add the new entry. */
1340 l->l_scope[0] = &l->l_symbolic_searchlist;
1341 }
1342
1343 /* Remember whether this object must be initialized first. */
1344 if (l->l_flags_1 & DF_1_INITFIRST)
1345 GL(dl_initfirst) = l;
1346
1347 /* Finally the file information. */
1348 l->l_file_id = id;
1349
1350#ifdef SHARED
1351 /* When auditing is used the recorded names might not include the
1352 name by which the DSO is actually known. Add that as well. */
1353 if (__glibc_unlikely (origname != NULL))
1354 add_name_to_object (l, origname);
1355#else
1356 /* Audit modules only exist when linking is dynamic so ORIGNAME
1357 cannot be non-NULL. */
1358 assert (origname == NULL);
1359#endif
1360
1361 /* When we profile the SONAME might be needed for something else but
1362 loading. Add it right away. */
1363 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1364 && l->l_info[DT_SONAME] != NULL)
1365 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1366 + l->l_info[DT_SONAME]->d_un.d_val));
1367
1368#ifdef DL_AFTER_LOAD
1369 DL_AFTER_LOAD (l);
1370#endif
1371
1372 /* Now that the object is fully initialized add it to the object list. */
1373 _dl_add_to_namespace_list (l, nsid);
1374
1375#ifdef SHARED
1376 /* Auditing checkpoint: we have a new object. */
1377 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1378 && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1379 {
1380 struct audit_ifaces *afct = GLRO(dl_audit);
1381 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1382 {
1383 if (afct->objopen != NULL)
1384 {
1385 l->l_audit[cnt].bindflags
1386 = afct->objopen (l, nsid, &l->l_audit[cnt].cookie);
1387
1388 l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0;
1389 }
1390
1391 afct = afct->next;
1392 }
1393 }
1394#endif
1395
1396 return l;
1397}
1398
1399/* Print search path. */
1400static void
1401print_search_path (struct r_search_path_elem **list,
1402 const char *what, const char *name)
1403{
1404 char buf[max_dirnamelen + max_capstrlen];
1405 int first = 1;
1406
1407 _dl_debug_printf (" search path=");
1408
1409 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1410 {
1411 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1412 size_t cnt;
1413
1414 for (cnt = 0; cnt < ncapstr; ++cnt)
1415 if ((*list)->status[cnt] != nonexisting)
1416 {
1417 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1418 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1419 cp[0] = '\0';
1420 else
1421 cp[-1] = '\0';
1422
1423 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1424 first = 0;
1425 }
1426
1427 ++list;
1428 }
1429
1430 if (name != NULL)
1431 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1432 DSO_FILENAME (name));
1433 else
1434 _dl_debug_printf_c ("\t\t(%s)\n", what);
1435}
1436
1437/* Open a file and verify it is an ELF file for this architecture. We
1438 ignore only ELF files for other architectures. Non-ELF files and
1439 ELF files with different header information cause fatal errors since
1440 this could mean there is something wrong in the installation and the
1441 user might want to know about this.
1442
1443 If FD is not -1, then the file is already open and FD refers to it.
1444 In that case, FD is consumed for both successful and error returns. */
1445static int
1446open_verify (const char *name, int fd,
1447 struct filebuf *fbp, struct link_map *loader,
1448 int whatcode, int mode, bool *found_other_class, bool free_name)
1449{
1450 /* This is the expected ELF header. */
1451#define ELF32_CLASS ELFCLASS32
1452#define ELF64_CLASS ELFCLASS64
1453#ifndef VALID_ELF_HEADER
1454# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1455# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1456# define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1457#elif defined MORE_ELF_HEADER_DATA
1458 MORE_ELF_HEADER_DATA;
1459#endif
1460 static const unsigned char expected[EI_NIDENT] =
1461 {
1462 [EI_MAG0] = ELFMAG0,
1463 [EI_MAG1] = ELFMAG1,
1464 [EI_MAG2] = ELFMAG2,
1465 [EI_MAG3] = ELFMAG3,
1466 [EI_CLASS] = ELFW(CLASS),
1467 [EI_DATA] = byteorder,
1468 [EI_VERSION] = EV_CURRENT,
1469 [EI_OSABI] = ELFOSABI_SYSV,
1470 [EI_ABIVERSION] = 0
1471 };
1472 static const struct
1473 {
1474 ElfW(Word) vendorlen;
1475 ElfW(Word) datalen;
1476 ElfW(Word) type;
1477 char vendor[4];
1478 } expected_note = { 4, 16, 1, "GNU" };
1479 /* Initialize it to make the compiler happy. */
1480 const char *errstring = NULL;
1481 int errval = 0;
1482
1483#ifdef SHARED
1484 /* Give the auditing libraries a chance. */
1485 if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0
1486 && loader->l_auditing == 0)
1487 {
1488 const char *original_name = name;
1489 struct audit_ifaces *afct = GLRO(dl_audit);
1490 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1491 {
1492 if (afct->objsearch != NULL)
1493 {
1494 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1495 whatcode);
1496 if (name == NULL)
1497 /* Ignore the path. */
1498 return -1;
1499 }
1500
1501 afct = afct->next;
1502 }
1503
1504 if (fd != -1 && name != original_name && strcmp (name, original_name))
1505 {
1506 /* An audit library changed what we're supposed to open,
1507 so FD no longer matches it. */
1508 __close (fd);
1509 fd = -1;
1510 }
1511 }
1512#endif
1513
1514 if (fd == -1)
1515 /* Open the file. We always open files read-only. */
1516 fd = __open (name, O_RDONLY | O_CLOEXEC);
1517
1518 if (fd != -1)
1519 {
1520 ElfW(Ehdr) *ehdr;
1521 ElfW(Phdr) *phdr, *ph;
1522 ElfW(Word) *abi_note;
1523 ElfW(Word) *abi_note_malloced = NULL;
1524 unsigned int osversion;
1525 size_t maplength;
1526
1527 /* We successfully opened the file. Now verify it is a file
1528 we can use. */
1529 __set_errno (0);
1530 fbp->len = 0;
1531 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1532 /* Read in the header. */
1533 do
1534 {
1535 ssize_t retlen = __libc_read (fd, fbp->buf + fbp->len,
1536 sizeof (fbp->buf) - fbp->len);
1537 if (retlen <= 0)
1538 break;
1539 fbp->len += retlen;
1540 }
1541 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1542
1543 /* This is where the ELF header is loaded. */
1544 ehdr = (ElfW(Ehdr) *) fbp->buf;
1545
1546 /* Now run the tests. */
1547 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1548 {
1549 errval = errno;
1550 errstring = (errval == 0
1551 ? N_("file too short") : N_("cannot read file data"));
1552 call_lose:
1553 if (free_name)
1554 {
1555 char *realname = (char *) name;
1556 name = strdupa (realname);
1557 free (realname);
1558 }
1559 lose (errval, fd, name, NULL, NULL, errstring, NULL, 0);
1560 }
1561
1562 /* See whether the ELF header is what we expect. */
1563 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1564 EI_ABIVERSION)
1565 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1566 ehdr->e_ident[EI_ABIVERSION])
1567 || memcmp (&ehdr->e_ident[EI_PAD],
1568 &expected[EI_PAD],
1569 EI_NIDENT - EI_PAD) != 0))
1570 {
1571 /* Something is wrong. */
1572 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1573 if (*magp !=
1574#if BYTE_ORDER == LITTLE_ENDIAN
1575 ((ELFMAG0 << (EI_MAG0 * 8)) |
1576 (ELFMAG1 << (EI_MAG1 * 8)) |
1577 (ELFMAG2 << (EI_MAG2 * 8)) |
1578 (ELFMAG3 << (EI_MAG3 * 8)))
1579#else
1580 ((ELFMAG0 << (EI_MAG3 * 8)) |
1581 (ELFMAG1 << (EI_MAG2 * 8)) |
1582 (ELFMAG2 << (EI_MAG1 * 8)) |
1583 (ELFMAG3 << (EI_MAG0 * 8)))
1584#endif
1585 )
1586 errstring = N_("invalid ELF header");
1587 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1588 {
1589 /* This is not a fatal error. On architectures where
1590 32-bit and 64-bit binaries can be run this might
1591 happen. */
1592 *found_other_class = true;
1593 goto close_and_out;
1594 }
1595 else if (ehdr->e_ident[EI_DATA] != byteorder)
1596 {
1597 if (BYTE_ORDER == BIG_ENDIAN)
1598 errstring = N_("ELF file data encoding not big-endian");
1599 else
1600 errstring = N_("ELF file data encoding not little-endian");
1601 }
1602 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1603 errstring
1604 = N_("ELF file version ident does not match current one");
1605 /* XXX We should be able so set system specific versions which are
1606 allowed here. */
1607 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1608 errstring = N_("ELF file OS ABI invalid");
1609 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1610 ehdr->e_ident[EI_ABIVERSION]))
1611 errstring = N_("ELF file ABI version invalid");
1612 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1613 EI_NIDENT - EI_PAD) != 0)
1614 errstring = N_("nonzero padding in e_ident");
1615 else
1616 /* Otherwise we don't know what went wrong. */
1617 errstring = N_("internal error");
1618
1619 goto call_lose;
1620 }
1621
1622 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1623 {
1624 errstring = N_("ELF file version does not match current one");
1625 goto call_lose;
1626 }
1627 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1628 goto close_and_out;
1629 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1630 && ehdr->e_type != ET_EXEC))
1631 {
1632 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1633 goto call_lose;
1634 }
1635 else if (__glibc_unlikely (ehdr->e_type == ET_EXEC
1636 && (mode & __RTLD_OPENEXEC) == 0))
1637 {
1638 /* BZ #16634. It is an error to dlopen ET_EXEC (unless
1639 __RTLD_OPENEXEC is explicitly set). We return error here
1640 so that code in _dl_map_object_from_fd does not try to set
1641 l_tls_modid for this module. */
1642
1643 errstring = N_("cannot dynamically load executable");
1644 goto call_lose;
1645 }
1646 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1647 {
1648 errstring = N_("ELF file's phentsize not the expected size");
1649 goto call_lose;
1650 }
1651
1652 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1653 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1654 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1655 else
1656 {
1657 phdr = alloca (maplength);
1658 __lseek (fd, ehdr->e_phoff, SEEK_SET);
1659 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1660 {
1661 read_error:
1662 errval = errno;
1663 errstring = N_("cannot read file data");
1664 goto call_lose;
1665 }
1666 }
1667
1668 if (__glibc_unlikely (elf_machine_reject_phdr_p
1669 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1670 loader, fd)))
1671 goto close_and_out;
1672
1673 /* Check .note.ABI-tag if present. */
1674 for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
1675 if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
1676 {
1677 ElfW(Addr) size = ph->p_filesz;
1678
1679 if (ph->p_offset + size <= (size_t) fbp->len)
1680 abi_note = (void *) (fbp->buf + ph->p_offset);
1681 else
1682 {
1683 /* Note: __libc_use_alloca is not usable here, because
1684 thread info may not have been set up yet. */
1685 if (size < __MAX_ALLOCA_CUTOFF)
1686 abi_note = alloca (size);
1687 else
1688 {
1689 /* There could be multiple PT_NOTEs. */
1690 abi_note_malloced = realloc (abi_note_malloced, size);
1691 if (abi_note_malloced == NULL)
1692 goto read_error;
1693
1694 abi_note = abi_note_malloced;
1695 }
1696 __lseek (fd, ph->p_offset, SEEK_SET);
1697 if (__libc_read (fd, (void *) abi_note, size) != size)
1698 {
1699 free (abi_note_malloced);
1700 goto read_error;
1701 }
1702 }
1703
1704 while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
1705 {
1706#define ROUND(len) (((len) + sizeof (ElfW(Word)) - 1) & -sizeof (ElfW(Word)))
1707 ElfW(Addr) note_size = 3 * sizeof (ElfW(Word))
1708 + ROUND (abi_note[0])
1709 + ROUND (abi_note[1]);
1710
1711 if (size - 32 < note_size)
1712 {
1713 size = 0;
1714 break;
1715 }
1716 size -= note_size;
1717 abi_note = (void *) abi_note + note_size;
1718 }
1719
1720 if (size == 0)
1721 continue;
1722
1723 osversion = (abi_note[5] & 0xff) * 65536
1724 + (abi_note[6] & 0xff) * 256
1725 + (abi_note[7] & 0xff);
1726 if (abi_note[4] != __ABI_TAG_OS
1727 || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
1728 {
1729 close_and_out:
1730 __close (fd);
1731 __set_errno (ENOENT);
1732 fd = -1;
1733 }
1734
1735 break;
1736 }
1737 free (abi_note_malloced);
1738 }
1739
1740 return fd;
1741}
1742
1743/* Try to open NAME in one of the directories in *DIRSP.
1744 Return the fd, or -1. If successful, fill in *REALNAME
1745 with the malloc'd full directory name. If it turns out
1746 that none of the directories in *DIRSP exists, *DIRSP is
1747 replaced with (void *) -1, and the old value is free()d
1748 if MAY_FREE_DIRS is true. */
1749
1750static int
1751open_path (const char *name, size_t namelen, int mode,
1752 struct r_search_path_struct *sps, char **realname,
1753 struct filebuf *fbp, struct link_map *loader, int whatcode,
1754 bool *found_other_class)
1755{
1756 struct r_search_path_elem **dirs = sps->dirs;
1757 char *buf;
1758 int fd = -1;
1759 const char *current_what = NULL;
1760 int any = 0;
1761
1762 if (__glibc_unlikely (dirs == NULL))
1763 /* We're called before _dl_init_paths when loading the main executable
1764 given on the command line when rtld is run directly. */
1765 return -1;
1766
1767 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1768 do
1769 {
1770 struct r_search_path_elem *this_dir = *dirs;
1771 size_t buflen = 0;
1772 size_t cnt;
1773 char *edp;
1774 int here_any = 0;
1775 int err;
1776
1777 /* If we are debugging the search for libraries print the path
1778 now if it hasn't happened now. */
1779 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1780 && current_what != this_dir->what)
1781 {
1782 current_what = this_dir->what;
1783 print_search_path (dirs, current_what, this_dir->where);
1784 }
1785
1786 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1787 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1788 {
1789 /* Skip this directory if we know it does not exist. */
1790 if (this_dir->status[cnt] == nonexisting)
1791 continue;
1792
1793 buflen =
1794 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1795 capstr[cnt].len),
1796 name, namelen)
1797 - buf);
1798
1799 /* Print name we try if this is wanted. */
1800 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1801 _dl_debug_printf (" trying file=%s\n", buf);
1802
1803 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1804 found_other_class, false);
1805 if (this_dir->status[cnt] == unknown)
1806 {
1807 if (fd != -1)
1808 this_dir->status[cnt] = existing;
1809 /* Do not update the directory information when loading
1810 auditing code. We must try to disturb the program as
1811 little as possible. */
1812 else if (loader == NULL
1813 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1814 {
1815 /* We failed to open machine dependent library. Let's
1816 test whether there is any directory at all. */
1817 struct stat64 st;
1818
1819 buf[buflen - namelen - 1] = '\0';
1820
1821 if (__xstat64 (_STAT_VER, buf, &st) != 0
1822 || ! S_ISDIR (st.st_mode))
1823 /* The directory does not exist or it is no directory. */
1824 this_dir->status[cnt] = nonexisting;
1825 else
1826 this_dir->status[cnt] = existing;
1827 }
1828 }
1829
1830 /* Remember whether we found any existing directory. */
1831 here_any |= this_dir->status[cnt] != nonexisting;
1832
1833 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1834 && __libc_enable_secure)
1835 {
1836 /* This is an extra security effort to make sure nobody can
1837 preload broken shared objects which are in the trusted
1838 directories and so exploit the bugs. */
1839 struct stat64 st;
1840
1841 if (__fxstat64 (_STAT_VER, fd, &st) != 0
1842 || (st.st_mode & S_ISUID) == 0)
1843 {
1844 /* The shared object cannot be tested for being SUID
1845 or this bit is not set. In this case we must not
1846 use this object. */
1847 __close (fd);
1848 fd = -1;
1849 /* We simply ignore the file, signal this by setting
1850 the error value which would have been set by `open'. */
1851 errno = ENOENT;
1852 }
1853 }
1854 }
1855
1856 if (fd != -1)
1857 {
1858 *realname = (char *) malloc (buflen);
1859 if (*realname != NULL)
1860 {
1861 memcpy (*realname, buf, buflen);
1862 return fd;
1863 }
1864 else
1865 {
1866 /* No memory for the name, we certainly won't be able
1867 to load and link it. */
1868 __close (fd);
1869 return -1;
1870 }
1871 }
1872 if (here_any && (err = errno) != ENOENT && err != EACCES)
1873 /* The file exists and is readable, but something went wrong. */
1874 return -1;
1875
1876 /* Remember whether we found anything. */
1877 any |= here_any;
1878 }
1879 while (*++dirs != NULL);
1880
1881 /* Remove the whole path if none of the directories exists. */
1882 if (__glibc_unlikely (! any))
1883 {
1884 /* Paths which were allocated using the minimal malloc() in ld.so
1885 must not be freed using the general free() in libc. */
1886 if (sps->malloced)
1887 free (sps->dirs);
1888
1889 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1890 avoid writing into it. */
1891 if (sps != &rtld_search_dirs && sps != &env_path_list)
1892 sps->dirs = (void *) -1;
1893 }
1894
1895 return -1;
1896}
1897
1898/* Map in the shared object file NAME. */
1899
1900struct link_map *
1901internal_function
1902_dl_map_object (struct link_map *loader, const char *name,
1903 int type, int trace_mode, int mode, Lmid_t nsid)
1904{
1905 int fd;
1906 const char *origname = NULL;
1907 char *realname;
1908 char *name_copy;
1909 struct link_map *l;
1910 struct filebuf fb;
1911
1912 assert (nsid >= 0);
1913 assert (nsid < GL(dl_nns));
1914
1915 /* Look for this name among those already loaded. */
1916 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1917 {
1918 /* If the requested name matches the soname of a loaded object,
1919 use that object. Elide this check for names that have not
1920 yet been opened. */
1921 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1922 continue;
1923 if (!_dl_name_match_p (name, l))
1924 {
1925 const char *soname;
1926
1927 if (__glibc_likely (l->l_soname_added)
1928 || l->l_info[DT_SONAME] == NULL)
1929 continue;
1930
1931 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1932 + l->l_info[DT_SONAME]->d_un.d_val);
1933 if (strcmp (name, soname) != 0)
1934 continue;
1935
1936 /* We have a match on a new name -- cache it. */
1937 add_name_to_object (l, soname);
1938 l->l_soname_added = 1;
1939 }
1940
1941 /* We have a match. */
1942 return l;
1943 }
1944
1945 /* Display information if we are debugging. */
1946 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1947 && loader != NULL)
1948 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1949 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1950 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1951 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
1952
1953#ifdef SHARED
1954 /* Give the auditing libraries a chance to change the name before we
1955 try anything. */
1956 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1957 && (loader == NULL || loader->l_auditing == 0))
1958 {
1959 struct audit_ifaces *afct = GLRO(dl_audit);
1960 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1961 {
1962 if (afct->objsearch != NULL)
1963 {
1964 const char *before = name;
1965 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1966 LA_SER_ORIG);
1967 if (name == NULL)
1968 {
1969 /* Do not try anything further. */
1970 fd = -1;
1971 goto no_file;
1972 }
1973 if (before != name && strcmp (before, name) != 0)
1974 {
1975 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1976 _dl_debug_printf ("audit changed filename %s -> %s\n",
1977 before, name);
1978
1979 if (origname == NULL)
1980 origname = before;
1981 }
1982 }
1983
1984 afct = afct->next;
1985 }
1986 }
1987#endif
1988
1989 /* Will be true if we found a DSO which is of the other ELF class. */
1990 bool found_other_class = false;
1991
1992 if (strchr (name, '/') == NULL)
1993 {
1994 /* Search for NAME in several places. */
1995
1996 size_t namelen = strlen (name) + 1;
1997
1998 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1999 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
2000
2001 fd = -1;
2002
2003 /* When the object has the RUNPATH information we don't use any
2004 RPATHs. */
2005 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
2006 {
2007 /* This is the executable's map (if there is one). Make sure that
2008 we do not look at it twice. */
2009 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2010 bool did_main_map = false;
2011
2012 /* First try the DT_RPATH of the dependent object that caused NAME
2013 to be loaded. Then that object's dependent, and on up. */
2014 for (l = loader; l; l = l->l_loader)
2015 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2016 {
2017 fd = open_path (name, namelen, mode,
2018 &l->l_rpath_dirs,
2019 &realname, &fb, loader, LA_SER_RUNPATH,
2020 &found_other_class);
2021 if (fd != -1)
2022 break;
2023
2024 did_main_map |= l == main_map;
2025 }
2026
2027 /* If dynamically linked, try the DT_RPATH of the executable
2028 itself. NB: we do this for lookups in any namespace. */
2029 if (fd == -1 && !did_main_map
2030 && main_map != NULL && main_map->l_type != lt_loaded
2031 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2032 "RPATH"))
2033 fd = open_path (name, namelen, mode,
2034 &main_map->l_rpath_dirs,
2035 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2036 &found_other_class);
2037 }
2038
2039 /* Try the LD_LIBRARY_PATH environment variable. */
2040 if (fd == -1 && env_path_list.dirs != (void *) -1)
2041 fd = open_path (name, namelen, mode, &env_path_list,
2042 &realname, &fb,
2043 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2044 LA_SER_LIBPATH, &found_other_class);
2045
2046 /* Look at the RUNPATH information for this binary. */
2047 if (fd == -1 && loader != NULL
2048 && cache_rpath (loader, &loader->l_runpath_dirs,
2049 DT_RUNPATH, "RUNPATH"))
2050 fd = open_path (name, namelen, mode,
2051 &loader->l_runpath_dirs, &realname, &fb, loader,
2052 LA_SER_RUNPATH, &found_other_class);
2053
2054 if (fd == -1)
2055 {
2056 realname = _dl_sysdep_open_object (name, namelen, &fd);
2057 if (realname != NULL)
2058 {
2059 fd = open_verify (realname, fd,
2060 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2061 LA_SER_CONFIG, mode, &found_other_class,
2062 false);
2063 if (fd == -1)
2064 free (realname);
2065 }
2066 }
2067
2068#ifdef USE_LDCONFIG
2069 if (fd == -1
2070 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2071 || ! __libc_enable_secure)
2072 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2073 {
2074 /* Check the list of libraries in the file /etc/ld.so.cache,
2075 for compatibility with Linux's ldconfig program. */
2076 char *cached = _dl_load_cache_lookup (name);
2077
2078 if (cached != NULL)
2079 {
2080 // XXX Correct to unconditionally default to namespace 0?
2081 l = (loader
2082 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2083# ifdef SHARED
2084 ?: &GL(dl_rtld_map)
2085# endif
2086 );
2087
2088 /* If the loader has the DF_1_NODEFLIB flag set we must not
2089 use a cache entry from any of these directories. */
2090 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2091 {
2092 const char *dirp = system_dirs;
2093 unsigned int cnt = 0;
2094
2095 do
2096 {
2097 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2098 {
2099 /* The prefix matches. Don't use the entry. */
2100 free (cached);
2101 cached = NULL;
2102 break;
2103 }
2104
2105 dirp += system_dirs_len[cnt] + 1;
2106 ++cnt;
2107 }
2108 while (cnt < nsystem_dirs_len);
2109 }
2110
2111 if (cached != NULL)
2112 {
2113 fd = open_verify (cached, -1,
2114 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2115 LA_SER_CONFIG, mode, &found_other_class,
2116 false);
2117 if (__glibc_likely (fd != -1))
2118 realname = cached;
2119 else
2120 free (cached);
2121 }
2122 }
2123 }
2124#endif
2125
2126 /* Finally, try the default path. */
2127 if (fd == -1
2128 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2129 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2130 && rtld_search_dirs.dirs != (void *) -1)
2131 fd = open_path (name, namelen, mode, &rtld_search_dirs,
2132 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2133
2134 /* Add another newline when we are tracing the library loading. */
2135 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2136 _dl_debug_printf ("\n");
2137 }
2138 else
2139 {
2140 /* The path may contain dynamic string tokens. */
2141 realname = (loader
2142 ? expand_dynamic_string_token (loader, name, 0)
2143 : __strdup (name));
2144 if (realname == NULL)
2145 fd = -1;
2146 else
2147 {
2148 fd = open_verify (realname, -1, &fb,
2149 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2150 &found_other_class, true);
2151 if (__glibc_unlikely (fd == -1))
2152 free (realname);
2153 }
2154 }
2155
2156#ifdef SHARED
2157 no_file:
2158#endif
2159 /* In case the LOADER information has only been provided to get to
2160 the appropriate RUNPATH/RPATH information we do not need it
2161 anymore. */
2162 if (mode & __RTLD_CALLMAP)
2163 loader = NULL;
2164
2165 if (__glibc_unlikely (fd == -1))
2166 {
2167 if (trace_mode
2168 && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0))
2169 {
2170 /* We haven't found an appropriate library. But since we
2171 are only interested in the list of libraries this isn't
2172 so severe. Fake an entry with all the information we
2173 have. */
2174 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2175
2176 /* Allocate a new object map. */
2177 if ((name_copy = __strdup (name)) == NULL
2178 || (l = _dl_new_object (name_copy, name, type, loader,
2179 mode, nsid)) == NULL)
2180 {
2181 free (name_copy);
2182 _dl_signal_error (ENOMEM, name, NULL,
2183 N_("cannot create shared object descriptor"));
2184 }
2185 /* Signal that this is a faked entry. */
2186 l->l_faked = 1;
2187 /* Since the descriptor is initialized with zero we do not
2188 have do this here.
2189 l->l_reserved = 0; */
2190 l->l_buckets = &dummy_bucket;
2191 l->l_nbuckets = 1;
2192 l->l_relocated = 1;
2193
2194 /* Enter the object in the object list. */
2195 _dl_add_to_namespace_list (l, nsid);
2196
2197 return l;
2198 }
2199 else if (found_other_class)
2200 _dl_signal_error (0, name, NULL,
2201 ELFW(CLASS) == ELFCLASS32
2202 ? N_("wrong ELF class: ELFCLASS64")
2203 : N_("wrong ELF class: ELFCLASS32"));
2204 else
2205 _dl_signal_error (errno, name, NULL,
2206 N_("cannot open shared object file"));
2207 }
2208
2209 void *stack_end = __libc_stack_end;
2210 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2211 type, mode, &stack_end, nsid);
2212}
2213
2214struct add_path_state
2215{
2216 bool counting;
2217 unsigned int idx;
2218 Dl_serinfo *si;
2219 char *allocptr;
2220};
2221
2222static void
2223add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2224 unsigned int flags)
2225{
2226 if (sps->dirs != (void *) -1)
2227 {
2228 struct r_search_path_elem **dirs = sps->dirs;
2229 do
2230 {
2231 const struct r_search_path_elem *const r = *dirs++;
2232 if (p->counting)
2233 {
2234 p->si->dls_cnt++;
2235 p->si->dls_size += MAX (2, r->dirnamelen);
2236 }
2237 else
2238 {
2239 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2240 sp->dls_name = p->allocptr;
2241 if (r->dirnamelen < 2)
2242 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2243 else
2244 p->allocptr = __mempcpy (p->allocptr,
2245 r->dirname, r->dirnamelen - 1);
2246 *p->allocptr++ = '\0';
2247 sp->dls_flags = flags;
2248 }
2249 }
2250 while (*dirs != NULL);
2251 }
2252}
2253
2254void
2255internal_function
2256_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2257{
2258 if (counting)
2259 {
2260 si->dls_cnt = 0;
2261 si->dls_size = 0;
2262 }
2263
2264 struct add_path_state p =
2265 {
2266 .counting = counting,
2267 .idx = 0,
2268 .si = si,
2269 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2270 };
2271
2272# define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2273
2274 /* When the object has the RUNPATH information we don't use any RPATHs. */
2275 if (loader->l_info[DT_RUNPATH] == NULL)
2276 {
2277 /* First try the DT_RPATH of the dependent object that caused NAME
2278 to be loaded. Then that object's dependent, and on up. */
2279
2280 struct link_map *l = loader;
2281 do
2282 {
2283 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2284 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2285 l = l->l_loader;
2286 }
2287 while (l != NULL);
2288
2289 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2290 if (loader->l_ns == LM_ID_BASE)
2291 {
2292 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2293 if (l != NULL && l->l_type != lt_loaded && l != loader)
2294 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2295 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2296 }
2297 }
2298
2299 /* Try the LD_LIBRARY_PATH environment variable. */
2300 add_path (&p, &env_path_list, XXX_ENV);
2301
2302 /* Look at the RUNPATH information for this binary. */
2303 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2304 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2305
2306 /* XXX
2307 Here is where ld.so.cache gets checked, but we don't have
2308 a way to indicate that in the results for Dl_serinfo. */
2309
2310 /* Finally, try the default path. */
2311 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2312 add_path (&p, &rtld_search_dirs, XXX_default);
2313
2314 if (counting)
2315 /* Count the struct size before the string area, which we didn't
2316 know before we completed dls_cnt. */
2317 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2318}
2319