linker.cpp revision 0266ae5f884d72da58f33a072e865ba131234a5e
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <inttypes.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/atomics.h> 38#include <sys/mman.h> 39#include <sys/stat.h> 40#include <unistd.h> 41 42// Private C library headers. 43#include "private/bionic_tls.h" 44#include "private/KernelArgumentBlock.h" 45#include "private/ScopedPthreadMutexLocker.h" 46 47#include "linker.h" 48#include "linker_debug.h" 49#include "linker_environ.h" 50#include "linker_phdr.h" 51 52/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 53 * 54 * Do NOT use malloc() and friends or pthread_*() code here. 55 * Don't use printf() either; it's caused mysterious memory 56 * corruption in the past. 57 * The linker runs before we bring up libc and it's easiest 58 * to make sure it does not depend on any complex libc features 59 * 60 * open issues / todo: 61 * 62 * - are we doing everything we should for ARM_COPY relocations? 63 * - cleaner error reporting 64 * - after linking, set as much stuff as possible to READONLY 65 * and NOEXEC 66 */ 67 68static bool soinfo_link_image(soinfo* si); 69static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 70 71// We can't use malloc(3) in the dynamic linker. We use a linked list of anonymous 72// maps, each a single page in size. The pages are broken up into as many struct soinfo 73// objects as will fit, and they're all threaded together on a free list. 74#define SOINFO_PER_POOL ((PAGE_SIZE - sizeof(soinfo_pool_t*)) / sizeof(soinfo)) 75struct soinfo_pool_t { 76 soinfo_pool_t* next; 77 soinfo info[SOINFO_PER_POOL]; 78}; 79static struct soinfo_pool_t* gSoInfoPools = NULL; 80static soinfo* gSoInfoFreeList = NULL; 81 82static soinfo* solist = &libdl_info; 83static soinfo* sonext = &libdl_info; 84static soinfo* somain; /* main process, always the one after libdl_info */ 85 86static const char* const gDefaultLdPaths[] = { 87#if defined(__LP64__) 88 "/vendor/lib64", 89 "/system/lib64", 90#else 91 "/vendor/lib", 92 "/system/lib", 93#endif 94 NULL 95}; 96 97#define LDPATH_BUFSIZE (LDPATH_MAX*64) 98#define LDPATH_MAX 8 99 100#define LDPRELOAD_BUFSIZE (LDPRELOAD_MAX*64) 101#define LDPRELOAD_MAX 8 102 103static char gLdPathsBuffer[LDPATH_BUFSIZE]; 104static const char* gLdPaths[LDPATH_MAX + 1]; 105 106static char gLdPreloadsBuffer[LDPRELOAD_BUFSIZE]; 107static const char* gLdPreloadNames[LDPRELOAD_MAX + 1]; 108 109static soinfo* gLdPreloads[LDPRELOAD_MAX + 1]; 110 111__LIBC_HIDDEN__ int gLdDebugVerbosity; 112 113__LIBC_HIDDEN__ abort_msg_t* gAbortMessage = NULL; // For debuggerd. 114 115enum RelocationKind { 116 kRelocAbsolute = 0, 117 kRelocRelative, 118 kRelocCopy, 119 kRelocSymbol, 120 kRelocMax 121}; 122 123#if STATS 124struct linker_stats_t { 125 int count[kRelocMax]; 126}; 127 128static linker_stats_t linker_stats; 129 130static void count_relocation(RelocationKind kind) { 131 ++linker_stats.count[kind]; 132} 133#else 134static void count_relocation(RelocationKind) { 135} 136#endif 137 138#if COUNT_PAGES 139static unsigned bitmask[4096]; 140#if defined(__LP64__) 141#define MARK(offset) \ 142 do { \ 143 if ((((offset) >> 12) >> 5) < 4096) \ 144 bitmask[((offset) >> 12) >> 5] |= (1 << (((offset) >> 12) & 31)); \ 145 } while(0) 146#else 147#define MARK(offset) \ 148 do { \ 149 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 150 } while(0) 151#endif 152#else 153#define MARK(x) do {} while (0) 154#endif 155 156// You shouldn't try to call memory-allocating functions in the dynamic linker. 157// Guard against the most obvious ones. 158#define DISALLOW_ALLOCATION(return_type, name, ...) \ 159 return_type name __VA_ARGS__ \ 160 { \ 161 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 162 __libc_format_log(ANDROID_LOG_FATAL, "linker", "%s", msg); \ 163 write(2, msg, strlen(msg)); \ 164 abort(); \ 165 } 166#define UNUSED __attribute__((unused)) 167DISALLOW_ALLOCATION(void*, malloc, (size_t u UNUSED)); 168DISALLOW_ALLOCATION(void, free, (void* u UNUSED)); 169DISALLOW_ALLOCATION(void*, realloc, (void* u1 UNUSED, size_t u2 UNUSED)); 170DISALLOW_ALLOCATION(void*, calloc, (size_t u1 UNUSED, size_t u2 UNUSED)); 171 172static char tmp_err_buf[768]; 173static char __linker_dl_err_buf[768]; 174 175char* linker_get_error_buffer() { 176 return &__linker_dl_err_buf[0]; 177} 178 179size_t linker_get_error_buffer_size() { 180 return sizeof(__linker_dl_err_buf); 181} 182 183/* 184 * This function is an empty stub where GDB locates a breakpoint to get notified 185 * about linker activity. 186 */ 187extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 188 189static r_debug _r_debug = {1, NULL, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 190static link_map* r_debug_tail = 0; 191 192static pthread_mutex_t gDebugMutex = PTHREAD_MUTEX_INITIALIZER; 193 194static void insert_soinfo_into_debug_map(soinfo* info) { 195 // Copy the necessary fields into the debug structure. 196 link_map* map = &(info->link_map_head); 197 map->l_addr = info->load_bias; 198 map->l_name = (char*) info->name; 199 map->l_ld = info->dynamic; 200 201 /* Stick the new library at the end of the list. 202 * gdb tends to care more about libc than it does 203 * about leaf libraries, and ordering it this way 204 * reduces the back-and-forth over the wire. 205 */ 206 if (r_debug_tail) { 207 r_debug_tail->l_next = map; 208 map->l_prev = r_debug_tail; 209 map->l_next = 0; 210 } else { 211 _r_debug.r_map = map; 212 map->l_prev = 0; 213 map->l_next = 0; 214 } 215 r_debug_tail = map; 216} 217 218static void remove_soinfo_from_debug_map(soinfo* info) { 219 link_map* map = &(info->link_map_head); 220 221 if (r_debug_tail == map) { 222 r_debug_tail = map->l_prev; 223 } 224 225 if (map->l_prev) { 226 map->l_prev->l_next = map->l_next; 227 } 228 if (map->l_next) { 229 map->l_next->l_prev = map->l_prev; 230 } 231} 232 233static void notify_gdb_of_load(soinfo* info) { 234 if (info->flags & FLAG_EXE) { 235 // GDB already knows about the main executable 236 return; 237 } 238 239 ScopedPthreadMutexLocker locker(&gDebugMutex); 240 241 _r_debug.r_state = r_debug::RT_ADD; 242 rtld_db_dlactivity(); 243 244 insert_soinfo_into_debug_map(info); 245 246 _r_debug.r_state = r_debug::RT_CONSISTENT; 247 rtld_db_dlactivity(); 248} 249 250static void notify_gdb_of_unload(soinfo* info) { 251 if (info->flags & FLAG_EXE) { 252 // GDB already knows about the main executable 253 return; 254 } 255 256 ScopedPthreadMutexLocker locker(&gDebugMutex); 257 258 _r_debug.r_state = r_debug::RT_DELETE; 259 rtld_db_dlactivity(); 260 261 remove_soinfo_from_debug_map(info); 262 263 _r_debug.r_state = r_debug::RT_CONSISTENT; 264 rtld_db_dlactivity(); 265} 266 267void notify_gdb_of_libraries() { 268 _r_debug.r_state = r_debug::RT_ADD; 269 rtld_db_dlactivity(); 270 _r_debug.r_state = r_debug::RT_CONSISTENT; 271 rtld_db_dlactivity(); 272} 273 274static bool ensure_free_list_non_empty() { 275 if (gSoInfoFreeList != NULL) { 276 return true; 277 } 278 279 // Allocate a new pool. 280 soinfo_pool_t* pool = reinterpret_cast<soinfo_pool_t*>(mmap(NULL, sizeof(*pool), 281 PROT_READ|PROT_WRITE, 282 MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)); 283 if (pool == MAP_FAILED) { 284 return false; 285 } 286 287 // Add the pool to our list of pools. 288 pool->next = gSoInfoPools; 289 gSoInfoPools = pool; 290 291 // Chain the entries in the new pool onto the free list. 292 gSoInfoFreeList = &pool->info[0]; 293 soinfo* next = NULL; 294 for (int i = SOINFO_PER_POOL - 1; i >= 0; --i) { 295 pool->info[i].next = next; 296 next = &pool->info[i]; 297 } 298 299 return true; 300} 301 302static void set_soinfo_pool_protection(int protection) { 303 for (soinfo_pool_t* p = gSoInfoPools; p != NULL; p = p->next) { 304 if (mprotect(p, sizeof(*p), protection) == -1) { 305 abort(); // Can't happen. 306 } 307 } 308} 309 310static soinfo* soinfo_alloc(const char* name) { 311 if (strlen(name) >= SOINFO_NAME_LEN) { 312 DL_ERR("library name \"%s\" too long", name); 313 return NULL; 314 } 315 316 if (!ensure_free_list_non_empty()) { 317 DL_ERR("out of memory when loading \"%s\"", name); 318 return NULL; 319 } 320 321 // Take the head element off the free list. 322 soinfo* si = gSoInfoFreeList; 323 gSoInfoFreeList = gSoInfoFreeList->next; 324 325 // Initialize the new element. 326 memset(si, 0, sizeof(soinfo)); 327 strlcpy(si->name, name, sizeof(si->name)); 328 sonext->next = si; 329 sonext = si; 330 331 TRACE("name %s: allocated soinfo @ %p", name, si); 332 return si; 333} 334 335static void soinfo_free(soinfo* si) 336{ 337 if (si == NULL) { 338 return; 339 } 340 341 soinfo *prev = NULL, *trav; 342 343 TRACE("name %s: freeing soinfo @ %p", si->name, si); 344 345 for (trav = solist; trav != NULL; trav = trav->next) { 346 if (trav == si) 347 break; 348 prev = trav; 349 } 350 if (trav == NULL) { 351 /* si was not in solist */ 352 DL_ERR("name \"%s\" is not in solist!", si->name); 353 return; 354 } 355 356 /* prev will never be NULL, because the first entry in solist is 357 always the static libdl_info. 358 */ 359 prev->next = si->next; 360 if (si == sonext) { 361 sonext = prev; 362 } 363 si->next = gSoInfoFreeList; 364 gSoInfoFreeList = si; 365} 366 367 368static void parse_path(const char* path, const char* delimiters, 369 const char** array, char* buf, size_t buf_size, size_t max_count) { 370 if (path == NULL) { 371 return; 372 } 373 374 size_t len = strlcpy(buf, path, buf_size); 375 376 size_t i = 0; 377 char* buf_p = buf; 378 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 379 if (*array[i] != '\0') { 380 ++i; 381 } 382 } 383 384 // Forget the last path if we had to truncate; this occurs if the 2nd to 385 // last char isn't '\0' (i.e. wasn't originally a delimiter). 386 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 387 array[i - 1] = NULL; 388 } else { 389 array[i] = NULL; 390 } 391} 392 393static void parse_LD_LIBRARY_PATH(const char* path) { 394 parse_path(path, ":", gLdPaths, 395 gLdPathsBuffer, sizeof(gLdPathsBuffer), LDPATH_MAX); 396} 397 398static void parse_LD_PRELOAD(const char* path) { 399 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 400 parse_path(path, " :", gLdPreloadNames, 401 gLdPreloadsBuffer, sizeof(gLdPreloadsBuffer), LDPRELOAD_MAX); 402} 403 404#if defined(__arm__) 405 406/* For a given PC, find the .so that it belongs to. 407 * Returns the base address of the .ARM.exidx section 408 * for that .so, and the number of 8-byte entries 409 * in that section (via *pcount). 410 * 411 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 412 * 413 * This function is exposed via dlfcn.cpp and libdl.so. 414 */ 415_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int *pcount) 416{ 417 soinfo *si; 418 unsigned addr = (unsigned)pc; 419 420 for (si = solist; si != 0; si = si->next) { 421 if ((addr >= si->base) && (addr < (si->base + si->size))) { 422 *pcount = si->ARM_exidx_count; 423 return (_Unwind_Ptr)si->ARM_exidx; 424 } 425 } 426 *pcount = 0; 427 return NULL; 428} 429 430#endif 431 432/* Here, we only have to provide a callback to iterate across all the 433 * loaded libraries. gcc_eh does the rest. */ 434int 435dl_iterate_phdr(int (*cb)(dl_phdr_info *info, size_t size, void *data), 436 void *data) 437{ 438 int rv = 0; 439 for (soinfo* si = solist; si != NULL; si = si->next) { 440 dl_phdr_info dl_info; 441 dl_info.dlpi_addr = si->link_map_head.l_addr; 442 dl_info.dlpi_name = si->link_map_head.l_name; 443 dl_info.dlpi_phdr = si->phdr; 444 dl_info.dlpi_phnum = si->phnum; 445 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 446 if (rv != 0) { 447 break; 448 } 449 } 450 return rv; 451} 452 453static ElfW(Sym)* soinfo_elf_lookup(soinfo* si, unsigned hash, const char* name) { 454 ElfW(Sym)* symtab = si->symtab; 455 const char* strtab = si->strtab; 456 457 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p %x %zd", 458 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 459 460 for (unsigned n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]) { 461 ElfW(Sym)* s = symtab + n; 462 if (strcmp(strtab + s->st_name, name)) continue; 463 464 /* only concern ourselves with global and weak symbol definitions */ 465 switch (ELF_ST_BIND(s->st_info)) { 466 case STB_GLOBAL: 467 case STB_WEAK: 468 if (s->st_shndx == SHN_UNDEF) { 469 continue; 470 } 471 472 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 473 name, si->name, reinterpret_cast<void*>(s->st_value), 474 static_cast<size_t>(s->st_size)); 475 return s; 476 } 477 } 478 479 return NULL; 480} 481 482static unsigned elfhash(const char* _name) { 483 const unsigned char* name = (const unsigned char*) _name; 484 unsigned h = 0, g; 485 486 while(*name) { 487 h = (h << 4) + *name++; 488 g = h & 0xf0000000; 489 h ^= g; 490 h ^= g >> 24; 491 } 492 return h; 493} 494 495static ElfW(Sym)* soinfo_do_lookup(soinfo* si, const char* name, soinfo** lsi, soinfo* needed[]) { 496 unsigned elf_hash = elfhash(name); 497 ElfW(Sym)* s = NULL; 498 499 if (si != NULL && somain != NULL) { 500 501 /* 502 * Local scope is executable scope. Just start looking into it right away 503 * for the shortcut. 504 */ 505 506 if (si == somain) { 507 s = soinfo_elf_lookup(si, elf_hash, name); 508 if (s != NULL) { 509 *lsi = si; 510 goto done; 511 } 512 } else { 513 /* Order of symbol lookup is controlled by DT_SYMBOLIC flag */ 514 515 /* 516 * If this object was built with symbolic relocations disabled, the 517 * first place to look to resolve external references is the main 518 * executable. 519 */ 520 521 if (!si->has_DT_SYMBOLIC) { 522 DEBUG("%s: looking up %s in executable %s", 523 si->name, name, somain->name); 524 s = soinfo_elf_lookup(somain, elf_hash, name); 525 if (s != NULL) { 526 *lsi = somain; 527 goto done; 528 } 529 } 530 531 /* Look for symbols in the local scope (the object who is 532 * searching). This happens with C++ templates on x86 for some 533 * reason. 534 * 535 * Notes on weak symbols: 536 * The ELF specs are ambiguous about treatment of weak definitions in 537 * dynamic linking. Some systems return the first definition found 538 * and some the first non-weak definition. This is system dependent. 539 * Here we return the first definition found for simplicity. */ 540 541 s = soinfo_elf_lookup(si, elf_hash, name); 542 if (s != NULL) { 543 *lsi = si; 544 goto done; 545 } 546 547 /* 548 * If this object was built with -Bsymbolic and symbol is not found 549 * in the local scope, try to find the symbol in the main executable. 550 */ 551 552 if (si->has_DT_SYMBOLIC) { 553 DEBUG("%s: looking up %s in executable %s after local scope", 554 si->name, name, somain->name); 555 s = soinfo_elf_lookup(somain, elf_hash, name); 556 if (s != NULL) { 557 *lsi = somain; 558 goto done; 559 } 560 } 561 } 562 } 563 564 /* Next, look for it in the preloads list */ 565 for (int i = 0; gLdPreloads[i] != NULL; i++) { 566 s = soinfo_elf_lookup(gLdPreloads[i], elf_hash, name); 567 if (s != NULL) { 568 *lsi = gLdPreloads[i]; 569 goto done; 570 } 571 } 572 573 for (int i = 0; needed[i] != NULL; i++) { 574 DEBUG("%s: looking up %s in %s", 575 si->name, name, needed[i]->name); 576 s = soinfo_elf_lookup(needed[i], elf_hash, name); 577 if (s != NULL) { 578 *lsi = needed[i]; 579 goto done; 580 } 581 } 582 583done: 584 if (s != NULL) { 585 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 586 "found in %s, base = %p, load bias = %p", 587 si->name, name, reinterpret_cast<void*>(s->st_value), 588 (*lsi)->name, reinterpret_cast<void*>((*lsi)->base), 589 reinterpret_cast<void*>((*lsi)->load_bias)); 590 return s; 591 } 592 593 return NULL; 594} 595 596/* This is used by dlsym(3). It performs symbol lookup only within the 597 specified soinfo object and not in any of its dependencies. 598 599 TODO: Only looking in the specified soinfo seems wrong. dlsym(3) says 600 that it should do a breadth first search through the dependency 601 tree. This agrees with the ELF spec (aka System V Application 602 Binary Interface) where in Chapter 5 it discuss resolving "Shared 603 Object Dependencies" in breadth first search order. 604 */ 605ElfW(Sym)* dlsym_handle_lookup(soinfo* si, const char* name) { 606 return soinfo_elf_lookup(si, elfhash(name), name); 607} 608 609/* This is used by dlsym(3) to performs a global symbol lookup. If the 610 start value is null (for RTLD_DEFAULT), the search starts at the 611 beginning of the global solist. Otherwise the search starts at the 612 specified soinfo (for RTLD_NEXT). 613 */ 614ElfW(Sym)* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 615 unsigned elf_hash = elfhash(name); 616 617 if (start == NULL) { 618 start = solist; 619 } 620 621 ElfW(Sym)* s = NULL; 622 for (soinfo* si = start; (s == NULL) && (si != NULL); si = si->next) { 623 s = soinfo_elf_lookup(si, elf_hash, name); 624 if (s != NULL) { 625 *found = si; 626 break; 627 } 628 } 629 630 if (s != NULL) { 631 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 632 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 633 } 634 635 return s; 636} 637 638soinfo* find_containing_library(const void* p) { 639 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 640 for (soinfo* si = solist; si != NULL; si = si->next) { 641 if (address >= si->base && address - si->base < si->size) { 642 return si; 643 } 644 } 645 return NULL; 646} 647 648ElfW(Sym)* dladdr_find_symbol(soinfo* si, const void* addr) { 649 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - si->base; 650 651 // Search the library's symbol table for any defined symbol which 652 // contains this address. 653 for (size_t i = 0; i < si->nchain; ++i) { 654 ElfW(Sym)* sym = &si->symtab[i]; 655 if (sym->st_shndx != SHN_UNDEF && 656 soaddr >= sym->st_value && 657 soaddr < sym->st_value + sym->st_size) { 658 return sym; 659 } 660 } 661 662 return NULL; 663} 664 665#if 0 666static void dump(soinfo* si) 667{ 668 ElfW(Sym)* s = si->symtab; 669 for (unsigned n = 0; n < si->nchain; n++) { 670 TRACE("%04d> %08x: %02x %04x %08x %08x %s", n, s, 671 s->st_info, s->st_shndx, s->st_value, s->st_size, 672 si->strtab + s->st_name); 673 s++; 674 } 675} 676#endif 677 678static int open_library_on_path(const char* name, const char* const paths[]) { 679 char buf[512]; 680 for (size_t i = 0; paths[i] != NULL; ++i) { 681 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 682 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 683 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 684 continue; 685 } 686 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 687 if (fd != -1) { 688 return fd; 689 } 690 } 691 return -1; 692} 693 694static int open_library(const char* name) { 695 TRACE("[ opening %s ]", name); 696 697 // If the name contains a slash, we should attempt to open it directly and not search the paths. 698 if (strchr(name, '/') != NULL) { 699 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 700 if (fd != -1) { 701 return fd; 702 } 703 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 704 } 705 706 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 707 int fd = open_library_on_path(name, gLdPaths); 708 if (fd == -1) { 709 fd = open_library_on_path(name, gDefaultLdPaths); 710 } 711 return fd; 712} 713 714static soinfo* load_library(const char* name) { 715 // Open the file. 716 int fd = open_library(name); 717 if (fd == -1) { 718 DL_ERR("library \"%s\" not found", name); 719 return NULL; 720 } 721 722 // Read the ELF header and load the segments. 723 ElfReader elf_reader(name, fd); 724 if (!elf_reader.Load()) { 725 return NULL; 726 } 727 728 const char* bname = strrchr(name, '/'); 729 soinfo* si = soinfo_alloc(bname ? bname + 1 : name); 730 if (si == NULL) { 731 return NULL; 732 } 733 si->base = elf_reader.load_start(); 734 si->size = elf_reader.load_size(); 735 si->load_bias = elf_reader.load_bias(); 736 si->flags = 0; 737 si->entry = 0; 738 si->dynamic = NULL; 739 si->phnum = elf_reader.phdr_count(); 740 si->phdr = elf_reader.loaded_phdr(); 741 return si; 742} 743 744static soinfo *find_loaded_library(const char *name) 745{ 746 soinfo *si; 747 const char *bname; 748 749 // TODO: don't use basename only for determining libraries 750 // http://code.google.com/p/android/issues/detail?id=6670 751 752 bname = strrchr(name, '/'); 753 bname = bname ? bname + 1 : name; 754 755 for (si = solist; si != NULL; si = si->next) { 756 if (!strcmp(bname, si->name)) { 757 return si; 758 } 759 } 760 return NULL; 761} 762 763static soinfo* find_library_internal(const char* name) { 764 if (name == NULL) { 765 return somain; 766 } 767 768 soinfo* si = find_loaded_library(name); 769 if (si != NULL) { 770 if (si->flags & FLAG_LINKED) { 771 return si; 772 } 773 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 774 return NULL; 775 } 776 777 TRACE("[ '%s' has not been loaded yet. Locating...]", name); 778 si = load_library(name); 779 if (si == NULL) { 780 return NULL; 781 } 782 783 // At this point we know that whatever is loaded @ base is a valid ELF 784 // shared library whose segments are properly mapped in. 785 TRACE("[ find_library_internal base=%p size=%zu name='%s' ]", 786 reinterpret_cast<void*>(si->base), si->size, si->name); 787 788 if (!soinfo_link_image(si)) { 789 munmap(reinterpret_cast<void*>(si->base), si->size); 790 soinfo_free(si); 791 return NULL; 792 } 793 794 return si; 795} 796 797static soinfo* find_library(const char* name) { 798 soinfo* si = find_library_internal(name); 799 if (si != NULL) { 800 si->ref_count++; 801 } 802 return si; 803} 804 805static int soinfo_unload(soinfo* si) { 806 if (si->ref_count == 1) { 807 TRACE("unloading '%s'", si->name); 808 si->CallDestructors(); 809 810 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 811 if (d->d_tag == DT_NEEDED) { 812 const char* library_name = si->strtab + d->d_un.d_val; 813 TRACE("%s needs to unload %s", si->name, library_name); 814 soinfo_unload(find_loaded_library(library_name)); 815 } 816 } 817 818 munmap(reinterpret_cast<void*>(si->base), si->size); 819 notify_gdb_of_unload(si); 820 soinfo_free(si); 821 si->ref_count = 0; 822 } else { 823 si->ref_count--; 824 TRACE("not unloading '%s', decrementing ref_count to %zd", si->name, si->ref_count); 825 } 826 return 0; 827} 828 829void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 830 snprintf(buffer, buffer_size, "%s:%s", gDefaultLdPaths[0], gDefaultLdPaths[1]); 831} 832 833void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 834 if (!get_AT_SECURE()) { 835 parse_LD_LIBRARY_PATH(ld_library_path); 836 } 837} 838 839soinfo* do_dlopen(const char* name, int flags) { 840 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL)) != 0) { 841 DL_ERR("invalid flags to dlopen: %x", flags); 842 return NULL; 843 } 844 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 845 soinfo* si = find_library(name); 846 if (si != NULL) { 847 si->CallConstructors(); 848 } 849 set_soinfo_pool_protection(PROT_READ); 850 return si; 851} 852 853int do_dlclose(soinfo* si) { 854 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 855 int result = soinfo_unload(si); 856 set_soinfo_pool_protection(PROT_READ); 857 return result; 858} 859 860#if defined(USE_RELA) 861static int soinfo_relocate_a(soinfo* si, ElfW(Rela)* rela, unsigned count, soinfo* needed[]) { 862 ElfW(Sym)* symtab = si->symtab; 863 const char* strtab = si->strtab; 864 ElfW(Sym)* s; 865 ElfW(Rela)* start = rela; 866 soinfo* lsi; 867 868 for (size_t idx = 0; idx < count; ++idx, ++rela) { 869 unsigned type = ELFW(R_TYPE)(rela->r_info); 870 unsigned sym = ELFW(R_SYM)(rela->r_info); 871 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rela->r_offset + si->load_bias); 872 ElfW(Addr) sym_addr = 0; 873 char* sym_name = NULL; 874 875 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 876 if (type == 0) { // R_*_NONE 877 continue; 878 } 879 if (sym != 0) { 880 sym_name = (char *)(strtab + symtab[sym].st_name); 881 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 882 if (s == NULL) { 883 // We only allow an undefined symbol if this is a weak reference... 884 s = &symtab[sym]; 885 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 886 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 887 return -1; 888 } 889 890 /* IHI0044C AAELF 4.5.1.1: 891 892 Libraries are not searched to resolve weak references. 893 It is not an error for a weak reference to remain unsatisfied. 894 895 During linking, the value of an undefined weak reference is: 896 - Zero if the relocation type is absolute 897 - The address of the place if the relocation is pc-relative 898 - The address of nominal base address if the relocation 899 type is base-relative. 900 */ 901 902 switch (type) { 903#if defined(__aarch64__) 904 case R_AARCH64_JUMP_SLOT: 905 case R_AARCH64_GLOB_DAT: 906 case R_AARCH64_ABS64: 907 case R_AARCH64_ABS32: 908 case R_AARCH64_ABS16: 909 case R_AARCH64_RELATIVE: 910 /* 911 * The sym_addr was initialized to be zero above, or the relocation 912 * code below does not care about value of sym_addr. 913 * No need to do anything. 914 */ 915 break; 916#elif defined(__x86_64__) 917 case R_X86_64_JUMP_SLOT: 918 case R_X86_64_GLOB_DAT: 919 case R_X86_64_32: 920 case R_X86_64_RELATIVE: 921 // No need to do anything. 922 break; 923 case R_X86_64_PC32: 924 sym_addr = reloc; 925 break; 926#endif 927 default: 928 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 929 return -1; 930 } 931 } else { 932 // We got a definition. 933 sym_addr = static_cast<ElfW(Addr)>(s->st_value + lsi->load_bias); 934 } 935 count_relocation(kRelocSymbol); 936 } else { 937 s = NULL; 938 } 939 940 switch (type) { 941#if defined(__aarch64__) 942 case R_AARCH64_JUMP_SLOT: 943 count_relocation(kRelocAbsolute); 944 MARK(rela->r_offset); 945 TRACE_TYPE(RELO, "RELO JMP_SLOT %16llx <- %16llx %s\n", 946 reloc, (sym_addr + rela->r_addend), sym_name); 947 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 948 break; 949 case R_AARCH64_GLOB_DAT: 950 count_relocation(kRelocAbsolute); 951 MARK(rela->r_offset); 952 TRACE_TYPE(RELO, "RELO GLOB_DAT %16llx <- %16llx %s\n", 953 reloc, (sym_addr + rela->r_addend), sym_name); 954 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 955 break; 956 case R_AARCH64_ABS64: 957 count_relocation(kRelocAbsolute); 958 MARK(rela->r_offset); 959 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 960 reloc, (sym_addr + rela->r_addend), sym_name); 961 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 962 break; 963 case R_AARCH64_ABS32: 964 count_relocation(kRelocAbsolute); 965 MARK(rela->r_offset); 966 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 967 reloc, (sym_addr + rela->r_addend), sym_name); 968 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 969 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 970 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 971 } else { 972 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 973 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 974 static_cast<ElfW(Addr)>(INT32_MIN), 975 static_cast<ElfW(Addr)>(UINT32_MAX)); 976 return -1; 977 } 978 break; 979 case R_AARCH64_ABS16: 980 count_relocation(kRelocAbsolute); 981 MARK(rela->r_offset); 982 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 983 reloc, (sym_addr + rela->r_addend), sym_name); 984 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 985 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 986 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 987 } else { 988 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 989 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 990 static_cast<ElfW(Addr)>(INT16_MIN), 991 static_cast<ElfW(Addr)>(UINT16_MAX)); 992 return -1; 993 } 994 break; 995 case R_AARCH64_PREL64: 996 count_relocation(kRelocRelative); 997 MARK(rela->r_offset); 998 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 999 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1000 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend) - rela->r_offset; 1001 break; 1002 case R_AARCH64_PREL32: 1003 count_relocation(kRelocRelative); 1004 MARK(rela->r_offset); 1005 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 1006 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1007 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1008 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 1009 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1010 } else { 1011 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1012 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1013 static_cast<ElfW(Addr)>(INT32_MIN), 1014 static_cast<ElfW(Addr)>(UINT32_MAX)); 1015 return -1; 1016 } 1017 break; 1018 case R_AARCH64_PREL16: 1019 count_relocation(kRelocRelative); 1020 MARK(rela->r_offset); 1021 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 1022 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1023 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1024 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1025 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1026 } else { 1027 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1028 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1029 static_cast<ElfW(Addr)>(INT16_MIN), 1030 static_cast<ElfW(Addr)>(UINT16_MAX)); 1031 return -1; 1032 } 1033 break; 1034 1035 case R_AARCH64_RELATIVE: 1036 count_relocation(kRelocRelative); 1037 MARK(rela->r_offset); 1038 if (sym) { 1039 DL_ERR("odd RELATIVE form..."); 1040 return -1; 1041 } 1042 TRACE_TYPE(RELO, "RELO RELATIVE %16llx <- %16llx\n", 1043 reloc, (si->base + rela->r_addend)); 1044 *reinterpret_cast<ElfW(Addr)*>(reloc) = (si->base + rela->r_addend); 1045 break; 1046 1047 case R_AARCH64_COPY: 1048 if ((si->flags & FLAG_EXE) == 0) { 1049 /* 1050 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1051 * 1052 * Section 4.7.1.10 "Dynamic relocations" 1053 * R_AARCH64_COPY may only appear in executable objects where e_type is 1054 * set to ET_EXEC. 1055 * 1056 * FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1057 * We should explicitly disallow ET_DYN executables from having 1058 * R_AARCH64_COPY relocations. 1059 */ 1060 DL_ERR("%s R_AARCH64_COPY relocations only supported for ET_EXEC", si->name); 1061 return -1; 1062 } 1063 count_relocation(kRelocCopy); 1064 MARK(rela->r_offset); 1065 TRACE_TYPE(RELO, "RELO COPY %16llx <- %lld @ %16llx %s\n", 1066 reloc, 1067 s->st_size, 1068 (sym_addr + rela->r_addend), 1069 sym_name); 1070 if (reloc == (sym_addr + rela->r_addend)) { 1071 ElfW(Sym)* src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1072 1073 if (src == NULL) { 1074 DL_ERR("%s R_AARCH64_COPY relocation source cannot be resolved", si->name); 1075 return -1; 1076 } 1077 if (lsi->has_DT_SYMBOLIC) { 1078 DL_ERR("%s invalid R_AARCH64_COPY relocation against DT_SYMBOLIC shared " 1079 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1080 return -1; 1081 } 1082 if (s->st_size < src->st_size) { 1083 DL_ERR("%s R_AARCH64_COPY relocation size mismatch (%lld < %lld)", 1084 si->name, s->st_size, src->st_size); 1085 return -1; 1086 } 1087 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1088 } else { 1089 DL_ERR("%s R_AARCH64_COPY relocation target cannot be resolved", si->name); 1090 return -1; 1091 } 1092 break; 1093 case R_AARCH64_TLS_TPREL64: 1094 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 1095 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1096 break; 1097 case R_AARCH64_TLS_DTPREL32: 1098 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 1099 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1100 break; 1101#elif defined(__x86_64__) 1102 case R_X86_64_JUMP_SLOT: 1103 count_relocation(kRelocAbsolute); 1104 MARK(rela->r_offset); 1105 TRACE_TYPE(RELO, "RELO JMP_SLOT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1106 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1107 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1108 break; 1109 case R_X86_64_GLOB_DAT: 1110 count_relocation(kRelocAbsolute); 1111 MARK(rela->r_offset); 1112 TRACE_TYPE(RELO, "RELO GLOB_DAT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1113 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1114 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1115 break; 1116 case R_X86_64_RELATIVE: 1117 count_relocation(kRelocRelative); 1118 MARK(rela->r_offset); 1119 if (sym) { 1120 DL_ERR("odd RELATIVE form..."); 1121 return -1; 1122 } 1123 TRACE_TYPE(RELO, "RELO RELATIVE %08zx <- +%08zx", static_cast<size_t>(reloc), 1124 static_cast<size_t>(si->base)); 1125 *reinterpret_cast<ElfW(Addr)*>(reloc) = si->base + rela->r_addend; 1126 break; 1127 case R_X86_64_32: 1128 count_relocation(kRelocRelative); 1129 MARK(rela->r_offset); 1130 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1131 static_cast<size_t>(sym_addr), sym_name); 1132 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1133 break; 1134 case R_X86_64_64: 1135 count_relocation(kRelocRelative); 1136 MARK(rela->r_offset); 1137 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1138 static_cast<size_t>(sym_addr), sym_name); 1139 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1140 break; 1141 case R_X86_64_PC32: 1142 count_relocation(kRelocRelative); 1143 MARK(rela->r_offset); 1144 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 1145 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 1146 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 1147 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend - reloc; 1148 break; 1149#endif 1150 1151 default: 1152 DL_ERR("unknown reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 1153 return -1; 1154 } 1155 } 1156 return 0; 1157} 1158#else 1159static int soinfo_relocate(soinfo* si, ElfW(Rel)* rel, unsigned count, soinfo* needed[]) { 1160 ElfW(Sym)* symtab = si->symtab; 1161 const char* strtab = si->strtab; 1162 ElfW(Sym)* s; 1163 ElfW(Rel)* start = rel; 1164 soinfo* lsi; 1165 1166 for (size_t idx = 0; idx < count; ++idx, ++rel) { 1167 unsigned type = ELFW(R_TYPE)(rel->r_info); 1168 // TODO: don't use unsigned for 'sym'. Use uint32_t or ElfW(Addr) instead. 1169 unsigned sym = ELFW(R_SYM)(rel->r_info); 1170 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + si->load_bias); 1171 ElfW(Addr) sym_addr = 0; 1172 char* sym_name = NULL; 1173 1174 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 1175 if (type == 0) { // R_*_NONE 1176 continue; 1177 } 1178 if (sym != 0) { 1179 sym_name = (char *)(strtab + symtab[sym].st_name); 1180 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1181 if (s == NULL) { 1182 // We only allow an undefined symbol if this is a weak reference... 1183 s = &symtab[sym]; 1184 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1185 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 1186 return -1; 1187 } 1188 1189 /* IHI0044C AAELF 4.5.1.1: 1190 1191 Libraries are not searched to resolve weak references. 1192 It is not an error for a weak reference to remain 1193 unsatisfied. 1194 1195 During linking, the value of an undefined weak reference is: 1196 - Zero if the relocation type is absolute 1197 - The address of the place if the relocation is pc-relative 1198 - The address of nominal base address if the relocation 1199 type is base-relative. 1200 */ 1201 1202 switch (type) { 1203#if defined(__arm__) 1204 case R_ARM_JUMP_SLOT: 1205 case R_ARM_GLOB_DAT: 1206 case R_ARM_ABS32: 1207 case R_ARM_RELATIVE: /* Don't care. */ 1208 // sym_addr was initialized to be zero above or relocation 1209 // code below does not care about value of sym_addr. 1210 // No need to do anything. 1211 break; 1212#elif defined(__i386__) 1213 case R_386_JMP_SLOT: 1214 case R_386_GLOB_DAT: 1215 case R_386_32: 1216 case R_386_RELATIVE: /* Don't care. */ 1217 // sym_addr was initialized to be zero above or relocation 1218 // code below does not care about value of sym_addr. 1219 // No need to do anything. 1220 break; 1221 case R_386_PC32: 1222 sym_addr = reloc; 1223 break; 1224#endif 1225 1226#if defined(__arm__) 1227 case R_ARM_COPY: 1228 // Fall through. Can't really copy if weak symbol is not found at run-time. 1229#endif 1230 default: 1231 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1232 return -1; 1233 } 1234 } else { 1235 // We got a definition. 1236 sym_addr = static_cast<ElfW(Addr)>(s->st_value + lsi->load_bias); 1237 } 1238 count_relocation(kRelocSymbol); 1239 } else { 1240 s = NULL; 1241 } 1242 1243 switch (type) { 1244#if defined(__arm__) 1245 case R_ARM_JUMP_SLOT: 1246 count_relocation(kRelocAbsolute); 1247 MARK(rel->r_offset); 1248 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1249 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1250 break; 1251 case R_ARM_GLOB_DAT: 1252 count_relocation(kRelocAbsolute); 1253 MARK(rel->r_offset); 1254 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1255 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1256 break; 1257 case R_ARM_ABS32: 1258 count_relocation(kRelocAbsolute); 1259 MARK(rel->r_offset); 1260 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1261 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1262 break; 1263 case R_ARM_REL32: 1264 count_relocation(kRelocRelative); 1265 MARK(rel->r_offset); 1266 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1267 reloc, sym_addr, rel->r_offset, sym_name); 1268 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 1269 break; 1270 case R_ARM_COPY: 1271 if ((si->flags & FLAG_EXE) == 0) { 1272 /* 1273 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1274 * 1275 * Section 4.7.1.10 "Dynamic relocations" 1276 * R_ARM_COPY may only appear in executable objects where e_type is 1277 * set to ET_EXEC. 1278 * 1279 * TODO: FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1280 * We should explicitly disallow ET_DYN executables from having 1281 * R_ARM_COPY relocations. 1282 */ 1283 DL_ERR("%s R_ARM_COPY relocations only supported for ET_EXEC", si->name); 1284 return -1; 1285 } 1286 count_relocation(kRelocCopy); 1287 MARK(rel->r_offset); 1288 TRACE_TYPE(RELO, "RELO %08x <- %d @ %08x %s", reloc, s->st_size, sym_addr, sym_name); 1289 if (reloc == sym_addr) { 1290 ElfW(Sym)* src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1291 1292 if (src == NULL) { 1293 DL_ERR("%s R_ARM_COPY relocation source cannot be resolved", si->name); 1294 return -1; 1295 } 1296 if (lsi->has_DT_SYMBOLIC) { 1297 DL_ERR("%s invalid R_ARM_COPY relocation against DT_SYMBOLIC shared " 1298 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1299 return -1; 1300 } 1301 if (s->st_size < src->st_size) { 1302 DL_ERR("%s R_ARM_COPY relocation size mismatch (%d < %d)", 1303 si->name, s->st_size, src->st_size); 1304 return -1; 1305 } 1306 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1307 } else { 1308 DL_ERR("%s R_ARM_COPY relocation target cannot be resolved", si->name); 1309 return -1; 1310 } 1311 break; 1312#elif defined(__i386__) 1313 case R_386_JMP_SLOT: 1314 count_relocation(kRelocAbsolute); 1315 MARK(rel->r_offset); 1316 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1317 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1318 break; 1319 case R_386_GLOB_DAT: 1320 count_relocation(kRelocAbsolute); 1321 MARK(rel->r_offset); 1322 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1323 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1324 break; 1325 case R_386_32: 1326 count_relocation(kRelocRelative); 1327 MARK(rel->r_offset); 1328 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1329 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1330 break; 1331 case R_386_PC32: 1332 count_relocation(kRelocRelative); 1333 MARK(rel->r_offset); 1334 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1335 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1336 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 1337 break; 1338#elif defined(__mips__) 1339 case R_MIPS_REL32: 1340 count_relocation(kRelocAbsolute); 1341 MARK(rel->r_offset); 1342 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x %s", 1343 reloc, sym_addr, (sym_name) ? sym_name : "*SECTIONHDR*"); 1344 if (s) { 1345 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1346 } else { 1347 *reinterpret_cast<ElfW(Addr)*>(reloc) += si->base; 1348 } 1349 break; 1350#endif 1351 1352#if defined(__arm__) 1353 case R_ARM_RELATIVE: 1354#elif defined(__i386__) 1355 case R_386_RELATIVE: 1356#endif 1357 count_relocation(kRelocRelative); 1358 MARK(rel->r_offset); 1359 if (sym) { 1360 DL_ERR("odd RELATIVE form..."); 1361 return -1; 1362 } 1363 TRACE_TYPE(RELO, "RELO RELATIVE %p <- +%p", 1364 reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(si->base)); 1365 *reinterpret_cast<ElfW(Addr)*>(reloc) += si->base; 1366 break; 1367 1368 default: 1369 DL_ERR("unknown reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1370 return -1; 1371 } 1372 } 1373 return 0; 1374} 1375#endif 1376 1377#if defined(__mips__) 1378static bool mips_relocate_got(soinfo* si, soinfo* needed[]) { 1379 unsigned* got = si->plt_got; 1380 if (got == NULL) { 1381 return true; 1382 } 1383 unsigned local_gotno = si->mips_local_gotno; 1384 unsigned gotsym = si->mips_gotsym; 1385 unsigned symtabno = si->mips_symtabno; 1386 ElfW(Sym)* symtab = si->symtab; 1387 1388 /* 1389 * got[0] is address of lazy resolver function 1390 * got[1] may be used for a GNU extension 1391 * set it to a recognizable address in case someone calls it 1392 * (should be _rtld_bind_start) 1393 * FIXME: maybe this should be in a separate routine 1394 */ 1395 1396 if ((si->flags & FLAG_LINKER) == 0) { 1397 size_t g = 0; 1398 got[g++] = 0xdeadbeef; 1399 if (got[g] & 0x80000000) { 1400 got[g++] = 0xdeadfeed; 1401 } 1402 /* 1403 * Relocate the local GOT entries need to be relocated 1404 */ 1405 for (; g < local_gotno; g++) { 1406 got[g] += si->load_bias; 1407 } 1408 } 1409 1410 /* Now for the global GOT entries */ 1411 ElfW(Sym)* sym = symtab + gotsym; 1412 got = si->plt_got + local_gotno; 1413 for (size_t g = gotsym; g < symtabno; g++, sym++, got++) { 1414 const char* sym_name; 1415 ElfW(Sym)* s; 1416 soinfo* lsi; 1417 1418 /* This is an undefined reference... try to locate it */ 1419 sym_name = si->strtab + sym->st_name; 1420 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1421 if (s == NULL) { 1422 /* We only allow an undefined symbol if this is a weak 1423 reference.. */ 1424 s = &symtab[g]; 1425 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1426 DL_ERR("cannot locate \"%s\"...", sym_name); 1427 return false; 1428 } 1429 *got = 0; 1430 } 1431 else { 1432 /* FIXME: is this sufficient? 1433 * For reference see NetBSD link loader 1434 * http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1435 */ 1436 *got = lsi->load_bias + s->st_value; 1437 } 1438 } 1439 return true; 1440} 1441#endif 1442 1443void soinfo::CallArray(const char* array_name UNUSED, linker_function_t* functions, size_t count, bool reverse) { 1444 if (functions == NULL) { 1445 return; 1446 } 1447 1448 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1449 1450 int begin = reverse ? (count - 1) : 0; 1451 int end = reverse ? -1 : count; 1452 int step = reverse ? -1 : 1; 1453 1454 for (int i = begin; i != end; i += step) { 1455 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1456 CallFunction("function", functions[i]); 1457 } 1458 1459 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1460} 1461 1462void soinfo::CallFunction(const char* function_name UNUSED, linker_function_t function) { 1463 if (function == NULL || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1464 return; 1465 } 1466 1467 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1468 function(); 1469 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1470 1471 // The function may have called dlopen(3) or dlclose(3), so we need to ensure our data structures 1472 // are still writable. This happens with our debug malloc (see http://b/7941716). 1473 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 1474} 1475 1476void soinfo::CallPreInitConstructors() { 1477 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1478 // but ignored in a shared library. 1479 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1480} 1481 1482void soinfo::CallConstructors() { 1483 if (constructors_called) { 1484 return; 1485 } 1486 1487 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1488 // protect against recursive constructor calls. One simple example of constructor recursion 1489 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1490 // 1. The program depends on libc, so libc's constructor is called here. 1491 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1492 // 3. dlopen() calls the constructors on the newly created 1493 // soinfo for libc_malloc_debug_leak.so. 1494 // 4. The debug .so depends on libc, so CallConstructors is 1495 // called again with the libc soinfo. If it doesn't trigger the early- 1496 // out above, the libc constructor will be called again (recursively!). 1497 constructors_called = true; 1498 1499 if ((flags & FLAG_EXE) == 0 && preinit_array != NULL) { 1500 // The GNU dynamic linker silently ignores these, but we warn the developer. 1501 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1502 name, preinit_array_count); 1503 } 1504 1505 if (dynamic != NULL) { 1506 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 1507 if (d->d_tag == DT_NEEDED) { 1508 const char* library_name = strtab + d->d_un.d_val; 1509 TRACE("\"%s\": calling constructors in DT_NEEDED \"%s\"", name, library_name); 1510 find_loaded_library(library_name)->CallConstructors(); 1511 } 1512 } 1513 } 1514 1515 TRACE("\"%s\": calling constructors", name); 1516 1517 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1518 CallFunction("DT_INIT", init_func); 1519 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1520} 1521 1522void soinfo::CallDestructors() { 1523 TRACE("\"%s\": calling destructors", name); 1524 1525 // DT_FINI_ARRAY must be parsed in reverse order. 1526 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1527 1528 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1529 CallFunction("DT_FINI", fini_func); 1530} 1531 1532/* Force any of the closed stdin, stdout and stderr to be associated with 1533 /dev/null. */ 1534static int nullify_closed_stdio() { 1535 int dev_null, i, status; 1536 int return_value = 0; 1537 1538 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1539 if (dev_null < 0) { 1540 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1541 return -1; 1542 } 1543 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1544 1545 /* If any of the stdio file descriptors is valid and not associated 1546 with /dev/null, dup /dev/null to it. */ 1547 for (i = 0; i < 3; i++) { 1548 /* If it is /dev/null already, we are done. */ 1549 if (i == dev_null) { 1550 continue; 1551 } 1552 1553 TRACE("[ Nullifying stdio file descriptor %d]", i); 1554 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1555 1556 /* If file is opened, we are good. */ 1557 if (status != -1) { 1558 continue; 1559 } 1560 1561 /* The only error we allow is that the file descriptor does not 1562 exist, in which case we dup /dev/null to it. */ 1563 if (errno != EBADF) { 1564 DL_ERR("fcntl failed: %s", strerror(errno)); 1565 return_value = -1; 1566 continue; 1567 } 1568 1569 /* Try dupping /dev/null to this stdio file descriptor and 1570 repeat if there is a signal. Note that any errors in closing 1571 the stdio descriptor are lost. */ 1572 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1573 if (status < 0) { 1574 DL_ERR("dup2 failed: %s", strerror(errno)); 1575 return_value = -1; 1576 continue; 1577 } 1578 } 1579 1580 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1581 if (dev_null > 2) { 1582 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1583 status = TEMP_FAILURE_RETRY(close(dev_null)); 1584 if (status == -1) { 1585 DL_ERR("close failed: %s", strerror(errno)); 1586 return_value = -1; 1587 } 1588 } 1589 1590 return return_value; 1591} 1592 1593static bool soinfo_link_image(soinfo* si) { 1594 /* "base" might wrap around UINT32_MAX. */ 1595 ElfW(Addr) base = si->load_bias; 1596 const ElfW(Phdr)* phdr = si->phdr; 1597 int phnum = si->phnum; 1598 bool relocating_linker = (si->flags & FLAG_LINKER) != 0; 1599 1600 /* We can't debug anything until the linker is relocated */ 1601 if (!relocating_linker) { 1602 INFO("[ linking %s ]", si->name); 1603 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(si->base), si->flags); 1604 } 1605 1606 /* Extract dynamic section */ 1607 size_t dynamic_count; 1608 ElfW(Word) dynamic_flags; 1609 phdr_table_get_dynamic_section(phdr, phnum, base, &si->dynamic, 1610 &dynamic_count, &dynamic_flags); 1611 if (si->dynamic == NULL) { 1612 if (!relocating_linker) { 1613 DL_ERR("missing PT_DYNAMIC in \"%s\"", si->name); 1614 } 1615 return false; 1616 } else { 1617 if (!relocating_linker) { 1618 DEBUG("dynamic = %p", si->dynamic); 1619 } 1620 } 1621 1622#if defined(__arm__) 1623 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1624 &si->ARM_exidx, &si->ARM_exidx_count); 1625#endif 1626 1627 // Extract useful information from dynamic section. 1628 uint32_t needed_count = 0; 1629 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1630 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1631 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1632 switch (d->d_tag) { 1633 case DT_HASH: 1634 si->nbucket = ((unsigned *) (base + d->d_un.d_ptr))[0]; 1635 si->nchain = ((unsigned *) (base + d->d_un.d_ptr))[1]; 1636 si->bucket = (unsigned *) (base + d->d_un.d_ptr + 8); 1637 si->chain = (unsigned *) (base + d->d_un.d_ptr + 8 + si->nbucket * 4); 1638 break; 1639 case DT_STRTAB: 1640 si->strtab = (const char *) (base + d->d_un.d_ptr); 1641 break; 1642 case DT_SYMTAB: 1643 si->symtab = (ElfW(Sym)*) (base + d->d_un.d_ptr); 1644 break; 1645#if !defined(__LP64__) 1646 case DT_PLTREL: 1647 if (d->d_un.d_val != DT_REL) { 1648 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1649 return false; 1650 } 1651 break; 1652#endif 1653 case DT_JMPREL: 1654#if defined(USE_RELA) 1655 si->plt_rela = (ElfW(Rela)*) (base + d->d_un.d_ptr); 1656#else 1657 si->plt_rel = (ElfW(Rel)*) (base + d->d_un.d_ptr); 1658#endif 1659 break; 1660 case DT_PLTRELSZ: 1661#if defined(USE_RELA) 1662 si->plt_rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 1663#else 1664 si->plt_rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 1665#endif 1666 break; 1667#if !defined(__LP64__) 1668 case DT_PLTGOT: 1669 // Used by 32-bit MIPS. 1670 si->plt_got = (unsigned *)(base + d->d_un.d_ptr); 1671 break; 1672#endif 1673 case DT_DEBUG: 1674 // Set the DT_DEBUG entry to the address of _r_debug for GDB 1675 // if the dynamic table is writable 1676 if ((dynamic_flags & PF_W) != 0) { 1677 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 1678 } 1679 break; 1680#if defined(USE_RELA) 1681 case DT_RELA: 1682 si->rela = (ElfW(Rela)*) (base + d->d_un.d_ptr); 1683 break; 1684 case DT_RELASZ: 1685 si->rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 1686 break; 1687 case DT_REL: 1688 DL_ERR("unsupported DT_REL in \"%s\"", si->name); 1689 return false; 1690 case DT_RELSZ: 1691 DL_ERR("unsupported DT_RELSZ in \"%s\"", si->name); 1692 return false; 1693#else 1694 case DT_REL: 1695 si->rel = (ElfW(Rel)*) (base + d->d_un.d_ptr); 1696 break; 1697 case DT_RELSZ: 1698 si->rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 1699 break; 1700 case DT_RELA: 1701 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1702 return false; 1703#endif 1704 case DT_INIT: 1705 si->init_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1706 DEBUG("%s constructors (DT_INIT) found at %p", si->name, si->init_func); 1707 break; 1708 case DT_FINI: 1709 si->fini_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1710 DEBUG("%s destructors (DT_FINI) found at %p", si->name, si->fini_func); 1711 break; 1712 case DT_INIT_ARRAY: 1713 si->init_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1714 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", si->name, si->init_array); 1715 break; 1716 case DT_INIT_ARRAYSZ: 1717 si->init_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1718 break; 1719 case DT_FINI_ARRAY: 1720 si->fini_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1721 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", si->name, si->fini_array); 1722 break; 1723 case DT_FINI_ARRAYSZ: 1724 si->fini_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1725 break; 1726 case DT_PREINIT_ARRAY: 1727 si->preinit_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1728 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", si->name, si->preinit_array); 1729 break; 1730 case DT_PREINIT_ARRAYSZ: 1731 si->preinit_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1732 break; 1733 case DT_TEXTREL: 1734#if defined(__LP64__) 1735 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1736 return false; 1737#else 1738 si->has_text_relocations = true; 1739 break; 1740#endif 1741 case DT_SYMBOLIC: 1742 si->has_DT_SYMBOLIC = true; 1743 break; 1744 case DT_NEEDED: 1745 ++needed_count; 1746 break; 1747 case DT_FLAGS: 1748 if (d->d_un.d_val & DF_TEXTREL) { 1749#if defined(__LP64__) 1750 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1751 return false; 1752#else 1753 si->has_text_relocations = true; 1754#endif 1755 } 1756 if (d->d_un.d_val & DF_SYMBOLIC) { 1757 si->has_DT_SYMBOLIC = true; 1758 } 1759 break; 1760#if defined(__mips__) 1761 case DT_STRSZ: 1762 case DT_SYMENT: 1763 case DT_RELENT: 1764 break; 1765 case DT_MIPS_RLD_MAP: 1766 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 1767 { 1768 r_debug** dp = (r_debug**) d->d_un.d_ptr; 1769 *dp = &_r_debug; 1770 } 1771 break; 1772 case DT_MIPS_RLD_VERSION: 1773 case DT_MIPS_FLAGS: 1774 case DT_MIPS_BASE_ADDRESS: 1775 case DT_MIPS_UNREFEXTNO: 1776 break; 1777 1778 case DT_MIPS_SYMTABNO: 1779 si->mips_symtabno = d->d_un.d_val; 1780 break; 1781 1782 case DT_MIPS_LOCAL_GOTNO: 1783 si->mips_local_gotno = d->d_un.d_val; 1784 break; 1785 1786 case DT_MIPS_GOTSYM: 1787 si->mips_gotsym = d->d_un.d_val; 1788 break; 1789#endif 1790 1791 default: 1792 DEBUG("Unused DT entry: type %p arg %p", 1793 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1794 break; 1795 } 1796 } 1797 1798 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 1799 reinterpret_cast<void*>(si->base), si->strtab, si->symtab); 1800 1801 // Sanity checks. 1802 if (relocating_linker && needed_count != 0) { 1803 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 1804 return false; 1805 } 1806 if (si->nbucket == 0) { 1807 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", si->name); 1808 return false; 1809 } 1810 if (si->strtab == 0) { 1811 DL_ERR("empty/missing DT_STRTAB in \"%s\"", si->name); 1812 return false; 1813 } 1814 if (si->symtab == 0) { 1815 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", si->name); 1816 return false; 1817 } 1818 1819 // If this is the main executable, then load all of the libraries from LD_PRELOAD now. 1820 if (si->flags & FLAG_EXE) { 1821 memset(gLdPreloads, 0, sizeof(gLdPreloads)); 1822 size_t preload_count = 0; 1823 for (size_t i = 0; gLdPreloadNames[i] != NULL; i++) { 1824 soinfo* lsi = find_library(gLdPreloadNames[i]); 1825 if (lsi != NULL) { 1826 gLdPreloads[preload_count++] = lsi; 1827 } else { 1828 // As with glibc, failure to load an LD_PRELOAD library is just a warning. 1829 DL_WARN("could not load library \"%s\" from LD_PRELOAD for \"%s\"; caused by %s", 1830 gLdPreloadNames[i], si->name, linker_get_error_buffer()); 1831 } 1832 } 1833 } 1834 1835 soinfo** needed = (soinfo**) alloca((1 + needed_count) * sizeof(soinfo*)); 1836 soinfo** pneeded = needed; 1837 1838 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1839 if (d->d_tag == DT_NEEDED) { 1840 const char* library_name = si->strtab + d->d_un.d_val; 1841 DEBUG("%s needs %s", si->name, library_name); 1842 soinfo* lsi = find_library(library_name); 1843 if (lsi == NULL) { 1844 strlcpy(tmp_err_buf, linker_get_error_buffer(), sizeof(tmp_err_buf)); 1845 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1846 library_name, si->name, tmp_err_buf); 1847 return false; 1848 } 1849 *pneeded++ = lsi; 1850 } 1851 } 1852 *pneeded = NULL; 1853 1854#if !defined(__LP64__) 1855 if (si->has_text_relocations) { 1856 // Make segments writable to allow text relocations to work properly. We will later call 1857 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 1858 DL_WARN("%s has text relocations. This is wasting memory and prevents " 1859 "security hardening. Please fix.", si->name); 1860 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1861 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1862 si->name, strerror(errno)); 1863 return false; 1864 } 1865 } 1866#endif 1867 1868#if defined(USE_RELA) 1869 if (si->plt_rela != NULL) { 1870 DEBUG("[ relocating %s plt ]\n", si->name ); 1871 if (soinfo_relocate_a(si, si->plt_rela, si->plt_rela_count, needed)) { 1872 return false; 1873 } 1874 } 1875 if (si->rela != NULL) { 1876 DEBUG("[ relocating %s ]\n", si->name ); 1877 if (soinfo_relocate_a(si, si->rela, si->rela_count, needed)) { 1878 return false; 1879 } 1880 } 1881#else 1882 if (si->plt_rel != NULL) { 1883 DEBUG("[ relocating %s plt ]", si->name ); 1884 if (soinfo_relocate(si, si->plt_rel, si->plt_rel_count, needed)) { 1885 return false; 1886 } 1887 } 1888 if (si->rel != NULL) { 1889 DEBUG("[ relocating %s ]", si->name ); 1890 if (soinfo_relocate(si, si->rel, si->rel_count, needed)) { 1891 return false; 1892 } 1893 } 1894#endif 1895 1896#if defined(__mips__) 1897 if (!mips_relocate_got(si, needed)) { 1898 return false; 1899 } 1900#endif 1901 1902 si->flags |= FLAG_LINKED; 1903 DEBUG("[ finished linking %s ]", si->name); 1904 1905#if !defined(__LP64__) 1906 if (si->has_text_relocations) { 1907 // All relocations are done, we can protect our segments back to read-only. 1908 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1909 DL_ERR("can't protect segments for \"%s\": %s", 1910 si->name, strerror(errno)); 1911 return false; 1912 } 1913 } 1914#endif 1915 1916 /* We can also turn on GNU RELRO protection */ 1917 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1918 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1919 si->name, strerror(errno)); 1920 return false; 1921 } 1922 1923 notify_gdb_of_load(si); 1924 return true; 1925} 1926 1927/* 1928 * This function add vdso to internal dso list. 1929 * It helps to stack unwinding through signal handlers. 1930 * Also, it makes bionic more like glibc. 1931 */ 1932static void add_vdso(KernelArgumentBlock& args UNUSED) { 1933#if defined(AT_SYSINFO_EHDR) 1934 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 1935 if (ehdr_vdso == NULL) { 1936 return; 1937 } 1938 1939 soinfo* si = soinfo_alloc("[vdso]"); 1940 1941 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 1942 si->phnum = ehdr_vdso->e_phnum; 1943 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 1944 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1945 si->flags = 0; 1946 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 1947 1948 soinfo_link_image(si); 1949#endif 1950} 1951 1952/* 1953 * This code is called after the linker has linked itself and 1954 * fixed it's own GOT. It is safe to make references to externs 1955 * and other non-local data at this point. 1956 */ 1957static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 1958 /* NOTE: we store the args pointer on a special location 1959 * of the temporary TLS area in order to pass it to 1960 * the C Library's runtime initializer. 1961 * 1962 * The initializer must clear the slot and reset the TLS 1963 * to point to a different location to ensure that no other 1964 * shared library constructor can access it. 1965 */ 1966 __libc_init_tls(args); 1967 1968#if TIMING 1969 struct timeval t0, t1; 1970 gettimeofday(&t0, 0); 1971#endif 1972 1973 // Initialize environment functions, and get to the ELF aux vectors table. 1974 linker_env_init(args); 1975 1976 // If this is a setuid/setgid program, close the security hole described in 1977 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 1978 if (get_AT_SECURE()) { 1979 nullify_closed_stdio(); 1980 } 1981 1982 debuggerd_init(); 1983 1984 // Get a few environment variables. 1985 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 1986 if (LD_DEBUG != NULL) { 1987 gLdDebugVerbosity = atoi(LD_DEBUG); 1988 } 1989 1990 // Normally, these are cleaned by linker_env_init, but the test 1991 // doesn't cost us anything. 1992 const char* ldpath_env = NULL; 1993 const char* ldpreload_env = NULL; 1994 if (!get_AT_SECURE()) { 1995 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 1996 ldpreload_env = linker_env_get("LD_PRELOAD"); 1997 } 1998 1999 INFO("[ android linker & debugger ]"); 2000 2001 soinfo* si = soinfo_alloc(args.argv[0]); 2002 if (si == NULL) { 2003 exit(EXIT_FAILURE); 2004 } 2005 2006 /* bootstrap the link map, the main exe always needs to be first */ 2007 si->flags |= FLAG_EXE; 2008 link_map* map = &(si->link_map_head); 2009 2010 map->l_addr = 0; 2011 map->l_name = args.argv[0]; 2012 map->l_prev = NULL; 2013 map->l_next = NULL; 2014 2015 _r_debug.r_map = map; 2016 r_debug_tail = map; 2017 2018 /* gdb expects the linker to be in the debug shared object list. 2019 * Without this, gdb has trouble locating the linker's ".text" 2020 * and ".plt" sections. Gdb could also potentially use this to 2021 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 2022 * Don't use soinfo_alloc(), because the linker shouldn't 2023 * be on the soinfo list. 2024 */ 2025 { 2026 static soinfo linker_soinfo; 2027#if defined(__LP64__) 2028 strlcpy(linker_soinfo.name, "/system/bin/linker64", sizeof(linker_soinfo.name)); 2029#else 2030 strlcpy(linker_soinfo.name, "/system/bin/linker", sizeof(linker_soinfo.name)); 2031#endif 2032 linker_soinfo.flags = 0; 2033 linker_soinfo.base = linker_base; 2034 2035 /* 2036 * Set the dynamic field in the link map otherwise gdb will complain with 2037 * the following: 2038 * warning: .dynamic section for "/system/bin/linker" is not at the 2039 * expected address (wrong library or version mismatch?) 2040 */ 2041 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 2042 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>((unsigned char*) linker_base + elf_hdr->e_phoff); 2043 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 2044 &linker_soinfo.dynamic, NULL, NULL); 2045 insert_soinfo_into_debug_map(&linker_soinfo); 2046 } 2047 2048 // Extract information passed from the kernel. 2049 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 2050 si->phnum = args.getauxval(AT_PHNUM); 2051 si->entry = args.getauxval(AT_ENTRY); 2052 2053 /* Compute the value of si->base. We can't rely on the fact that 2054 * the first entry is the PHDR because this will not be true 2055 * for certain executables (e.g. some in the NDK unit test suite) 2056 */ 2057 si->base = 0; 2058 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2059 si->load_bias = 0; 2060 for (size_t i = 0; i < si->phnum; ++i) { 2061 if (si->phdr[i].p_type == PT_PHDR) { 2062 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 2063 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 2064 break; 2065 } 2066 } 2067 si->dynamic = NULL; 2068 si->ref_count = 1; 2069 2070 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 2071 parse_LD_LIBRARY_PATH(ldpath_env); 2072 parse_LD_PRELOAD(ldpreload_env); 2073 2074 somain = si; 2075 2076 if (!soinfo_link_image(si)) { 2077 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2078 exit(EXIT_FAILURE); 2079 } 2080 2081 add_vdso(args); 2082 2083 si->CallPreInitConstructors(); 2084 2085 for (size_t i = 0; gLdPreloads[i] != NULL; ++i) { 2086 gLdPreloads[i]->CallConstructors(); 2087 } 2088 2089 /* After the link_image, the si->load_bias is initialized. 2090 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 2091 * We need to update this value for so exe here. So Unwind_Backtrace 2092 * for some arch like x86 could work correctly within so exe. 2093 */ 2094 map->l_addr = si->load_bias; 2095 si->CallConstructors(); 2096 2097#if TIMING 2098 gettimeofday(&t1,NULL); 2099 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 2100 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 2101 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec) 2102 )); 2103#endif 2104#if STATS 2105 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 2106 linker_stats.count[kRelocAbsolute], 2107 linker_stats.count[kRelocRelative], 2108 linker_stats.count[kRelocCopy], 2109 linker_stats.count[kRelocSymbol]); 2110#endif 2111#if COUNT_PAGES 2112 { 2113 unsigned n; 2114 unsigned i; 2115 unsigned count = 0; 2116 for (n = 0; n < 4096; n++) { 2117 if (bitmask[n]) { 2118 unsigned x = bitmask[n]; 2119#if defined(__LP64__) 2120 for (i = 0; i < 32; i++) { 2121#else 2122 for (i = 0; i < 8; i++) { 2123#endif 2124 if (x & 1) { 2125 count++; 2126 } 2127 x >>= 1; 2128 } 2129 } 2130 } 2131 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 2132 } 2133#endif 2134 2135#if TIMING || STATS || COUNT_PAGES 2136 fflush(stdout); 2137#endif 2138 2139 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 2140 return si->entry; 2141} 2142 2143/* Compute the load-bias of an existing executable. This shall only 2144 * be used to compute the load bias of an executable or shared library 2145 * that was loaded by the kernel itself. 2146 * 2147 * Input: 2148 * elf -> address of ELF header, assumed to be at the start of the file. 2149 * Return: 2150 * load bias, i.e. add the value of any p_vaddr in the file to get 2151 * the corresponding address in memory. 2152 */ 2153static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 2154 ElfW(Addr) offset = elf->e_phoff; 2155 const ElfW(Phdr)* phdr_table = reinterpret_cast<const ElfW(Phdr)*>((char*)elf + offset); 2156 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 2157 2158 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 2159 if (phdr->p_type == PT_LOAD) { 2160 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 2161 } 2162 } 2163 return 0; 2164} 2165 2166/* 2167 * This is the entry point for the linker, called from begin.S. This 2168 * method is responsible for fixing the linker's own relocations, and 2169 * then calling __linker_init_post_relocation(). 2170 * 2171 * Because this method is called before the linker has fixed it's own 2172 * relocations, any attempt to reference an extern variable, extern 2173 * function, or other GOT reference will generate a segfault. 2174 */ 2175extern "C" ElfW(Addr) __linker_init(void* raw_args) { 2176 KernelArgumentBlock args(raw_args); 2177 2178 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 2179 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 2180 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>((unsigned char*) linker_addr + elf_hdr->e_phoff); 2181 2182 soinfo linker_so; 2183 memset(&linker_so, 0, sizeof(soinfo)); 2184 2185 strcpy(linker_so.name, "[dynamic linker]"); 2186 linker_so.base = linker_addr; 2187 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2188 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2189 linker_so.dynamic = NULL; 2190 linker_so.phdr = phdr; 2191 linker_so.phnum = elf_hdr->e_phnum; 2192 linker_so.flags |= FLAG_LINKER; 2193 2194 if (!soinfo_link_image(&linker_so)) { 2195 // It would be nice to print an error message, but if the linker 2196 // can't link itself, there's no guarantee that we'll be able to 2197 // call write() (because it involves a GOT reference). We may as 2198 // well try though... 2199 const char* msg = "CANNOT LINK EXECUTABLE: "; 2200 write(2, msg, strlen(msg)); 2201 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 2202 write(2, "\n", 1); 2203 _exit(EXIT_FAILURE); 2204 } 2205 2206 // We have successfully fixed our own relocations. It's safe to run 2207 // the main part of the linker now. 2208 args.abort_message_ptr = &gAbortMessage; 2209 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 2210 2211 set_soinfo_pool_protection(PROT_READ); 2212 2213 // Return the address that the calling assembly stub should jump to. 2214 return start_address; 2215} 2216