linker.cpp revision 6275f2083415d22a6ce0de55645079cd47e0cc80
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <inttypes.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/atomics.h> 38#include <sys/mman.h> 39#include <sys/stat.h> 40#include <unistd.h> 41 42// Private C library headers. 43#include "private/bionic_tls.h" 44#include "private/KernelArgumentBlock.h" 45#include "private/ScopedPthreadMutexLocker.h" 46 47#include "linker.h" 48#include "linker_debug.h" 49#include "linker_environ.h" 50#include "linker_phdr.h" 51 52/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 53 * 54 * Do NOT use malloc() and friends or pthread_*() code here. 55 * Don't use printf() either; it's caused mysterious memory 56 * corruption in the past. 57 * The linker runs before we bring up libc and it's easiest 58 * to make sure it does not depend on any complex libc features 59 * 60 * open issues / todo: 61 * 62 * - cleaner error reporting 63 * - after linking, set as much stuff as possible to READONLY 64 * and NOEXEC 65 */ 66 67static bool soinfo_link_image(soinfo* si, const android_dlextinfo* extinfo); 68static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 69 70// We can't use malloc(3) in the dynamic linker. We use a linked list of anonymous 71// maps, each a single page in size. The pages are broken up into as many struct soinfo 72// objects as will fit, and they're all threaded together on a free list. 73#define SOINFO_PER_POOL ((PAGE_SIZE - sizeof(soinfo_pool_t*)) / sizeof(soinfo)) 74struct soinfo_pool_t { 75 soinfo_pool_t* next; 76 soinfo info[SOINFO_PER_POOL]; 77}; 78static struct soinfo_pool_t* gSoInfoPools = NULL; 79static soinfo* gSoInfoFreeList = NULL; 80 81static soinfo* solist = &libdl_info; 82static soinfo* sonext = &libdl_info; 83static soinfo* somain; /* main process, always the one after libdl_info */ 84 85static const char* const gDefaultLdPaths[] = { 86#if defined(__LP64__) 87 "/vendor/lib64", 88 "/system/lib64", 89#else 90 "/vendor/lib", 91 "/system/lib", 92#endif 93 NULL 94}; 95 96#define LDPATH_BUFSIZE (LDPATH_MAX*64) 97#define LDPATH_MAX 8 98 99#define LDPRELOAD_BUFSIZE (LDPRELOAD_MAX*64) 100#define LDPRELOAD_MAX 8 101 102static char gLdPathsBuffer[LDPATH_BUFSIZE]; 103static const char* gLdPaths[LDPATH_MAX + 1]; 104 105static char gLdPreloadsBuffer[LDPRELOAD_BUFSIZE]; 106static const char* gLdPreloadNames[LDPRELOAD_MAX + 1]; 107 108static soinfo* gLdPreloads[LDPRELOAD_MAX + 1]; 109 110__LIBC_HIDDEN__ int gLdDebugVerbosity; 111 112__LIBC_HIDDEN__ abort_msg_t* gAbortMessage = NULL; // For debuggerd. 113 114enum RelocationKind { 115 kRelocAbsolute = 0, 116 kRelocRelative, 117 kRelocCopy, 118 kRelocSymbol, 119 kRelocMax 120}; 121 122#if STATS 123struct linker_stats_t { 124 int count[kRelocMax]; 125}; 126 127static linker_stats_t linker_stats; 128 129static void count_relocation(RelocationKind kind) { 130 ++linker_stats.count[kind]; 131} 132#else 133static void count_relocation(RelocationKind) { 134} 135#endif 136 137#if COUNT_PAGES 138static unsigned bitmask[4096]; 139#if defined(__LP64__) 140#define MARK(offset) \ 141 do { \ 142 if ((((offset) >> 12) >> 5) < 4096) \ 143 bitmask[((offset) >> 12) >> 5] |= (1 << (((offset) >> 12) & 31)); \ 144 } while (0) 145#else 146#define MARK(offset) \ 147 do { \ 148 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 149 } while (0) 150#endif 151#else 152#define MARK(x) do {} while (0) 153#endif 154 155// You shouldn't try to call memory-allocating functions in the dynamic linker. 156// Guard against the most obvious ones. 157#define DISALLOW_ALLOCATION(return_type, name, ...) \ 158 return_type name __VA_ARGS__ \ 159 { \ 160 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 161 __libc_format_log(ANDROID_LOG_FATAL, "linker", "%s", msg); \ 162 write(2, msg, strlen(msg)); \ 163 abort(); \ 164 } 165DISALLOW_ALLOCATION(void*, malloc, (size_t u __unused)); 166DISALLOW_ALLOCATION(void, free, (void* u __unused)); 167DISALLOW_ALLOCATION(void*, realloc, (void* u1 __unused, size_t u2 __unused)); 168DISALLOW_ALLOCATION(void*, calloc, (size_t u1 __unused, size_t u2 __unused)); 169 170static char tmp_err_buf[768]; 171static char __linker_dl_err_buf[768]; 172 173char* linker_get_error_buffer() { 174 return &__linker_dl_err_buf[0]; 175} 176 177size_t linker_get_error_buffer_size() { 178 return sizeof(__linker_dl_err_buf); 179} 180 181/* 182 * This function is an empty stub where GDB locates a breakpoint to get notified 183 * about linker activity. 184 */ 185extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 186 187static r_debug _r_debug = {1, NULL, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 188static link_map* r_debug_tail = 0; 189 190static pthread_mutex_t gDebugMutex = PTHREAD_MUTEX_INITIALIZER; 191 192static void insert_soinfo_into_debug_map(soinfo* info) { 193 // Copy the necessary fields into the debug structure. 194 link_map* map = &(info->link_map_head); 195 map->l_addr = info->load_bias; 196 map->l_name = reinterpret_cast<char*>(info->name); 197 map->l_ld = info->dynamic; 198 199 /* Stick the new library at the end of the list. 200 * gdb tends to care more about libc than it does 201 * about leaf libraries, and ordering it this way 202 * reduces the back-and-forth over the wire. 203 */ 204 if (r_debug_tail) { 205 r_debug_tail->l_next = map; 206 map->l_prev = r_debug_tail; 207 map->l_next = 0; 208 } else { 209 _r_debug.r_map = map; 210 map->l_prev = 0; 211 map->l_next = 0; 212 } 213 r_debug_tail = map; 214} 215 216static void remove_soinfo_from_debug_map(soinfo* info) { 217 link_map* map = &(info->link_map_head); 218 219 if (r_debug_tail == map) { 220 r_debug_tail = map->l_prev; 221 } 222 223 if (map->l_prev) { 224 map->l_prev->l_next = map->l_next; 225 } 226 if (map->l_next) { 227 map->l_next->l_prev = map->l_prev; 228 } 229} 230 231static void notify_gdb_of_load(soinfo* info) { 232 if (info->flags & FLAG_EXE) { 233 // GDB already knows about the main executable 234 return; 235 } 236 237 ScopedPthreadMutexLocker locker(&gDebugMutex); 238 239 _r_debug.r_state = r_debug::RT_ADD; 240 rtld_db_dlactivity(); 241 242 insert_soinfo_into_debug_map(info); 243 244 _r_debug.r_state = r_debug::RT_CONSISTENT; 245 rtld_db_dlactivity(); 246} 247 248static void notify_gdb_of_unload(soinfo* info) { 249 if (info->flags & FLAG_EXE) { 250 // GDB already knows about the main executable 251 return; 252 } 253 254 ScopedPthreadMutexLocker locker(&gDebugMutex); 255 256 _r_debug.r_state = r_debug::RT_DELETE; 257 rtld_db_dlactivity(); 258 259 remove_soinfo_from_debug_map(info); 260 261 _r_debug.r_state = r_debug::RT_CONSISTENT; 262 rtld_db_dlactivity(); 263} 264 265void notify_gdb_of_libraries() { 266 _r_debug.r_state = r_debug::RT_ADD; 267 rtld_db_dlactivity(); 268 _r_debug.r_state = r_debug::RT_CONSISTENT; 269 rtld_db_dlactivity(); 270} 271 272static bool ensure_free_list_non_empty() { 273 if (gSoInfoFreeList != NULL) { 274 return true; 275 } 276 277 // Allocate a new pool. 278 soinfo_pool_t* pool = reinterpret_cast<soinfo_pool_t*>(mmap(NULL, sizeof(*pool), 279 PROT_READ|PROT_WRITE, 280 MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)); 281 if (pool == MAP_FAILED) { 282 return false; 283 } 284 285 // Add the pool to our list of pools. 286 pool->next = gSoInfoPools; 287 gSoInfoPools = pool; 288 289 // Chain the entries in the new pool onto the free list. 290 gSoInfoFreeList = &pool->info[0]; 291 soinfo* next = NULL; 292 for (int i = SOINFO_PER_POOL - 1; i >= 0; --i) { 293 pool->info[i].next = next; 294 next = &pool->info[i]; 295 } 296 297 return true; 298} 299 300static void set_soinfo_pool_protection(int protection) { 301 for (soinfo_pool_t* p = gSoInfoPools; p != NULL; p = p->next) { 302 if (mprotect(p, sizeof(*p), protection) == -1) { 303 abort(); // Can't happen. 304 } 305 } 306} 307 308static soinfo* soinfo_alloc(const char* name) { 309 if (strlen(name) >= SOINFO_NAME_LEN) { 310 DL_ERR("library name \"%s\" too long", name); 311 return NULL; 312 } 313 314 if (!ensure_free_list_non_empty()) { 315 DL_ERR("out of memory when loading \"%s\"", name); 316 return NULL; 317 } 318 319 // Take the head element off the free list. 320 soinfo* si = gSoInfoFreeList; 321 gSoInfoFreeList = gSoInfoFreeList->next; 322 323 // Initialize the new element. 324 memset(si, 0, sizeof(soinfo)); 325 strlcpy(si->name, name, sizeof(si->name)); 326 sonext->next = si; 327 sonext = si; 328 329 TRACE("name %s: allocated soinfo @ %p", name, si); 330 return si; 331} 332 333static void soinfo_free(soinfo* si) { 334 if (si == NULL) { 335 return; 336 } 337 338 soinfo *prev = NULL, *trav; 339 340 TRACE("name %s: freeing soinfo @ %p", si->name, si); 341 342 for (trav = solist; trav != NULL; trav = trav->next) { 343 if (trav == si) 344 break; 345 prev = trav; 346 } 347 if (trav == NULL) { 348 /* si was not in solist */ 349 DL_ERR("name \"%s\" is not in solist!", si->name); 350 return; 351 } 352 353 /* prev will never be NULL, because the first entry in solist is 354 always the static libdl_info. 355 */ 356 prev->next = si->next; 357 if (si == sonext) { 358 sonext = prev; 359 } 360 si->next = gSoInfoFreeList; 361 gSoInfoFreeList = si; 362} 363 364 365static void parse_path(const char* path, const char* delimiters, 366 const char** array, char* buf, size_t buf_size, size_t max_count) { 367 if (path == NULL) { 368 return; 369 } 370 371 size_t len = strlcpy(buf, path, buf_size); 372 373 size_t i = 0; 374 char* buf_p = buf; 375 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 376 if (*array[i] != '\0') { 377 ++i; 378 } 379 } 380 381 // Forget the last path if we had to truncate; this occurs if the 2nd to 382 // last char isn't '\0' (i.e. wasn't originally a delimiter). 383 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 384 array[i - 1] = NULL; 385 } else { 386 array[i] = NULL; 387 } 388} 389 390static void parse_LD_LIBRARY_PATH(const char* path) { 391 parse_path(path, ":", gLdPaths, 392 gLdPathsBuffer, sizeof(gLdPathsBuffer), LDPATH_MAX); 393} 394 395static void parse_LD_PRELOAD(const char* path) { 396 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 397 parse_path(path, " :", gLdPreloadNames, 398 gLdPreloadsBuffer, sizeof(gLdPreloadsBuffer), LDPRELOAD_MAX); 399} 400 401#if defined(__arm__) 402 403/* For a given PC, find the .so that it belongs to. 404 * Returns the base address of the .ARM.exidx section 405 * for that .so, and the number of 8-byte entries 406 * in that section (via *pcount). 407 * 408 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 409 * 410 * This function is exposed via dlfcn.cpp and libdl.so. 411 */ 412_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 413 unsigned addr = (unsigned)pc; 414 415 for (soinfo* si = solist; si != 0; si = si->next) { 416 if ((addr >= si->base) && (addr < (si->base + si->size))) { 417 *pcount = si->ARM_exidx_count; 418 return (_Unwind_Ptr)si->ARM_exidx; 419 } 420 } 421 *pcount = 0; 422 return NULL; 423} 424 425#endif 426 427/* Here, we only have to provide a callback to iterate across all the 428 * loaded libraries. gcc_eh does the rest. */ 429int dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 430 int rv = 0; 431 for (soinfo* si = solist; si != NULL; si = si->next) { 432 dl_phdr_info dl_info; 433 dl_info.dlpi_addr = si->link_map_head.l_addr; 434 dl_info.dlpi_name = si->link_map_head.l_name; 435 dl_info.dlpi_phdr = si->phdr; 436 dl_info.dlpi_phnum = si->phnum; 437 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 438 if (rv != 0) { 439 break; 440 } 441 } 442 return rv; 443} 444 445static ElfW(Sym)* soinfo_elf_lookup(soinfo* si, unsigned hash, const char* name) { 446 ElfW(Sym)* symtab = si->symtab; 447 const char* strtab = si->strtab; 448 449 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p %x %zd", 450 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 451 452 for (unsigned n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]) { 453 ElfW(Sym)* s = symtab + n; 454 if (strcmp(strtab + s->st_name, name)) continue; 455 456 /* only concern ourselves with global and weak symbol definitions */ 457 switch (ELF_ST_BIND(s->st_info)) { 458 case STB_GLOBAL: 459 case STB_WEAK: 460 if (s->st_shndx == SHN_UNDEF) { 461 continue; 462 } 463 464 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 465 name, si->name, reinterpret_cast<void*>(s->st_value), 466 static_cast<size_t>(s->st_size)); 467 return s; 468 } 469 } 470 471 return NULL; 472} 473 474static unsigned elfhash(const char* _name) { 475 const unsigned char* name = reinterpret_cast<const unsigned char*>(_name); 476 unsigned h = 0, g; 477 478 while (*name) { 479 h = (h << 4) + *name++; 480 g = h & 0xf0000000; 481 h ^= g; 482 h ^= g >> 24; 483 } 484 return h; 485} 486 487static ElfW(Sym)* soinfo_do_lookup(soinfo* si, const char* name, soinfo** lsi, soinfo* needed[]) { 488 unsigned elf_hash = elfhash(name); 489 ElfW(Sym)* s = NULL; 490 491 if (si != NULL && somain != NULL) { 492 /* 493 * Local scope is executable scope. Just start looking into it right away 494 * for the shortcut. 495 */ 496 497 if (si == somain) { 498 s = soinfo_elf_lookup(si, elf_hash, name); 499 if (s != NULL) { 500 *lsi = si; 501 goto done; 502 } 503 } else { 504 /* Order of symbol lookup is controlled by DT_SYMBOLIC flag */ 505 506 /* 507 * If this object was built with symbolic relocations disabled, the 508 * first place to look to resolve external references is the main 509 * executable. 510 */ 511 512 if (!si->has_DT_SYMBOLIC) { 513 DEBUG("%s: looking up %s in executable %s", 514 si->name, name, somain->name); 515 s = soinfo_elf_lookup(somain, elf_hash, name); 516 if (s != NULL) { 517 *lsi = somain; 518 goto done; 519 } 520 } 521 522 /* Look for symbols in the local scope (the object who is 523 * searching). This happens with C++ templates on x86 for some 524 * reason. 525 * 526 * Notes on weak symbols: 527 * The ELF specs are ambiguous about treatment of weak definitions in 528 * dynamic linking. Some systems return the first definition found 529 * and some the first non-weak definition. This is system dependent. 530 * Here we return the first definition found for simplicity. */ 531 532 s = soinfo_elf_lookup(si, elf_hash, name); 533 if (s != NULL) { 534 *lsi = si; 535 goto done; 536 } 537 538 /* 539 * If this object was built with -Bsymbolic and symbol is not found 540 * in the local scope, try to find the symbol in the main executable. 541 */ 542 543 if (si->has_DT_SYMBOLIC) { 544 DEBUG("%s: looking up %s in executable %s after local scope", 545 si->name, name, somain->name); 546 s = soinfo_elf_lookup(somain, elf_hash, name); 547 if (s != NULL) { 548 *lsi = somain; 549 goto done; 550 } 551 } 552 } 553 } 554 555 /* Next, look for it in the preloads list */ 556 for (int i = 0; gLdPreloads[i] != NULL; i++) { 557 s = soinfo_elf_lookup(gLdPreloads[i], elf_hash, name); 558 if (s != NULL) { 559 *lsi = gLdPreloads[i]; 560 goto done; 561 } 562 } 563 564 for (int i = 0; needed[i] != NULL; i++) { 565 DEBUG("%s: looking up %s in %s", 566 si->name, name, needed[i]->name); 567 s = soinfo_elf_lookup(needed[i], elf_hash, name); 568 if (s != NULL) { 569 *lsi = needed[i]; 570 goto done; 571 } 572 } 573 574done: 575 if (s != NULL) { 576 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 577 "found in %s, base = %p, load bias = %p", 578 si->name, name, reinterpret_cast<void*>(s->st_value), 579 (*lsi)->name, reinterpret_cast<void*>((*lsi)->base), 580 reinterpret_cast<void*>((*lsi)->load_bias)); 581 return s; 582 } 583 584 return NULL; 585} 586 587/* This is used by dlsym(3). It performs symbol lookup only within the 588 specified soinfo object and not in any of its dependencies. 589 590 TODO: Only looking in the specified soinfo seems wrong. dlsym(3) says 591 that it should do a breadth first search through the dependency 592 tree. This agrees with the ELF spec (aka System V Application 593 Binary Interface) where in Chapter 5 it discuss resolving "Shared 594 Object Dependencies" in breadth first search order. 595 */ 596ElfW(Sym)* dlsym_handle_lookup(soinfo* si, const char* name) { 597 return soinfo_elf_lookup(si, elfhash(name), name); 598} 599 600/* This is used by dlsym(3) to performs a global symbol lookup. If the 601 start value is null (for RTLD_DEFAULT), the search starts at the 602 beginning of the global solist. Otherwise the search starts at the 603 specified soinfo (for RTLD_NEXT). 604 */ 605ElfW(Sym)* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 606 unsigned elf_hash = elfhash(name); 607 608 if (start == NULL) { 609 start = solist; 610 } 611 612 ElfW(Sym)* s = NULL; 613 for (soinfo* si = start; (s == NULL) && (si != NULL); si = si->next) { 614 s = soinfo_elf_lookup(si, elf_hash, name); 615 if (s != NULL) { 616 *found = si; 617 break; 618 } 619 } 620 621 if (s != NULL) { 622 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 623 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 624 } 625 626 return s; 627} 628 629soinfo* find_containing_library(const void* p) { 630 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 631 for (soinfo* si = solist; si != NULL; si = si->next) { 632 if (address >= si->base && address - si->base < si->size) { 633 return si; 634 } 635 } 636 return NULL; 637} 638 639ElfW(Sym)* dladdr_find_symbol(soinfo* si, const void* addr) { 640 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - si->base; 641 642 // Search the library's symbol table for any defined symbol which 643 // contains this address. 644 for (size_t i = 0; i < si->nchain; ++i) { 645 ElfW(Sym)* sym = &si->symtab[i]; 646 if (sym->st_shndx != SHN_UNDEF && 647 soaddr >= sym->st_value && 648 soaddr < sym->st_value + sym->st_size) { 649 return sym; 650 } 651 } 652 653 return NULL; 654} 655 656static int open_library_on_path(const char* name, const char* const paths[]) { 657 char buf[512]; 658 for (size_t i = 0; paths[i] != NULL; ++i) { 659 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 660 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 661 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 662 continue; 663 } 664 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 665 if (fd != -1) { 666 return fd; 667 } 668 } 669 return -1; 670} 671 672static int open_library(const char* name) { 673 TRACE("[ opening %s ]", name); 674 675 // If the name contains a slash, we should attempt to open it directly and not search the paths. 676 if (strchr(name, '/') != NULL) { 677 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 678 if (fd != -1) { 679 return fd; 680 } 681 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 682#if defined(__LP64__) 683 return -1; 684#endif 685 } 686 687 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 688 int fd = open_library_on_path(name, gLdPaths); 689 if (fd == -1) { 690 fd = open_library_on_path(name, gDefaultLdPaths); 691 } 692 return fd; 693} 694 695static soinfo* load_library(const char* name, const android_dlextinfo* extinfo) { 696 // Open the file. 697 int fd = open_library(name); 698 if (fd == -1) { 699 DL_ERR("library \"%s\" not found", name); 700 return NULL; 701 } 702 703 // Read the ELF header and load the segments. 704 ElfReader elf_reader(name, fd); 705 if (!elf_reader.Load(extinfo)) { 706 return NULL; 707 } 708 709 const char* bname = strrchr(name, '/'); 710 soinfo* si = soinfo_alloc(bname ? bname + 1 : name); 711 if (si == NULL) { 712 return NULL; 713 } 714 si->base = elf_reader.load_start(); 715 si->size = elf_reader.load_size(); 716 si->load_bias = elf_reader.load_bias(); 717 si->flags = 0; 718 si->entry = 0; 719 si->dynamic = NULL; 720 si->phnum = elf_reader.phdr_count(); 721 si->phdr = elf_reader.loaded_phdr(); 722 return si; 723} 724 725static soinfo *find_loaded_library(const char* name) { 726 // TODO: don't use basename only for determining libraries 727 // http://code.google.com/p/android/issues/detail?id=6670 728 729 const char* bname = strrchr(name, '/'); 730 bname = bname ? bname + 1 : name; 731 732 for (soinfo* si = solist; si != NULL; si = si->next) { 733 if (!strcmp(bname, si->name)) { 734 return si; 735 } 736 } 737 return NULL; 738} 739 740static soinfo* find_library_internal(const char* name, const android_dlextinfo* extinfo) { 741 if (name == NULL) { 742 return somain; 743 } 744 745 soinfo* si = find_loaded_library(name); 746 if (si != NULL) { 747 if (si->flags & FLAG_LINKED) { 748 return si; 749 } 750 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 751 return NULL; 752 } 753 754 TRACE("[ '%s' has not been loaded yet. Locating...]", name); 755 si = load_library(name, extinfo); 756 if (si == NULL) { 757 return NULL; 758 } 759 760 // At this point we know that whatever is loaded @ base is a valid ELF 761 // shared library whose segments are properly mapped in. 762 TRACE("[ find_library_internal base=%p size=%zu name='%s' ]", 763 reinterpret_cast<void*>(si->base), si->size, si->name); 764 765 if (!soinfo_link_image(si, extinfo)) { 766 munmap(reinterpret_cast<void*>(si->base), si->size); 767 soinfo_free(si); 768 return NULL; 769 } 770 771 return si; 772} 773 774static soinfo* find_library(const char* name, const android_dlextinfo* extinfo) { 775 soinfo* si = find_library_internal(name, extinfo); 776 if (si != NULL) { 777 si->ref_count++; 778 } 779 return si; 780} 781 782static int soinfo_unload(soinfo* si) { 783 if (si->ref_count == 1) { 784 TRACE("unloading '%s'", si->name); 785 si->CallDestructors(); 786 787 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 788 if (d->d_tag == DT_NEEDED) { 789 const char* library_name = si->strtab + d->d_un.d_val; 790 TRACE("%s needs to unload %s", si->name, library_name); 791 soinfo_unload(find_loaded_library(library_name)); 792 } 793 } 794 795 munmap(reinterpret_cast<void*>(si->base), si->size); 796 notify_gdb_of_unload(si); 797 soinfo_free(si); 798 si->ref_count = 0; 799 } else { 800 si->ref_count--; 801 TRACE("not unloading '%s', decrementing ref_count to %zd", si->name, si->ref_count); 802 } 803 return 0; 804} 805 806void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 807 snprintf(buffer, buffer_size, "%s:%s", gDefaultLdPaths[0], gDefaultLdPaths[1]); 808} 809 810void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 811 if (!get_AT_SECURE()) { 812 parse_LD_LIBRARY_PATH(ld_library_path); 813 } 814} 815 816soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 817 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL)) != 0) { 818 DL_ERR("invalid flags to dlopen: %x", flags); 819 return NULL; 820 } 821 if (extinfo != NULL && ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0)) { 822 DL_ERR("invalid extended flags to android_dlopen_ext: %x", extinfo->flags); 823 return NULL; 824 } 825 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 826 soinfo* si = find_library(name, extinfo); 827 if (si != NULL) { 828 si->CallConstructors(); 829 } 830 set_soinfo_pool_protection(PROT_READ); 831 return si; 832} 833 834int do_dlclose(soinfo* si) { 835 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 836 int result = soinfo_unload(si); 837 set_soinfo_pool_protection(PROT_READ); 838 return result; 839} 840 841#if defined(USE_RELA) 842static int soinfo_relocate(soinfo* si, ElfW(Rela)* rela, unsigned count, soinfo* needed[]) { 843 ElfW(Sym)* s; 844 soinfo* lsi; 845 846 for (size_t idx = 0; idx < count; ++idx, ++rela) { 847 unsigned type = ELFW(R_TYPE)(rela->r_info); 848 unsigned sym = ELFW(R_SYM)(rela->r_info); 849 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rela->r_offset + si->load_bias); 850 ElfW(Addr) sym_addr = 0; 851 const char* sym_name = NULL; 852 853 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 854 if (type == 0) { // R_*_NONE 855 continue; 856 } 857 if (sym != 0) { 858 sym_name = reinterpret_cast<const char*>(si->strtab + si->symtab[sym].st_name); 859 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 860 if (s == NULL) { 861 // We only allow an undefined symbol if this is a weak reference... 862 s = &si->symtab[sym]; 863 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 864 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 865 return -1; 866 } 867 868 /* IHI0044C AAELF 4.5.1.1: 869 870 Libraries are not searched to resolve weak references. 871 It is not an error for a weak reference to remain unsatisfied. 872 873 During linking, the value of an undefined weak reference is: 874 - Zero if the relocation type is absolute 875 - The address of the place if the relocation is pc-relative 876 - The address of nominal base address if the relocation 877 type is base-relative. 878 */ 879 880 switch (type) { 881#if defined(__aarch64__) 882 case R_AARCH64_JUMP_SLOT: 883 case R_AARCH64_GLOB_DAT: 884 case R_AARCH64_ABS64: 885 case R_AARCH64_ABS32: 886 case R_AARCH64_ABS16: 887 case R_AARCH64_RELATIVE: 888 /* 889 * The sym_addr was initialized to be zero above, or the relocation 890 * code below does not care about value of sym_addr. 891 * No need to do anything. 892 */ 893 break; 894#elif defined(__x86_64__) 895 case R_X86_64_JUMP_SLOT: 896 case R_X86_64_GLOB_DAT: 897 case R_X86_64_32: 898 case R_X86_64_RELATIVE: 899 // No need to do anything. 900 break; 901 case R_X86_64_PC32: 902 sym_addr = reloc; 903 break; 904#endif 905 default: 906 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rela, idx); 907 return -1; 908 } 909 } else { 910 // We got a definition. 911 sym_addr = static_cast<ElfW(Addr)>(s->st_value + lsi->load_bias); 912 } 913 count_relocation(kRelocSymbol); 914 } else { 915 s = NULL; 916 } 917 918 switch (type) { 919#if defined(__aarch64__) 920 case R_AARCH64_JUMP_SLOT: 921 count_relocation(kRelocAbsolute); 922 MARK(rela->r_offset); 923 TRACE_TYPE(RELO, "RELO JMP_SLOT %16llx <- %16llx %s\n", 924 reloc, (sym_addr + rela->r_addend), sym_name); 925 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 926 break; 927 case R_AARCH64_GLOB_DAT: 928 count_relocation(kRelocAbsolute); 929 MARK(rela->r_offset); 930 TRACE_TYPE(RELO, "RELO GLOB_DAT %16llx <- %16llx %s\n", 931 reloc, (sym_addr + rela->r_addend), sym_name); 932 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 933 break; 934 case R_AARCH64_ABS64: 935 count_relocation(kRelocAbsolute); 936 MARK(rela->r_offset); 937 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 938 reloc, (sym_addr + rela->r_addend), sym_name); 939 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 940 break; 941 case R_AARCH64_ABS32: 942 count_relocation(kRelocAbsolute); 943 MARK(rela->r_offset); 944 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 945 reloc, (sym_addr + rela->r_addend), sym_name); 946 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 947 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 948 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 949 } else { 950 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 951 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 952 static_cast<ElfW(Addr)>(INT32_MIN), 953 static_cast<ElfW(Addr)>(UINT32_MAX)); 954 return -1; 955 } 956 break; 957 case R_AARCH64_ABS16: 958 count_relocation(kRelocAbsolute); 959 MARK(rela->r_offset); 960 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 961 reloc, (sym_addr + rela->r_addend), sym_name); 962 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 963 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 964 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 965 } else { 966 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 967 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 968 static_cast<ElfW(Addr)>(INT16_MIN), 969 static_cast<ElfW(Addr)>(UINT16_MAX)); 970 return -1; 971 } 972 break; 973 case R_AARCH64_PREL64: 974 count_relocation(kRelocRelative); 975 MARK(rela->r_offset); 976 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 977 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 978 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend) - rela->r_offset; 979 break; 980 case R_AARCH64_PREL32: 981 count_relocation(kRelocRelative); 982 MARK(rela->r_offset); 983 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 984 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 985 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 986 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 987 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 988 } else { 989 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 990 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 991 static_cast<ElfW(Addr)>(INT32_MIN), 992 static_cast<ElfW(Addr)>(UINT32_MAX)); 993 return -1; 994 } 995 break; 996 case R_AARCH64_PREL16: 997 count_relocation(kRelocRelative); 998 MARK(rela->r_offset); 999 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 1000 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1001 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1002 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1003 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1004 } else { 1005 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1006 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1007 static_cast<ElfW(Addr)>(INT16_MIN), 1008 static_cast<ElfW(Addr)>(UINT16_MAX)); 1009 return -1; 1010 } 1011 break; 1012 1013 case R_AARCH64_RELATIVE: 1014 count_relocation(kRelocRelative); 1015 MARK(rela->r_offset); 1016 if (sym) { 1017 DL_ERR("odd RELATIVE form..."); 1018 return -1; 1019 } 1020 TRACE_TYPE(RELO, "RELO RELATIVE %16llx <- %16llx\n", 1021 reloc, (si->base + rela->r_addend)); 1022 *reinterpret_cast<ElfW(Addr)*>(reloc) = (si->base + rela->r_addend); 1023 break; 1024 1025 case R_AARCH64_COPY: 1026 /* 1027 * ET_EXEC is not supported so this should not happen. 1028 * 1029 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1030 * 1031 * Section 4.7.1.10 "Dynamic relocations" 1032 * R_AARCH64_COPY may only appear in executable objects where e_type is 1033 * set to ET_EXEC. 1034 */ 1035 DL_ERR("%s R_AARCH64_COPY relocations are not supported", si->name); 1036 return -1; 1037 case R_AARCH64_TLS_TPREL64: 1038 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 1039 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1040 break; 1041 case R_AARCH64_TLS_DTPREL32: 1042 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 1043 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1044 break; 1045#elif defined(__x86_64__) 1046 case R_X86_64_JUMP_SLOT: 1047 count_relocation(kRelocAbsolute); 1048 MARK(rela->r_offset); 1049 TRACE_TYPE(RELO, "RELO JMP_SLOT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1050 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1051 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1052 break; 1053 case R_X86_64_GLOB_DAT: 1054 count_relocation(kRelocAbsolute); 1055 MARK(rela->r_offset); 1056 TRACE_TYPE(RELO, "RELO GLOB_DAT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1057 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1058 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1059 break; 1060 case R_X86_64_RELATIVE: 1061 count_relocation(kRelocRelative); 1062 MARK(rela->r_offset); 1063 if (sym) { 1064 DL_ERR("odd RELATIVE form..."); 1065 return -1; 1066 } 1067 TRACE_TYPE(RELO, "RELO RELATIVE %08zx <- +%08zx", static_cast<size_t>(reloc), 1068 static_cast<size_t>(si->base)); 1069 *reinterpret_cast<ElfW(Addr)*>(reloc) = si->base + rela->r_addend; 1070 break; 1071 case R_X86_64_32: 1072 count_relocation(kRelocRelative); 1073 MARK(rela->r_offset); 1074 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1075 static_cast<size_t>(sym_addr), sym_name); 1076 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1077 break; 1078 case R_X86_64_64: 1079 count_relocation(kRelocRelative); 1080 MARK(rela->r_offset); 1081 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1082 static_cast<size_t>(sym_addr), sym_name); 1083 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1084 break; 1085 case R_X86_64_PC32: 1086 count_relocation(kRelocRelative); 1087 MARK(rela->r_offset); 1088 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 1089 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 1090 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 1091 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend - reloc; 1092 break; 1093#endif 1094 1095 default: 1096 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rela, idx); 1097 return -1; 1098 } 1099 } 1100 return 0; 1101} 1102 1103#else // REL, not RELA. 1104 1105static int soinfo_relocate(soinfo* si, ElfW(Rel)* rel, unsigned count, soinfo* needed[]) { 1106 ElfW(Sym)* s; 1107 soinfo* lsi; 1108 1109 for (size_t idx = 0; idx < count; ++idx, ++rel) { 1110 unsigned type = ELFW(R_TYPE)(rel->r_info); 1111 // TODO: don't use unsigned for 'sym'. Use uint32_t or ElfW(Addr) instead. 1112 unsigned sym = ELFW(R_SYM)(rel->r_info); 1113 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + si->load_bias); 1114 ElfW(Addr) sym_addr = 0; 1115 const char* sym_name = NULL; 1116 1117 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 1118 if (type == 0) { // R_*_NONE 1119 continue; 1120 } 1121 if (sym != 0) { 1122 sym_name = reinterpret_cast<const char*>(si->strtab + si->symtab[sym].st_name); 1123 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1124 if (s == NULL) { 1125 // We only allow an undefined symbol if this is a weak reference... 1126 s = &si->symtab[sym]; 1127 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1128 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 1129 return -1; 1130 } 1131 1132 /* IHI0044C AAELF 4.5.1.1: 1133 1134 Libraries are not searched to resolve weak references. 1135 It is not an error for a weak reference to remain 1136 unsatisfied. 1137 1138 During linking, the value of an undefined weak reference is: 1139 - Zero if the relocation type is absolute 1140 - The address of the place if the relocation is pc-relative 1141 - The address of nominal base address if the relocation 1142 type is base-relative. 1143 */ 1144 1145 switch (type) { 1146#if defined(__arm__) 1147 case R_ARM_JUMP_SLOT: 1148 case R_ARM_GLOB_DAT: 1149 case R_ARM_ABS32: 1150 case R_ARM_RELATIVE: /* Don't care. */ 1151 // sym_addr was initialized to be zero above or relocation 1152 // code below does not care about value of sym_addr. 1153 // No need to do anything. 1154 break; 1155#elif defined(__i386__) 1156 case R_386_JMP_SLOT: 1157 case R_386_GLOB_DAT: 1158 case R_386_32: 1159 case R_386_RELATIVE: /* Don't care. */ 1160 // sym_addr was initialized to be zero above or relocation 1161 // code below does not care about value of sym_addr. 1162 // No need to do anything. 1163 break; 1164 case R_386_PC32: 1165 sym_addr = reloc; 1166 break; 1167#endif 1168 1169#if defined(__arm__) 1170 case R_ARM_COPY: 1171 // Fall through. Can't really copy if weak symbol is not found at run-time. 1172#endif 1173 default: 1174 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1175 return -1; 1176 } 1177 } else { 1178 // We got a definition. 1179 sym_addr = static_cast<ElfW(Addr)>(s->st_value + lsi->load_bias); 1180 } 1181 count_relocation(kRelocSymbol); 1182 } else { 1183 s = NULL; 1184 } 1185 1186 switch (type) { 1187#if defined(__arm__) 1188 case R_ARM_JUMP_SLOT: 1189 count_relocation(kRelocAbsolute); 1190 MARK(rel->r_offset); 1191 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1192 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1193 break; 1194 case R_ARM_GLOB_DAT: 1195 count_relocation(kRelocAbsolute); 1196 MARK(rel->r_offset); 1197 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1198 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1199 break; 1200 case R_ARM_ABS32: 1201 count_relocation(kRelocAbsolute); 1202 MARK(rel->r_offset); 1203 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1204 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1205 break; 1206 case R_ARM_REL32: 1207 count_relocation(kRelocRelative); 1208 MARK(rel->r_offset); 1209 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1210 reloc, sym_addr, rel->r_offset, sym_name); 1211 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 1212 break; 1213 case R_ARM_COPY: 1214 /* 1215 * ET_EXEC is not supported so this should not happen. 1216 * 1217 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1218 * 1219 * Section 4.7.1.10 "Dynamic relocations" 1220 * R_ARM_COPY may only appear in executable objects where e_type is 1221 * set to ET_EXEC. 1222 */ 1223 DL_ERR("%s R_ARM_COPY relocations are not supported", si->name); 1224 return -1; 1225#elif defined(__i386__) 1226 case R_386_JMP_SLOT: 1227 count_relocation(kRelocAbsolute); 1228 MARK(rel->r_offset); 1229 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1230 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1231 break; 1232 case R_386_GLOB_DAT: 1233 count_relocation(kRelocAbsolute); 1234 MARK(rel->r_offset); 1235 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1236 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1237 break; 1238 case R_386_32: 1239 count_relocation(kRelocRelative); 1240 MARK(rel->r_offset); 1241 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1242 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1243 break; 1244 case R_386_PC32: 1245 count_relocation(kRelocRelative); 1246 MARK(rel->r_offset); 1247 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1248 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1249 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 1250 break; 1251#elif defined(__mips__) 1252 case R_MIPS_REL32: 1253#if defined(__LP64__) 1254 // MIPS Elf64_Rel entries contain compound relocations 1255 // We only handle the R_MIPS_NONE|R_MIPS_64|R_MIPS_REL32 case 1256 if (ELF64_R_TYPE2(rel->r_info) != R_MIPS_64 || 1257 ELF64_R_TYPE3(rel->r_info) != R_MIPS_NONE) { 1258 DL_ERR("Unexpected compound relocation type:%d type2:%d type3:%d @ %p (%zu)", 1259 type, (unsigned)ELF64_R_TYPE2(rel->r_info), 1260 (unsigned)ELF64_R_TYPE3(rel->r_info), rel, idx); 1261 return -1; 1262 } 1263#endif 1264 count_relocation(kRelocAbsolute); 1265 MARK(rel->r_offset); 1266 TRACE_TYPE(RELO, "RELO REL32 %08zx <- %08zx %s", static_cast<size_t>(reloc), 1267 static_cast<size_t>(sym_addr), sym_name ? sym_name : "*SECTIONHDR*"); 1268 if (s) { 1269 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1270 } else { 1271 *reinterpret_cast<ElfW(Addr)*>(reloc) += si->base; 1272 } 1273 break; 1274#endif 1275 1276#if defined(__arm__) 1277 case R_ARM_RELATIVE: 1278#elif defined(__i386__) 1279 case R_386_RELATIVE: 1280#endif 1281 count_relocation(kRelocRelative); 1282 MARK(rel->r_offset); 1283 if (sym) { 1284 DL_ERR("odd RELATIVE form..."); 1285 return -1; 1286 } 1287 TRACE_TYPE(RELO, "RELO RELATIVE %p <- +%p", 1288 reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(si->base)); 1289 *reinterpret_cast<ElfW(Addr)*>(reloc) += si->base; 1290 break; 1291 1292 default: 1293 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 1294 return -1; 1295 } 1296 } 1297 return 0; 1298} 1299#endif 1300 1301#if defined(__mips__) 1302static bool mips_relocate_got(soinfo* si, soinfo* needed[]) { 1303 ElfW(Addr)** got = si->plt_got; 1304 if (got == NULL) { 1305 return true; 1306 } 1307 unsigned local_gotno = si->mips_local_gotno; 1308 unsigned gotsym = si->mips_gotsym; 1309 unsigned symtabno = si->mips_symtabno; 1310 ElfW(Sym)* symtab = si->symtab; 1311 1312 // got[0] is the address of the lazy resolver function. 1313 // got[1] may be used for a GNU extension. 1314 // Set it to a recognizable address in case someone calls it (should be _rtld_bind_start). 1315 // FIXME: maybe this should be in a separate routine? 1316 if ((si->flags & FLAG_LINKER) == 0) { 1317 size_t g = 0; 1318 got[g++] = reinterpret_cast<ElfW(Addr)*>(0xdeadbeef); 1319 if (reinterpret_cast<intptr_t>(got[g]) < 0) { 1320 got[g++] = reinterpret_cast<ElfW(Addr)*>(0xdeadfeed); 1321 } 1322 // Relocate the local GOT entries. 1323 for (; g < local_gotno; g++) { 1324 got[g] = reinterpret_cast<ElfW(Addr)*>(reinterpret_cast<uintptr_t>(got[g]) + si->load_bias); 1325 } 1326 } 1327 1328 // Now for the global GOT entries... 1329 ElfW(Sym)* sym = symtab + gotsym; 1330 got = si->plt_got + local_gotno; 1331 for (size_t g = gotsym; g < symtabno; g++, sym++, got++) { 1332 // This is an undefined reference... try to locate it. 1333 const char* sym_name = si->strtab + sym->st_name; 1334 soinfo* lsi; 1335 ElfW(Sym)* s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1336 if (s == NULL) { 1337 // We only allow an undefined symbol if this is a weak reference. 1338 s = &symtab[g]; 1339 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1340 DL_ERR("cannot locate \"%s\"...", sym_name); 1341 return false; 1342 } 1343 *got = 0; 1344 } else { 1345 // FIXME: is this sufficient? 1346 // For reference see NetBSD link loader 1347 // http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1348 *got = reinterpret_cast<ElfW(Addr)*>(lsi->load_bias + s->st_value); 1349 } 1350 } 1351 return true; 1352} 1353#endif 1354 1355void soinfo::CallArray(const char* array_name __unused, linker_function_t* functions, size_t count, bool reverse) { 1356 if (functions == NULL) { 1357 return; 1358 } 1359 1360 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1361 1362 int begin = reverse ? (count - 1) : 0; 1363 int end = reverse ? -1 : count; 1364 int step = reverse ? -1 : 1; 1365 1366 for (int i = begin; i != end; i += step) { 1367 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1368 CallFunction("function", functions[i]); 1369 } 1370 1371 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1372} 1373 1374void soinfo::CallFunction(const char* function_name __unused, linker_function_t function) { 1375 if (function == NULL || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1376 return; 1377 } 1378 1379 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1380 function(); 1381 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1382 1383 // The function may have called dlopen(3) or dlclose(3), so we need to ensure our data structures 1384 // are still writable. This happens with our debug malloc (see http://b/7941716). 1385 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 1386} 1387 1388void soinfo::CallPreInitConstructors() { 1389 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1390 // but ignored in a shared library. 1391 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1392} 1393 1394void soinfo::CallConstructors() { 1395 if (constructors_called) { 1396 return; 1397 } 1398 1399 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1400 // protect against recursive constructor calls. One simple example of constructor recursion 1401 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1402 // 1. The program depends on libc, so libc's constructor is called here. 1403 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1404 // 3. dlopen() calls the constructors on the newly created 1405 // soinfo for libc_malloc_debug_leak.so. 1406 // 4. The debug .so depends on libc, so CallConstructors is 1407 // called again with the libc soinfo. If it doesn't trigger the early- 1408 // out above, the libc constructor will be called again (recursively!). 1409 constructors_called = true; 1410 1411 if ((flags & FLAG_EXE) == 0 && preinit_array != NULL) { 1412 // The GNU dynamic linker silently ignores these, but we warn the developer. 1413 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1414 name, preinit_array_count); 1415 } 1416 1417 if (dynamic != NULL) { 1418 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 1419 if (d->d_tag == DT_NEEDED) { 1420 const char* library_name = strtab + d->d_un.d_val; 1421 TRACE("\"%s\": calling constructors in DT_NEEDED \"%s\"", name, library_name); 1422 find_loaded_library(library_name)->CallConstructors(); 1423 } 1424 } 1425 } 1426 1427 TRACE("\"%s\": calling constructors", name); 1428 1429 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1430 CallFunction("DT_INIT", init_func); 1431 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1432} 1433 1434void soinfo::CallDestructors() { 1435 TRACE("\"%s\": calling destructors", name); 1436 1437 // DT_FINI_ARRAY must be parsed in reverse order. 1438 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1439 1440 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1441 CallFunction("DT_FINI", fini_func); 1442} 1443 1444/* Force any of the closed stdin, stdout and stderr to be associated with 1445 /dev/null. */ 1446static int nullify_closed_stdio() { 1447 int dev_null, i, status; 1448 int return_value = 0; 1449 1450 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1451 if (dev_null < 0) { 1452 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1453 return -1; 1454 } 1455 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1456 1457 /* If any of the stdio file descriptors is valid and not associated 1458 with /dev/null, dup /dev/null to it. */ 1459 for (i = 0; i < 3; i++) { 1460 /* If it is /dev/null already, we are done. */ 1461 if (i == dev_null) { 1462 continue; 1463 } 1464 1465 TRACE("[ Nullifying stdio file descriptor %d]", i); 1466 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1467 1468 /* If file is opened, we are good. */ 1469 if (status != -1) { 1470 continue; 1471 } 1472 1473 /* The only error we allow is that the file descriptor does not 1474 exist, in which case we dup /dev/null to it. */ 1475 if (errno != EBADF) { 1476 DL_ERR("fcntl failed: %s", strerror(errno)); 1477 return_value = -1; 1478 continue; 1479 } 1480 1481 /* Try dupping /dev/null to this stdio file descriptor and 1482 repeat if there is a signal. Note that any errors in closing 1483 the stdio descriptor are lost. */ 1484 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1485 if (status < 0) { 1486 DL_ERR("dup2 failed: %s", strerror(errno)); 1487 return_value = -1; 1488 continue; 1489 } 1490 } 1491 1492 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1493 if (dev_null > 2) { 1494 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1495 status = TEMP_FAILURE_RETRY(close(dev_null)); 1496 if (status == -1) { 1497 DL_ERR("close failed: %s", strerror(errno)); 1498 return_value = -1; 1499 } 1500 } 1501 1502 return return_value; 1503} 1504 1505static bool soinfo_link_image(soinfo* si, const android_dlextinfo* extinfo) { 1506 /* "base" might wrap around UINT32_MAX. */ 1507 ElfW(Addr) base = si->load_bias; 1508 const ElfW(Phdr)* phdr = si->phdr; 1509 int phnum = si->phnum; 1510 bool relocating_linker = (si->flags & FLAG_LINKER) != 0; 1511 1512 /* We can't debug anything until the linker is relocated */ 1513 if (!relocating_linker) { 1514 INFO("[ linking %s ]", si->name); 1515 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(si->base), si->flags); 1516 } 1517 1518 /* Extract dynamic section */ 1519 size_t dynamic_count; 1520 ElfW(Word) dynamic_flags; 1521 phdr_table_get_dynamic_section(phdr, phnum, base, &si->dynamic, 1522 &dynamic_count, &dynamic_flags); 1523 if (si->dynamic == NULL) { 1524 if (!relocating_linker) { 1525 DL_ERR("missing PT_DYNAMIC in \"%s\"", si->name); 1526 } 1527 return false; 1528 } else { 1529 if (!relocating_linker) { 1530 DEBUG("dynamic = %p", si->dynamic); 1531 } 1532 } 1533 1534#if defined(__arm__) 1535 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1536 &si->ARM_exidx, &si->ARM_exidx_count); 1537#endif 1538 1539 // Extract useful information from dynamic section. 1540 uint32_t needed_count = 0; 1541 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1542 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1543 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1544 switch (d->d_tag) { 1545 case DT_HASH: 1546 si->nbucket = reinterpret_cast<uint32_t*>(base + d->d_un.d_ptr)[0]; 1547 si->nchain = reinterpret_cast<uint32_t*>(base + d->d_un.d_ptr)[1]; 1548 si->bucket = reinterpret_cast<uint32_t*>(base + d->d_un.d_ptr + 8); 1549 si->chain = reinterpret_cast<uint32_t*>(base + d->d_un.d_ptr + 8 + si->nbucket * 4); 1550 break; 1551 case DT_STRTAB: 1552 si->strtab = reinterpret_cast<const char*>(base + d->d_un.d_ptr); 1553 break; 1554 case DT_SYMTAB: 1555 si->symtab = reinterpret_cast<ElfW(Sym)*>(base + d->d_un.d_ptr); 1556 break; 1557#if !defined(__LP64__) 1558 case DT_PLTREL: 1559 if (d->d_un.d_val != DT_REL) { 1560 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1561 return false; 1562 } 1563 break; 1564#endif 1565 case DT_JMPREL: 1566#if defined(USE_RELA) 1567 si->plt_rela = reinterpret_cast<ElfW(Rela)*>(base + d->d_un.d_ptr); 1568#else 1569 si->plt_rel = reinterpret_cast<ElfW(Rel)*>(base + d->d_un.d_ptr); 1570#endif 1571 break; 1572 case DT_PLTRELSZ: 1573#if defined(USE_RELA) 1574 si->plt_rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 1575#else 1576 si->plt_rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 1577#endif 1578 break; 1579#if defined(__mips__) 1580 case DT_PLTGOT: 1581 // Used by mips and mips64. 1582 si->plt_got = reinterpret_cast<ElfW(Addr)**>(base + d->d_un.d_ptr); 1583 break; 1584#endif 1585 case DT_DEBUG: 1586 // Set the DT_DEBUG entry to the address of _r_debug for GDB 1587 // if the dynamic table is writable 1588// FIXME: not working currently for N64 1589// The flags for the LOAD and DYNAMIC program headers do not agree. 1590// The LOAD section containng the dynamic table has been mapped as 1591// read-only, but the DYNAMIC header claims it is writable. 1592#if !(defined(__mips__) && defined(__LP64__)) 1593 if ((dynamic_flags & PF_W) != 0) { 1594 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 1595 } 1596 break; 1597#endif 1598#if defined(USE_RELA) 1599 case DT_RELA: 1600 si->rela = reinterpret_cast<ElfW(Rela)*>(base + d->d_un.d_ptr); 1601 break; 1602 case DT_RELASZ: 1603 si->rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 1604 break; 1605 case DT_REL: 1606 DL_ERR("unsupported DT_REL in \"%s\"", si->name); 1607 return false; 1608 case DT_RELSZ: 1609 DL_ERR("unsupported DT_RELSZ in \"%s\"", si->name); 1610 return false; 1611#else 1612 case DT_REL: 1613 si->rel = reinterpret_cast<ElfW(Rel)*>(base + d->d_un.d_ptr); 1614 break; 1615 case DT_RELSZ: 1616 si->rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 1617 break; 1618 case DT_RELA: 1619 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1620 return false; 1621#endif 1622 case DT_INIT: 1623 si->init_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1624 DEBUG("%s constructors (DT_INIT) found at %p", si->name, si->init_func); 1625 break; 1626 case DT_FINI: 1627 si->fini_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1628 DEBUG("%s destructors (DT_FINI) found at %p", si->name, si->fini_func); 1629 break; 1630 case DT_INIT_ARRAY: 1631 si->init_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1632 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", si->name, si->init_array); 1633 break; 1634 case DT_INIT_ARRAYSZ: 1635 si->init_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1636 break; 1637 case DT_FINI_ARRAY: 1638 si->fini_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1639 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", si->name, si->fini_array); 1640 break; 1641 case DT_FINI_ARRAYSZ: 1642 si->fini_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1643 break; 1644 case DT_PREINIT_ARRAY: 1645 si->preinit_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1646 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", si->name, si->preinit_array); 1647 break; 1648 case DT_PREINIT_ARRAYSZ: 1649 si->preinit_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 1650 break; 1651 case DT_TEXTREL: 1652#if defined(__LP64__) 1653 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1654 return false; 1655#else 1656 si->has_text_relocations = true; 1657 break; 1658#endif 1659 case DT_SYMBOLIC: 1660 si->has_DT_SYMBOLIC = true; 1661 break; 1662 case DT_NEEDED: 1663 ++needed_count; 1664 break; 1665 case DT_FLAGS: 1666 if (d->d_un.d_val & DF_TEXTREL) { 1667#if defined(__LP64__) 1668 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1669 return false; 1670#else 1671 si->has_text_relocations = true; 1672#endif 1673 } 1674 if (d->d_un.d_val & DF_SYMBOLIC) { 1675 si->has_DT_SYMBOLIC = true; 1676 } 1677 break; 1678#if defined(__mips__) 1679 case DT_STRSZ: 1680 case DT_SYMENT: 1681 case DT_RELENT: 1682 break; 1683 case DT_MIPS_RLD_MAP: 1684 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 1685 { 1686 r_debug** dp = reinterpret_cast<r_debug**>(base + d->d_un.d_ptr); 1687 *dp = &_r_debug; 1688 } 1689 break; 1690 case DT_MIPS_RLD_VERSION: 1691 case DT_MIPS_FLAGS: 1692 case DT_MIPS_BASE_ADDRESS: 1693 case DT_MIPS_UNREFEXTNO: 1694 break; 1695 1696 case DT_MIPS_SYMTABNO: 1697 si->mips_symtabno = d->d_un.d_val; 1698 break; 1699 1700 case DT_MIPS_LOCAL_GOTNO: 1701 si->mips_local_gotno = d->d_un.d_val; 1702 break; 1703 1704 case DT_MIPS_GOTSYM: 1705 si->mips_gotsym = d->d_un.d_val; 1706 break; 1707#endif 1708 1709 default: 1710 DEBUG("Unused DT entry: type %p arg %p", 1711 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1712 break; 1713 } 1714 } 1715 1716 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 1717 reinterpret_cast<void*>(si->base), si->strtab, si->symtab); 1718 1719 // Sanity checks. 1720 if (relocating_linker && needed_count != 0) { 1721 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 1722 return false; 1723 } 1724 if (si->nbucket == 0) { 1725 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", si->name); 1726 return false; 1727 } 1728 if (si->strtab == 0) { 1729 DL_ERR("empty/missing DT_STRTAB in \"%s\"", si->name); 1730 return false; 1731 } 1732 if (si->symtab == 0) { 1733 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", si->name); 1734 return false; 1735 } 1736 1737 // If this is the main executable, then load all of the libraries from LD_PRELOAD now. 1738 if (si->flags & FLAG_EXE) { 1739 memset(gLdPreloads, 0, sizeof(gLdPreloads)); 1740 size_t preload_count = 0; 1741 for (size_t i = 0; gLdPreloadNames[i] != NULL; i++) { 1742 soinfo* lsi = find_library(gLdPreloadNames[i], NULL); 1743 if (lsi != NULL) { 1744 gLdPreloads[preload_count++] = lsi; 1745 } else { 1746 // As with glibc, failure to load an LD_PRELOAD library is just a warning. 1747 DL_WARN("could not load library \"%s\" from LD_PRELOAD for \"%s\"; caused by %s", 1748 gLdPreloadNames[i], si->name, linker_get_error_buffer()); 1749 } 1750 } 1751 } 1752 1753 soinfo** needed = reinterpret_cast<soinfo**>(alloca((1 + needed_count) * sizeof(soinfo*))); 1754 soinfo** pneeded = needed; 1755 1756 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1757 if (d->d_tag == DT_NEEDED) { 1758 const char* library_name = si->strtab + d->d_un.d_val; 1759 DEBUG("%s needs %s", si->name, library_name); 1760 soinfo* lsi = find_library(library_name, NULL); 1761 if (lsi == NULL) { 1762 strlcpy(tmp_err_buf, linker_get_error_buffer(), sizeof(tmp_err_buf)); 1763 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1764 library_name, si->name, tmp_err_buf); 1765 return false; 1766 } 1767 *pneeded++ = lsi; 1768 } 1769 } 1770 *pneeded = NULL; 1771 1772#if !defined(__LP64__) 1773 if (si->has_text_relocations) { 1774 // Make segments writable to allow text relocations to work properly. We will later call 1775 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 1776#if !defined(__i386__) // The platform itself has too many text relocations on x86. 1777 DL_WARN("%s has text relocations. This is wasting memory and prevents " 1778 "security hardening. Please fix.", si->name); 1779#endif 1780 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1781 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1782 si->name, strerror(errno)); 1783 return false; 1784 } 1785 } 1786#endif 1787 1788#if defined(USE_RELA) 1789 if (si->plt_rela != NULL) { 1790 DEBUG("[ relocating %s plt ]\n", si->name); 1791 if (soinfo_relocate(si, si->plt_rela, si->plt_rela_count, needed)) { 1792 return false; 1793 } 1794 } 1795 if (si->rela != NULL) { 1796 DEBUG("[ relocating %s ]\n", si->name); 1797 if (soinfo_relocate(si, si->rela, si->rela_count, needed)) { 1798 return false; 1799 } 1800 } 1801#else 1802 if (si->plt_rel != NULL) { 1803 DEBUG("[ relocating %s plt ]", si->name); 1804 if (soinfo_relocate(si, si->plt_rel, si->plt_rel_count, needed)) { 1805 return false; 1806 } 1807 } 1808 if (si->rel != NULL) { 1809 DEBUG("[ relocating %s ]", si->name); 1810 if (soinfo_relocate(si, si->rel, si->rel_count, needed)) { 1811 return false; 1812 } 1813 } 1814#endif 1815 1816#if defined(__mips__) 1817 if (!mips_relocate_got(si, needed)) { 1818 return false; 1819 } 1820#endif 1821 1822 si->flags |= FLAG_LINKED; 1823 DEBUG("[ finished linking %s ]", si->name); 1824 1825#if !defined(__LP64__) 1826 if (si->has_text_relocations) { 1827 // All relocations are done, we can protect our segments back to read-only. 1828 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1829 DL_ERR("can't protect segments for \"%s\": %s", 1830 si->name, strerror(errno)); 1831 return false; 1832 } 1833 } 1834#endif 1835 1836 /* We can also turn on GNU RELRO protection */ 1837 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1838 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1839 si->name, strerror(errno)); 1840 return false; 1841 } 1842 1843 /* Handle serializing/sharing the RELRO segment */ 1844 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 1845 if (phdr_table_serialize_gnu_relro(si->phdr, si->phnum, si->load_bias, 1846 extinfo->relro_fd) < 0) { 1847 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 1848 si->name, strerror(errno)); 1849 return false; 1850 } 1851 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 1852 if (phdr_table_map_gnu_relro(si->phdr, si->phnum, si->load_bias, 1853 extinfo->relro_fd) < 0) { 1854 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 1855 si->name, strerror(errno)); 1856 return false; 1857 } 1858 } 1859 1860 notify_gdb_of_load(si); 1861 return true; 1862} 1863 1864/* 1865 * This function add vdso to internal dso list. 1866 * It helps to stack unwinding through signal handlers. 1867 * Also, it makes bionic more like glibc. 1868 */ 1869static void add_vdso(KernelArgumentBlock& args __unused) { 1870#if defined(AT_SYSINFO_EHDR) 1871 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 1872 if (ehdr_vdso == NULL) { 1873 return; 1874 } 1875 1876 soinfo* si = soinfo_alloc("[vdso]"); 1877 1878 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 1879 si->phnum = ehdr_vdso->e_phnum; 1880 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 1881 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1882 si->flags = 0; 1883 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 1884 1885 soinfo_link_image(si, NULL); 1886#endif 1887} 1888 1889/* 1890 * This code is called after the linker has linked itself and 1891 * fixed it's own GOT. It is safe to make references to externs 1892 * and other non-local data at this point. 1893 */ 1894static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 1895 /* NOTE: we store the args pointer on a special location 1896 * of the temporary TLS area in order to pass it to 1897 * the C Library's runtime initializer. 1898 * 1899 * The initializer must clear the slot and reset the TLS 1900 * to point to a different location to ensure that no other 1901 * shared library constructor can access it. 1902 */ 1903 __libc_init_tls(args); 1904 1905#if TIMING 1906 struct timeval t0, t1; 1907 gettimeofday(&t0, 0); 1908#endif 1909 1910 // Initialize environment functions, and get to the ELF aux vectors table. 1911 linker_env_init(args); 1912 1913 // If this is a setuid/setgid program, close the security hole described in 1914 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 1915 if (get_AT_SECURE()) { 1916 nullify_closed_stdio(); 1917 } 1918 1919 debuggerd_init(); 1920 1921 // Get a few environment variables. 1922 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 1923 if (LD_DEBUG != NULL) { 1924 gLdDebugVerbosity = atoi(LD_DEBUG); 1925 } 1926 1927 // Normally, these are cleaned by linker_env_init, but the test 1928 // doesn't cost us anything. 1929 const char* ldpath_env = NULL; 1930 const char* ldpreload_env = NULL; 1931 if (!get_AT_SECURE()) { 1932 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 1933 ldpreload_env = linker_env_get("LD_PRELOAD"); 1934 } 1935 1936 INFO("[ android linker & debugger ]"); 1937 1938 soinfo* si = soinfo_alloc(args.argv[0]); 1939 if (si == NULL) { 1940 exit(EXIT_FAILURE); 1941 } 1942 1943 /* bootstrap the link map, the main exe always needs to be first */ 1944 si->flags |= FLAG_EXE; 1945 link_map* map = &(si->link_map_head); 1946 1947 map->l_addr = 0; 1948 map->l_name = args.argv[0]; 1949 map->l_prev = NULL; 1950 map->l_next = NULL; 1951 1952 _r_debug.r_map = map; 1953 r_debug_tail = map; 1954 1955 /* gdb expects the linker to be in the debug shared object list. 1956 * Without this, gdb has trouble locating the linker's ".text" 1957 * and ".plt" sections. Gdb could also potentially use this to 1958 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 1959 * Don't use soinfo_alloc(), because the linker shouldn't 1960 * be on the soinfo list. 1961 */ 1962 { 1963 static soinfo linker_soinfo; 1964#if defined(__LP64__) 1965 strlcpy(linker_soinfo.name, "/system/bin/linker64", sizeof(linker_soinfo.name)); 1966#else 1967 strlcpy(linker_soinfo.name, "/system/bin/linker", sizeof(linker_soinfo.name)); 1968#endif 1969 linker_soinfo.flags = 0; 1970 linker_soinfo.base = linker_base; 1971 1972 /* 1973 * Set the dynamic field in the link map otherwise gdb will complain with 1974 * the following: 1975 * warning: .dynamic section for "/system/bin/linker" is not at the 1976 * expected address (wrong library or version mismatch?) 1977 */ 1978 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 1979 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 1980 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 1981 &linker_soinfo.dynamic, NULL, NULL); 1982 insert_soinfo_into_debug_map(&linker_soinfo); 1983 } 1984 1985 // Extract information passed from the kernel. 1986 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 1987 si->phnum = args.getauxval(AT_PHNUM); 1988 si->entry = args.getauxval(AT_ENTRY); 1989 1990 /* Compute the value of si->base. We can't rely on the fact that 1991 * the first entry is the PHDR because this will not be true 1992 * for certain executables (e.g. some in the NDK unit test suite) 1993 */ 1994 si->base = 0; 1995 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1996 si->load_bias = 0; 1997 for (size_t i = 0; i < si->phnum; ++i) { 1998 if (si->phdr[i].p_type == PT_PHDR) { 1999 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 2000 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 2001 break; 2002 } 2003 } 2004 si->dynamic = NULL; 2005 si->ref_count = 1; 2006 2007 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 2008 if (elf_hdr->e_type != ET_DYN) { 2009 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 2010 exit(EXIT_FAILURE); 2011 } 2012 2013 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 2014 parse_LD_LIBRARY_PATH(ldpath_env); 2015 parse_LD_PRELOAD(ldpreload_env); 2016 2017 somain = si; 2018 2019 if (!soinfo_link_image(si, NULL)) { 2020 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2021 exit(EXIT_FAILURE); 2022 } 2023 2024 add_vdso(args); 2025 2026 si->CallPreInitConstructors(); 2027 2028 for (size_t i = 0; gLdPreloads[i] != NULL; ++i) { 2029 gLdPreloads[i]->CallConstructors(); 2030 } 2031 2032 /* After the link_image, the si->load_bias is initialized. 2033 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 2034 * We need to update this value for so exe here. So Unwind_Backtrace 2035 * for some arch like x86 could work correctly within so exe. 2036 */ 2037 map->l_addr = si->load_bias; 2038 si->CallConstructors(); 2039 2040#if TIMING 2041 gettimeofday(&t1, NULL); 2042 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 2043 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 2044 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 2045#endif 2046#if STATS 2047 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 2048 linker_stats.count[kRelocAbsolute], 2049 linker_stats.count[kRelocRelative], 2050 linker_stats.count[kRelocCopy], 2051 linker_stats.count[kRelocSymbol]); 2052#endif 2053#if COUNT_PAGES 2054 { 2055 unsigned n; 2056 unsigned i; 2057 unsigned count = 0; 2058 for (n = 0; n < 4096; n++) { 2059 if (bitmask[n]) { 2060 unsigned x = bitmask[n]; 2061#if defined(__LP64__) 2062 for (i = 0; i < 32; i++) { 2063#else 2064 for (i = 0; i < 8; i++) { 2065#endif 2066 if (x & 1) { 2067 count++; 2068 } 2069 x >>= 1; 2070 } 2071 } 2072 } 2073 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 2074 } 2075#endif 2076 2077#if TIMING || STATS || COUNT_PAGES 2078 fflush(stdout); 2079#endif 2080 2081 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 2082 return si->entry; 2083} 2084 2085/* Compute the load-bias of an existing executable. This shall only 2086 * be used to compute the load bias of an executable or shared library 2087 * that was loaded by the kernel itself. 2088 * 2089 * Input: 2090 * elf -> address of ELF header, assumed to be at the start of the file. 2091 * Return: 2092 * load bias, i.e. add the value of any p_vaddr in the file to get 2093 * the corresponding address in memory. 2094 */ 2095static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 2096 ElfW(Addr) offset = elf->e_phoff; 2097 const ElfW(Phdr)* phdr_table = reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 2098 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 2099 2100 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 2101 if (phdr->p_type == PT_LOAD) { 2102 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 2103 } 2104 } 2105 return 0; 2106} 2107 2108/* 2109 * This is the entry point for the linker, called from begin.S. This 2110 * method is responsible for fixing the linker's own relocations, and 2111 * then calling __linker_init_post_relocation(). 2112 * 2113 * Because this method is called before the linker has fixed it's own 2114 * relocations, any attempt to reference an extern variable, extern 2115 * function, or other GOT reference will generate a segfault. 2116 */ 2117extern "C" ElfW(Addr) __linker_init(void* raw_args) { 2118 KernelArgumentBlock args(raw_args); 2119 2120 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 2121 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 2122 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 2123 2124 soinfo linker_so; 2125 memset(&linker_so, 0, sizeof(soinfo)); 2126 2127 strcpy(linker_so.name, "[dynamic linker]"); 2128 linker_so.base = linker_addr; 2129 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2130 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2131 linker_so.dynamic = NULL; 2132 linker_so.phdr = phdr; 2133 linker_so.phnum = elf_hdr->e_phnum; 2134 linker_so.flags |= FLAG_LINKER; 2135 2136 if (!soinfo_link_image(&linker_so, NULL)) { 2137 // It would be nice to print an error message, but if the linker 2138 // can't link itself, there's no guarantee that we'll be able to 2139 // call write() (because it involves a GOT reference). We may as 2140 // well try though... 2141 const char* msg = "CANNOT LINK EXECUTABLE: "; 2142 write(2, msg, strlen(msg)); 2143 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 2144 write(2, "\n", 1); 2145 _exit(EXIT_FAILURE); 2146 } 2147 2148 // We have successfully fixed our own relocations. It's safe to run 2149 // the main part of the linker now. 2150 args.abort_message_ptr = &gAbortMessage; 2151 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 2152 2153 set_soinfo_pool_protection(PROT_READ); 2154 2155 // Return the address that the calling assembly stub should jump to. 2156 return start_address; 2157} 2158