linker.cpp revision 9181a5dcfe69199415c7aebf93524cc3dd6f8a6f
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <linux/auxvec.h> 33#include <pthread.h> 34#include <stdbool.h> 35#include <stdio.h> 36#include <stdlib.h> 37#include <string.h> 38#include <sys/atomics.h> 39#include <sys/mman.h> 40#include <sys/stat.h> 41#include <unistd.h> 42 43// Private C library headers. 44#include <private/bionic_tls.h> 45#include <private/logd.h> 46 47#include "linker.h" 48#include "linker_debug.h" 49#include "linker_environ.h" 50#include "linker_format.h" 51#include "linker_phdr.h" 52 53#define ALLOW_SYMBOLS_FROM_MAIN 1 54#define SO_MAX 128 55 56/* Assume average path length of 64 and max 8 paths */ 57#define LDPATH_BUFSIZE 512 58#define LDPATH_MAX 8 59 60#define LDPRELOAD_BUFSIZE 512 61#define LDPRELOAD_MAX 8 62 63/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 64 * 65 * Do NOT use malloc() and friends or pthread_*() code here. 66 * Don't use printf() either; it's caused mysterious memory 67 * corruption in the past. 68 * The linker runs before we bring up libc and it's easiest 69 * to make sure it does not depend on any complex libc features 70 * 71 * open issues / todo: 72 * 73 * - are we doing everything we should for ARM_COPY relocations? 74 * - cleaner error reporting 75 * - after linking, set as much stuff as possible to READONLY 76 * and NOEXEC 77 * - linker hardcodes PAGE_SIZE and PAGE_MASK because the kernel 78 * headers provide versions that are negative... 79 * - allocate space for soinfo structs dynamically instead of 80 * having a hard limit (SO_MAX) 81 */ 82 83 84static int soinfo_link_image(soinfo *si); 85 86static int socount = 0; 87static soinfo sopool[SO_MAX]; 88static soinfo *freelist = NULL; 89static soinfo *solist = &libdl_info; 90static soinfo *sonext = &libdl_info; 91#if ALLOW_SYMBOLS_FROM_MAIN 92static soinfo *somain; /* main process, always the one after libdl_info */ 93#endif 94 95 96static inline int validate_soinfo(soinfo *si) 97{ 98 return (si >= sopool && si < sopool + SO_MAX) || 99 si == &libdl_info; 100} 101 102static char ldpaths_buf[LDPATH_BUFSIZE]; 103static const char *ldpaths[LDPATH_MAX + 1]; 104 105static char ldpreloads_buf[LDPRELOAD_BUFSIZE]; 106static const char *ldpreload_names[LDPRELOAD_MAX + 1]; 107 108static soinfo *preloads[LDPRELOAD_MAX + 1]; 109 110#if LINKER_DEBUG 111int debug_verbosity; 112#endif 113 114static int pid; 115 116/* This boolean is set if the program being loaded is setuid */ 117static int program_is_setuid; 118 119#if STATS 120struct _link_stats linker_stats; 121#endif 122 123#if COUNT_PAGES 124unsigned bitmask[4096]; 125#endif 126 127// You shouldn't try to call memory-allocating functions in the dynamic linker. 128// Guard against the most obvious ones. 129#define DISALLOW_ALLOCATION(return_type, name, ...) \ 130 return_type name __VA_ARGS__ \ 131 { \ 132 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 133 __libc_android_log_write(ANDROID_LOG_FATAL, "linker", msg); \ 134 write(2, msg, sizeof(msg)); \ 135 abort(); \ 136 } 137#define UNUSED __attribute__((unused)) 138DISALLOW_ALLOCATION(void*, malloc, (size_t u UNUSED)); 139DISALLOW_ALLOCATION(void, free, (void* u UNUSED)); 140DISALLOW_ALLOCATION(void*, realloc, (void* u1 UNUSED, size_t u2 UNUSED)); 141DISALLOW_ALLOCATION(void*, calloc, (size_t u1 UNUSED, size_t u2 UNUSED)); 142 143static char tmp_err_buf[768]; 144static char __linker_dl_err_buf[768]; 145#define BASENAME(s) (strrchr(s, '/') != NULL ? strrchr(s, '/') + 1 : s) 146#define DL_ERR(fmt, x...) \ 147 do { \ 148 format_buffer(__linker_dl_err_buf, sizeof(__linker_dl_err_buf), \ 149 "(%s:%d, pid %d) %s: " fmt, \ 150 BASENAME(__FILE__), __LINE__, pid, __func__, ##x); \ 151 ERROR(fmt "\n", ##x); \ 152 } while(0) 153 154const char *linker_get_error(void) 155{ 156 return (const char *)&__linker_dl_err_buf[0]; 157} 158 159/* 160 * This function is an empty stub where GDB locates a breakpoint to get notified 161 * about linker activity. 162 */ 163extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(void); 164 165static struct r_debug _r_debug = {1, NULL, &rtld_db_dlactivity, 166 RT_CONSISTENT, 0}; 167static struct link_map *r_debug_tail = 0; 168 169static pthread_mutex_t _r_debug_lock = PTHREAD_MUTEX_INITIALIZER; 170 171static void insert_soinfo_into_debug_map(soinfo * info) 172{ 173 struct link_map * map; 174 175 /* Copy the necessary fields into the debug structure. 176 */ 177 map = &(info->linkmap); 178 map->l_addr = info->base; 179 map->l_name = (char*) info->name; 180 map->l_ld = (uintptr_t)info->dynamic; 181 182 /* Stick the new library at the end of the list. 183 * gdb tends to care more about libc than it does 184 * about leaf libraries, and ordering it this way 185 * reduces the back-and-forth over the wire. 186 */ 187 if (r_debug_tail) { 188 r_debug_tail->l_next = map; 189 map->l_prev = r_debug_tail; 190 map->l_next = 0; 191 } else { 192 _r_debug.r_map = map; 193 map->l_prev = 0; 194 map->l_next = 0; 195 } 196 r_debug_tail = map; 197} 198 199static void remove_soinfo_from_debug_map(soinfo * info) 200{ 201 struct link_map * map = &(info->linkmap); 202 203 if (r_debug_tail == map) 204 r_debug_tail = map->l_prev; 205 206 if (map->l_prev) map->l_prev->l_next = map->l_next; 207 if (map->l_next) map->l_next->l_prev = map->l_prev; 208} 209 210void notify_gdb_of_load(soinfo * info) 211{ 212 if (info->flags & FLAG_EXE) { 213 // GDB already knows about the main executable 214 return; 215 } 216 217 pthread_mutex_lock(&_r_debug_lock); 218 219 _r_debug.r_state = RT_ADD; 220 rtld_db_dlactivity(); 221 222 insert_soinfo_into_debug_map(info); 223 224 _r_debug.r_state = RT_CONSISTENT; 225 rtld_db_dlactivity(); 226 227 pthread_mutex_unlock(&_r_debug_lock); 228} 229 230void notify_gdb_of_unload(soinfo * info) 231{ 232 if (info->flags & FLAG_EXE) { 233 // GDB already knows about the main executable 234 return; 235 } 236 237 pthread_mutex_lock(&_r_debug_lock); 238 239 _r_debug.r_state = RT_DELETE; 240 rtld_db_dlactivity(); 241 242 remove_soinfo_from_debug_map(info); 243 244 _r_debug.r_state = RT_CONSISTENT; 245 rtld_db_dlactivity(); 246 247 pthread_mutex_unlock(&_r_debug_lock); 248} 249 250extern "C" void notify_gdb_of_libraries() 251{ 252 _r_debug.r_state = RT_ADD; 253 rtld_db_dlactivity(); 254 _r_debug.r_state = RT_CONSISTENT; 255 rtld_db_dlactivity(); 256} 257 258static soinfo *soinfo_alloc(const char *name) 259{ 260 if (strlen(name) >= SOINFO_NAME_LEN) { 261 DL_ERR("library name \"%s\" too long", name); 262 return NULL; 263 } 264 265 /* The freelist is populated when we call soinfo_free(), which in turn is 266 done only by dlclose(), which is not likely to be used. 267 */ 268 if (!freelist) { 269 if (socount == SO_MAX) { 270 DL_ERR("too many libraries when loading \"%s\"", name); 271 return NULL; 272 } 273 freelist = sopool + socount++; 274 freelist->next = NULL; 275 } 276 277 soinfo* si = freelist; 278 freelist = freelist->next; 279 280 /* Make sure we get a clean block of soinfo */ 281 memset(si, 0, sizeof(soinfo)); 282 strlcpy((char*) si->name, name, sizeof(si->name)); 283 sonext->next = si; 284 si->next = NULL; 285 si->refcount = 0; 286 sonext = si; 287 288 TRACE("%5d name %s: allocated soinfo @ %p\n", pid, name, si); 289 return si; 290} 291 292static void soinfo_free(soinfo* si) 293{ 294 if (si == NULL) { 295 return; 296 } 297 298 soinfo *prev = NULL, *trav; 299 300 TRACE("%5d name %s: freeing soinfo @ %p\n", pid, si->name, si); 301 302 for(trav = solist; trav != NULL; trav = trav->next){ 303 if (trav == si) 304 break; 305 prev = trav; 306 } 307 if (trav == NULL) { 308 /* si was not ni solist */ 309 DL_ERR("name \"%s\" is not in solist!", si->name); 310 return; 311 } 312 313 /* prev will never be NULL, because the first entry in solist is 314 always the static libdl_info. 315 */ 316 prev->next = si->next; 317 if (si == sonext) sonext = prev; 318 si->next = freelist; 319 freelist = si; 320} 321 322const char *addr_to_name(unsigned addr) 323{ 324 for (soinfo* si = solist; si != 0; si = si->next) { 325 if ((addr >= si->base) && (addr < (si->base + si->size))) { 326 return si->name; 327 } 328 } 329 return ""; 330} 331 332#ifdef ANDROID_ARM_LINKER 333 334/* For a given PC, find the .so that it belongs to. 335 * Returns the base address of the .ARM.exidx section 336 * for that .so, and the number of 8-byte entries 337 * in that section (via *pcount). 338 * 339 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 340 * 341 * This function is exposed via dlfcn.c and libdl.so. 342 */ 343_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int *pcount) 344{ 345 soinfo *si; 346 unsigned addr = (unsigned)pc; 347 348 for (si = solist; si != 0; si = si->next){ 349 if ((addr >= si->base) && (addr < (si->base + si->size))) { 350 *pcount = si->ARM_exidx_count; 351 return (_Unwind_Ptr)si->ARM_exidx; 352 } 353 } 354 *pcount = 0; 355 return NULL; 356} 357 358#elif defined(ANDROID_X86_LINKER) || defined(ANDROID_MIPS_LINKER) 359 360/* Here, we only have to provide a callback to iterate across all the 361 * loaded libraries. gcc_eh does the rest. */ 362int 363dl_iterate_phdr(int (*cb)(struct dl_phdr_info *info, size_t size, void *data), 364 void *data) 365{ 366 soinfo *si; 367 struct dl_phdr_info dl_info; 368 int rv = 0; 369 370 for (si = solist; si != NULL; si = si->next) { 371 dl_info.dlpi_addr = si->linkmap.l_addr; 372 dl_info.dlpi_name = si->linkmap.l_name; 373 dl_info.dlpi_phdr = si->phdr; 374 dl_info.dlpi_phnum = si->phnum; 375 rv = cb(&dl_info, sizeof (struct dl_phdr_info), data); 376 if (rv != 0) 377 break; 378 } 379 return rv; 380} 381 382#endif 383 384static Elf32_Sym *soinfo_elf_lookup(soinfo *si, unsigned hash, const char *name) 385{ 386 Elf32_Sym *s; 387 Elf32_Sym *symtab = si->symtab; 388 const char *strtab = si->strtab; 389 unsigned n; 390 391 TRACE_TYPE(LOOKUP, "%5d SEARCH %s in %s@0x%08x %08x %d\n", pid, 392 name, si->name, si->base, hash, hash % si->nbucket); 393 n = hash % si->nbucket; 394 395 for(n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]){ 396 s = symtab + n; 397 if(strcmp(strtab + s->st_name, name)) continue; 398 399 /* only concern ourselves with global and weak symbol definitions */ 400 switch(ELF32_ST_BIND(s->st_info)){ 401 case STB_GLOBAL: 402 case STB_WEAK: 403 if(s->st_shndx == SHN_UNDEF) 404 continue; 405 406 TRACE_TYPE(LOOKUP, "%5d FOUND %s in %s (%08x) %d\n", pid, 407 name, si->name, s->st_value, s->st_size); 408 return s; 409 } 410 } 411 412 return NULL; 413} 414 415static unsigned elfhash(const char *_name) 416{ 417 const unsigned char *name = (const unsigned char *) _name; 418 unsigned h = 0, g; 419 420 while(*name) { 421 h = (h << 4) + *name++; 422 g = h & 0xf0000000; 423 h ^= g; 424 h ^= g >> 24; 425 } 426 return h; 427} 428 429static Elf32_Sym * 430soinfo_do_lookup(soinfo *si, const char *name, Elf32_Addr *offset) 431{ 432 unsigned elf_hash = elfhash(name); 433 Elf32_Sym *s; 434 unsigned *d; 435 soinfo *lsi = si; 436 int i; 437 438 /* Look for symbols in the local scope (the object who is 439 * searching). This happens with C++ templates on i386 for some 440 * reason. 441 * 442 * Notes on weak symbols: 443 * The ELF specs are ambigious about treatment of weak definitions in 444 * dynamic linking. Some systems return the first definition found 445 * and some the first non-weak definition. This is system dependent. 446 * Here we return the first definition found for simplicity. */ 447 448 s = soinfo_elf_lookup(si, elf_hash, name); 449 if(s != NULL) 450 goto done; 451 452 /* Next, look for it in the preloads list */ 453 for(i = 0; preloads[i] != NULL; i++) { 454 lsi = preloads[i]; 455 s = soinfo_elf_lookup(lsi, elf_hash, name); 456 if(s != NULL) 457 goto done; 458 } 459 460 for(d = si->dynamic; *d; d += 2) { 461 if(d[0] == DT_NEEDED){ 462 lsi = (soinfo *)d[1]; 463 if (!validate_soinfo(lsi)) { 464 DL_ERR("bad DT_NEEDED pointer in \"%s\"", lsi->name); 465 return NULL; 466 } 467 468 DEBUG("%5d %s: looking up %s in %s\n", 469 pid, si->name, name, lsi->name); 470 s = soinfo_elf_lookup(lsi, elf_hash, name); 471 if (s != NULL) 472 goto done; 473 } 474 } 475 476#if ALLOW_SYMBOLS_FROM_MAIN 477 /* If we are resolving relocations while dlopen()ing a library, it's OK for 478 * the library to resolve a symbol that's defined in the executable itself, 479 * although this is rare and is generally a bad idea. 480 */ 481 if (somain) { 482 lsi = somain; 483 DEBUG("%5d %s: looking up %s in executable %s\n", 484 pid, si->name, name, lsi->name); 485 s = soinfo_elf_lookup(lsi, elf_hash, name); 486 } 487#endif 488 489done: 490 if(s != NULL) { 491 TRACE_TYPE(LOOKUP, "%5d si %s sym %s s->st_value = 0x%08x, " 492 "found in %s, base = 0x%08x, load bias = 0x%08x\n", 493 pid, si->name, name, s->st_value, 494 lsi->name, lsi->base, lsi->load_bias); 495 *offset = lsi->load_bias; 496 return s; 497 } 498 499 return NULL; 500} 501 502/* This is used by dl_sym(). It performs symbol lookup only within the 503 specified soinfo object and not in any of its dependencies. 504 */ 505Elf32_Sym *soinfo_lookup(soinfo *si, const char *name) 506{ 507 return soinfo_elf_lookup(si, elfhash(name), name); 508} 509 510/* This is used by dl_sym(). It performs a global symbol lookup. 511 */ 512Elf32_Sym *lookup(const char *name, soinfo **found, soinfo *start) 513{ 514 unsigned elf_hash = elfhash(name); 515 Elf32_Sym *s = NULL; 516 soinfo *si; 517 518 if(start == NULL) { 519 start = solist; 520 } 521 522 for(si = start; (s == NULL) && (si != NULL); si = si->next) 523 { 524 if(si->flags & FLAG_ERROR) 525 continue; 526 s = soinfo_elf_lookup(si, elf_hash, name); 527 if (s != NULL) { 528 *found = si; 529 break; 530 } 531 } 532 533 if(s != NULL) { 534 TRACE_TYPE(LOOKUP, "%5d %s s->st_value = 0x%08x, " 535 "si->base = 0x%08x\n", pid, name, s->st_value, si->base); 536 return s; 537 } 538 539 return NULL; 540} 541 542soinfo *find_containing_library(const void *addr) 543{ 544 soinfo *si; 545 546 for(si = solist; si != NULL; si = si->next) 547 { 548 if((unsigned)addr >= si->base && (unsigned)addr - si->base < si->size) { 549 return si; 550 } 551 } 552 553 return NULL; 554} 555 556Elf32_Sym *soinfo_find_symbol(soinfo* si, const void *addr) 557{ 558 unsigned int i; 559 unsigned soaddr = (unsigned)addr - si->base; 560 561 /* Search the library's symbol table for any defined symbol which 562 * contains this address */ 563 for(i=0; i<si->nchain; i++) { 564 Elf32_Sym *sym = &si->symtab[i]; 565 566 if(sym->st_shndx != SHN_UNDEF && 567 soaddr >= sym->st_value && 568 soaddr < sym->st_value + sym->st_size) { 569 return sym; 570 } 571 } 572 573 return NULL; 574} 575 576#if 0 577static void dump(soinfo *si) 578{ 579 Elf32_Sym *s = si->symtab; 580 unsigned n; 581 582 for(n = 0; n < si->nchain; n++) { 583 TRACE("%5d %04d> %08x: %02x %04x %08x %08x %s\n", pid, n, s, 584 s->st_info, s->st_shndx, s->st_value, s->st_size, 585 si->strtab + s->st_name); 586 s++; 587 } 588} 589#endif 590 591static const char * const sopaths[] = { 592 "/vendor/lib", 593 "/system/lib", 594 0 595}; 596 597static int _open_lib(const char *name) 598{ 599 int fd; 600 struct stat filestat; 601 602 if ((stat(name, &filestat) >= 0) && S_ISREG(filestat.st_mode)) { 603 if ((fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY))) >= 0) 604 return fd; 605 } 606 607 return -1; 608} 609 610static int open_library(const char *name) 611{ 612 int fd; 613 char buf[512]; 614 const char * const*path; 615 int n; 616 617 TRACE("[ %5d opening %s ]\n", pid, name); 618 619 if(name == 0) return -1; 620 if(strlen(name) > 256) return -1; 621 622 if ((name[0] == '/') && ((fd = _open_lib(name)) >= 0)) 623 return fd; 624 625 for (path = ldpaths; *path; path++) { 626 n = format_buffer(buf, sizeof(buf), "%s/%s", *path, name); 627 if (n < 0 || n >= (int)sizeof(buf)) { 628 WARN("Ignoring very long library path: %s/%s\n", *path, name); 629 continue; 630 } 631 if ((fd = _open_lib(buf)) >= 0) 632 return fd; 633 } 634 for (path = sopaths; *path; path++) { 635 n = format_buffer(buf, sizeof(buf), "%s/%s", *path, name); 636 if (n < 0 || n >= (int)sizeof(buf)) { 637 WARN("Ignoring very long library path: %s/%s\n", *path, name); 638 continue; 639 } 640 if ((fd = _open_lib(buf)) >= 0) 641 return fd; 642 } 643 644 return -1; 645} 646 647// Returns 'true' if the library is prelinked or on failure so we error out 648// either way. We no longer support prelinking. 649static bool is_prelinked(int fd, const char* name) 650{ 651 struct prelink_info_t { 652 long mmap_addr; 653 char tag[4]; // "PRE ". 654 }; 655 656 off_t sz = lseek(fd, -sizeof(struct prelink_info_t), SEEK_END); 657 if (sz < 0) { 658 DL_ERR("lseek failed: %s", strerror(errno)); 659 return true; 660 } 661 662 struct prelink_info_t info; 663 int rc = TEMP_FAILURE_RETRY(read(fd, &info, sizeof(info))); 664 if (rc != sizeof(info)) { 665 DL_ERR("could not read prelink_info_t structure for \"%s\":", name, strerror(errno)); 666 return true; 667 } 668 669 if (memcmp(info.tag, "PRE ", 4) == 0) { 670 DL_ERR("prelinked libraries no longer supported: %s", name); 671 return true; 672 } 673 return false; 674} 675 676/* verify_elf_header 677 * Verifies the content of an ELF header. 678 * 679 * Args: 680 * 681 * Returns: 682 * 0 on success 683 * -1 if no valid ELF object is found @ base. 684 */ 685static int 686verify_elf_header(const Elf32_Ehdr* hdr) 687{ 688 if (hdr->e_ident[EI_MAG0] != ELFMAG0) return -1; 689 if (hdr->e_ident[EI_MAG1] != ELFMAG1) return -1; 690 if (hdr->e_ident[EI_MAG2] != ELFMAG2) return -1; 691 if (hdr->e_ident[EI_MAG3] != ELFMAG3) return -1; 692 693 /* TODO: Should we verify anything else in the header? */ 694#ifdef ANDROID_ARM_LINKER 695 if (hdr->e_machine != EM_ARM) return -1; 696#elif defined(ANDROID_X86_LINKER) 697 if (hdr->e_machine != EM_386) return -1; 698#elif defined(ANDROID_MIPS_LINKER) 699 if (hdr->e_machine != EM_MIPS) return -1; 700#endif 701 return 0; 702} 703 704struct scoped_fd { 705 ~scoped_fd() { 706 if (fd != -1) { 707 close(fd); 708 } 709 } 710 int fd; 711}; 712 713struct soinfo_ptr { 714 soinfo_ptr(const char* name) { 715 const char* bname = strrchr(name, '/'); 716 ptr = soinfo_alloc(bname ? bname + 1 : name); 717 } 718 ~soinfo_ptr() { 719 soinfo_free(ptr); 720 } 721 soinfo* release() { 722 soinfo* result = ptr; 723 ptr = NULL; 724 return result; 725 } 726 soinfo* ptr; 727}; 728 729// TODO: rewrite linker_phdr.h to use a class, then lose this. 730struct phdr_ptr { 731 phdr_ptr() : phdr_mmap(NULL) {} 732 ~phdr_ptr() { 733 if (phdr_mmap != NULL) { 734 phdr_table_unload(phdr_mmap, phdr_size); 735 } 736 } 737 void* phdr_mmap; 738 Elf32_Addr phdr_size; 739}; 740 741static soinfo* load_library(const char* name) 742{ 743 // Open the file. 744 scoped_fd fd; 745 fd.fd = open_library(name); 746 if (fd.fd == -1) { 747 DL_ERR("library \"%s\" not found", name); 748 return NULL; 749 } 750 751 // Read the ELF header. 752 Elf32_Ehdr header[1]; 753 int ret = TEMP_FAILURE_RETRY(read(fd.fd, (void*)header, sizeof(header))); 754 if (ret < 0) { 755 DL_ERR("can't read file \"%s\": %s", name, strerror(errno)); 756 return NULL; 757 } 758 if (ret != (int)sizeof(header)) { 759 DL_ERR("too small to be an ELF executable: %s", name); 760 return NULL; 761 } 762 if (verify_elf_header(header) < 0) { 763 DL_ERR("not a valid ELF executable: %s", name); 764 return NULL; 765 } 766 767 // Read the program header table. 768 const Elf32_Phdr* phdr_table; 769 phdr_ptr phdr_holder; 770 ret = phdr_table_load(fd.fd, header->e_phoff, header->e_phnum, 771 &phdr_holder.phdr_mmap, &phdr_holder.phdr_size, &phdr_table); 772 if (ret < 0) { 773 DL_ERR("can't load program header table: %s: %s", name, strerror(errno)); 774 return NULL; 775 } 776 size_t phdr_count = header->e_phnum; 777 778 // Get the load extents. 779 Elf32_Addr ext_sz = phdr_table_get_load_size(phdr_table, phdr_count); 780 TRACE("[ %5d - '%s' wants sz=0x%08x ]\n", pid, name, ext_sz); 781 if (ext_sz == 0) { 782 DL_ERR("no loadable segments in file: %s", name); 783 return NULL; 784 } 785 786 // We no longer support pre-linked libraries. 787 if (is_prelinked(fd.fd, name)) { 788 return NULL; 789 } 790 791 // Reserve address space for all loadable segments. 792 void* load_start = NULL; 793 Elf32_Addr load_size = 0; 794 Elf32_Addr load_bias = 0; 795 ret = phdr_table_reserve_memory(phdr_table, 796 phdr_count, 797 &load_start, 798 &load_size, 799 &load_bias); 800 if (ret < 0) { 801 DL_ERR("can't reserve %d bytes in address space for \"%s\": %s", 802 ext_sz, name, strerror(errno)); 803 return NULL; 804 } 805 806 TRACE("[ %5d allocated memory for %s @ %p (0x%08x) ]\n", 807 pid, name, load_start, load_size); 808 809 /* Map all the segments in our address space with default protections */ 810 ret = phdr_table_load_segments(phdr_table, 811 phdr_count, 812 load_bias, 813 fd.fd); 814 if (ret < 0) { 815 DL_ERR("can't map loadable segments for \"%s\": %s", 816 name, strerror(errno)); 817 return NULL; 818 } 819 820 soinfo_ptr si(name); 821 if (si.ptr == NULL) { 822 return NULL; 823 } 824 825 si.ptr->base = (Elf32_Addr) load_start; 826 si.ptr->size = load_size; 827 si.ptr->load_bias = load_bias; 828 si.ptr->flags = 0; 829 si.ptr->entry = 0; 830 si.ptr->dynamic = (unsigned *)-1; 831 si.ptr->phnum = phdr_count; 832 si.ptr->phdr = phdr_table_get_loaded_phdr(phdr_table, phdr_count, load_bias); 833 if (si.ptr->phdr == NULL) { 834 DL_ERR("can't find loaded PHDR for \"%s\"", name); 835 return NULL; 836 } 837 838 return si.release(); 839} 840 841static soinfo * 842init_library(soinfo *si) 843{ 844 /* At this point we know that whatever is loaded @ base is a valid ELF 845 * shared library whose segments are properly mapped in. */ 846 TRACE("[ %5d init_library base=0x%08x sz=0x%08x name='%s') ]\n", 847 pid, si->base, si->size, si->name); 848 849 if(soinfo_link_image(si)) { 850 /* We failed to link. However, we can only restore libbase 851 ** if no additional libraries have moved it since we updated it. 852 */ 853 munmap((void *)si->base, si->size); 854 return NULL; 855 } 856 857 return si; 858} 859 860soinfo *find_library(const char *name) 861{ 862 soinfo *si; 863 const char *bname; 864 865#if ALLOW_SYMBOLS_FROM_MAIN 866 if (name == NULL) 867 return somain; 868#else 869 if (name == NULL) 870 return NULL; 871#endif 872 873 bname = strrchr(name, '/'); 874 bname = bname ? bname + 1 : name; 875 876 for(si = solist; si != 0; si = si->next){ 877 if(!strcmp(bname, si->name)) { 878 if(si->flags & FLAG_ERROR) { 879 DL_ERR("\"%s\" failed to load previously", bname); 880 return NULL; 881 } 882 if(si->flags & FLAG_LINKED) return si; 883 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 884 return NULL; 885 } 886 } 887 888 TRACE("[ %5d '%s' has not been loaded yet. Locating...]\n", pid, name); 889 si = load_library(name); 890 if(si == NULL) 891 return NULL; 892 return init_library(si); 893} 894 895/* TODO: 896 * find a way to decrement libbase 897 */ 898static void call_destructors(soinfo *si); 899unsigned soinfo_unload(soinfo *si) 900{ 901 unsigned *d; 902 if (si->refcount == 1) { 903 TRACE("%5d unloading '%s'\n", pid, si->name); 904 call_destructors(si); 905 906 /* 907 * Make sure that we undo the PT_GNU_RELRO protections we added 908 * in soinfo_link_image. This is needed to undo the DT_NEEDED hack below. 909 */ 910 if (phdr_table_unprotect_gnu_relro(si->phdr, si->phnum, 911 si->load_bias) < 0) { 912 DL_ERR("%s: could not undo GNU_RELRO protections. " 913 "Expect a crash soon. errno=%d (%s)", 914 si->name, errno, strerror(errno)); 915 } 916 917 for(d = si->dynamic; *d; d += 2) { 918 if(d[0] == DT_NEEDED){ 919 soinfo *lsi = (soinfo *)d[1]; 920 921 // The next line will segfault if the we don't undo the 922 // PT_GNU_RELRO protections (see comments above and in 923 // soinfo_link_image(). 924 d[1] = 0; 925 926 if (validate_soinfo(lsi)) { 927 TRACE("%5d %s needs to unload %s\n", pid, 928 si->name, lsi->name); 929 soinfo_unload(lsi); 930 } 931 else 932 DL_ERR("\"%s\": could not unload dependent library", 933 si->name); 934 } 935 } 936 937 munmap((char *)si->base, si->size); 938 notify_gdb_of_unload(si); 939 soinfo_free(si); 940 si->refcount = 0; 941 } 942 else { 943 si->refcount--; 944 PRINT("%5d not unloading '%s', decrementing refcount to %d\n", 945 pid, si->name, si->refcount); 946 } 947 return si->refcount; 948} 949 950/* TODO: don't use unsigned for addrs below. It works, but is not 951 * ideal. They should probably be either uint32_t, Elf32_Addr, or unsigned 952 * long. 953 */ 954static int soinfo_relocate(soinfo *si, Elf32_Rel *rel, unsigned count) 955{ 956 Elf32_Sym *symtab = si->symtab; 957 const char *strtab = si->strtab; 958 Elf32_Sym *s; 959 Elf32_Addr offset; 960 Elf32_Rel *start = rel; 961 962 for (size_t idx = 0; idx < count; ++idx, ++rel) { 963 unsigned type = ELF32_R_TYPE(rel->r_info); 964 unsigned sym = ELF32_R_SYM(rel->r_info); 965 unsigned reloc = (unsigned)(rel->r_offset + si->load_bias); 966 unsigned sym_addr = 0; 967 char *sym_name = NULL; 968 969 DEBUG("%5d Processing '%s' relocation at index %d\n", pid, 970 si->name, idx); 971 if (type == 0) { // R_*_NONE 972 continue; 973 } 974 if(sym != 0) { 975 sym_name = (char *)(strtab + symtab[sym].st_name); 976 s = soinfo_do_lookup(si, sym_name, &offset); 977 if(s == NULL) { 978 /* We only allow an undefined symbol if this is a weak 979 reference.. */ 980 s = &symtab[sym]; 981 if (ELF32_ST_BIND(s->st_info) != STB_WEAK) { 982 DL_ERR("cannot locate \"%s\"...", sym_name); 983 return -1; 984 } 985 986 /* IHI0044C AAELF 4.5.1.1: 987 988 Libraries are not searched to resolve weak references. 989 It is not an error for a weak reference to remain 990 unsatisfied. 991 992 During linking, the value of an undefined weak reference is: 993 - Zero if the relocation type is absolute 994 - The address of the place if the relocation is pc-relative 995 - The address of nominial base address if the relocation 996 type is base-relative. 997 */ 998 999 switch (type) { 1000#if defined(ANDROID_ARM_LINKER) 1001 case R_ARM_JUMP_SLOT: 1002 case R_ARM_GLOB_DAT: 1003 case R_ARM_ABS32: 1004 case R_ARM_RELATIVE: /* Don't care. */ 1005#elif defined(ANDROID_X86_LINKER) 1006 case R_386_JMP_SLOT: 1007 case R_386_GLOB_DAT: 1008 case R_386_32: 1009 case R_386_RELATIVE: /* Dont' care. */ 1010#endif /* ANDROID_*_LINKER */ 1011 /* sym_addr was initialized to be zero above or relocation 1012 code below does not care about value of sym_addr. 1013 No need to do anything. */ 1014 break; 1015 1016#if defined(ANDROID_X86_LINKER) 1017 case R_386_PC32: 1018 sym_addr = reloc; 1019 break; 1020#endif /* ANDROID_X86_LINKER */ 1021 1022#if defined(ANDROID_ARM_LINKER) 1023 case R_ARM_COPY: 1024 /* Fall through. Can't really copy if weak symbol is 1025 not found in run-time. */ 1026#endif /* ANDROID_ARM_LINKER */ 1027 default: 1028 DL_ERR("unknown weak reloc type %d @ %p (%d)", 1029 type, rel, (int) (rel - start)); 1030 return -1; 1031 } 1032 } else { 1033 /* We got a definition. */ 1034#if 0 1035 if((base == 0) && (si->base != 0)){ 1036 /* linking from libraries to main image is bad */ 1037 DL_ERR("cannot locate \"%s\"...", 1038 strtab + symtab[sym].st_name); 1039 return -1; 1040 } 1041#endif 1042 sym_addr = (unsigned)(s->st_value + offset); 1043 } 1044 COUNT_RELOC(RELOC_SYMBOL); 1045 } else { 1046 s = NULL; 1047 } 1048 1049/* TODO: This is ugly. Split up the relocations by arch into 1050 * different files. 1051 */ 1052 switch(type){ 1053#if defined(ANDROID_ARM_LINKER) 1054 case R_ARM_JUMP_SLOT: 1055 COUNT_RELOC(RELOC_ABSOLUTE); 1056 MARK(rel->r_offset); 1057 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1058 reloc, sym_addr, sym_name); 1059 *((unsigned*)reloc) = sym_addr; 1060 break; 1061 case R_ARM_GLOB_DAT: 1062 COUNT_RELOC(RELOC_ABSOLUTE); 1063 MARK(rel->r_offset); 1064 TRACE_TYPE(RELO, "%5d RELO GLOB_DAT %08x <- %08x %s\n", pid, 1065 reloc, sym_addr, sym_name); 1066 *((unsigned*)reloc) = sym_addr; 1067 break; 1068 case R_ARM_ABS32: 1069 COUNT_RELOC(RELOC_ABSOLUTE); 1070 MARK(rel->r_offset); 1071 TRACE_TYPE(RELO, "%5d RELO ABS %08x <- %08x %s\n", pid, 1072 reloc, sym_addr, sym_name); 1073 *((unsigned*)reloc) += sym_addr; 1074 break; 1075 case R_ARM_REL32: 1076 COUNT_RELOC(RELOC_RELATIVE); 1077 MARK(rel->r_offset); 1078 TRACE_TYPE(RELO, "%5d RELO REL32 %08x <- %08x - %08x %s\n", pid, 1079 reloc, sym_addr, rel->r_offset, sym_name); 1080 *((unsigned*)reloc) += sym_addr - rel->r_offset; 1081 break; 1082#elif defined(ANDROID_X86_LINKER) 1083 case R_386_JMP_SLOT: 1084 COUNT_RELOC(RELOC_ABSOLUTE); 1085 MARK(rel->r_offset); 1086 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1087 reloc, sym_addr, sym_name); 1088 *((unsigned*)reloc) = sym_addr; 1089 break; 1090 case R_386_GLOB_DAT: 1091 COUNT_RELOC(RELOC_ABSOLUTE); 1092 MARK(rel->r_offset); 1093 TRACE_TYPE(RELO, "%5d RELO GLOB_DAT %08x <- %08x %s\n", pid, 1094 reloc, sym_addr, sym_name); 1095 *((unsigned*)reloc) = sym_addr; 1096 break; 1097#elif defined(ANDROID_MIPS_LINKER) 1098 case R_MIPS_JUMP_SLOT: 1099 COUNT_RELOC(RELOC_ABSOLUTE); 1100 MARK(rel->r_offset); 1101 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1102 reloc, sym_addr, sym_name); 1103 *((unsigned*)reloc) = sym_addr; 1104 break; 1105 case R_MIPS_REL32: 1106 COUNT_RELOC(RELOC_ABSOLUTE); 1107 MARK(rel->r_offset); 1108 TRACE_TYPE(RELO, "%5d RELO REL32 %08x <- %08x %s\n", pid, 1109 reloc, sym_addr, (sym_name) ? sym_name : "*SECTIONHDR*"); 1110 if (s) { 1111 *((unsigned*)reloc) += sym_addr; 1112 } else { 1113 *((unsigned*)reloc) += si->base; 1114 } 1115 break; 1116#endif /* ANDROID_*_LINKER */ 1117 1118#if defined(ANDROID_ARM_LINKER) 1119 case R_ARM_RELATIVE: 1120#elif defined(ANDROID_X86_LINKER) 1121 case R_386_RELATIVE: 1122#endif /* ANDROID_*_LINKER */ 1123 COUNT_RELOC(RELOC_RELATIVE); 1124 MARK(rel->r_offset); 1125 if (sym) { 1126 DL_ERR("odd RELATIVE form...", pid); 1127 return -1; 1128 } 1129 TRACE_TYPE(RELO, "%5d RELO RELATIVE %08x <- +%08x\n", pid, 1130 reloc, si->base); 1131 *((unsigned*)reloc) += si->base; 1132 break; 1133 1134#if defined(ANDROID_X86_LINKER) 1135 case R_386_32: 1136 COUNT_RELOC(RELOC_RELATIVE); 1137 MARK(rel->r_offset); 1138 1139 TRACE_TYPE(RELO, "%5d RELO R_386_32 %08x <- +%08x %s\n", pid, 1140 reloc, sym_addr, sym_name); 1141 *((unsigned *)reloc) += (unsigned)sym_addr; 1142 break; 1143 1144 case R_386_PC32: 1145 COUNT_RELOC(RELOC_RELATIVE); 1146 MARK(rel->r_offset); 1147 TRACE_TYPE(RELO, "%5d RELO R_386_PC32 %08x <- " 1148 "+%08x (%08x - %08x) %s\n", pid, reloc, 1149 (sym_addr - reloc), sym_addr, reloc, sym_name); 1150 *((unsigned *)reloc) += (unsigned)(sym_addr - reloc); 1151 break; 1152#endif /* ANDROID_X86_LINKER */ 1153 1154#ifdef ANDROID_ARM_LINKER 1155 case R_ARM_COPY: 1156 COUNT_RELOC(RELOC_COPY); 1157 MARK(rel->r_offset); 1158 TRACE_TYPE(RELO, "%5d RELO %08x <- %d @ %08x %s\n", pid, 1159 reloc, s->st_size, sym_addr, sym_name); 1160 memcpy((void*)reloc, (void*)sym_addr, s->st_size); 1161 break; 1162#endif /* ANDROID_ARM_LINKER */ 1163 1164 default: 1165 DL_ERR("unknown reloc type %d @ %p (%d)", 1166 type, rel, (int) (rel - start)); 1167 return -1; 1168 } 1169 } 1170 return 0; 1171} 1172 1173#ifdef ANDROID_MIPS_LINKER 1174int mips_relocate_got(struct soinfo *si) 1175{ 1176 unsigned *got; 1177 unsigned local_gotno, gotsym, symtabno; 1178 Elf32_Sym *symtab, *sym; 1179 unsigned g; 1180 1181 got = si->plt_got; 1182 local_gotno = si->mips_local_gotno; 1183 gotsym = si->mips_gotsym; 1184 symtabno = si->mips_symtabno; 1185 symtab = si->symtab; 1186 1187 /* 1188 * got[0] is address of lazy resolver function 1189 * got[1] may be used for a GNU extension 1190 * set it to a recognisable address in case someone calls it 1191 * (should be _rtld_bind_start) 1192 * FIXME: maybe this should be in a separate routine 1193 */ 1194 1195 if ((si->flags & FLAG_LINKER) == 0) { 1196 g = 0; 1197 got[g++] = 0xdeadbeef; 1198 if (got[g] & 0x80000000) { 1199 got[g++] = 0xdeadfeed; 1200 } 1201 /* 1202 * Relocate the local GOT entries need to be relocated 1203 */ 1204 for (; g < local_gotno; g++) { 1205 got[g] += si->load_bias; 1206 } 1207 } 1208 1209 /* Now for the global GOT entries */ 1210 sym = symtab + gotsym; 1211 got = si->plt_got + local_gotno; 1212 for (g = gotsym; g < symtabno; g++, sym++, got++) { 1213 const char *sym_name; 1214 unsigned base; 1215 Elf32_Sym *s; 1216 1217 /* This is an undefined reference... try to locate it */ 1218 sym_name = si->strtab + sym->st_name; 1219 s = soinfo_do_lookup(si, sym_name, &base); 1220 if (s == NULL) { 1221 /* We only allow an undefined symbol if this is a weak 1222 reference.. */ 1223 s = &symtab[g]; 1224 if (ELF32_ST_BIND(s->st_info) != STB_WEAK) { 1225 DL_ERR("cannot locate \"%s\"...", sym_name); 1226 return -1; 1227 } 1228 *got = 0; 1229 } 1230 else { 1231 /* FIXME: is this sufficient? 1232 * For reference see NetBSD link loader 1233 * http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1234 */ 1235 *got = base + s->st_value; 1236 } 1237 } 1238 return 0; 1239} 1240#endif 1241 1242/* Please read the "Initialization and Termination functions" functions. 1243 * of the linker design note in bionic/linker/README.TXT to understand 1244 * what the following code is doing. 1245 * 1246 * The important things to remember are: 1247 * 1248 * DT_PREINIT_ARRAY must be called first for executables, and should 1249 * not appear in shared libraries. 1250 * 1251 * DT_INIT should be called before DT_INIT_ARRAY if both are present 1252 * 1253 * DT_FINI should be called after DT_FINI_ARRAY if both are present 1254 * 1255 * DT_FINI_ARRAY must be parsed in reverse order. 1256 */ 1257 1258static void call_array(unsigned *ctor, int count, int reverse) 1259{ 1260 int n, inc = 1; 1261 1262 if (reverse) { 1263 ctor += (count-1); 1264 inc = -1; 1265 } 1266 1267 for(n = count; n > 0; n--) { 1268 TRACE("[ %5d Looking at %s *0x%08x == 0x%08x ]\n", pid, 1269 reverse ? "dtor" : "ctor", 1270 (unsigned)ctor, (unsigned)*ctor); 1271 void (*func)() = (void (*)()) *ctor; 1272 ctor += inc; 1273 if(((int) func == 0) || ((int) func == -1)) continue; 1274 TRACE("[ %5d Calling func @ 0x%08x ]\n", pid, (unsigned)func); 1275 func(); 1276 } 1277} 1278 1279static void soinfo_call_preinit_constructors(soinfo *si) 1280{ 1281 TRACE("[ %5d Calling preinit_array @ 0x%08x [%d] for '%s' ]\n", 1282 pid, (unsigned)si->preinit_array, si->preinit_array_count, 1283 si->name); 1284 call_array(si->preinit_array, si->preinit_array_count, 0); 1285 TRACE("[ %5d Done calling preinit_array for '%s' ]\n", pid, si->name); 1286} 1287 1288void soinfo_call_constructors(soinfo *si) 1289{ 1290 if (si->constructors_called) 1291 return; 1292 1293 // Set this before actually calling the constructors, otherwise it doesn't 1294 // protect against recursive constructor calls. One simple example of 1295 // constructor recursion is the libc debug malloc, which is implemented in 1296 // libc_malloc_debug_leak.so: 1297 // 1. The program depends on libc, so libc's constructor is called here. 1298 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1299 // 3. dlopen() calls soinfo_call_constructors() with the newly created 1300 // soinfo for libc_malloc_debug_leak.so. 1301 // 4. The debug so depends on libc, so soinfo_call_constructors() is 1302 // called again with the libc soinfo. If it doesn't trigger the early- 1303 // out above, the libc constructor will be called again (recursively!). 1304 si->constructors_called = 1; 1305 1306 if (!(si->flags & FLAG_EXE) && si->preinit_array) { 1307 DL_ERR("shared library \"%s\" has a preinit_array table @ 0x%08x. " 1308 "This is INVALID.", si->name, (unsigned) si->preinit_array); 1309 } 1310 1311 if (si->dynamic) { 1312 unsigned *d; 1313 for(d = si->dynamic; *d; d += 2) { 1314 if(d[0] == DT_NEEDED){ 1315 soinfo* lsi = (soinfo *)d[1]; 1316 if (!validate_soinfo(lsi)) { 1317 DL_ERR("bad DT_NEEDED pointer in \"%s\"", si->name); 1318 } else { 1319 soinfo_call_constructors(lsi); 1320 } 1321 } 1322 } 1323 } 1324 1325 if (si->init_func) { 1326 TRACE("[ %5d Calling init_func @ 0x%08x for '%s' ]\n", pid, 1327 (unsigned)si->init_func, si->name); 1328 si->init_func(); 1329 TRACE("[ %5d Done calling init_func for '%s' ]\n", pid, si->name); 1330 } 1331 1332 if (si->init_array) { 1333 TRACE("[ %5d Calling init_array @ 0x%08x [%d] for '%s' ]\n", pid, 1334 (unsigned)si->init_array, si->init_array_count, si->name); 1335 call_array(si->init_array, si->init_array_count, 0); 1336 TRACE("[ %5d Done calling init_array for '%s' ]\n", pid, si->name); 1337 } 1338 1339} 1340 1341static void call_destructors(soinfo *si) 1342{ 1343 if (si->fini_array) { 1344 TRACE("[ %5d Calling fini_array @ 0x%08x [%d] for '%s' ]\n", pid, 1345 (unsigned)si->fini_array, si->fini_array_count, si->name); 1346 call_array(si->fini_array, si->fini_array_count, 1); 1347 TRACE("[ %5d Done calling fini_array for '%s' ]\n", pid, si->name); 1348 } 1349 1350 if (si->fini_func) { 1351 TRACE("[ %5d Calling fini_func @ 0x%08x for '%s' ]\n", pid, 1352 (unsigned)si->fini_func, si->name); 1353 si->fini_func(); 1354 TRACE("[ %5d Done calling fini_func for '%s' ]\n", pid, si->name); 1355 } 1356} 1357 1358/* Force any of the closed stdin, stdout and stderr to be associated with 1359 /dev/null. */ 1360static int nullify_closed_stdio (void) 1361{ 1362 int dev_null, i, status; 1363 int return_value = 0; 1364 1365 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1366 if (dev_null < 0) { 1367 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1368 return -1; 1369 } 1370 TRACE("[ %5d Opened /dev/null file-descriptor=%d]\n", pid, dev_null); 1371 1372 /* If any of the stdio file descriptors is valid and not associated 1373 with /dev/null, dup /dev/null to it. */ 1374 for (i = 0; i < 3; i++) { 1375 /* If it is /dev/null already, we are done. */ 1376 if (i == dev_null) { 1377 continue; 1378 } 1379 1380 TRACE("[ %5d Nullifying stdio file descriptor %d]\n", pid, i); 1381 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1382 1383 /* If file is opened, we are good. */ 1384 if (status != -1) { 1385 continue; 1386 } 1387 1388 /* The only error we allow is that the file descriptor does not 1389 exist, in which case we dup /dev/null to it. */ 1390 if (errno != EBADF) { 1391 DL_ERR("fcntl failed: %s", strerror(errno)); 1392 return_value = -1; 1393 continue; 1394 } 1395 1396 /* Try dupping /dev/null to this stdio file descriptor and 1397 repeat if there is a signal. Note that any errors in closing 1398 the stdio descriptor are lost. */ 1399 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1400 if (status < 0) { 1401 DL_ERR("dup2 failed: %s", strerror(errno)); 1402 return_value = -1; 1403 continue; 1404 } 1405 } 1406 1407 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1408 if (dev_null > 2) { 1409 TRACE("[ %5d Closing /dev/null file-descriptor=%d]\n", pid, dev_null); 1410 status = TEMP_FAILURE_RETRY(close(dev_null)); 1411 if (status == -1) { 1412 DL_ERR("close failed: %s", strerror(errno)); 1413 return_value = -1; 1414 } 1415 } 1416 1417 return return_value; 1418} 1419 1420static int soinfo_link_image(soinfo *si) 1421{ 1422 unsigned *d; 1423 /* "base" might wrap around UINT32_MAX. */ 1424 Elf32_Addr base = si->load_bias; 1425 const Elf32_Phdr *phdr = si->phdr; 1426 int phnum = si->phnum; 1427 int relocating_linker = (si->flags & FLAG_LINKER) != 0; 1428 1429 /* We can't debug anything until the linker is relocated */ 1430 if (!relocating_linker) { 1431 INFO("[ %5d linking %s ]\n", pid, si->name); 1432 DEBUG("%5d si->base = 0x%08x si->flags = 0x%08x\n", pid, 1433 si->base, si->flags); 1434 } 1435 1436 /* Extract dynamic section */ 1437 si->dynamic = phdr_table_get_dynamic_section(phdr, phnum, base); 1438 if (si->dynamic == NULL) { 1439 if (!relocating_linker) { 1440 DL_ERR("missing PT_DYNAMIC?!"); 1441 } 1442 goto fail; 1443 } else { 1444 if (!relocating_linker) { 1445 DEBUG("%5d dynamic = %p\n", pid, si->dynamic); 1446 } 1447 } 1448 1449#ifdef ANDROID_ARM_LINKER 1450 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1451 &si->ARM_exidx, &si->ARM_exidx_count); 1452#endif 1453 1454 /* extract useful information from dynamic section */ 1455 for(d = si->dynamic; *d; d++){ 1456 DEBUG("%5d d = %p, d[0] = 0x%08x d[1] = 0x%08x\n", pid, d, d[0], d[1]); 1457 switch(*d++){ 1458 case DT_HASH: 1459 si->nbucket = ((unsigned *) (base + *d))[0]; 1460 si->nchain = ((unsigned *) (base + *d))[1]; 1461 si->bucket = (unsigned *) (base + *d + 8); 1462 si->chain = (unsigned *) (base + *d + 8 + si->nbucket * 4); 1463 break; 1464 case DT_STRTAB: 1465 si->strtab = (const char *) (base + *d); 1466 break; 1467 case DT_SYMTAB: 1468 si->symtab = (Elf32_Sym *) (base + *d); 1469 break; 1470 case DT_PLTREL: 1471 if(*d != DT_REL) { 1472 DL_ERR("DT_RELA not supported"); 1473 goto fail; 1474 } 1475 break; 1476 case DT_JMPREL: 1477 si->plt_rel = (Elf32_Rel*) (base + *d); 1478 break; 1479 case DT_PLTRELSZ: 1480 si->plt_rel_count = *d / 8; 1481 break; 1482 case DT_REL: 1483 si->rel = (Elf32_Rel*) (base + *d); 1484 break; 1485 case DT_RELSZ: 1486 si->rel_count = *d / 8; 1487 break; 1488 case DT_PLTGOT: 1489 /* Save this in case we decide to do lazy binding. We don't yet. */ 1490 si->plt_got = (unsigned *)(base + *d); 1491 break; 1492 case DT_DEBUG: 1493#if !defined(ANDROID_MIPS_LINKER) 1494 // Set the DT_DEBUG entry to the addres of _r_debug for GDB 1495 *d = (int) &_r_debug; 1496#endif 1497 break; 1498 case DT_RELA: 1499 DL_ERR("DT_RELA not supported"); 1500 goto fail; 1501 case DT_INIT: 1502 si->init_func = (void (*)(void))(base + *d); 1503 DEBUG("%5d %s constructors (init func) found at %p\n", 1504 pid, si->name, si->init_func); 1505 break; 1506 case DT_FINI: 1507 si->fini_func = (void (*)(void))(base + *d); 1508 DEBUG("%5d %s destructors (fini func) found at %p\n", 1509 pid, si->name, si->fini_func); 1510 break; 1511 case DT_INIT_ARRAY: 1512 si->init_array = (unsigned *)(base + *d); 1513 DEBUG("%5d %s constructors (init_array) found at %p\n", 1514 pid, si->name, si->init_array); 1515 break; 1516 case DT_INIT_ARRAYSZ: 1517 si->init_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1518 break; 1519 case DT_FINI_ARRAY: 1520 si->fini_array = (unsigned *)(base + *d); 1521 DEBUG("%5d %s destructors (fini_array) found at %p\n", 1522 pid, si->name, si->fini_array); 1523 break; 1524 case DT_FINI_ARRAYSZ: 1525 si->fini_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1526 break; 1527 case DT_PREINIT_ARRAY: 1528 si->preinit_array = (unsigned *)(base + *d); 1529 DEBUG("%5d %s constructors (preinit_array) found at %p\n", 1530 pid, si->name, si->preinit_array); 1531 break; 1532 case DT_PREINIT_ARRAYSZ: 1533 si->preinit_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1534 break; 1535 case DT_TEXTREL: 1536 si->has_text_relocations = true; 1537 break; 1538#if defined(ANDROID_MIPS_LINKER) 1539 case DT_NEEDED: 1540 case DT_STRSZ: 1541 case DT_SYMENT: 1542 case DT_RELENT: 1543 break; 1544 case DT_MIPS_RLD_MAP: 1545 /* Set the DT_MIPS_RLD_MAP entry to the addres of _r_debug for GDB */ 1546 { 1547 struct r_debug **dp = (struct r_debug **)*d; 1548 *dp = &_r_debug; 1549 } 1550 break; 1551 case DT_MIPS_RLD_VERSION: 1552 case DT_MIPS_FLAGS: 1553 case DT_MIPS_BASE_ADDRESS: 1554 case DT_MIPS_UNREFEXTNO: 1555 case DT_MIPS_RWPLT: 1556 break; 1557 1558 case DT_MIPS_PLTGOT: 1559#if 0 1560 /* not yet... */ 1561 si->mips_pltgot = (unsigned *)(si->base + *d); 1562#endif 1563 break; 1564 1565 case DT_MIPS_SYMTABNO: 1566 si->mips_symtabno = *d; 1567 break; 1568 1569 case DT_MIPS_LOCAL_GOTNO: 1570 si->mips_local_gotno = *d; 1571 break; 1572 1573 case DT_MIPS_GOTSYM: 1574 si->mips_gotsym = *d; 1575 break; 1576 1577 default: 1578 DEBUG("%5d Unused DT entry: type 0x%08x arg 0x%08x\n", 1579 pid, d[-1], d[0]); 1580 break; 1581#endif 1582 } 1583 } 1584 1585 DEBUG("%5d si->base = 0x%08x, si->strtab = %p, si->symtab = %p\n", 1586 pid, si->base, si->strtab, si->symtab); 1587 1588 if((si->strtab == 0) || (si->symtab == 0)) { 1589 DL_ERR("missing essential tables"); 1590 goto fail; 1591 } 1592 1593 /* if this is the main executable, then load all of the preloads now */ 1594 if(si->flags & FLAG_EXE) { 1595 int i; 1596 memset(preloads, 0, sizeof(preloads)); 1597 for(i = 0; ldpreload_names[i] != NULL; i++) { 1598 soinfo *lsi = find_library(ldpreload_names[i]); 1599 if(lsi == 0) { 1600 strlcpy(tmp_err_buf, linker_get_error(), sizeof(tmp_err_buf)); 1601 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1602 ldpreload_names[i], si->name, tmp_err_buf); 1603 goto fail; 1604 } 1605 lsi->refcount++; 1606 preloads[i] = lsi; 1607 } 1608 } 1609 1610 for(d = si->dynamic; *d; d += 2) { 1611 if(d[0] == DT_NEEDED){ 1612 DEBUG("%5d %s needs %s\n", pid, si->name, si->strtab + d[1]); 1613 soinfo *lsi = find_library(si->strtab + d[1]); 1614 if(lsi == 0) { 1615 strlcpy(tmp_err_buf, linker_get_error(), sizeof(tmp_err_buf)); 1616 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1617 si->strtab + d[1], si->name, tmp_err_buf); 1618 goto fail; 1619 } 1620 /* Save the soinfo of the loaded DT_NEEDED library in the payload 1621 of the DT_NEEDED entry itself, so that we can retrieve the 1622 soinfo directly later from the dynamic segment. This is a hack, 1623 but it allows us to map from DT_NEEDED to soinfo efficiently 1624 later on when we resolve relocations, trying to look up a symbol 1625 with dlsym(). 1626 */ 1627 d[1] = (unsigned)lsi; 1628 lsi->refcount++; 1629 } 1630 } 1631 1632 if (si->has_text_relocations) { 1633 /* Unprotect the segments, i.e. make them writable, to allow 1634 * text relocations to work properly. We will later call 1635 * phdr_table_protect_segments() after all of them are applied 1636 * and all constructors are run. 1637 */ 1638 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1639 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1640 si->name, strerror(errno)); 1641 goto fail; 1642 } 1643 } 1644 1645 if(si->plt_rel) { 1646 DEBUG("[ %5d relocating %s plt ]\n", pid, si->name ); 1647 if(soinfo_relocate(si, si->plt_rel, si->plt_rel_count)) 1648 goto fail; 1649 } 1650 if(si->rel) { 1651 DEBUG("[ %5d relocating %s ]\n", pid, si->name ); 1652 if(soinfo_relocate(si, si->rel, si->rel_count)) 1653 goto fail; 1654 } 1655 1656#ifdef ANDROID_MIPS_LINKER 1657 if(mips_relocate_got(si)) { 1658 goto fail; 1659 } 1660#endif 1661 1662 si->flags |= FLAG_LINKED; 1663 DEBUG("[ %5d finished linking %s ]\n", pid, si->name); 1664 1665 if (si->has_text_relocations) { 1666 /* All relocations are done, we can protect our segments back to 1667 * read-only. */ 1668 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1669 DL_ERR("can't protect segments for \"%s\": %s", 1670 si->name, strerror(errno)); 1671 goto fail; 1672 } 1673 } 1674 1675 /* We can also turn on GNU RELRO protection */ 1676 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1677 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1678 si->name, strerror(errno)); 1679 goto fail; 1680 } 1681 1682 /* If this is a SET?ID program, dup /dev/null to opened stdin, 1683 stdout and stderr to close a security hole described in: 1684 1685 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 1686 1687 */ 1688 if (program_is_setuid) { 1689 nullify_closed_stdio(); 1690 } 1691 notify_gdb_of_load(si); 1692 return 0; 1693 1694fail: 1695 ERROR("failed to link %s\n", si->name); 1696 si->flags |= FLAG_ERROR; 1697 return -1; 1698} 1699 1700static void parse_path(const char* path, const char* delimiters, 1701 const char** array, char* buf, size_t buf_size, size_t max_count) 1702{ 1703 if (path == NULL) { 1704 return; 1705 } 1706 1707 size_t len = strlcpy(buf, path, buf_size); 1708 1709 size_t i = 0; 1710 char* buf_p = buf; 1711 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 1712 if (*array[i] != '\0') { 1713 ++i; 1714 } 1715 } 1716 1717 // Forget the last path if we had to truncate; this occurs if the 2nd to 1718 // last char isn't '\0' (i.e. wasn't originally a delimiter). 1719 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 1720 array[i - 1] = NULL; 1721 } else { 1722 array[i] = NULL; 1723 } 1724} 1725 1726static void parse_LD_LIBRARY_PATH(const char* path) { 1727 parse_path(path, ":", ldpaths, 1728 ldpaths_buf, sizeof(ldpaths_buf), LDPATH_MAX); 1729} 1730 1731static void parse_LD_PRELOAD(const char* path) { 1732 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 1733 parse_path(path, " :", ldpreload_names, 1734 ldpreloads_buf, sizeof(ldpreloads_buf), LDPRELOAD_MAX); 1735} 1736 1737/* 1738 * This code is called after the linker has linked itself and 1739 * fixed it's own GOT. It is safe to make references to externs 1740 * and other non-local data at this point. 1741 */ 1742static unsigned __linker_init_post_relocation(unsigned **elfdata, unsigned linker_base) 1743{ 1744 static soinfo linker_soinfo; 1745 1746 int argc = (int) *elfdata; 1747 char **argv = (char**) (elfdata + 1); 1748 unsigned *vecs = (unsigned*) (argv + argc + 1); 1749 unsigned *v; 1750 soinfo *si; 1751 int i; 1752 struct link_map * map; 1753 const char *ldpath_env = NULL; 1754 const char *ldpreload_env = NULL; 1755 1756 /* NOTE: we store the elfdata pointer on a special location 1757 * of the temporary TLS area in order to pass it to 1758 * the C Library's runtime initializer. 1759 * 1760 * The initializer must clear the slot and reset the TLS 1761 * to point to a different location to ensure that no other 1762 * shared library constructor can access it. 1763 */ 1764 __libc_init_tls(elfdata); 1765 1766 pid = getpid(); 1767 1768#if TIMING 1769 struct timeval t0, t1; 1770 gettimeofday(&t0, 0); 1771#endif 1772 1773 /* Initialize environment functions, and get to the ELF aux vectors table */ 1774 vecs = linker_env_init(vecs); 1775 1776 /* Check auxv for AT_SECURE first to see if program is setuid, setgid, 1777 has file caps, or caused a SELinux/AppArmor domain transition. */ 1778 for (v = vecs; v[0]; v += 2) { 1779 if (v[0] == AT_SECURE) { 1780 /* kernel told us whether to enable secure mode */ 1781 program_is_setuid = v[1]; 1782 goto sanitize; 1783 } 1784 } 1785 1786 /* Kernel did not provide AT_SECURE - fall back on legacy test. */ 1787 program_is_setuid = (getuid() != geteuid()) || (getgid() != getegid()); 1788 1789sanitize: 1790 /* Sanitize environment if we're loading a setuid program */ 1791 if (program_is_setuid) 1792 linker_env_secure(); 1793 1794 debugger_init(); 1795 1796 /* Get a few environment variables */ 1797 { 1798#if LINKER_DEBUG 1799 const char* env; 1800 env = linker_env_get("DEBUG"); /* XXX: TODO: Change to LD_DEBUG */ 1801 if (env) 1802 debug_verbosity = atoi(env); 1803#endif 1804 1805 /* Normally, these are cleaned by linker_env_secure, but the test 1806 * against program_is_setuid doesn't cost us anything */ 1807 if (!program_is_setuid) { 1808 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 1809 ldpreload_env = linker_env_get("LD_PRELOAD"); 1810 } 1811 } 1812 1813 INFO("[ android linker & debugger ]\n"); 1814 DEBUG("%5d elfdata @ 0x%08x\n", pid, (unsigned)elfdata); 1815 1816 si = soinfo_alloc(argv[0]); 1817 if(si == 0) { 1818 exit(-1); 1819 } 1820 1821 /* bootstrap the link map, the main exe always needs to be first */ 1822 si->flags |= FLAG_EXE; 1823 map = &(si->linkmap); 1824 1825 map->l_addr = 0; 1826 map->l_name = argv[0]; 1827 map->l_prev = NULL; 1828 map->l_next = NULL; 1829 1830 _r_debug.r_map = map; 1831 r_debug_tail = map; 1832 1833 /* gdb expects the linker to be in the debug shared object list. 1834 * Without this, gdb has trouble locating the linker's ".text" 1835 * and ".plt" sections. Gdb could also potentially use this to 1836 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 1837 * Don't use soinfo_alloc(), because the linker shouldn't 1838 * be on the soinfo list. 1839 */ 1840 strlcpy((char*) linker_soinfo.name, "/system/bin/linker", sizeof linker_soinfo.name); 1841 linker_soinfo.flags = 0; 1842 linker_soinfo.base = linker_base; 1843 /* 1844 * Set the dynamic field in the link map otherwise gdb will complain with 1845 * the following: 1846 * warning: .dynamic section for "/system/bin/linker" is not at the 1847 * expected address (wrong library or version mismatch?) 1848 */ 1849 Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *) linker_base; 1850 Elf32_Phdr *phdr = 1851 (Elf32_Phdr *)((unsigned char *) linker_base + elf_hdr->e_phoff); 1852 linker_soinfo.dynamic = 1853 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base); 1854 insert_soinfo_into_debug_map(&linker_soinfo); 1855 1856 /* extract information passed from the kernel */ 1857 while(vecs[0] != 0){ 1858 switch(vecs[0]){ 1859 case AT_PHDR: 1860 si->phdr = (Elf32_Phdr*) vecs[1]; 1861 break; 1862 case AT_PHNUM: 1863 si->phnum = (int) vecs[1]; 1864 break; 1865 case AT_ENTRY: 1866 si->entry = vecs[1]; 1867 break; 1868 } 1869 vecs += 2; 1870 } 1871 1872 /* Compute the value of si->base. We can't rely on the fact that 1873 * the first entry is the PHDR because this will not be true 1874 * for certain executables (e.g. some in the NDK unit test suite) 1875 */ 1876 int nn; 1877 si->base = 0; 1878 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1879 si->load_bias = 0; 1880 for ( nn = 0; nn < si->phnum; nn++ ) { 1881 if (si->phdr[nn].p_type == PT_PHDR) { 1882 si->load_bias = (Elf32_Addr)si->phdr - si->phdr[nn].p_vaddr; 1883 si->base = (Elf32_Addr) si->phdr - si->phdr[nn].p_offset; 1884 break; 1885 } 1886 } 1887 si->dynamic = (unsigned *)-1; 1888 si->refcount = 1; 1889 1890 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 1891 parse_LD_LIBRARY_PATH(ldpath_env); 1892 parse_LD_PRELOAD(ldpreload_env); 1893 1894 if(soinfo_link_image(si)) { 1895 char errmsg[] = "CANNOT LINK EXECUTABLE\n"; 1896 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 1897 write(2, errmsg, sizeof(errmsg)); 1898 exit(-1); 1899 } 1900 1901 soinfo_call_preinit_constructors(si); 1902 1903 for(i = 0; preloads[i] != NULL; i++) { 1904 soinfo_call_constructors(preloads[i]); 1905 } 1906 1907 soinfo_call_constructors(si); 1908 1909#if ALLOW_SYMBOLS_FROM_MAIN 1910 /* Set somain after we've loaded all the libraries in order to prevent 1911 * linking of symbols back to the main image, which is not set up at that 1912 * point yet. 1913 */ 1914 somain = si; 1915#endif 1916 1917#if TIMING 1918 gettimeofday(&t1,NULL); 1919 PRINT("LINKER TIME: %s: %d microseconds\n", argv[0], (int) ( 1920 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 1921 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec) 1922 )); 1923#endif 1924#if STATS 1925 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol\n", argv[0], 1926 linker_stats.reloc[RELOC_ABSOLUTE], 1927 linker_stats.reloc[RELOC_RELATIVE], 1928 linker_stats.reloc[RELOC_COPY], 1929 linker_stats.reloc[RELOC_SYMBOL]); 1930#endif 1931#if COUNT_PAGES 1932 { 1933 unsigned n; 1934 unsigned i; 1935 unsigned count = 0; 1936 for(n = 0; n < 4096; n++){ 1937 if(bitmask[n]){ 1938 unsigned x = bitmask[n]; 1939 for(i = 0; i < 8; i++){ 1940 if(x & 1) count++; 1941 x >>= 1; 1942 } 1943 } 1944 } 1945 PRINT("PAGES MODIFIED: %s: %d (%dKB)\n", argv[0], count, count * 4); 1946 } 1947#endif 1948 1949#if TIMING || STATS || COUNT_PAGES 1950 fflush(stdout); 1951#endif 1952 1953 TRACE("[ %5d Ready to execute '%s' @ 0x%08x ]\n", pid, si->name, 1954 si->entry); 1955 return si->entry; 1956} 1957 1958/* 1959 * Find the value of AT_BASE passed to us by the kernel. This is the load 1960 * location of the linker. 1961 */ 1962static unsigned find_linker_base(unsigned **elfdata) { 1963 int argc = (int) *elfdata; 1964 char **argv = (char**) (elfdata + 1); 1965 unsigned *vecs = (unsigned*) (argv + argc + 1); 1966 while (vecs[0] != 0) { 1967 vecs++; 1968 } 1969 1970 /* The end of the environment block is marked by two NULL pointers */ 1971 vecs++; 1972 1973 while(vecs[0]) { 1974 if (vecs[0] == AT_BASE) { 1975 return vecs[1]; 1976 } 1977 vecs += 2; 1978 } 1979 1980 return 0; // should never happen 1981} 1982 1983/* Compute the load-bias of an existing executable. This shall only 1984 * be used to compute the load bias of an executable or shared library 1985 * that was loaded by the kernel itself. 1986 * 1987 * Input: 1988 * elf -> address of ELF header, assumed to be at the start of the file. 1989 * Return: 1990 * load bias, i.e. add the value of any p_vaddr in the file to get 1991 * the corresponding address in memory. 1992 */ 1993static Elf32_Addr 1994get_elf_exec_load_bias(const Elf32_Ehdr* elf) 1995{ 1996 Elf32_Addr offset = elf->e_phoff; 1997 const Elf32_Phdr* phdr_table = (const Elf32_Phdr*)((char*)elf + offset); 1998 const Elf32_Phdr* phdr_end = phdr_table + elf->e_phnum; 1999 const Elf32_Phdr* phdr; 2000 2001 for (phdr = phdr_table; phdr < phdr_end; phdr++) { 2002 if (phdr->p_type == PT_LOAD) { 2003 return (Elf32_Addr)elf + phdr->p_offset - phdr->p_vaddr; 2004 } 2005 } 2006 return 0; 2007} 2008 2009/* 2010 * This is the entry point for the linker, called from begin.S. This 2011 * method is responsible for fixing the linker's own relocations, and 2012 * then calling __linker_init_post_relocation(). 2013 * 2014 * Because this method is called before the linker has fixed it's own 2015 * relocations, any attempt to reference an extern variable, extern 2016 * function, or other GOT reference will generate a segfault. 2017 */ 2018extern "C" unsigned __linker_init(unsigned **elfdata) { 2019 unsigned linker_addr = find_linker_base(elfdata); 2020 Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *) linker_addr; 2021 Elf32_Phdr *phdr = 2022 (Elf32_Phdr *)((unsigned char *) linker_addr + elf_hdr->e_phoff); 2023 2024 soinfo linker_so; 2025 memset(&linker_so, 0, sizeof(soinfo)); 2026 2027 linker_so.base = linker_addr; 2028 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2029 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2030 linker_so.dynamic = (unsigned *) -1; 2031 linker_so.phdr = phdr; 2032 linker_so.phnum = elf_hdr->e_phnum; 2033 linker_so.flags |= FLAG_LINKER; 2034 2035 if (soinfo_link_image(&linker_so)) { 2036 // It would be nice to print an error message, but if the linker 2037 // can't link itself, there's no guarantee that we'll be able to 2038 // call write() (because it involves a GOT reference). 2039 // 2040 // This situation should never occur unless the linker itself 2041 // is corrupt. 2042 exit(-1); 2043 } 2044 2045 // We have successfully fixed our own relocations. It's safe to run 2046 // the main part of the linker now. 2047 return __linker_init_post_relocation(elfdata, linker_addr); 2048} 2049