]>
Commit | Line | Data |
---|---|---|
0a54e401 | 1 | /* Map in a shared object's segments from the file. |
d614a753 | 2 | Copyright (C) 1995-2020 Free Software Foundation, Inc. |
afd4eb37 | 3 | This file is part of the GNU C Library. |
d66e34cd | 4 | |
afd4eb37 | 5 | The GNU C Library is free software; you can redistribute it and/or |
41bdb6e2 AJ |
6 | modify it under the terms of the GNU Lesser General Public |
7 | License as published by the Free Software Foundation; either | |
8 | version 2.1 of the License, or (at your option) any later version. | |
d66e34cd | 9 | |
afd4eb37 UD |
10 | The GNU C Library is distributed in the hope that it will be useful, |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 13 | Lesser General Public License for more details. |
d66e34cd | 14 | |
41bdb6e2 | 15 | You should have received a copy of the GNU Lesser General Public |
59ba27a6 | 16 | License along with the GNU C Library; if not, see |
5a82c748 | 17 | <https://www.gnu.org/licenses/>. */ |
d66e34cd | 18 | |
14e9dd67 | 19 | #include <elf.h> |
0a54e401 UD |
20 | #include <errno.h> |
21 | #include <fcntl.h> | |
8e17ea58 | 22 | #include <libintl.h> |
379d4ec4 | 23 | #include <stdbool.h> |
0a54e401 | 24 | #include <stdlib.h> |
d66e34cd | 25 | #include <string.h> |
d66e34cd | 26 | #include <unistd.h> |
a42195db | 27 | #include <ldsodefs.h> |
ca97fb53 | 28 | #include <bits/wordsize.h> |
0a54e401 | 29 | #include <sys/mman.h> |
f8f7e090 | 30 | #include <sys/param.h> |
0a54e401 UD |
31 | #include <sys/stat.h> |
32 | #include <sys/types.h> | |
ec935dea | 33 | #include <gnu/lib-names.h> |
f753fa7d L |
34 | |
35 | /* Type for the buffer we put the ELF header and hopefully the program | |
36 | header. This buffer does not really have to be too large. In most | |
37 | cases the program header follows the ELF header directly. If this | |
38 | is not the case all bets are off and we can make the header | |
39 | arbitrarily large and still won't get it read. This means the only | |
40 | question is how large are the ELF and program header combined. The | |
41 | ELF header 32-bit files is 52 bytes long and in 64-bit files is 64 | |
42 | bytes long. Each program header entry is again 32 and 56 bytes | |
43 | long respectively. I.e., even with a file which has 10 program | |
44 | header entries we only have to read 372B/624B respectively. Add to | |
45 | this a bit of margin for program notes and reading 512B and 832B | |
46 | for 32-bit and 64-bit files respecitvely is enough. If this | |
47 | heuristic should really fail for some file the code in | |
48 | `_dl_map_object_from_fd' knows how to recover. */ | |
49 | struct filebuf | |
50 | { | |
51 | ssize_t len; | |
52 | #if __WORDSIZE == 32 | |
53 | # define FILEBUF_SIZE 512 | |
54 | #else | |
55 | # define FILEBUF_SIZE 832 | |
56 | #endif | |
57 | char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr))))); | |
58 | }; | |
59 | ||
d66e34cd | 60 | #include "dynamic-link.h" |
a986484f | 61 | #include <abi-tag.h> |
664e7d93 | 62 | #include <stackinfo.h> |
606832e6 | 63 | #include <sysdep.h> |
815e6fa3 | 64 | #include <stap-probe.h> |
9090848d | 65 | #include <libc-pointer-arith.h> |
8a0b17e4 | 66 | #include <array_length.h> |
d66e34cd | 67 | |
dc5efe83 | 68 | #include <dl-dst.h> |
fcccd512 RM |
69 | #include <dl-load.h> |
70 | #include <dl-map-segments.h> | |
71 | #include <dl-unmap-segments.h> | |
d6f373d2 | 72 | #include <dl-machine-reject-phdr.h> |
c0d6f2a3 | 73 | #include <dl-sysdep-open.h> |
f753fa7d | 74 | #include <dl-prop.h> |
329ea513 | 75 | #include <not-cancel.h> |
9b8a44cd | 76 | |
d66e34cd RM |
77 | #include <endian.h> |
78 | #if BYTE_ORDER == BIG_ENDIAN | |
fcf70d41 | 79 | # define byteorder ELFDATA2MSB |
d66e34cd | 80 | #elif BYTE_ORDER == LITTLE_ENDIAN |
fcf70d41 | 81 | # define byteorder ELFDATA2LSB |
d66e34cd | 82 | #else |
fcf70d41 UD |
83 | # error "Unknown BYTE_ORDER " BYTE_ORDER |
84 | # define byteorder ELFDATANONE | |
d66e34cd RM |
85 | #endif |
86 | ||
14e9dd67 | 87 | #define STRING(x) __STRING (x) |
d66e34cd | 88 | |
dcca3fe2 | 89 | |
664e7d93 | 90 | int __stack_prot attribute_hidden attribute_relro |
44828b9d | 91 | #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN |
ecc1d0c3 | 92 | = PROT_GROWSDOWN; |
44828b9d | 93 | #elif _STACK_GROWS_UP && defined PROT_GROWSUP |
ecc1d0c3 | 94 | = PROT_GROWSUP; |
f8286ce6 RM |
95 | #else |
96 | = 0; | |
664e7d93 UD |
97 | #endif |
98 | ||
dcca3fe2 | 99 | |
7ef90c15 | 100 | /* This is the decomposed LD_LIBRARY_PATH search path. */ |
392a6b52 | 101 | static struct r_search_path_struct env_path_list attribute_relro; |
40a55d20 | 102 | |
12264bd7 | 103 | /* List of the hardware capabilities we might end up using. */ |
392a6b52 UD |
104 | static const struct r_strlenpair *capstr attribute_relro; |
105 | static size_t ncapstr attribute_relro; | |
106 | static size_t max_capstrlen attribute_relro; | |
12264bd7 | 107 | |
40a55d20 | 108 | |
8a0b17e4 FW |
109 | /* Get the generated information about the trusted directories. Use |
110 | an array of concatenated strings to avoid relocations. See | |
111 | gen-trusted-dirs.awk. */ | |
ab7eb292 UD |
112 | #include "trusted-dirs.h" |
113 | ||
114 | static const char system_dirs[] = SYSTEM_DIRS; | |
115 | static const size_t system_dirs_len[] = | |
116 | { | |
117 | SYSTEM_DIRS_LEN | |
118 | }; | |
8a0b17e4 | 119 | #define nsystem_dirs_len array_length (system_dirs_len) |
32c85e43 | 120 | |
47c3cd7a UD |
121 | static bool |
122 | is_trusted_path_normalize (const char *path, size_t len) | |
123 | { | |
22836f52 UD |
124 | if (len == 0) |
125 | return false; | |
126 | ||
47c3cd7a UD |
127 | char *npath = (char *) alloca (len + 2); |
128 | char *wnp = npath; | |
47c3cd7a UD |
129 | while (*path != '\0') |
130 | { | |
131 | if (path[0] == '/') | |
132 | { | |
133 | if (path[1] == '.') | |
134 | { | |
135 | if (path[2] == '.' && (path[3] == '/' || path[3] == '\0')) | |
136 | { | |
137 | while (wnp > npath && *--wnp != '/') | |
138 | ; | |
139 | path += 3; | |
140 | continue; | |
141 | } | |
142 | else if (path[2] == '/' || path[2] == '\0') | |
143 | { | |
144 | path += 2; | |
145 | continue; | |
146 | } | |
147 | } | |
148 | ||
149 | if (wnp > npath && wnp[-1] == '/') | |
150 | { | |
151 | ++path; | |
152 | continue; | |
153 | } | |
154 | } | |
155 | ||
156 | *wnp++ = *path++; | |
157 | } | |
22836f52 UD |
158 | |
159 | if (wnp == npath || wnp[-1] != '/') | |
47c3cd7a | 160 | *wnp++ = '/'; |
47c3cd7a | 161 | |
22836f52 UD |
162 | const char *trun = system_dirs; |
163 | ||
164 | for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) | |
165 | { | |
166 | if (wnp - npath >= system_dirs_len[idx] | |
167 | && memcmp (trun, npath, system_dirs_len[idx]) == 0) | |
168 | /* Found it. */ | |
169 | return true; | |
170 | ||
171 | trun += system_dirs_len[idx] + 1; | |
172 | } | |
173 | ||
174 | return false; | |
47c3cd7a UD |
175 | } |
176 | ||
5aad5f61 CD |
177 | /* Given a substring starting at INPUT, just after the DST '$' start |
178 | token, determine if INPUT contains DST token REF, following the | |
179 | ELF gABI rules for DSTs: | |
180 | ||
181 | * Longest possible sequence using the rules (greedy). | |
182 | ||
183 | * Must start with a $ (enforced by caller). | |
184 | ||
185 | * Must follow $ with one underscore or ASCII [A-Za-z] (caller | |
186 | follows these rules for REF) or '{' (start curly quoted name). | |
47c3cd7a | 187 | |
5aad5f61 CD |
188 | * Must follow first two characters with zero or more [A-Za-z0-9_] |
189 | (enforced by caller) or '}' (end curly quoted name). | |
190 | ||
191 | If the sequence is a DST matching REF then the length of the DST | |
192 | (excluding the $ sign but including curly braces, if any) is | |
193 | returned, otherwise 0. */ | |
6d5d3ae3 | 194 | static size_t |
5aad5f61 | 195 | is_dst (const char *input, const char *ref) |
6d5d3ae3 | 196 | { |
379d4ec4 | 197 | bool is_curly = false; |
6d5d3ae3 | 198 | |
5aad5f61 CD |
199 | /* Is a ${...} input sequence? */ |
200 | if (input[0] == '{') | |
379d4ec4 UD |
201 | { |
202 | is_curly = true; | |
5aad5f61 | 203 | ++input; |
379d4ec4 | 204 | } |
6d5d3ae3 | 205 | |
5aad5f61 CD |
206 | /* Check for matching name, following closing curly brace (if |
207 | required), or trailing characters which are part of an | |
208 | identifier. */ | |
209 | size_t rlen = strlen (ref); | |
210 | if (strncmp (input, ref, rlen) != 0 | |
211 | || (is_curly && input[rlen] != '}') | |
212 | || ((input[rlen] >= 'A' && input[rlen] <= 'Z') | |
213 | || (input[rlen] >= 'a' && input[rlen] <= 'z') | |
214 | || (input[rlen] >= '0' && input[rlen] <= '9') | |
215 | || (input[rlen] == '_'))) | |
6d5d3ae3 UD |
216 | return 0; |
217 | ||
5aad5f61 CD |
218 | if (is_curly) |
219 | /* Count the two curly braces. */ | |
220 | return rlen + 2; | |
221 | else | |
222 | return rlen; | |
6d5d3ae3 UD |
223 | } |
224 | ||
a745c837 CD |
225 | /* INPUT should be the start of a path e.g DT_RPATH or name e.g. |
226 | DT_NEEDED. The return value is the number of known DSTs found. We | |
227 | count all known DSTs regardless of __libc_enable_secure; the caller | |
228 | is responsible for enforcing the security of the substitution rules | |
229 | (usually _dl_dst_substitute). */ | |
dc5efe83 | 230 | size_t |
5aad5f61 | 231 | _dl_dst_count (const char *input) |
f787edde | 232 | { |
f787edde | 233 | size_t cnt = 0; |
f787edde | 234 | |
5aad5f61 CD |
235 | input = strchr (input, '$'); |
236 | ||
237 | /* Most likely there is no DST. */ | |
238 | if (__glibc_likely (input == NULL)) | |
239 | return 0; | |
240 | ||
dc5efe83 | 241 | do |
f787edde | 242 | { |
379d4ec4 | 243 | size_t len; |
f787edde | 244 | |
5aad5f61 CD |
245 | ++input; |
246 | /* All DSTs must follow ELF gABI rules, see is_dst (). */ | |
247 | if ((len = is_dst (input, "ORIGIN")) != 0 | |
248 | || (len = is_dst (input, "PLATFORM")) != 0 | |
249 | || (len = is_dst (input, "LIB")) != 0) | |
f787edde UD |
250 | ++cnt; |
251 | ||
5aad5f61 CD |
252 | /* There may be more than one DST in the input. */ |
253 | input = strchr (input + len, '$'); | |
f787edde | 254 | } |
5aad5f61 | 255 | while (input != NULL); |
f787edde | 256 | |
dc5efe83 UD |
257 | return cnt; |
258 | } | |
f787edde | 259 | |
5aad5f61 CD |
260 | /* Process INPUT for DSTs and store in RESULT using the information |
261 | from link map L to resolve the DSTs. This function only handles one | |
262 | path at a time and does not handle colon-separated path lists (see | |
263 | fillin_rpath ()). Lastly the size of result in bytes should be at | |
264 | least equal to the value returned by DL_DST_REQUIRED. Note that it | |
265 | is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to | |
266 | have colons, but we treat those as literal colons here, not as path | |
267 | list delimeters. */ | |
dc5efe83 | 268 | char * |
5aad5f61 | 269 | _dl_dst_substitute (struct link_map *l, const char *input, char *result) |
dc5efe83 | 270 | { |
5aad5f61 CD |
271 | /* Copy character-by-character from input into the working pointer |
272 | looking for any DSTs. We track the start of input and if we are | |
273 | going to check for trusted paths, all of which are part of $ORIGIN | |
274 | handling in SUID/SGID cases (see below). In some cases, like when | |
275 | a DST cannot be replaced, we may set result to an empty string and | |
276 | return. */ | |
47c3cd7a | 277 | char *wp = result; |
5aad5f61 | 278 | const char *start = input; |
47c3cd7a | 279 | bool check_for_trusted = false; |
dc5efe83 | 280 | |
f787edde UD |
281 | do |
282 | { | |
5aad5f61 | 283 | if (__glibc_unlikely (*input == '$')) |
f787edde | 284 | { |
2541eda0 | 285 | const char *repl = NULL; |
379d4ec4 | 286 | size_t len; |
2541eda0 | 287 | |
5aad5f61 CD |
288 | ++input; |
289 | if ((len = is_dst (input, "ORIGIN")) != 0) | |
e7c8359e | 290 | { |
5aad5f61 CD |
291 | /* For SUID/GUID programs we normally ignore the path with |
292 | $ORIGIN in DT_RUNPATH, or DT_RPATH. However, there is | |
293 | one exception to this rule, and it is: | |
294 | ||
295 | * $ORIGIN appears as the first path element, and is | |
296 | the only string in the path or is immediately | |
297 | followed by a path separator and the rest of the | |
a745c837 CD |
298 | path, |
299 | ||
300 | and ... | |
5aad5f61 CD |
301 | |
302 | * The path is rooted in a trusted directory. | |
303 | ||
304 | This exception allows such programs to reference | |
305 | shared libraries in subdirectories of trusted | |
306 | directories. The use case is one of general | |
307 | organization and deployment flexibility. | |
308 | Trusted directories are usually such paths as "/lib64" | |
309 | or "/usr/lib64", and the usual RPATHs take the form of | |
310 | [$ORIGIN/../$LIB/somedir]. */ | |
311 | if (__glibc_unlikely (__libc_enable_secure) | |
312 | && !(input == start + 1 | |
313 | && (input[len] == '\0' || input[len] == '/'))) | |
314 | repl = (const char *) -1; | |
315 | else | |
316 | repl = l->l_origin; | |
317 | ||
6bc6bd3b | 318 | check_for_trusted = (__libc_enable_secure |
47c3cd7a | 319 | && l->l_type == lt_executable); |
e7c8359e | 320 | } |
5aad5f61 | 321 | else if ((len = is_dst (input, "PLATFORM")) != 0) |
afdca0f2 | 322 | repl = GLRO(dl_platform); |
5aad5f61 | 323 | else if ((len = is_dst (input, "LIB")) != 0) |
27af5372 | 324 | repl = DL_DST_LIB; |
2541eda0 | 325 | |
2541eda0 UD |
326 | if (repl != NULL && repl != (const char *) -1) |
327 | { | |
328 | wp = __stpcpy (wp, repl); | |
5aad5f61 | 329 | input += len; |
2541eda0 | 330 | } |
5aad5f61 | 331 | else if (len != 0) |
f787edde | 332 | { |
5aad5f61 CD |
333 | /* We found a valid DST that we know about, but we could |
334 | not find a replacement value for it, therefore we | |
335 | cannot use this path and discard it. */ | |
336 | *result = '\0'; | |
337 | return result; | |
f787edde UD |
338 | } |
339 | else | |
27aa0631 | 340 | /* No DST we recognize. */ |
379d4ec4 | 341 | *wp++ = '$'; |
f787edde | 342 | } |
2541eda0 | 343 | else |
f787edde | 344 | { |
5aad5f61 | 345 | *wp++ = *input++; |
f787edde | 346 | } |
f787edde | 347 | } |
5aad5f61 | 348 | while (*input != '\0'); |
f787edde | 349 | |
47c3cd7a | 350 | /* In SUID/SGID programs, after $ORIGIN expansion the normalized |
5aad5f61 CD |
351 | path must be rooted in one of the trusted directories. The $LIB |
352 | and $PLATFORM DST cannot in any way be manipulated by the caller | |
353 | because they are fixed values that are set by the dynamic loader | |
354 | and therefore any paths using just $LIB or $PLATFORM need not be | |
355 | checked for trust, the authors of the binaries themselves are | |
356 | trusted to have designed this correctly. Only $ORIGIN is tested in | |
357 | this way because it may be manipulated in some ways with hard | |
358 | links. */ | |
1b26b855 | 359 | if (__glibc_unlikely (check_for_trusted) |
5aad5f61 CD |
360 | && !is_trusted_path_normalize (result, wp - result)) |
361 | { | |
362 | *result = '\0'; | |
363 | return result; | |
364 | } | |
47c3cd7a | 365 | |
f787edde UD |
366 | *wp = '\0'; |
367 | ||
368 | return result; | |
369 | } | |
370 | ||
dc5efe83 | 371 | |
5aad5f61 CD |
372 | /* Return a malloc allocated copy of INPUT with all recognized DSTs |
373 | replaced. On some platforms it might not be possible to determine the | |
374 | path from which the object belonging to the map is loaded. In this | |
375 | case the path containing the DST is left out. On error NULL | |
376 | is returned. */ | |
dc5efe83 | 377 | static char * |
5aad5f61 | 378 | expand_dynamic_string_token (struct link_map *l, const char *input) |
dc5efe83 UD |
379 | { |
380 | /* We make two runs over the string. First we determine how large the | |
844c394a | 381 | resulting string is and then we copy it over. Since this is no |
dc5efe83 UD |
382 | frequently executed operation we are looking here not for performance |
383 | but rather for code size. */ | |
384 | size_t cnt; | |
385 | size_t total; | |
386 | char *result; | |
387 | ||
5aad5f61 CD |
388 | /* Determine the number of DSTs. */ |
389 | cnt = _dl_dst_count (input); | |
dc5efe83 UD |
390 | |
391 | /* If we do not have to replace anything simply copy the string. */ | |
1b26b855 | 392 | if (__glibc_likely (cnt == 0)) |
5aad5f61 | 393 | return __strdup (input); |
dc5efe83 UD |
394 | |
395 | /* Determine the length of the substituted string. */ | |
5aad5f61 | 396 | total = DL_DST_REQUIRED (l, input, strlen (input), cnt); |
dc5efe83 UD |
397 | |
398 | /* Allocate the necessary memory. */ | |
399 | result = (char *) malloc (total + 1); | |
400 | if (result == NULL) | |
401 | return NULL; | |
402 | ||
5aad5f61 | 403 | return _dl_dst_substitute (l, input, result); |
dc5efe83 UD |
404 | } |
405 | ||
406 | ||
0413b54c UD |
407 | /* Add `name' to the list of names for a particular shared object. |
408 | `name' is expected to have been allocated with malloc and will | |
409 | be freed if the shared object already has this name. | |
410 | Returns false if the object already had this name. */ | |
76156ea1 | 411 | static void |
76156ea1 | 412 | add_name_to_object (struct link_map *l, const char *name) |
0a54e401 | 413 | { |
0413b54c UD |
414 | struct libname_list *lnp, *lastp; |
415 | struct libname_list *newname; | |
76156ea1 | 416 | size_t name_len; |
0413b54c UD |
417 | |
418 | lastp = NULL; | |
419 | for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next) | |
420 | if (strcmp (name, lnp->name) == 0) | |
76156ea1 | 421 | return; |
0413b54c | 422 | |
76156ea1 | 423 | name_len = strlen (name) + 1; |
839be784 | 424 | newname = (struct libname_list *) malloc (sizeof *newname + name_len); |
0413b54c | 425 | if (newname == NULL) |
da832465 UD |
426 | { |
427 | /* No more memory. */ | |
154d10bd | 428 | _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record")); |
76156ea1 | 429 | return; |
da832465 | 430 | } |
0413b54c UD |
431 | /* The object should have a libname set from _dl_new_object. */ |
432 | assert (lastp != NULL); | |
433 | ||
76156ea1 | 434 | newname->name = memcpy (newname + 1, name, name_len); |
0413b54c | 435 | newname->next = NULL; |
752a2a50 | 436 | newname->dont_free = 0; |
0413b54c | 437 | lastp->next = newname; |
0413b54c UD |
438 | } |
439 | ||
12264bd7 | 440 | /* Standard search directories. */ |
392a6b52 | 441 | static struct r_search_path_struct rtld_search_dirs attribute_relro; |
0a54e401 | 442 | |
a658675d | 443 | static size_t max_dirnamelen; |
0a54e401 | 444 | |
dd9423a6 | 445 | static struct r_search_path_elem ** |
0a54e401 | 446 | fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, |
10e93d96 | 447 | const char *what, const char *where, struct link_map *l) |
0a54e401 UD |
448 | { |
449 | char *cp; | |
450 | size_t nelems = 0; | |
451 | ||
452 | while ((cp = __strsep (&rpath, sep)) != NULL) | |
453 | { | |
454 | struct r_search_path_elem *dirp; | |
3e3c904d AJ |
455 | char *to_free = NULL; |
456 | size_t len = 0; | |
2a939a7e | 457 | |
3e3c904d AJ |
458 | /* `strsep' can pass an empty string. */ |
459 | if (*cp != '\0') | |
460 | { | |
461 | to_free = cp = expand_dynamic_string_token (l, cp); | |
2a939a7e | 462 | |
3e3c904d AJ |
463 | /* expand_dynamic_string_token can return NULL in case of empty |
464 | path or memory allocation failure. */ | |
465 | if (cp == NULL) | |
466 | continue; | |
12264bd7 | 467 | |
3e3c904d AJ |
468 | /* Compute the length after dynamic string token expansion and |
469 | ignore empty paths. */ | |
470 | len = strlen (cp); | |
471 | if (len == 0) | |
472 | { | |
473 | free (to_free); | |
474 | continue; | |
475 | } | |
12264bd7 | 476 | |
3e3c904d AJ |
477 | /* Remove trailing slashes (except for "/"). */ |
478 | while (len > 1 && cp[len - 1] == '/') | |
479 | --len; | |
0a54e401 | 480 | |
3e3c904d AJ |
481 | /* Now add one if there is none so far. */ |
482 | if (len > 0 && cp[len - 1] != '/') | |
483 | cp[len++] = '/'; | |
484 | } | |
ab7eb292 | 485 | |
0a54e401 | 486 | /* See if this directory is already known. */ |
d6b5d570 | 487 | for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) |
12264bd7 | 488 | if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0) |
0a54e401 UD |
489 | break; |
490 | ||
491 | if (dirp != NULL) | |
492 | { | |
12264bd7 | 493 | /* It is available, see whether it's on our own list. */ |
0a54e401 UD |
494 | size_t cnt; |
495 | for (cnt = 0; cnt < nelems; ++cnt) | |
496 | if (result[cnt] == dirp) | |
497 | break; | |
498 | ||
499 | if (cnt == nelems) | |
500 | result[nelems++] = dirp; | |
501 | } | |
502 | else | |
503 | { | |
12264bd7 | 504 | size_t cnt; |
839be784 | 505 | enum r_dir_status init_val; |
4a6d1198 | 506 | size_t where_len = where ? strlen (where) + 1 : 0; |
12264bd7 | 507 | |
0a54e401 | 508 | /* It's a new directory. Create an entry and add it. */ |
12264bd7 | 509 | dirp = (struct r_search_path_elem *) |
32ee8d95 | 510 | malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status) |
f55727ca | 511 | + where_len + len + 1); |
0a54e401 | 512 | if (dirp == NULL) |
154d10bd UD |
513 | _dl_signal_error (ENOMEM, NULL, NULL, |
514 | N_("cannot create cache for search path")); | |
0a54e401 | 515 | |
f55727ca UD |
516 | dirp->dirname = ((char *) dirp + sizeof (*dirp) |
517 | + ncapstr * sizeof (enum r_dir_status)); | |
104d0bd3 | 518 | *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0'; |
0a54e401 | 519 | dirp->dirnamelen = len; |
12264bd7 UD |
520 | |
521 | if (len > max_dirnamelen) | |
522 | max_dirnamelen = len; | |
523 | ||
07ba7349 UD |
524 | /* We have to make sure all the relative directories are |
525 | never ignored. The current directory might change and | |
526 | all our saved information would be void. */ | |
527 | init_val = cp[0] != '/' ? existing : unknown; | |
839be784 UD |
528 | for (cnt = 0; cnt < ncapstr; ++cnt) |
529 | dirp->status[cnt] = init_val; | |
0a54e401 | 530 | |
b5efde2f | 531 | dirp->what = what; |
a1ffb40e | 532 | if (__glibc_likely (where != NULL)) |
f55727ca | 533 | dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1 |
d6b5d570 | 534 | + (ncapstr * sizeof (enum r_dir_status)), |
4a6d1198 UD |
535 | where, where_len); |
536 | else | |
537 | dirp->where = NULL; | |
b5efde2f | 538 | |
d6b5d570 UD |
539 | dirp->next = GL(dl_all_dirs); |
540 | GL(dl_all_dirs) = dirp; | |
0a54e401 UD |
541 | |
542 | /* Put it in the result array. */ | |
543 | result[nelems++] = dirp; | |
544 | } | |
2a939a7e | 545 | free (to_free); |
0a54e401 UD |
546 | } |
547 | ||
548 | /* Terminate the array. */ | |
549 | result[nelems] = NULL; | |
550 | ||
551 | return result; | |
552 | } | |
553 | ||
554 | ||
2692deea | 555 | static bool |
f55727ca UD |
556 | decompose_rpath (struct r_search_path_struct *sps, |
557 | const char *rpath, struct link_map *l, const char *what) | |
0a54e401 UD |
558 | { |
559 | /* Make a copy we can work with. */ | |
f787edde | 560 | const char *where = l->l_name; |
0a54e401 UD |
561 | char *cp; |
562 | struct r_search_path_elem **result; | |
310930c1 | 563 | size_t nelems; |
39b3385d UD |
564 | /* Initialize to please the compiler. */ |
565 | const char *errstring = NULL; | |
310930c1 | 566 | |
fcf70d41 UD |
567 | /* First see whether we must forget the RUNPATH and RPATH from this |
568 | object. */ | |
1b26b855 | 569 | if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL) |
6bc6bd3b | 570 | && !__libc_enable_secure) |
310930c1 | 571 | { |
afdca0f2 | 572 | const char *inhp = GLRO(dl_inhibit_rpath); |
9710f75d UD |
573 | |
574 | do | |
310930c1 | 575 | { |
9710f75d UD |
576 | const char *wp = where; |
577 | ||
578 | while (*inhp == *wp && *wp != '\0') | |
579 | { | |
580 | ++inhp; | |
581 | ++wp; | |
582 | } | |
583 | ||
584 | if (*wp == '\0' && (*inhp == '\0' || *inhp == ':')) | |
310930c1 | 585 | { |
fcf70d41 UD |
586 | /* This object is on the list of objects for which the |
587 | RUNPATH and RPATH must not be used. */ | |
2692deea UD |
588 | sps->dirs = (void *) -1; |
589 | return false; | |
310930c1 | 590 | } |
9710f75d UD |
591 | |
592 | while (*inhp != '\0') | |
593 | if (*inhp++ == ':') | |
594 | break; | |
310930c1 | 595 | } |
9710f75d | 596 | while (*inhp != '\0'); |
310930c1 | 597 | } |
0a54e401 | 598 | |
dbba87d5 DL |
599 | /* Ignore empty rpaths. */ |
600 | if (*rpath == '\0') | |
601 | { | |
602 | sps->dirs = (struct r_search_path_elem **) -1; | |
603 | return false; | |
604 | } | |
605 | ||
2a939a7e | 606 | /* Make a writable copy. */ |
dbba87d5 | 607 | char *copy = __strdup (rpath); |
f787edde | 608 | if (copy == NULL) |
39b3385d UD |
609 | { |
610 | errstring = N_("cannot create RUNPATH/RPATH copy"); | |
611 | goto signal_error; | |
612 | } | |
f787edde | 613 | |
310930c1 | 614 | /* Count the number of necessary elements in the result array. */ |
310930c1 | 615 | nelems = 0; |
0a54e401 UD |
616 | for (cp = copy; *cp != '\0'; ++cp) |
617 | if (*cp == ':') | |
618 | ++nelems; | |
619 | ||
7ef90c15 UD |
620 | /* Allocate room for the result. NELEMS + 1 is an upper limit for the |
621 | number of necessary entries. */ | |
622 | result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1) | |
0a54e401 UD |
623 | * sizeof (*result)); |
624 | if (result == NULL) | |
2692deea | 625 | { |
ce31a3b1 | 626 | free (copy); |
2692deea UD |
627 | errstring = N_("cannot create cache for search path"); |
628 | signal_error: | |
629 | _dl_signal_error (ENOMEM, NULL, NULL, errstring); | |
630 | } | |
0a54e401 | 631 | |
10e93d96 | 632 | fillin_rpath (copy, result, ":", what, where, l); |
f55727ca UD |
633 | |
634 | /* Free the copied RPATH string. `fillin_rpath' make own copies if | |
635 | necessary. */ | |
636 | free (copy); | |
637 | ||
3e3c904d AJ |
638 | /* There is no path after expansion. */ |
639 | if (result[0] == NULL) | |
640 | { | |
641 | free (result); | |
642 | sps->dirs = (struct r_search_path_elem **) -1; | |
643 | return false; | |
644 | } | |
645 | ||
f55727ca UD |
646 | sps->dirs = result; |
647 | /* The caller will change this value if we haven't used a real malloc. */ | |
648 | sps->malloced = 1; | |
2692deea | 649 | return true; |
0a54e401 UD |
650 | } |
651 | ||
45e4762c RM |
652 | /* Make sure cached path information is stored in *SP |
653 | and return true if there are any paths to search there. */ | |
25337753 | 654 | static bool |
45e4762c RM |
655 | cache_rpath (struct link_map *l, |
656 | struct r_search_path_struct *sp, | |
657 | int tag, | |
658 | const char *what) | |
659 | { | |
660 | if (sp->dirs == (void *) -1) | |
661 | return false; | |
662 | ||
663 | if (sp->dirs != NULL) | |
664 | return true; | |
665 | ||
666 | if (l->l_info[tag] == NULL) | |
667 | { | |
668 | /* There is no path. */ | |
669 | sp->dirs = (void *) -1; | |
670 | return false; | |
671 | } | |
672 | ||
673 | /* Make sure the cache information is available. */ | |
2692deea UD |
674 | return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB]) |
675 | + l->l_info[tag]->d_un.d_val), | |
676 | l, what); | |
45e4762c RM |
677 | } |
678 | ||
0a54e401 UD |
679 | |
680 | void | |
880f421f | 681 | _dl_init_paths (const char *llp) |
0a54e401 | 682 | { |
ab7eb292 UD |
683 | size_t idx; |
684 | const char *strp; | |
12264bd7 UD |
685 | struct r_search_path_elem *pelem, **aelem; |
686 | size_t round_size; | |
2a939a7e | 687 | struct link_map __attribute__ ((unused)) *l = NULL; |
39b3385d UD |
688 | /* Initialize to please the compiler. */ |
689 | const char *errstring = NULL; | |
0a54e401 | 690 | |
7ef90c15 UD |
691 | /* Fill in the information about the application's RPATH and the |
692 | directories addressed by the LD_LIBRARY_PATH environment variable. */ | |
0a54e401 | 693 | |
4317f9e1 | 694 | /* Get the capabilities. */ |
afdca0f2 | 695 | capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen), |
12264bd7 UD |
696 | &ncapstr, &max_capstrlen); |
697 | ||
698 | /* First set up the rest of the default search directory entries. */ | |
f55727ca | 699 | aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **) |
4a6d1198 | 700 | malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *)); |
f55727ca | 701 | if (rtld_search_dirs.dirs == NULL) |
39b3385d UD |
702 | { |
703 | errstring = N_("cannot create search path array"); | |
704 | signal_error: | |
154d10bd | 705 | _dl_signal_error (ENOMEM, NULL, NULL, errstring); |
39b3385d | 706 | } |
12264bd7 UD |
707 | |
708 | round_size = ((2 * sizeof (struct r_search_path_elem) - 1 | |
709 | + ncapstr * sizeof (enum r_dir_status)) | |
710 | / sizeof (struct r_search_path_elem)); | |
711 | ||
8a0b17e4 FW |
712 | rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size |
713 | * sizeof (*rtld_search_dirs.dirs[0])); | |
f55727ca | 714 | if (rtld_search_dirs.dirs[0] == NULL) |
39b3385d UD |
715 | { |
716 | errstring = N_("cannot create cache for search path"); | |
717 | goto signal_error; | |
718 | } | |
12264bd7 | 719 | |
f55727ca | 720 | rtld_search_dirs.malloced = 0; |
d6b5d570 | 721 | pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0]; |
ab7eb292 UD |
722 | strp = system_dirs; |
723 | idx = 0; | |
724 | ||
725 | do | |
12264bd7 UD |
726 | { |
727 | size_t cnt; | |
728 | ||
729 | *aelem++ = pelem; | |
730 | ||
12264bd7 UD |
731 | pelem->what = "system search path"; |
732 | pelem->where = NULL; | |
733 | ||
ab7eb292 UD |
734 | pelem->dirname = strp; |
735 | pelem->dirnamelen = system_dirs_len[idx]; | |
736 | strp += system_dirs_len[idx] + 1; | |
12264bd7 | 737 | |
f55727ca UD |
738 | /* System paths must be absolute. */ |
739 | assert (pelem->dirname[0] == '/'); | |
740 | for (cnt = 0; cnt < ncapstr; ++cnt) | |
741 | pelem->status[cnt] = unknown; | |
ab7eb292 | 742 | |
4a6d1198 | 743 | pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size)); |
ab7eb292 UD |
744 | |
745 | pelem += round_size; | |
12264bd7 | 746 | } |
4a6d1198 | 747 | while (idx < nsystem_dirs_len); |
ab7eb292 UD |
748 | |
749 | max_dirnamelen = SYSTEM_DIRS_MAX_LEN; | |
12264bd7 | 750 | *aelem = NULL; |
4317f9e1 | 751 | |
b5567b2a | 752 | #ifdef SHARED |
81e0cb2d | 753 | /* This points to the map of the main object. */ |
c0f62c56 | 754 | l = GL(dl_ns)[LM_ID_BASE]._ns_loaded; |
011ce8ed UD |
755 | if (l != NULL) |
756 | { | |
011ce8ed | 757 | assert (l->l_type != lt_loaded); |
40a55d20 | 758 | |
fcf70d41 UD |
759 | if (l->l_info[DT_RUNPATH]) |
760 | { | |
761 | /* Allocate room for the search path and fill in information | |
762 | from RUNPATH. */ | |
f55727ca UD |
763 | decompose_rpath (&l->l_runpath_dirs, |
764 | (const void *) (D_PTR (l, l_info[DT_STRTAB]) | |
765 | + l->l_info[DT_RUNPATH]->d_un.d_val), | |
766 | l, "RUNPATH"); | |
273cdee8 AS |
767 | /* During rtld init the memory is allocated by the stub malloc, |
768 | prevent any attempt to free it by the normal malloc. */ | |
769 | l->l_runpath_dirs.malloced = 0; | |
fcf70d41 UD |
770 | |
771 | /* The RPATH is ignored. */ | |
f55727ca | 772 | l->l_rpath_dirs.dirs = (void *) -1; |
fcf70d41 | 773 | } |
011ce8ed | 774 | else |
fcf70d41 | 775 | { |
f55727ca | 776 | l->l_runpath_dirs.dirs = (void *) -1; |
fcf70d41 UD |
777 | |
778 | if (l->l_info[DT_RPATH]) | |
f55727ca UD |
779 | { |
780 | /* Allocate room for the search path and fill in information | |
781 | from RPATH. */ | |
782 | decompose_rpath (&l->l_rpath_dirs, | |
783 | (const void *) (D_PTR (l, l_info[DT_STRTAB]) | |
fcf70d41 UD |
784 | + l->l_info[DT_RPATH]->d_un.d_val), |
785 | l, "RPATH"); | |
273cdee8 AS |
786 | /* During rtld init the memory is allocated by the stub |
787 | malloc, prevent any attempt to free it by the normal | |
788 | malloc. */ | |
f55727ca UD |
789 | l->l_rpath_dirs.malloced = 0; |
790 | } | |
fcf70d41 | 791 | else |
f55727ca | 792 | l->l_rpath_dirs.dirs = (void *) -1; |
fcf70d41 | 793 | } |
0a54e401 | 794 | } |
b5567b2a | 795 | #endif /* SHARED */ |
7ef90c15 UD |
796 | |
797 | if (llp != NULL && *llp != '\0') | |
0a54e401 | 798 | { |
bb195224 | 799 | char *llp_tmp = strdupa (llp); |
011ce8ed | 800 | |
7ef90c15 UD |
801 | /* Decompose the LD_LIBRARY_PATH contents. First determine how many |
802 | elements it has. */ | |
3ff3dfa5 FW |
803 | size_t nllp = 1; |
804 | for (const char *cp = llp_tmp; *cp != '\0'; ++cp) | |
805 | if (*cp == ':' || *cp == ';') | |
806 | ++nllp; | |
7ef90c15 | 807 | |
f55727ca | 808 | env_path_list.dirs = (struct r_search_path_elem **) |
7ef90c15 | 809 | malloc ((nllp + 1) * sizeof (struct r_search_path_elem *)); |
f55727ca | 810 | if (env_path_list.dirs == NULL) |
39b3385d UD |
811 | { |
812 | errstring = N_("cannot create cache for search path"); | |
813 | goto signal_error; | |
814 | } | |
7ef90c15 | 815 | |
b0ed91ae | 816 | (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;", |
10e93d96 | 817 | "LD_LIBRARY_PATH", NULL, l); |
6a7c9bb4 | 818 | |
f55727ca | 819 | if (env_path_list.dirs[0] == NULL) |
6a7c9bb4 | 820 | { |
f55727ca UD |
821 | free (env_path_list.dirs); |
822 | env_path_list.dirs = (void *) -1; | |
6a7c9bb4 | 823 | } |
f55727ca UD |
824 | |
825 | env_path_list.malloced = 0; | |
81e0cb2d | 826 | } |
152e7964 | 827 | else |
f55727ca | 828 | env_path_list.dirs = (void *) -1; |
0a54e401 UD |
829 | } |
830 | ||
831 | ||
a6291c3d | 832 | static void |
a481b13c | 833 | __attribute__ ((noreturn, noinline)) |
126b06f9 | 834 | lose (int code, int fd, const char *name, char *realname, struct link_map *l, |
815e6fa3 | 835 | const char *msg, struct r_debug *r, Lmid_t nsid) |
126b06f9 | 836 | { |
fb0356b9 | 837 | /* The file might already be closed. */ |
a481b13c | 838 | if (fd != -1) |
329ea513 | 839 | (void) __close_nocancel (fd); |
610f9ab4 | 840 | if (l != NULL && l->l_origin != (char *) -1l) |
fde56e5c | 841 | free ((char *) l->l_origin); |
f0967738 | 842 | free (l); |
126b06f9 | 843 | free (realname); |
bca2218b UD |
844 | |
845 | if (r != NULL) | |
846 | { | |
847 | r->r_state = RT_CONSISTENT; | |
848 | _dl_debug_state (); | |
815e6fa3 | 849 | LIBC_PROBE (map_failed, 2, nsid, r); |
bca2218b UD |
850 | } |
851 | ||
154d10bd | 852 | _dl_signal_error (code, name, NULL, msg); |
126b06f9 UD |
853 | } |
854 | ||
855 | ||
ea03559a RM |
856 | /* Map in the shared object NAME, actually located in REALNAME, and already |
857 | opened on FD. */ | |
858 | ||
f787edde UD |
859 | #ifndef EXTERNAL_MAP_FROM_FD |
860 | static | |
861 | #endif | |
ea03559a | 862 | struct link_map * |
a1b85ae8 FW |
863 | _dl_map_object_from_fd (const char *name, const char *origname, int fd, |
864 | struct filebuf *fbp, char *realname, | |
865 | struct link_map *loader, int l_type, int mode, | |
866 | void **stack_endp, Lmid_t nsid) | |
ea03559a | 867 | { |
622586fb | 868 | struct link_map *l = NULL; |
266180eb RM |
869 | const ElfW(Ehdr) *header; |
870 | const ElfW(Phdr) *phdr; | |
871 | const ElfW(Phdr) *ph; | |
8193034b | 872 | size_t maplength; |
b122c703 | 873 | int type; |
39b3385d UD |
874 | /* Initialize to keep the compiler happy. */ |
875 | const char *errstring = NULL; | |
876 | int errval = 0; | |
29f97654 | 877 | struct r_debug *r = _dl_debug_initialize (0, nsid); |
9dcafc55 | 878 | bool make_consistent = false; |
61e0617a | 879 | |
2b26b084 FW |
880 | /* Get file information. To match the kernel behavior, do not fill |
881 | in this information for the executable in case of an explicit | |
882 | loader invocation. */ | |
c01ae97e | 883 | struct r_file_id id; |
2b26b084 | 884 | if (mode & __RTLD_OPENEXEC) |
39b3385d | 885 | { |
2b26b084 FW |
886 | assert (nsid == LM_ID_BASE); |
887 | memset (&id, 0, sizeof (id)); | |
39b3385d | 888 | } |
2b26b084 FW |
889 | else |
890 | { | |
891 | if (__glibc_unlikely (!_dl_get_file_id (fd, &id))) | |
892 | { | |
893 | errstring = N_("cannot stat shared object"); | |
894 | call_lose_errno: | |
895 | errval = errno; | |
896 | call_lose: | |
897 | lose (errval, fd, name, realname, l, errstring, | |
898 | make_consistent ? r : NULL, nsid); | |
899 | } | |
d66e34cd | 900 | |
2b26b084 FW |
901 | /* Look again to see if the real name matched another already loaded. */ |
902 | for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next) | |
903 | if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id)) | |
904 | { | |
905 | /* The object is already loaded. | |
906 | Just bump its reference count and return it. */ | |
907 | __close_nocancel (fd); | |
908 | ||
909 | /* If the name is not in the list of names for this object add | |
910 | it. */ | |
911 | free (realname); | |
912 | add_name_to_object (l, name); | |
913 | ||
914 | return l; | |
915 | } | |
916 | } | |
d66e34cd | 917 | |
c0f62c56 UD |
918 | #ifdef SHARED |
919 | /* When loading into a namespace other than the base one we must | |
920 | avoid loading ld.so since there can only be one copy. Ever. */ | |
1b26b855 | 921 | if (__glibc_unlikely (nsid != LM_ID_BASE) |
c01ae97e | 922 | && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id) |
c0f62c56 UD |
923 | || _dl_name_match_p (name, &GL(dl_rtld_map)))) |
924 | { | |
925 | /* This is indeed ld.so. Create a new link_map which refers to | |
926 | the real one for almost everything. */ | |
927 | l = _dl_new_object (realname, name, l_type, loader, mode, nsid); | |
928 | if (l == NULL) | |
929 | goto fail_new; | |
930 | ||
931 | /* Refer to the real descriptor. */ | |
932 | l->l_real = &GL(dl_rtld_map); | |
933 | ||
934 | /* No need to bump the refcount of the real object, ld.so will | |
935 | never be unloaded. */ | |
329ea513 | 936 | __close_nocancel (fd); |
c0f62c56 | 937 | |
f0967738 AK |
938 | /* Add the map for the mirrored object to the object list. */ |
939 | _dl_add_to_namespace_list (l, nsid); | |
940 | ||
c0f62c56 UD |
941 | return l; |
942 | } | |
943 | #endif | |
944 | ||
2f54c82d | 945 | if (mode & RTLD_NOLOAD) |
96961bf7 AS |
946 | { |
947 | /* We are not supposed to load the object unless it is already | |
948 | loaded. So return now. */ | |
4bff6e01 | 949 | free (realname); |
329ea513 | 950 | __close_nocancel (fd); |
96961bf7 AS |
951 | return NULL; |
952 | } | |
bf8b3e74 | 953 | |
8193034b | 954 | /* Print debugging message. */ |
a1ffb40e | 955 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) |
c0f62c56 | 956 | _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid); |
8193034b | 957 | |
a35e137a UD |
958 | /* This is the ELF header. We read it in `open_verify'. */ |
959 | header = (void *) fbp->buf; | |
d66e34cd | 960 | |
9dcafc55 UD |
961 | /* Signal that we are going to add new objects. */ |
962 | if (r->r_state == RT_CONSISTENT) | |
963 | { | |
964 | #ifdef SHARED | |
965 | /* Auditing checkpoint: we are going to add new objects. */ | |
2ca285b0 | 966 | if ((mode & __RTLD_AUDIT) == 0 |
1b26b855 | 967 | && __glibc_unlikely (GLRO(dl_naudit) > 0)) |
9dcafc55 UD |
968 | { |
969 | struct link_map *head = GL(dl_ns)[nsid]._ns_loaded; | |
970 | /* Do not call the functions for any auditing object. */ | |
971 | if (head->l_auditing == 0) | |
972 | { | |
973 | struct audit_ifaces *afct = GLRO(dl_audit); | |
974 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) | |
975 | { | |
976 | if (afct->activity != NULL) | |
e1d559f3 FW |
977 | afct->activity (&link_map_audit_state (head, cnt)->cookie, |
978 | LA_ACT_ADD); | |
9dcafc55 UD |
979 | |
980 | afct = afct->next; | |
981 | } | |
982 | } | |
983 | } | |
984 | #endif | |
985 | ||
986 | /* Notify the debugger we have added some objects. We need to | |
987 | call _dl_debug_initialize in a static program in case dynamic | |
988 | linking has not been used before. */ | |
989 | r->r_state = RT_ADD; | |
990 | _dl_debug_state (); | |
815e6fa3 | 991 | LIBC_PROBE (map_start, 2, nsid, r); |
9dcafc55 UD |
992 | make_consistent = true; |
993 | } | |
994 | else | |
995 | assert (r->r_state == RT_ADD); | |
996 | ||
ba79d61b | 997 | /* Enter the new object in the list of loaded objects. */ |
c0f62c56 | 998 | l = _dl_new_object (realname, name, l_type, loader, mode, nsid); |
a1ffb40e | 999 | if (__glibc_unlikely (l == NULL)) |
39b3385d | 1000 | { |
7cb92a99 | 1001 | #ifdef SHARED |
c0f62c56 | 1002 | fail_new: |
7cb92a99 | 1003 | #endif |
39b3385d UD |
1004 | errstring = N_("cannot create shared object descriptor"); |
1005 | goto call_lose_errno; | |
1006 | } | |
ba79d61b | 1007 | |
b122c703 | 1008 | /* Extract the remaining details we need from the ELF header |
32c85e43 | 1009 | and then read in the program header table. */ |
b122c703 RM |
1010 | l->l_entry = header->e_entry; |
1011 | type = header->e_type; | |
1012 | l->l_phnum = header->e_phnum; | |
32c85e43 UD |
1013 | |
1014 | maplength = header->e_phnum * sizeof (ElfW(Phdr)); | |
6dd67bd5 | 1015 | if (header->e_phoff + maplength <= (size_t) fbp->len) |
a35e137a | 1016 | phdr = (void *) (fbp->buf + header->e_phoff); |
32c85e43 UD |
1017 | else |
1018 | { | |
1019 | phdr = alloca (maplength); | |
95c10569 LP |
1020 | if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength, |
1021 | header->e_phoff) != maplength) | |
39b3385d UD |
1022 | { |
1023 | errstring = N_("cannot read file data"); | |
1024 | goto call_lose_errno; | |
1025 | } | |
32c85e43 | 1026 | } |
879bf2e6 | 1027 | |
30950a5f RA |
1028 | /* On most platforms presume that PT_GNU_STACK is absent and the stack is |
1029 | * executable. Other platforms default to a nonexecutable stack and don't | |
1030 | * need PT_GNU_STACK to do so. */ | |
1031 | uint_fast16_t stack_flags = DEFAULT_STACK_PERMS; | |
ecdeaac0 | 1032 | |
b122c703 RM |
1033 | { |
1034 | /* Scan the program header table, collecting its load commands. */ | |
fcccd512 | 1035 | struct loadcmd loadcmds[l->l_phnum]; |
b122c703 | 1036 | size_t nloadcmds = 0; |
6fffb9a2 | 1037 | bool has_holes = false; |
d66e34cd | 1038 | |
126b06f9 | 1039 | /* The struct is initialized to zero so this is not necessary: |
d66e34cd | 1040 | l->l_ld = 0; |
b122c703 | 1041 | l->l_phdr = 0; |
126b06f9 | 1042 | l->l_addr = 0; */ |
d66e34cd RM |
1043 | for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph) |
1044 | switch (ph->p_type) | |
1045 | { | |
1046 | /* These entries tell us where to find things once the file's | |
1047 | segments are mapped in. We record the addresses it says | |
1048 | verbatim, and later correct for the run-time load address. */ | |
1049 | case PT_DYNAMIC: | |
592d5c75 L |
1050 | if (ph->p_filesz) |
1051 | { | |
1052 | /* Debuginfo only files from "objcopy --only-keep-debug" | |
1053 | contain a PT_DYNAMIC segment with p_filesz == 0. Skip | |
1054 | such a segment to avoid a crash later. */ | |
1055 | l->l_ld = (void *) ph->p_vaddr; | |
1056 | l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn)); | |
1057 | } | |
d66e34cd | 1058 | break; |
39b3385d | 1059 | |
d66e34cd RM |
1060 | case PT_PHDR: |
1061 | l->l_phdr = (void *) ph->p_vaddr; | |
1062 | break; | |
1063 | ||
1064 | case PT_LOAD: | |
b122c703 RM |
1065 | /* A load command tells us to map in part of the file. |
1066 | We record the load commands and process them all later. */ | |
1b26b855 | 1067 | if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0)) |
39b3385d UD |
1068 | { |
1069 | errstring = N_("ELF load command alignment not page-aligned"); | |
1070 | goto call_lose; | |
1071 | } | |
1b26b855 PP |
1072 | if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset) |
1073 | & (ph->p_align - 1)) != 0)) | |
39b3385d UD |
1074 | { |
1075 | errstring | |
1076 | = N_("ELF load command address/offset not properly aligned"); | |
1077 | goto call_lose; | |
1078 | } | |
1079 | ||
fcccd512 | 1080 | struct loadcmd *c = &loadcmds[nloadcmds++]; |
60084e34 CD |
1081 | c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize)); |
1082 | c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize)); | |
cc12f2a4 UD |
1083 | c->dataend = ph->p_vaddr + ph->p_filesz; |
1084 | c->allocend = ph->p_vaddr + ph->p_memsz; | |
60084e34 | 1085 | c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize)); |
cc12f2a4 | 1086 | |
6fffb9a2 UD |
1087 | /* Determine whether there is a gap between the last segment |
1088 | and this one. */ | |
1089 | if (nloadcmds > 1 && c[-1].mapend != c->mapstart) | |
1090 | has_holes = true; | |
1091 | ||
cc12f2a4 | 1092 | /* Optimize a common case. */ |
94a758fe | 1093 | #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7 |
cc12f2a4 UD |
1094 | c->prot = (PF_TO_PROT |
1095 | >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf; | |
94a758fe | 1096 | #else |
cc12f2a4 UD |
1097 | c->prot = 0; |
1098 | if (ph->p_flags & PF_R) | |
1099 | c->prot |= PROT_READ; | |
1100 | if (ph->p_flags & PF_W) | |
1101 | c->prot |= PROT_WRITE; | |
1102 | if (ph->p_flags & PF_X) | |
1103 | c->prot |= PROT_EXEC; | |
94a758fe | 1104 | #endif |
55c91021 | 1105 | break; |
96f208a4 | 1106 | |
96f208a4 | 1107 | case PT_TLS: |
2d148689 RM |
1108 | if (ph->p_memsz == 0) |
1109 | /* Nothing to do for an empty segment. */ | |
1110 | break; | |
1111 | ||
216455bc RM |
1112 | l->l_tls_blocksize = ph->p_memsz; |
1113 | l->l_tls_align = ph->p_align; | |
99fe3b0e UD |
1114 | if (ph->p_align == 0) |
1115 | l->l_tls_firstbyte_offset = 0; | |
1116 | else | |
1117 | l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1); | |
216455bc RM |
1118 | l->l_tls_initimage_size = ph->p_filesz; |
1119 | /* Since we don't know the load address yet only store the | |
1120 | offset. We will adjust it later. */ | |
1121 | l->l_tls_initimage = (void *) ph->p_vaddr; | |
1122 | ||
77523d5e FW |
1123 | /* l->l_tls_modid is assigned below, once there is no |
1124 | possibility for failure. */ | |
2d148689 | 1125 | |
77523d5e FW |
1126 | if (l->l_type != lt_library |
1127 | && GL(dl_tls_dtv_slotinfo_list) == NULL) | |
1128 | { | |
11bf311e | 1129 | #ifdef SHARED |
77523d5e FW |
1130 | /* We are loading the executable itself when the dynamic |
1131 | linker was executed directly. The setup will happen | |
1132 | later. */ | |
1133 | assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0); | |
7a5e3d9d | 1134 | #else |
77523d5e | 1135 | assert (false && "TLS not initialized in static application"); |
11bf311e | 1136 | #endif |
77523d5e | 1137 | } |
807bce82 | 1138 | break; |
ecdeaac0 RM |
1139 | |
1140 | case PT_GNU_STACK: | |
1141 | stack_flags = ph->p_flags; | |
1142 | break; | |
ed20b3d9 UD |
1143 | |
1144 | case PT_GNU_RELRO: | |
1145 | l->l_relro_addr = ph->p_vaddr; | |
1146 | l->l_relro_size = ph->p_memsz; | |
1147 | break; | |
f753fa7d L |
1148 | |
1149 | case PT_NOTE: | |
1150 | if (_dl_process_pt_note (l, ph, fd, fbp)) | |
1151 | { | |
1152 | errstring = N_("cannot process note segment"); | |
1153 | goto call_lose; | |
1154 | } | |
1155 | break; | |
b122c703 | 1156 | } |
d66e34cd | 1157 | |
a1ffb40e | 1158 | if (__glibc_unlikely (nloadcmds == 0)) |
d8a5edc2 RM |
1159 | { |
1160 | /* This only happens for a bogus object that will be caught with | |
1161 | another error below. But we don't want to go through the | |
1162 | calculations below using NLOADCMDS - 1. */ | |
1163 | errstring = N_("object file has no loadable segments"); | |
1164 | goto call_lose; | |
1165 | } | |
1166 | ||
2c75b545 FW |
1167 | /* dlopen of an executable is not valid because it is not possible |
1168 | to perform proper relocations, handle static TLS, or run the | |
1169 | ELF constructors. For PIE, the check needs the dynamic | |
1170 | section, so there is another check below. */ | |
fcccd512 RM |
1171 | if (__glibc_unlikely (type != ET_DYN) |
1172 | && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)) | |
efec5079 | 1173 | { |
fcccd512 RM |
1174 | /* This object is loaded at a fixed address. This must never |
1175 | happen for objects loaded with dlopen. */ | |
efec5079 UD |
1176 | errstring = N_("cannot dynamically load executable"); |
1177 | goto call_lose; | |
4cca6b86 | 1178 | } |
b122c703 | 1179 | |
fcccd512 RM |
1180 | /* Length of the sections to be loaded. */ |
1181 | maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart; | |
1182 | ||
1183 | /* Now process the load commands and map segments into memory. | |
1184 | This is responsible for filling in: | |
1185 | l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr | |
1186 | */ | |
1187 | errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, | |
c01ae97e | 1188 | maplength, has_holes, loader); |
fcccd512 RM |
1189 | if (__glibc_unlikely (errstring != NULL)) |
1190 | goto call_lose; | |
b122c703 | 1191 | } |
d66e34cd | 1192 | |
b122c703 RM |
1193 | if (l->l_ld == 0) |
1194 | { | |
a1ffb40e | 1195 | if (__glibc_unlikely (type == ET_DYN)) |
39b3385d UD |
1196 | { |
1197 | errstring = N_("object file has no dynamic section"); | |
1198 | goto call_lose; | |
1199 | } | |
b122c703 RM |
1200 | } |
1201 | else | |
14755b91 | 1202 | l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr); |
879bf2e6 | 1203 | |
479aa8ec | 1204 | elf_get_dynamic_info (l, NULL); |
2f54c82d | 1205 | |
efec5079 | 1206 | /* Make sure we are not dlopen'ing an object that has the |
2c75b545 FW |
1207 | DF_1_NOOPEN flag set, or a PIE object. */ |
1208 | if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN) | |
1209 | && (mode & __RTLD_DLOPEN)) | |
1210 | || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE) | |
1211 | && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))) | |
2f54c82d | 1212 | { |
2f54c82d | 1213 | /* We are not supposed to load this object. Free all resources. */ |
fcccd512 | 1214 | _dl_unmap_segments (l); |
2f54c82d | 1215 | |
11810621 UD |
1216 | if (!l->l_libname->dont_free) |
1217 | free (l->l_libname); | |
2f54c82d UD |
1218 | |
1219 | if (l->l_phdr_allocated) | |
1220 | free ((void *) l->l_phdr); | |
1221 | ||
2c75b545 FW |
1222 | if (l->l_flags_1 & DF_1_PIE) |
1223 | errstring | |
1224 | = N_("cannot dynamically load position-independent executable"); | |
1225 | else | |
1226 | errstring = N_("shared object cannot be dlopen()ed"); | |
fb0356b9 | 1227 | goto call_lose; |
2f54c82d UD |
1228 | } |
1229 | ||
efec5079 UD |
1230 | if (l->l_phdr == NULL) |
1231 | { | |
1232 | /* The program header is not contained in any of the segments. | |
1233 | We have to allocate memory ourself and copy it over from out | |
1234 | temporary place. */ | |
1235 | ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum | |
1236 | * sizeof (ElfW(Phdr))); | |
1237 | if (newp == NULL) | |
1238 | { | |
1239 | errstring = N_("cannot allocate memory for program header"); | |
1240 | goto call_lose_errno; | |
1241 | } | |
1242 | ||
1243 | l->l_phdr = memcpy (newp, phdr, | |
1244 | (header->e_phnum * sizeof (ElfW(Phdr)))); | |
1245 | l->l_phdr_allocated = 1; | |
1246 | } | |
1247 | else | |
1248 | /* Adjust the PT_PHDR value by the runtime load address. */ | |
1249 | l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr); | |
1250 | ||
a1ffb40e | 1251 | if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X)) |
dcca3fe2 UD |
1252 | { |
1253 | /* The stack is presently not executable, but this module | |
1254 | requires that it be executable. We must change the | |
1255 | protection of the variable which contains the flags used in | |
1256 | the mprotect calls. */ | |
11bf311e | 1257 | #ifdef SHARED |
3e539cb4 | 1258 | if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN) |
dcca3fe2 | 1259 | { |
e751d282 RM |
1260 | const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize); |
1261 | const size_t s = (uintptr_t) (&__stack_prot + 1) - p; | |
1262 | ||
1263 | struct link_map *const m = &GL(dl_rtld_map); | |
1264 | const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr | |
1265 | + m->l_relro_size) | |
1266 | & -GLRO(dl_pagesize)); | |
a1ffb40e | 1267 | if (__glibc_likely (p + s <= relro_end)) |
e751d282 RM |
1268 | { |
1269 | /* The variable lies in the region protected by RELRO. */ | |
0432680e PY |
1270 | if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0) |
1271 | { | |
1272 | errstring = N_("cannot change memory protections"); | |
1273 | goto call_lose_errno; | |
1274 | } | |
e751d282 RM |
1275 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
1276 | __mprotect ((void *) p, s, PROT_READ); | |
1277 | } | |
1278 | else | |
ecc1d0c3 | 1279 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
dcca3fe2 UD |
1280 | } |
1281 | else | |
1282 | #endif | |
ecc1d0c3 | 1283 | __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; |
dcca3fe2 | 1284 | |
606832e6 UD |
1285 | #ifdef check_consistency |
1286 | check_consistency (); | |
1287 | #endif | |
1288 | ||
dcca3fe2 UD |
1289 | errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); |
1290 | if (errval) | |
1291 | { | |
1292 | errstring = N_("\ | |
1293 | cannot enable executable stack as shared object requires"); | |
1294 | goto call_lose; | |
1295 | } | |
1296 | } | |
1297 | ||
efec5079 UD |
1298 | /* Adjust the address of the TLS initialization image. */ |
1299 | if (l->l_tls_initimage != NULL) | |
1300 | l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr; | |
efec5079 UD |
1301 | |
1302 | /* We are done mapping in the file. We no longer need the descriptor. */ | |
329ea513 | 1303 | if (__glibc_unlikely (__close_nocancel (fd) != 0)) |
efec5079 UD |
1304 | { |
1305 | errstring = N_("cannot close file descriptor"); | |
1306 | goto call_lose_errno; | |
1307 | } | |
1308 | /* Signal that we closed the file. */ | |
1309 | fd = -1; | |
1310 | ||
798212a0 PP |
1311 | /* If this is ET_EXEC, we should have loaded it as lt_executable. */ |
1312 | assert (type != ET_EXEC || l->l_type == lt_executable); | |
efec5079 UD |
1313 | |
1314 | l->l_entry += l->l_addr; | |
1315 | ||
a1ffb40e | 1316 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) |
efec5079 UD |
1317 | _dl_debug_printf ("\ |
1318 | dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\ | |
1319 | entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n", | |
1320 | (int) sizeof (void *) * 2, | |
1321 | (unsigned long int) l->l_ld, | |
1322 | (int) sizeof (void *) * 2, | |
1323 | (unsigned long int) l->l_addr, | |
1324 | (int) sizeof (void *) * 2, maplength, | |
1325 | (int) sizeof (void *) * 2, | |
1326 | (unsigned long int) l->l_entry, | |
1327 | (int) sizeof (void *) * 2, | |
1328 | (unsigned long int) l->l_phdr, | |
1329 | (int) sizeof (void *) * 2, l->l_phnum); | |
1330 | ||
1331 | /* Set up the symbol hash table. */ | |
1332 | _dl_setup_hash (l); | |
d66e34cd | 1333 | |
be935610 UD |
1334 | /* If this object has DT_SYMBOLIC set modify now its scope. We don't |
1335 | have to do this for the main map. */ | |
1fc07491 | 1336 | if ((mode & RTLD_DEEPBIND) == 0 |
1b26b855 | 1337 | && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL) |
c0a777e8 | 1338 | && &l->l_searchlist != l->l_scope[0]) |
be935610 UD |
1339 | { |
1340 | /* Create an appropriate searchlist. It contains only this map. | |
1fc07491 | 1341 | This is the definition of DT_SYMBOLIC in SysVr4. */ |
be935610 UD |
1342 | l->l_symbolic_searchlist.r_list[0] = l; |
1343 | l->l_symbolic_searchlist.r_nlist = 1; | |
be935610 UD |
1344 | |
1345 | /* Now move the existing entries one back. */ | |
c0a777e8 UD |
1346 | memmove (&l->l_scope[1], &l->l_scope[0], |
1347 | (l->l_scope_max - 1) * sizeof (l->l_scope[0])); | |
be935610 UD |
1348 | |
1349 | /* Now add the new entry. */ | |
c0a777e8 | 1350 | l->l_scope[0] = &l->l_symbolic_searchlist; |
be935610 UD |
1351 | } |
1352 | ||
5d916713 | 1353 | /* Remember whether this object must be initialized first. */ |
39b3385d | 1354 | if (l->l_flags_1 & DF_1_INITFIRST) |
d6b5d570 | 1355 | GL(dl_initfirst) = l; |
5d916713 | 1356 | |
61e0617a | 1357 | /* Finally the file information. */ |
c01ae97e | 1358 | l->l_file_id = id; |
61e0617a | 1359 | |
a1b85ae8 FW |
1360 | #ifdef SHARED |
1361 | /* When auditing is used the recorded names might not include the | |
1362 | name by which the DSO is actually known. Add that as well. */ | |
1363 | if (__glibc_unlikely (origname != NULL)) | |
1364 | add_name_to_object (l, origname); | |
1365 | #else | |
1366 | /* Audit modules only exist when linking is dynamic so ORIGNAME | |
1367 | cannot be non-NULL. */ | |
1368 | assert (origname == NULL); | |
1369 | #endif | |
1370 | ||
51f38e87 UD |
1371 | /* When we profile the SONAME might be needed for something else but |
1372 | loading. Add it right away. */ | |
1b26b855 | 1373 | if (__glibc_unlikely (GLRO(dl_profile) != NULL) |
51f38e87 UD |
1374 | && l->l_info[DT_SONAME] != NULL) |
1375 | add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB]) | |
1376 | + l->l_info[DT_SONAME]->d_un.d_val)); | |
1377 | ||
ec935dea FW |
1378 | /* If we have newly loaded libc.so, update the namespace |
1379 | description. */ | |
1380 | if (GL(dl_ns)[nsid].libc_map == NULL | |
1381 | && l->l_info[DT_SONAME] != NULL | |
1382 | && strcmp (((const char *) D_PTR (l, l_info[DT_STRTAB]) | |
1383 | + l->l_info[DT_SONAME]->d_un.d_val), LIBC_SO) == 0) | |
1384 | GL(dl_ns)[nsid].libc_map = l; | |
1385 | ||
77523d5e FW |
1386 | /* _dl_close can only eventually undo the module ID assignment (via |
1387 | remove_slotinfo) if this function returns a pointer to a link | |
1388 | map. Therefore, delay this step until all possibilities for | |
1389 | failure have been excluded. */ | |
1390 | if (l->l_tls_blocksize > 0 | |
1391 | && (__glibc_likely (l->l_type == lt_library) | |
1392 | /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did | |
1393 | not set up TLS data structures, so don't use them now. */ | |
1394 | || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))) | |
1395 | /* Assign the next available module ID. */ | |
1396 | l->l_tls_modid = _dl_next_tls_modid (); | |
1397 | ||
47cc1490 CM |
1398 | #ifdef DL_AFTER_LOAD |
1399 | DL_AFTER_LOAD (l); | |
1400 | #endif | |
1401 | ||
f0967738 AK |
1402 | /* Now that the object is fully initialized add it to the object list. */ |
1403 | _dl_add_to_namespace_list (l, nsid); | |
1404 | ||
9dcafc55 UD |
1405 | #ifdef SHARED |
1406 | /* Auditing checkpoint: we have a new object. */ | |
1b26b855 | 1407 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) |
29f97654 | 1408 | && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing) |
9dcafc55 UD |
1409 | { |
1410 | struct audit_ifaces *afct = GLRO(dl_audit); | |
1411 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) | |
1412 | { | |
1413 | if (afct->objopen != NULL) | |
1414 | { | |
e1d559f3 FW |
1415 | struct auditstate *state = link_map_audit_state (l, cnt); |
1416 | state->bindflags = afct->objopen (l, nsid, &state->cookie); | |
1417 | l->l_audit_any_plt |= state->bindflags != 0; | |
9dcafc55 UD |
1418 | } |
1419 | ||
1420 | afct = afct->next; | |
1421 | } | |
1422 | } | |
1423 | #endif | |
1424 | ||
d66e34cd RM |
1425 | return l; |
1426 | } | |
ba79d61b | 1427 | \f |
b5efde2f UD |
1428 | /* Print search path. */ |
1429 | static void | |
1430 | print_search_path (struct r_search_path_elem **list, | |
844c394a | 1431 | const char *what, const char *name) |
b5efde2f | 1432 | { |
12264bd7 | 1433 | char buf[max_dirnamelen + max_capstrlen]; |
b5efde2f UD |
1434 | int first = 1; |
1435 | ||
154d10bd | 1436 | _dl_debug_printf (" search path="); |
b5efde2f UD |
1437 | |
1438 | while (*list != NULL && (*list)->what == what) /* Yes, ==. */ | |
1439 | { | |
12264bd7 UD |
1440 | char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen); |
1441 | size_t cnt; | |
1442 | ||
1443 | for (cnt = 0; cnt < ncapstr; ++cnt) | |
1444 | if ((*list)->status[cnt] != nonexisting) | |
1445 | { | |
1446 | char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len); | |
143e2b96 UD |
1447 | if (cp == buf || (cp == buf + 1 && buf[0] == '/')) |
1448 | cp[0] = '\0'; | |
1449 | else | |
1450 | cp[-1] = '\0'; | |
fb0356b9 UD |
1451 | |
1452 | _dl_debug_printf_c (first ? "%s" : ":%s", buf); | |
1453 | first = 0; | |
12264bd7 | 1454 | } |
b5efde2f | 1455 | |
b5efde2f UD |
1456 | ++list; |
1457 | } | |
1458 | ||
1459 | if (name != NULL) | |
35fc382a | 1460 | _dl_debug_printf_c ("\t\t(%s from file %s)\n", what, |
b9375348 | 1461 | DSO_FILENAME (name)); |
b5efde2f | 1462 | else |
35fc382a | 1463 | _dl_debug_printf_c ("\t\t(%s)\n", what); |
b5efde2f UD |
1464 | } |
1465 | \f | |
a35e137a UD |
1466 | /* Open a file and verify it is an ELF file for this architecture. We |
1467 | ignore only ELF files for other architectures. Non-ELF files and | |
1468 | ELF files with different header information cause fatal errors since | |
1469 | this could mean there is something wrong in the installation and the | |
c0d6f2a3 RM |
1470 | user might want to know about this. |
1471 | ||
1472 | If FD is not -1, then the file is already open and FD refers to it. | |
1473 | In that case, FD is consumed for both successful and error returns. */ | |
a35e137a | 1474 | static int |
c0d6f2a3 RM |
1475 | open_verify (const char *name, int fd, |
1476 | struct filebuf *fbp, struct link_map *loader, | |
a42faf59 | 1477 | int whatcode, int mode, bool *found_other_class, bool free_name) |
a35e137a UD |
1478 | { |
1479 | /* This is the expected ELF header. */ | |
1480 | #define ELF32_CLASS ELFCLASS32 | |
1481 | #define ELF64_CLASS ELFCLASS64 | |
1482 | #ifndef VALID_ELF_HEADER | |
1483 | # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0) | |
1484 | # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV) | |
d8c47894 | 1485 | # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0) |
40e2fc8b UD |
1486 | #elif defined MORE_ELF_HEADER_DATA |
1487 | MORE_ELF_HEADER_DATA; | |
a35e137a | 1488 | #endif |
04f2902d | 1489 | static const unsigned char expected[EI_NIDENT] = |
a35e137a UD |
1490 | { |
1491 | [EI_MAG0] = ELFMAG0, | |
1492 | [EI_MAG1] = ELFMAG1, | |
1493 | [EI_MAG2] = ELFMAG2, | |
1494 | [EI_MAG3] = ELFMAG3, | |
1495 | [EI_CLASS] = ELFW(CLASS), | |
1496 | [EI_DATA] = byteorder, | |
1497 | [EI_VERSION] = EV_CURRENT, | |
1498 | [EI_OSABI] = ELFOSABI_SYSV, | |
1499 | [EI_ABIVERSION] = 0 | |
1500 | }; | |
39b3385d UD |
1501 | static const struct |
1502 | { | |
1503 | ElfW(Word) vendorlen; | |
1504 | ElfW(Word) datalen; | |
1505 | ElfW(Word) type; | |
55c91021 | 1506 | char vendor[4]; |
a986484f | 1507 | } expected_note = { 4, 16, 1, "GNU" }; |
39b3385d UD |
1508 | /* Initialize it to make the compiler happy. */ |
1509 | const char *errstring = NULL; | |
1510 | int errval = 0; | |
a35e137a | 1511 | |
9dcafc55 UD |
1512 | #ifdef SHARED |
1513 | /* Give the auditing libraries a chance. */ | |
1b26b855 | 1514 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0 |
9dcafc55 UD |
1515 | && loader->l_auditing == 0) |
1516 | { | |
c0d6f2a3 | 1517 | const char *original_name = name; |
9dcafc55 UD |
1518 | struct audit_ifaces *afct = GLRO(dl_audit); |
1519 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) | |
1520 | { | |
1521 | if (afct->objsearch != NULL) | |
1522 | { | |
e1d559f3 FW |
1523 | struct auditstate *state = link_map_audit_state (loader, cnt); |
1524 | name = afct->objsearch (name, &state->cookie, whatcode); | |
9dcafc55 UD |
1525 | if (name == NULL) |
1526 | /* Ignore the path. */ | |
1527 | return -1; | |
1528 | } | |
1529 | ||
1530 | afct = afct->next; | |
1531 | } | |
c0d6f2a3 RM |
1532 | |
1533 | if (fd != -1 && name != original_name && strcmp (name, original_name)) | |
1534 | { | |
1535 | /* An audit library changed what we're supposed to open, | |
1536 | so FD no longer matches it. */ | |
329ea513 | 1537 | __close_nocancel (fd); |
c0d6f2a3 RM |
1538 | fd = -1; |
1539 | } | |
9dcafc55 UD |
1540 | } |
1541 | #endif | |
1542 | ||
c0d6f2a3 RM |
1543 | if (fd == -1) |
1544 | /* Open the file. We always open files read-only. */ | |
329ea513 | 1545 | fd = __open64_nocancel (name, O_RDONLY | O_CLOEXEC); |
c0d6f2a3 | 1546 | |
a35e137a UD |
1547 | if (fd != -1) |
1548 | { | |
1549 | ElfW(Ehdr) *ehdr; | |
a986484f | 1550 | ElfW(Phdr) *phdr, *ph; |
2f6773b5 | 1551 | ElfW(Word) *abi_note; |
0065aaaa | 1552 | ElfW(Word) *abi_note_malloced = NULL; |
a986484f UD |
1553 | unsigned int osversion; |
1554 | size_t maplength; | |
a35e137a | 1555 | |
9f236c49 | 1556 | /* We successfully opened the file. Now verify it is a file |
a35e137a UD |
1557 | we can use. */ |
1558 | __set_errno (0); | |
88481c16 SP |
1559 | fbp->len = 0; |
1560 | assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr))); | |
1561 | /* Read in the header. */ | |
1562 | do | |
fcccd512 | 1563 | { |
329ea513 ZW |
1564 | ssize_t retlen = __read_nocancel (fd, fbp->buf + fbp->len, |
1565 | sizeof (fbp->buf) - fbp->len); | |
88481c16 SP |
1566 | if (retlen <= 0) |
1567 | break; | |
1568 | fbp->len += retlen; | |
1569 | } | |
1b26b855 | 1570 | while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr)))); |
a35e137a UD |
1571 | |
1572 | /* This is where the ELF header is loaded. */ | |
a35e137a UD |
1573 | ehdr = (ElfW(Ehdr) *) fbp->buf; |
1574 | ||
1575 | /* Now run the tests. */ | |
a1ffb40e | 1576 | if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr)))) |
39b3385d UD |
1577 | { |
1578 | errval = errno; | |
1579 | errstring = (errval == 0 | |
1580 | ? N_("file too short") : N_("cannot read file data")); | |
1581 | call_lose: | |
2e0fc40c UD |
1582 | if (free_name) |
1583 | { | |
1584 | char *realname = (char *) name; | |
1585 | name = strdupa (realname); | |
1586 | free (realname); | |
1587 | } | |
815e6fa3 | 1588 | lose (errval, fd, name, NULL, NULL, errstring, NULL, 0); |
39b3385d | 1589 | } |
a35e137a UD |
1590 | |
1591 | /* See whether the ELF header is what we expect. */ | |
277ae3f1 | 1592 | if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected, |
92ad15a8 | 1593 | EI_ABIVERSION) |
d8c47894 | 1594 | || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI], |
04f2902d UD |
1595 | ehdr->e_ident[EI_ABIVERSION]) |
1596 | || memcmp (&ehdr->e_ident[EI_PAD], | |
1597 | &expected[EI_PAD], | |
277ae3f1 | 1598 | EI_NIDENT - EI_PAD) != 0)) |
a35e137a UD |
1599 | { |
1600 | /* Something is wrong. */ | |
6cc8844f UD |
1601 | const Elf32_Word *magp = (const void *) ehdr->e_ident; |
1602 | if (*magp != | |
a35e137a | 1603 | #if BYTE_ORDER == LITTLE_ENDIAN |
34a5a146 JM |
1604 | ((ELFMAG0 << (EI_MAG0 * 8)) |
1605 | | (ELFMAG1 << (EI_MAG1 * 8)) | |
1606 | | (ELFMAG2 << (EI_MAG2 * 8)) | |
1607 | | (ELFMAG3 << (EI_MAG3 * 8))) | |
a35e137a | 1608 | #else |
34a5a146 JM |
1609 | ((ELFMAG0 << (EI_MAG3 * 8)) |
1610 | | (ELFMAG1 << (EI_MAG2 * 8)) | |
1611 | | (ELFMAG2 << (EI_MAG1 * 8)) | |
1612 | | (ELFMAG3 << (EI_MAG0 * 8))) | |
a35e137a UD |
1613 | #endif |
1614 | ) | |
39b3385d UD |
1615 | errstring = N_("invalid ELF header"); |
1616 | else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS)) | |
7f71c55d UD |
1617 | { |
1618 | /* This is not a fatal error. On architectures where | |
1619 | 32-bit and 64-bit binaries can be run this might | |
1620 | happen. */ | |
1621 | *found_other_class = true; | |
1622 | goto close_and_out; | |
1623 | } | |
39b3385d | 1624 | else if (ehdr->e_ident[EI_DATA] != byteorder) |
a35e137a UD |
1625 | { |
1626 | if (BYTE_ORDER == BIG_ENDIAN) | |
39b3385d | 1627 | errstring = N_("ELF file data encoding not big-endian"); |
a35e137a | 1628 | else |
39b3385d | 1629 | errstring = N_("ELF file data encoding not little-endian"); |
a35e137a | 1630 | } |
39b3385d UD |
1631 | else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) |
1632 | errstring | |
1633 | = N_("ELF file version ident does not match current one"); | |
a35e137a UD |
1634 | /* XXX We should be able so set system specific versions which are |
1635 | allowed here. */ | |
39b3385d UD |
1636 | else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI])) |
1637 | errstring = N_("ELF file OS ABI invalid"); | |
d8c47894 UD |
1638 | else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI], |
1639 | ehdr->e_ident[EI_ABIVERSION])) | |
39b3385d | 1640 | errstring = N_("ELF file ABI version invalid"); |
04f2902d UD |
1641 | else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD], |
1642 | EI_NIDENT - EI_PAD) != 0) | |
1643 | errstring = N_("nonzero padding in e_ident"); | |
39b3385d UD |
1644 | else |
1645 | /* Otherwise we don't know what went wrong. */ | |
1646 | errstring = N_("internal error"); | |
1647 | ||
1648 | goto call_lose; | |
a35e137a UD |
1649 | } |
1650 | ||
1b26b855 | 1651 | if (__glibc_unlikely (ehdr->e_version != EV_CURRENT)) |
39b3385d UD |
1652 | { |
1653 | errstring = N_("ELF file version does not match current one"); | |
1654 | goto call_lose; | |
1655 | } | |
277ae3f1 | 1656 | if (! __glibc_likely (elf_machine_matches_host (ehdr))) |
a986484f | 1657 | goto close_and_out; |
277ae3f1 PP |
1658 | else if (__glibc_unlikely (ehdr->e_type != ET_DYN |
1659 | && ehdr->e_type != ET_EXEC)) | |
39b3385d UD |
1660 | { |
1661 | errstring = N_("only ET_DYN and ET_EXEC can be loaded"); | |
1662 | goto call_lose; | |
1663 | } | |
1b26b855 | 1664 | else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr)))) |
5ce98c3f UD |
1665 | { |
1666 | errstring = N_("ELF file's phentsize not the expected size"); | |
1667 | goto call_lose; | |
1668 | } | |
a986484f UD |
1669 | |
1670 | maplength = ehdr->e_phnum * sizeof (ElfW(Phdr)); | |
6dd67bd5 | 1671 | if (ehdr->e_phoff + maplength <= (size_t) fbp->len) |
a986484f UD |
1672 | phdr = (void *) (fbp->buf + ehdr->e_phoff); |
1673 | else | |
1674 | { | |
1675 | phdr = alloca (maplength); | |
95c10569 LP |
1676 | if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength, |
1677 | ehdr->e_phoff) != maplength) | |
39b3385d UD |
1678 | { |
1679 | read_error: | |
1680 | errval = errno; | |
1681 | errstring = N_("cannot read file data"); | |
1682 | goto call_lose; | |
1683 | } | |
a986484f UD |
1684 | } |
1685 | ||
d6f373d2 MF |
1686 | if (__glibc_unlikely (elf_machine_reject_phdr_p |
1687 | (phdr, ehdr->e_phnum, fbp->buf, fbp->len, | |
1688 | loader, fd))) | |
1689 | goto close_and_out; | |
1690 | ||
a986484f UD |
1691 | /* Check .note.ABI-tag if present. */ |
1692 | for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph) | |
8a3ca0fd AS |
1693 | if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 |
1694 | && (ph->p_align == 4 || ph->p_align == 8)) | |
a986484f | 1695 | { |
2f6773b5 UD |
1696 | ElfW(Addr) size = ph->p_filesz; |
1697 | ||
1698 | if (ph->p_offset + size <= (size_t) fbp->len) | |
a986484f UD |
1699 | abi_note = (void *) (fbp->buf + ph->p_offset); |
1700 | else | |
1701 | { | |
0065aaaa PP |
1702 | /* Note: __libc_use_alloca is not usable here, because |
1703 | thread info may not have been set up yet. */ | |
1704 | if (size < __MAX_ALLOCA_CUTOFF) | |
1705 | abi_note = alloca (size); | |
1706 | else | |
1707 | { | |
1708 | /* There could be multiple PT_NOTEs. */ | |
1709 | abi_note_malloced = realloc (abi_note_malloced, size); | |
1710 | if (abi_note_malloced == NULL) | |
1711 | goto read_error; | |
1712 | ||
1713 | abi_note = abi_note_malloced; | |
1714 | } | |
95c10569 LP |
1715 | if (__pread64_nocancel (fd, (void *) abi_note, size, |
1716 | ph->p_offset) != size) | |
0065aaaa PP |
1717 | { |
1718 | free (abi_note_malloced); | |
1719 | goto read_error; | |
1720 | } | |
2f6773b5 UD |
1721 | } |
1722 | ||
1723 | while (memcmp (abi_note, &expected_note, sizeof (expected_note))) | |
1724 | { | |
8d81ce0c L |
1725 | ElfW(Addr) note_size |
1726 | = ELF_NOTE_NEXT_OFFSET (abi_note[0], abi_note[1], | |
8a3ca0fd | 1727 | ph->p_align); |
39b3385d | 1728 | |
2f6773b5 UD |
1729 | if (size - 32 < note_size) |
1730 | { | |
1731 | size = 0; | |
1732 | break; | |
1733 | } | |
1734 | size -= note_size; | |
1735 | abi_note = (void *) abi_note + note_size; | |
a986484f UD |
1736 | } |
1737 | ||
2f6773b5 | 1738 | if (size == 0) |
a986484f UD |
1739 | continue; |
1740 | ||
55c91021 UD |
1741 | osversion = (abi_note[5] & 0xff) * 65536 |
1742 | + (abi_note[6] & 0xff) * 256 | |
1743 | + (abi_note[7] & 0xff); | |
1744 | if (abi_note[4] != __ABI_TAG_OS | |
afdca0f2 | 1745 | || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion)) |
a986484f UD |
1746 | { |
1747 | close_and_out: | |
329ea513 | 1748 | __close_nocancel (fd); |
a986484f UD |
1749 | __set_errno (ENOENT); |
1750 | fd = -1; | |
1751 | } | |
1752 | ||
1753 | break; | |
1754 | } | |
0065aaaa | 1755 | free (abi_note_malloced); |
a35e137a UD |
1756 | } |
1757 | ||
1758 | return fd; | |
1759 | } | |
1760 | \f | |
04ea3b0f | 1761 | /* Try to open NAME in one of the directories in *DIRSP. |
ba79d61b | 1762 | Return the fd, or -1. If successful, fill in *REALNAME |
04ea3b0f UD |
1763 | with the malloc'd full directory name. If it turns out |
1764 | that none of the directories in *DIRSP exists, *DIRSP is | |
1765 | replaced with (void *) -1, and the old value is free()d | |
1766 | if MAY_FREE_DIRS is true. */ | |
ba79d61b RM |
1767 | |
1768 | static int | |
a42faf59 | 1769 | open_path (const char *name, size_t namelen, int mode, |
a35e137a | 1770 | struct r_search_path_struct *sps, char **realname, |
7f71c55d UD |
1771 | struct filebuf *fbp, struct link_map *loader, int whatcode, |
1772 | bool *found_other_class) | |
ba79d61b | 1773 | { |
f55727ca | 1774 | struct r_search_path_elem **dirs = sps->dirs; |
ba79d61b | 1775 | char *buf; |
0a54e401 | 1776 | int fd = -1; |
b5efde2f | 1777 | const char *current_what = NULL; |
152e7964 | 1778 | int any = 0; |
ba79d61b | 1779 | |
a1ffb40e | 1780 | if (__glibc_unlikely (dirs == NULL)) |
ab1d521d RM |
1781 | /* We're called before _dl_init_paths when loading the main executable |
1782 | given on the command line when rtld is run directly. */ | |
1783 | return -1; | |
1784 | ||
5431ece5 | 1785 | buf = alloca (max_dirnamelen + max_capstrlen + namelen); |
ba79d61b RM |
1786 | do |
1787 | { | |
0a54e401 UD |
1788 | struct r_search_path_elem *this_dir = *dirs; |
1789 | size_t buflen = 0; | |
12264bd7 | 1790 | size_t cnt; |
b0b67c47 | 1791 | char *edp; |
f5858039 | 1792 | int here_any = 0; |
55c91021 | 1793 | int err; |
ba79d61b | 1794 | |
b5efde2f UD |
1795 | /* If we are debugging the search for libraries print the path |
1796 | now if it hasn't happened now. */ | |
1b26b855 | 1797 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS) |
cf197e41 | 1798 | && current_what != this_dir->what) |
b5efde2f UD |
1799 | { |
1800 | current_what = this_dir->what; | |
1801 | print_search_path (dirs, current_what, this_dir->where); | |
1802 | } | |
1803 | ||
b0b67c47 | 1804 | edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen); |
12264bd7 | 1805 | for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt) |
fd26970f | 1806 | { |
12264bd7 UD |
1807 | /* Skip this directory if we know it does not exist. */ |
1808 | if (this_dir->status[cnt] == nonexisting) | |
1809 | continue; | |
0a54e401 | 1810 | |
12264bd7 | 1811 | buflen = |
d6b5d570 UD |
1812 | ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str, |
1813 | capstr[cnt].len), | |
12264bd7 UD |
1814 | name, namelen) |
1815 | - buf); | |
1816 | ||
1817 | /* Print name we try if this is wanted. */ | |
a1ffb40e | 1818 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
154d10bd | 1819 | _dl_debug_printf (" trying file=%s\n", buf); |
b5efde2f | 1820 | |
c0d6f2a3 | 1821 | fd = open_verify (buf, -1, fbp, loader, whatcode, mode, |
a42faf59 | 1822 | found_other_class, false); |
12264bd7 | 1823 | if (this_dir->status[cnt] == unknown) |
6e4c40ba UD |
1824 | { |
1825 | if (fd != -1) | |
1826 | this_dir->status[cnt] = existing; | |
9dcafc55 UD |
1827 | /* Do not update the directory information when loading |
1828 | auditing code. We must try to disturb the program as | |
1829 | little as possible. */ | |
1830 | else if (loader == NULL | |
361a3706 | 1831 | || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0) |
6e4c40ba UD |
1832 | { |
1833 | /* We failed to open machine dependent library. Let's | |
1834 | test whether there is any directory at all. */ | |
5763742f | 1835 | struct stat64 st; |
6e4c40ba UD |
1836 | |
1837 | buf[buflen - namelen - 1] = '\0'; | |
1838 | ||
5763742f | 1839 | if (__xstat64 (_STAT_VER, buf, &st) != 0 |
6e4c40ba UD |
1840 | || ! S_ISDIR (st.st_mode)) |
1841 | /* The directory does not exist or it is no directory. */ | |
1842 | this_dir->status[cnt] = nonexisting; | |
1843 | else | |
1844 | this_dir->status[cnt] = existing; | |
1845 | } | |
1846 | } | |
fd26970f | 1847 | |
152e7964 | 1848 | /* Remember whether we found any existing directory. */ |
9dcafc55 | 1849 | here_any |= this_dir->status[cnt] != nonexisting; |
152e7964 | 1850 | |
1b26b855 | 1851 | if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE) |
6bc6bd3b | 1852 | && __libc_enable_secure) |
c6222ab9 UD |
1853 | { |
1854 | /* This is an extra security effort to make sure nobody can | |
1855 | preload broken shared objects which are in the trusted | |
1856 | directories and so exploit the bugs. */ | |
5763742f | 1857 | struct stat64 st; |
c6222ab9 | 1858 | |
5763742f | 1859 | if (__fxstat64 (_STAT_VER, fd, &st) != 0 |
c6222ab9 UD |
1860 | || (st.st_mode & S_ISUID) == 0) |
1861 | { | |
1862 | /* The shared object cannot be tested for being SUID | |
1863 | or this bit is not set. In this case we must not | |
1864 | use this object. */ | |
329ea513 | 1865 | __close_nocancel (fd); |
c6222ab9 UD |
1866 | fd = -1; |
1867 | /* We simply ignore the file, signal this by setting | |
1868 | the error value which would have been set by `open'. */ | |
1869 | errno = ENOENT; | |
1870 | } | |
1871 | } | |
ba79d61b RM |
1872 | } |
1873 | ||
ba79d61b RM |
1874 | if (fd != -1) |
1875 | { | |
2f653c01 | 1876 | *realname = (char *) malloc (buflen); |
c6222ab9 | 1877 | if (*realname != NULL) |
ba79d61b RM |
1878 | { |
1879 | memcpy (*realname, buf, buflen); | |
1880 | return fd; | |
1881 | } | |
1882 | else | |
1883 | { | |
1884 | /* No memory for the name, we certainly won't be able | |
1885 | to load and link it. */ | |
329ea513 | 1886 | __close_nocancel (fd); |
ba79d61b RM |
1887 | return -1; |
1888 | } | |
1889 | } | |
55c91021 | 1890 | if (here_any && (err = errno) != ENOENT && err != EACCES) |
ba79d61b RM |
1891 | /* The file exists and is readable, but something went wrong. */ |
1892 | return -1; | |
f5858039 UD |
1893 | |
1894 | /* Remember whether we found anything. */ | |
1895 | any |= here_any; | |
ba79d61b | 1896 | } |
0a54e401 | 1897 | while (*++dirs != NULL); |
ba79d61b | 1898 | |
152e7964 | 1899 | /* Remove the whole path if none of the directories exists. */ |
a1ffb40e | 1900 | if (__glibc_unlikely (! any)) |
152e7964 | 1901 | { |
04ea3b0f UD |
1902 | /* Paths which were allocated using the minimal malloc() in ld.so |
1903 | must not be freed using the general free() in libc. */ | |
f55727ca UD |
1904 | if (sps->malloced) |
1905 | free (sps->dirs); | |
11bf311e | 1906 | |
9317ea65 | 1907 | /* rtld_search_dirs and env_path_list are attribute_relro, therefore |
c01ae97e | 1908 | avoid writing into it. */ |
9317ea65 | 1909 | if (sps != &rtld_search_dirs && sps != &env_path_list) |
ecc1d0c3 | 1910 | sps->dirs = (void *) -1; |
152e7964 UD |
1911 | } |
1912 | ||
ba79d61b RM |
1913 | return -1; |
1914 | } | |
1915 | ||
1916 | /* Map in the shared object file NAME. */ | |
1917 | ||
1918 | struct link_map * | |
8e9f92e9 | 1919 | _dl_map_object (struct link_map *loader, const char *name, |
c0f62c56 | 1920 | int type, int trace_mode, int mode, Lmid_t nsid) |
ba79d61b RM |
1921 | { |
1922 | int fd; | |
a1b85ae8 | 1923 | const char *origname = NULL; |
ba79d61b | 1924 | char *realname; |
14bab8de | 1925 | char *name_copy; |
ba79d61b | 1926 | struct link_map *l; |
a35e137a | 1927 | struct filebuf fb; |
ba79d61b | 1928 | |
c0f62c56 | 1929 | assert (nsid >= 0); |
22c83193 | 1930 | assert (nsid < GL(dl_nns)); |
c0f62c56 | 1931 | |
ba79d61b | 1932 | /* Look for this name among those already loaded. */ |
c0f62c56 | 1933 | for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next) |
f41c8091 UD |
1934 | { |
1935 | /* If the requested name matches the soname of a loaded object, | |
1936 | use that object. Elide this check for names that have not | |
1937 | yet been opened. */ | |
277ae3f1 | 1938 | if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0)) |
f41c8091 UD |
1939 | continue; |
1940 | if (!_dl_name_match_p (name, l)) | |
1941 | { | |
1942 | const char *soname; | |
1943 | ||
1b26b855 | 1944 | if (__glibc_likely (l->l_soname_added) |
c91bc73e | 1945 | || l->l_info[DT_SONAME] == NULL) |
f41c8091 UD |
1946 | continue; |
1947 | ||
8699e7b1 UD |
1948 | soname = ((const char *) D_PTR (l, l_info[DT_STRTAB]) |
1949 | + l->l_info[DT_SONAME]->d_un.d_val); | |
f41c8091 UD |
1950 | if (strcmp (name, soname) != 0) |
1951 | continue; | |
1952 | ||
1953 | /* We have a match on a new name -- cache it. */ | |
76156ea1 | 1954 | add_name_to_object (l, soname); |
c91bc73e | 1955 | l->l_soname_added = 1; |
f41c8091 UD |
1956 | } |
1957 | ||
42c4f32a | 1958 | /* We have a match. */ |
f41c8091 UD |
1959 | return l; |
1960 | } | |
ba79d61b | 1961 | |
8193034b | 1962 | /* Display information if we are debugging. */ |
1b26b855 | 1963 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES) |
7969407a | 1964 | && loader != NULL) |
07df30d9 | 1965 | _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0 |
9ac533d3 UD |
1966 | ? "\nfile=%s [%lu]; needed by %s [%lu]\n" |
1967 | : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n", | |
b9375348 | 1968 | name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns); |
8193034b | 1969 | |
9dcafc55 UD |
1970 | #ifdef SHARED |
1971 | /* Give the auditing libraries a chance to change the name before we | |
1972 | try anything. */ | |
1b26b855 | 1973 | if (__glibc_unlikely (GLRO(dl_naudit) > 0) |
9dcafc55 UD |
1974 | && (loader == NULL || loader->l_auditing == 0)) |
1975 | { | |
1976 | struct audit_ifaces *afct = GLRO(dl_audit); | |
1977 | for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt) | |
1978 | { | |
1979 | if (afct->objsearch != NULL) | |
1980 | { | |
a1b85ae8 | 1981 | const char *before = name; |
e1d559f3 FW |
1982 | struct auditstate *state = link_map_audit_state (loader, cnt); |
1983 | name = afct->objsearch (name, &state->cookie, LA_SER_ORIG); | |
9dcafc55 UD |
1984 | if (name == NULL) |
1985 | { | |
1986 | /* Do not try anything further. */ | |
1987 | fd = -1; | |
1988 | goto no_file; | |
1989 | } | |
a1b85ae8 FW |
1990 | if (before != name && strcmp (before, name) != 0) |
1991 | { | |
1992 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)) | |
1993 | _dl_debug_printf ("audit changed filename %s -> %s\n", | |
1994 | before, name); | |
1995 | ||
1996 | if (origname == NULL) | |
1997 | origname = before; | |
1998 | } | |
9dcafc55 UD |
1999 | } |
2000 | ||
2001 | afct = afct->next; | |
2002 | } | |
2003 | } | |
2004 | #endif | |
2005 | ||
7f71c55d UD |
2006 | /* Will be true if we found a DSO which is of the other ELF class. */ |
2007 | bool found_other_class = false; | |
2008 | ||
ba79d61b RM |
2009 | if (strchr (name, '/') == NULL) |
2010 | { | |
2011 | /* Search for NAME in several places. */ | |
2012 | ||
2013 | size_t namelen = strlen (name) + 1; | |
2014 | ||
a1ffb40e | 2015 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
c0f62c56 | 2016 | _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid); |
b5efde2f | 2017 | |
ba79d61b | 2018 | fd = -1; |
a23db8e4 | 2019 | |
fcf70d41 | 2020 | /* When the object has the RUNPATH information we don't use any |
844c394a | 2021 | RPATHs. */ |
4c540916 | 2022 | if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL) |
fcf70d41 | 2023 | { |
a1f0de82 UD |
2024 | /* This is the executable's map (if there is one). Make sure that |
2025 | we do not look at it twice. */ | |
2026 | struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded; | |
2027 | bool did_main_map = false; | |
2028 | ||
fcf70d41 UD |
2029 | /* First try the DT_RPATH of the dependent object that caused NAME |
2030 | to be loaded. Then that object's dependent, and on up. */ | |
a1f0de82 | 2031 | for (l = loader; l; l = l->l_loader) |
45e4762c | 2032 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) |
a1f0de82 | 2033 | { |
a42faf59 | 2034 | fd = open_path (name, namelen, mode, |
8e9f92e9 | 2035 | &l->l_rpath_dirs, |
a1f0de82 UD |
2036 | &realname, &fb, loader, LA_SER_RUNPATH, |
2037 | &found_other_class); | |
2038 | if (fd != -1) | |
2039 | break; | |
2040 | ||
2041 | did_main_map |= l == main_map; | |
2042 | } | |
0a54e401 | 2043 | |
fcf70d41 | 2044 | /* If dynamically linked, try the DT_RPATH of the executable |
844c394a | 2045 | itself. NB: we do this for lookups in any namespace. */ |
a1f0de82 UD |
2046 | if (fd == -1 && !did_main_map |
2047 | && main_map != NULL && main_map->l_type != lt_loaded | |
2048 | && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH, | |
2049 | "RPATH")) | |
a42faf59 | 2050 | fd = open_path (name, namelen, mode, |
8e9f92e9 | 2051 | &main_map->l_rpath_dirs, |
a1f0de82 UD |
2052 | &realname, &fb, loader ?: main_map, LA_SER_RUNPATH, |
2053 | &found_other_class); | |
fcf70d41 | 2054 | } |
fd26970f | 2055 | |
7ef90c15 | 2056 | /* Try the LD_LIBRARY_PATH environment variable. */ |
f55727ca | 2057 | if (fd == -1 && env_path_list.dirs != (void *) -1) |
a42faf59 | 2058 | fd = open_path (name, namelen, mode, &env_path_list, |
9dcafc55 UD |
2059 | &realname, &fb, |
2060 | loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, | |
7f71c55d | 2061 | LA_SER_LIBPATH, &found_other_class); |
40a55d20 | 2062 | |
45e4762c RM |
2063 | /* Look at the RUNPATH information for this binary. */ |
2064 | if (fd == -1 && loader != NULL | |
2065 | && cache_rpath (loader, &loader->l_runpath_dirs, | |
2066 | DT_RUNPATH, "RUNPATH")) | |
a42faf59 | 2067 | fd = open_path (name, namelen, mode, |
9dcafc55 | 2068 | &loader->l_runpath_dirs, &realname, &fb, loader, |
7f71c55d | 2069 | LA_SER_RUNPATH, &found_other_class); |
fcf70d41 | 2070 | |
c0d6f2a3 RM |
2071 | if (fd == -1) |
2072 | { | |
2073 | realname = _dl_sysdep_open_object (name, namelen, &fd); | |
2074 | if (realname != NULL) | |
2075 | { | |
2076 | fd = open_verify (realname, fd, | |
2077 | &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, | |
2078 | LA_SER_CONFIG, mode, &found_other_class, | |
2079 | false); | |
2080 | if (fd == -1) | |
2081 | free (realname); | |
2082 | } | |
2083 | } | |
2084 | ||
f57f8055 | 2085 | #ifdef USE_LDCONFIG |
55c91021 | 2086 | if (fd == -1 |
277ae3f1 | 2087 | && (__glibc_likely ((mode & __RTLD_SECURE) == 0) |
6bc6bd3b | 2088 | || ! __libc_enable_secure) |
1b26b855 | 2089 | && __glibc_likely (GLRO(dl_inhibit_cache) == 0)) |
f18edac3 RM |
2090 | { |
2091 | /* Check the list of libraries in the file /etc/ld.so.cache, | |
2092 | for compatibility with Linux's ldconfig program. */ | |
ccdb048d | 2093 | char *cached = _dl_load_cache_lookup (name); |
0f6b172f | 2094 | |
2f653c01 UD |
2095 | if (cached != NULL) |
2096 | { | |
c0f62c56 | 2097 | // XXX Correct to unconditionally default to namespace 0? |
6a5ee102 UD |
2098 | l = (loader |
2099 | ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded | |
0d23a5c1 MR |
2100 | # ifdef SHARED |
2101 | ?: &GL(dl_rtld_map) | |
f57f8055 | 2102 | # endif |
0d23a5c1 | 2103 | ); |
0f6b172f | 2104 | |
266bb989 UD |
2105 | /* If the loader has the DF_1_NODEFLIB flag set we must not |
2106 | use a cache entry from any of these directories. */ | |
1b26b855 | 2107 | if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB)) |
266bb989 UD |
2108 | { |
2109 | const char *dirp = system_dirs; | |
2e47aff5 | 2110 | unsigned int cnt = 0; |
266bb989 UD |
2111 | |
2112 | do | |
2113 | { | |
2114 | if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0) | |
2115 | { | |
2116 | /* The prefix matches. Don't use the entry. */ | |
ccdb048d | 2117 | free (cached); |
266bb989 UD |
2118 | cached = NULL; |
2119 | break; | |
2120 | } | |
2121 | ||
2122 | dirp += system_dirs_len[cnt] + 1; | |
2123 | ++cnt; | |
2124 | } | |
4a6d1198 | 2125 | while (cnt < nsystem_dirs_len); |
266bb989 UD |
2126 | } |
2127 | ||
2f653c01 | 2128 | if (cached != NULL) |
f18edac3 | 2129 | { |
c0d6f2a3 | 2130 | fd = open_verify (cached, -1, |
9dcafc55 | 2131 | &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded, |
a42faf59 PP |
2132 | LA_SER_CONFIG, mode, &found_other_class, |
2133 | false); | |
a1ffb40e | 2134 | if (__glibc_likely (fd != -1)) |
ccdb048d CD |
2135 | realname = cached; |
2136 | else | |
2137 | free (cached); | |
f18edac3 RM |
2138 | } |
2139 | } | |
2140 | } | |
f57f8055 | 2141 | #endif |
0a54e401 | 2142 | |
a23db8e4 | 2143 | /* Finally, try the default path. */ |
266bb989 | 2144 | if (fd == -1 |
c0f62c56 | 2145 | && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL |
1b26b855 | 2146 | || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB))) |
f55727ca | 2147 | && rtld_search_dirs.dirs != (void *) -1) |
a42faf59 | 2148 | fd = open_path (name, namelen, mode, &rtld_search_dirs, |
7f71c55d | 2149 | &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); |
b5efde2f | 2150 | |
fd77c361 | 2151 | /* Add another newline when we are tracing the library loading. */ |
a1ffb40e | 2152 | if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
844c394a | 2153 | _dl_debug_printf ("\n"); |
ba79d61b RM |
2154 | } |
2155 | else | |
2156 | { | |
f787edde UD |
2157 | /* The path may contain dynamic string tokens. */ |
2158 | realname = (loader | |
2bd86632 | 2159 | ? expand_dynamic_string_token (loader, name) |
cc00cece | 2160 | : __strdup (name)); |
f787edde UD |
2161 | if (realname == NULL) |
2162 | fd = -1; | |
2163 | else | |
ba79d61b | 2164 | { |
c0d6f2a3 | 2165 | fd = open_verify (realname, -1, &fb, |
a42faf59 | 2166 | loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode, |
2e0fc40c | 2167 | &found_other_class, true); |
1b26b855 | 2168 | if (__glibc_unlikely (fd == -1)) |
f787edde | 2169 | free (realname); |
ba79d61b RM |
2170 | } |
2171 | } | |
2172 | ||
9dcafc55 UD |
2173 | #ifdef SHARED |
2174 | no_file: | |
2175 | #endif | |
c14e9135 UD |
2176 | /* In case the LOADER information has only been provided to get to |
2177 | the appropriate RUNPATH/RPATH information we do not need it | |
2178 | anymore. */ | |
2179 | if (mode & __RTLD_CALLMAP) | |
2180 | loader = NULL; | |
2181 | ||
1b26b855 | 2182 | if (__glibc_unlikely (fd == -1)) |
46ec036d | 2183 | { |
32e6df36 | 2184 | if (trace_mode |
1b26b855 | 2185 | && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0)) |
46ec036d UD |
2186 | { |
2187 | /* We haven't found an appropriate library. But since we | |
2188 | are only interested in the list of libraries this isn't | |
2189 | so severe. Fake an entry with all the information we | |
1ef32c3d | 2190 | have. */ |
a1eca9f3 | 2191 | static const Elf_Symndx dummy_bucket = STN_UNDEF; |
46ec036d | 2192 | |
f0967738 | 2193 | /* Allocate a new object map. */ |
cc00cece | 2194 | if ((name_copy = __strdup (name)) == NULL |
1fc07491 | 2195 | || (l = _dl_new_object (name_copy, name, type, loader, |
c0f62c56 | 2196 | mode, nsid)) == NULL) |
2e0fc40c UD |
2197 | { |
2198 | free (name_copy); | |
2199 | _dl_signal_error (ENOMEM, name, NULL, | |
2200 | N_("cannot create shared object descriptor")); | |
2201 | } | |
a881e0a0 UD |
2202 | /* Signal that this is a faked entry. */ |
2203 | l->l_faked = 1; | |
2204 | /* Since the descriptor is initialized with zero we do not | |
126b06f9 | 2205 | have do this here. |
126b06f9 | 2206 | l->l_reserved = 0; */ |
fd26970f UD |
2207 | l->l_buckets = &dummy_bucket; |
2208 | l->l_nbuckets = 1; | |
2209 | l->l_relocated = 1; | |
2210 | ||
f0967738 AK |
2211 | /* Enter the object in the object list. */ |
2212 | _dl_add_to_namespace_list (l, nsid); | |
2213 | ||
fd26970f | 2214 | return l; |
46ec036d | 2215 | } |
7f71c55d UD |
2216 | else if (found_other_class) |
2217 | _dl_signal_error (0, name, NULL, | |
2218 | ELFW(CLASS) == ELFCLASS32 | |
2219 | ? N_("wrong ELF class: ELFCLASS64") | |
2220 | : N_("wrong ELF class: ELFCLASS32")); | |
46ec036d | 2221 | else |
154d10bd UD |
2222 | _dl_signal_error (errno, name, NULL, |
2223 | N_("cannot open shared object file")); | |
46ec036d | 2224 | } |
ba79d61b | 2225 | |
d1fc817e | 2226 | void *stack_end = __libc_stack_end; |
a1b85ae8 FW |
2227 | return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader, |
2228 | type, mode, &stack_end, nsid); | |
ba79d61b | 2229 | } |
154d10bd | 2230 | |
b8c80a7e KS |
2231 | struct add_path_state |
2232 | { | |
2233 | bool counting; | |
2234 | unsigned int idx; | |
2235 | Dl_serinfo *si; | |
2236 | char *allocptr; | |
2237 | }; | |
2238 | ||
2239 | static void | |
2240 | add_path (struct add_path_state *p, const struct r_search_path_struct *sps, | |
2241 | unsigned int flags) | |
2242 | { | |
2243 | if (sps->dirs != (void *) -1) | |
2244 | { | |
2245 | struct r_search_path_elem **dirs = sps->dirs; | |
2246 | do | |
2247 | { | |
2248 | const struct r_search_path_elem *const r = *dirs++; | |
2249 | if (p->counting) | |
2250 | { | |
2251 | p->si->dls_cnt++; | |
2252 | p->si->dls_size += MAX (2, r->dirnamelen); | |
2253 | } | |
2254 | else | |
2255 | { | |
2256 | Dl_serpath *const sp = &p->si->dls_serpath[p->idx++]; | |
2257 | sp->dls_name = p->allocptr; | |
2258 | if (r->dirnamelen < 2) | |
2259 | *p->allocptr++ = r->dirnamelen ? '/' : '.'; | |
2260 | else | |
2261 | p->allocptr = __mempcpy (p->allocptr, | |
2262 | r->dirname, r->dirnamelen - 1); | |
2263 | *p->allocptr++ = '\0'; | |
2264 | sp->dls_flags = flags; | |
2265 | } | |
2266 | } | |
2267 | while (*dirs != NULL); | |
2268 | } | |
2269 | } | |
45e4762c RM |
2270 | |
2271 | void | |
45e4762c RM |
2272 | _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting) |
2273 | { | |
2274 | if (counting) | |
2275 | { | |
2276 | si->dls_cnt = 0; | |
2277 | si->dls_size = 0; | |
2278 | } | |
2279 | ||
b8c80a7e | 2280 | struct add_path_state p = |
45e4762c | 2281 | { |
b8c80a7e KS |
2282 | .counting = counting, |
2283 | .idx = 0, | |
2284 | .si = si, | |
2285 | .allocptr = (char *) &si->dls_serpath[si->dls_cnt] | |
2286 | }; | |
2287 | ||
2288 | # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */ | |
45e4762c RM |
2289 | |
2290 | /* When the object has the RUNPATH information we don't use any RPATHs. */ | |
2291 | if (loader->l_info[DT_RUNPATH] == NULL) | |
2292 | { | |
2293 | /* First try the DT_RPATH of the dependent object that caused NAME | |
2294 | to be loaded. Then that object's dependent, and on up. */ | |
2295 | ||
2296 | struct link_map *l = loader; | |
2297 | do | |
2298 | { | |
2299 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) | |
b8c80a7e | 2300 | add_path (&p, &l->l_rpath_dirs, XXX_RPATH); |
45e4762c RM |
2301 | l = l->l_loader; |
2302 | } | |
2303 | while (l != NULL); | |
2304 | ||
2305 | /* If dynamically linked, try the DT_RPATH of the executable itself. */ | |
c0f62c56 UD |
2306 | if (loader->l_ns == LM_ID_BASE) |
2307 | { | |
2308 | l = GL(dl_ns)[LM_ID_BASE]._ns_loaded; | |
2309 | if (l != NULL && l->l_type != lt_loaded && l != loader) | |
2310 | if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) | |
b8c80a7e | 2311 | add_path (&p, &l->l_rpath_dirs, XXX_RPATH); |
c0f62c56 | 2312 | } |
45e4762c RM |
2313 | } |
2314 | ||
2315 | /* Try the LD_LIBRARY_PATH environment variable. */ | |
b8c80a7e | 2316 | add_path (&p, &env_path_list, XXX_ENV); |
45e4762c RM |
2317 | |
2318 | /* Look at the RUNPATH information for this binary. */ | |
2319 | if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH")) | |
b8c80a7e | 2320 | add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH); |
45e4762c RM |
2321 | |
2322 | /* XXX | |
2323 | Here is where ld.so.cache gets checked, but we don't have | |
2324 | a way to indicate that in the results for Dl_serinfo. */ | |
2325 | ||
2326 | /* Finally, try the default path. */ | |
2327 | if (!(loader->l_flags_1 & DF_1_NODEFLIB)) | |
b8c80a7e | 2328 | add_path (&p, &rtld_search_dirs, XXX_default); |
45e4762c RM |
2329 | |
2330 | if (counting) | |
2331 | /* Count the struct size before the string area, which we didn't | |
2332 | know before we completed dls_cnt. */ | |
2333 | si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si; | |
2334 | } |