linker.cpp revision d23736e4f228e46304b7cbc674a1d0094d73e0f5
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <linux/auxvec.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/atomics.h> 38#include <sys/mman.h> 39#include <sys/stat.h> 40#include <unistd.h> 41 42// Private C library headers. 43#include <private/bionic_tls.h> 44#include <private/logd.h> 45#include <private/ScopedPthreadMutexLocker.h> 46 47#include "linker.h" 48#include "linker_debug.h" 49#include "linker_environ.h" 50#include "linker_format.h" 51#include "linker_phdr.h" 52 53/* Assume average path length of 64 and max 8 paths */ 54#define LDPATH_BUFSIZE 512 55#define LDPATH_MAX 8 56 57#define LDPRELOAD_BUFSIZE 512 58#define LDPRELOAD_MAX 8 59 60/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 61 * 62 * Do NOT use malloc() and friends or pthread_*() code here. 63 * Don't use printf() either; it's caused mysterious memory 64 * corruption in the past. 65 * The linker runs before we bring up libc and it's easiest 66 * to make sure it does not depend on any complex libc features 67 * 68 * open issues / todo: 69 * 70 * - are we doing everything we should for ARM_COPY relocations? 71 * - cleaner error reporting 72 * - after linking, set as much stuff as possible to READONLY 73 * and NOEXEC 74 */ 75 76static bool soinfo_link_image(soinfo* si); 77 78// We can't use malloc(3) in the dynamic linker. We use a linked list of anonymous 79// maps, each a single page in size. The pages are broken up into as many struct soinfo 80// objects as will fit, and they're all threaded together on a free list. 81#define SOINFO_PER_POOL ((PAGE_SIZE - sizeof(soinfo_pool_t*)) / sizeof(soinfo)) 82struct soinfo_pool_t { 83 soinfo_pool_t* next; 84 soinfo info[SOINFO_PER_POOL]; 85}; 86static struct soinfo_pool_t* gSoInfoPools = NULL; 87static soinfo* gSoInfoFreeList = NULL; 88 89static soinfo *solist = &libdl_info; 90static soinfo *sonext = &libdl_info; 91static soinfo *somain; /* main process, always the one after libdl_info */ 92 93static const char* const gSoPaths[] = { 94 "/vendor/lib", 95 "/system/lib", 96 NULL 97}; 98 99static char gLdPathsBuffer[LDPATH_BUFSIZE]; 100static const char* gLdPaths[LDPATH_MAX + 1]; 101 102static char gLdPreloadsBuffer[LDPRELOAD_BUFSIZE]; 103static const char* gLdPreloadNames[LDPRELOAD_MAX + 1]; 104 105static soinfo *preloads[LDPRELOAD_MAX + 1]; 106 107#if LINKER_DEBUG 108int debug_verbosity; 109#endif 110 111static int pid; 112 113enum RelocationKind { 114 kRelocAbsolute = 0, 115 kRelocRelative, 116 kRelocCopy, 117 kRelocSymbol, 118 kRelocMax 119}; 120 121#if STATS 122struct linker_stats_t { 123 int count[kRelocMax]; 124}; 125 126static linker_stats_t linker_stats; 127 128static void count_relocation(RelocationKind kind) { 129 ++linker_stats.count[kind]; 130} 131#else 132static void count_relocation(RelocationKind) { 133} 134#endif 135 136#if COUNT_PAGES 137static unsigned bitmask[4096]; 138#define MARK(offset) \ 139 do { \ 140 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 141 } while(0) 142#else 143#define MARK(x) do {} while (0) 144#endif 145 146// You shouldn't try to call memory-allocating functions in the dynamic linker. 147// Guard against the most obvious ones. 148#define DISALLOW_ALLOCATION(return_type, name, ...) \ 149 return_type name __VA_ARGS__ \ 150 { \ 151 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 152 __libc_android_log_write(ANDROID_LOG_FATAL, "linker", msg); \ 153 write(2, msg, sizeof(msg)); \ 154 abort(); \ 155 } 156#define UNUSED __attribute__((unused)) 157DISALLOW_ALLOCATION(void*, malloc, (size_t u UNUSED)); 158DISALLOW_ALLOCATION(void, free, (void* u UNUSED)); 159DISALLOW_ALLOCATION(void*, realloc, (void* u1 UNUSED, size_t u2 UNUSED)); 160DISALLOW_ALLOCATION(void*, calloc, (size_t u1 UNUSED, size_t u2 UNUSED)); 161 162static char tmp_err_buf[768]; 163static char __linker_dl_err_buf[768]; 164#define DL_ERR(fmt, x...) \ 165 do { \ 166 format_buffer(__linker_dl_err_buf, sizeof(__linker_dl_err_buf), fmt, ##x); \ 167 ERROR(fmt "\n", ##x); \ 168 } while(0) 169 170const char* linker_get_error() { 171 return &__linker_dl_err_buf[0]; 172} 173 174/* 175 * This function is an empty stub where GDB locates a breakpoint to get notified 176 * about linker activity. 177 */ 178extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 179 180static r_debug _r_debug = {1, NULL, &rtld_db_dlactivity, 181 RT_CONSISTENT, 0}; 182static link_map* r_debug_tail = 0; 183 184static pthread_mutex_t gDebugMutex = PTHREAD_MUTEX_INITIALIZER; 185 186static void insert_soinfo_into_debug_map(soinfo * info) { 187 // Copy the necessary fields into the debug structure. 188 link_map* map = &(info->linkmap); 189 map->l_addr = info->base; 190 map->l_name = (char*) info->name; 191 map->l_ld = (uintptr_t)info->dynamic; 192 193 /* Stick the new library at the end of the list. 194 * gdb tends to care more about libc than it does 195 * about leaf libraries, and ordering it this way 196 * reduces the back-and-forth over the wire. 197 */ 198 if (r_debug_tail) { 199 r_debug_tail->l_next = map; 200 map->l_prev = r_debug_tail; 201 map->l_next = 0; 202 } else { 203 _r_debug.r_map = map; 204 map->l_prev = 0; 205 map->l_next = 0; 206 } 207 r_debug_tail = map; 208} 209 210static void remove_soinfo_from_debug_map(soinfo* info) { 211 link_map* map = &(info->linkmap); 212 213 if (r_debug_tail == map) { 214 r_debug_tail = map->l_prev; 215 } 216 217 if (map->l_prev) { 218 map->l_prev->l_next = map->l_next; 219 } 220 if (map->l_next) { 221 map->l_next->l_prev = map->l_prev; 222 } 223} 224 225static void notify_gdb_of_load(soinfo* info) { 226 if (info->flags & FLAG_EXE) { 227 // GDB already knows about the main executable 228 return; 229 } 230 231 ScopedPthreadMutexLocker locker(&gDebugMutex); 232 233 _r_debug.r_state = RT_ADD; 234 rtld_db_dlactivity(); 235 236 insert_soinfo_into_debug_map(info); 237 238 _r_debug.r_state = RT_CONSISTENT; 239 rtld_db_dlactivity(); 240} 241 242static void notify_gdb_of_unload(soinfo* info) { 243 if (info->flags & FLAG_EXE) { 244 // GDB already knows about the main executable 245 return; 246 } 247 248 ScopedPthreadMutexLocker locker(&gDebugMutex); 249 250 _r_debug.r_state = RT_DELETE; 251 rtld_db_dlactivity(); 252 253 remove_soinfo_from_debug_map(info); 254 255 _r_debug.r_state = RT_CONSISTENT; 256 rtld_db_dlactivity(); 257} 258 259void notify_gdb_of_libraries() { 260 _r_debug.r_state = RT_ADD; 261 rtld_db_dlactivity(); 262 _r_debug.r_state = RT_CONSISTENT; 263 rtld_db_dlactivity(); 264} 265 266static bool ensure_free_list_non_empty() { 267 if (gSoInfoFreeList != NULL) { 268 return true; 269 } 270 271 // Allocate a new pool. 272 soinfo_pool_t* pool = reinterpret_cast<soinfo_pool_t*>(mmap(NULL, sizeof(*pool), 273 PROT_READ|PROT_WRITE, 274 MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)); 275 if (pool == MAP_FAILED) { 276 return false; 277 } 278 279 // Add the pool to our list of pools. 280 pool->next = gSoInfoPools; 281 gSoInfoPools = pool; 282 283 // Chain the entries in the new pool onto the free list. 284 gSoInfoFreeList = &pool->info[0]; 285 soinfo* next = NULL; 286 for (int i = SOINFO_PER_POOL - 1; i >= 0; --i) { 287 pool->info[i].next = next; 288 next = &pool->info[i]; 289 } 290 291 return true; 292} 293 294static void set_soinfo_pool_protection(int protection) { 295 for (soinfo_pool_t* p = gSoInfoPools; p != NULL; p = p->next) { 296 if (mprotect(p, sizeof(*p), protection) == -1) { 297 abort(); // Can't happen. 298 } 299 } 300} 301 302static soinfo* soinfo_alloc(const char* name) { 303 if (strlen(name) >= SOINFO_NAME_LEN) { 304 DL_ERR("library name \"%s\" too long", name); 305 return NULL; 306 } 307 308 if (!ensure_free_list_non_empty()) { 309 DL_ERR("out of memory when loading \"%s\"", name); 310 return NULL; 311 } 312 313 // Take the head element off the free list. 314 soinfo* si = gSoInfoFreeList; 315 gSoInfoFreeList = gSoInfoFreeList->next; 316 317 // Initialize the new element. 318 memset(si, 0, sizeof(soinfo)); 319 strlcpy(si->name, name, sizeof(si->name)); 320 sonext->next = si; 321 sonext = si; 322 323 TRACE("%5d name %s: allocated soinfo @ %p\n", pid, name, si); 324 return si; 325} 326 327static void soinfo_free(soinfo* si) 328{ 329 if (si == NULL) { 330 return; 331 } 332 333 soinfo *prev = NULL, *trav; 334 335 TRACE("%5d name %s: freeing soinfo @ %p\n", pid, si->name, si); 336 337 for(trav = solist; trav != NULL; trav = trav->next){ 338 if (trav == si) 339 break; 340 prev = trav; 341 } 342 if (trav == NULL) { 343 /* si was not ni solist */ 344 DL_ERR("name \"%s\" is not in solist!", si->name); 345 return; 346 } 347 348 /* prev will never be NULL, because the first entry in solist is 349 always the static libdl_info. 350 */ 351 prev->next = si->next; 352 if (si == sonext) sonext = prev; 353 si->next = gSoInfoFreeList; 354 gSoInfoFreeList = si; 355} 356 357#ifdef ANDROID_ARM_LINKER 358 359/* For a given PC, find the .so that it belongs to. 360 * Returns the base address of the .ARM.exidx section 361 * for that .so, and the number of 8-byte entries 362 * in that section (via *pcount). 363 * 364 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 365 * 366 * This function is exposed via dlfcn.cpp and libdl.so. 367 */ 368_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int *pcount) 369{ 370 soinfo *si; 371 unsigned addr = (unsigned)pc; 372 373 for (si = solist; si != 0; si = si->next){ 374 if ((addr >= si->base) && (addr < (si->base + si->size))) { 375 *pcount = si->ARM_exidx_count; 376 return (_Unwind_Ptr)si->ARM_exidx; 377 } 378 } 379 *pcount = 0; 380 return NULL; 381} 382 383#elif defined(ANDROID_X86_LINKER) || defined(ANDROID_MIPS_LINKER) 384 385/* Here, we only have to provide a callback to iterate across all the 386 * loaded libraries. gcc_eh does the rest. */ 387int 388dl_iterate_phdr(int (*cb)(dl_phdr_info *info, size_t size, void *data), 389 void *data) 390{ 391 int rv = 0; 392 for (soinfo* si = solist; si != NULL; si = si->next) { 393 dl_phdr_info dl_info; 394 dl_info.dlpi_addr = si->linkmap.l_addr; 395 dl_info.dlpi_name = si->linkmap.l_name; 396 dl_info.dlpi_phdr = si->phdr; 397 dl_info.dlpi_phnum = si->phnum; 398 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 399 if (rv != 0) { 400 break; 401 } 402 } 403 return rv; 404} 405 406#endif 407 408static Elf32_Sym *soinfo_elf_lookup(soinfo *si, unsigned hash, const char *name) 409{ 410 Elf32_Sym *s; 411 Elf32_Sym *symtab = si->symtab; 412 const char *strtab = si->strtab; 413 unsigned n; 414 415 TRACE_TYPE(LOOKUP, "%5d SEARCH %s in %s@0x%08x %08x %d\n", pid, 416 name, si->name, si->base, hash, hash % si->nbucket); 417 n = hash % si->nbucket; 418 419 for(n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]){ 420 s = symtab + n; 421 if(strcmp(strtab + s->st_name, name)) continue; 422 423 /* only concern ourselves with global and weak symbol definitions */ 424 switch(ELF32_ST_BIND(s->st_info)){ 425 case STB_GLOBAL: 426 case STB_WEAK: 427 if(s->st_shndx == SHN_UNDEF) 428 continue; 429 430 TRACE_TYPE(LOOKUP, "%5d FOUND %s in %s (%08x) %d\n", pid, 431 name, si->name, s->st_value, s->st_size); 432 return s; 433 } 434 } 435 436 return NULL; 437} 438 439static unsigned elfhash(const char *_name) 440{ 441 const unsigned char *name = (const unsigned char *) _name; 442 unsigned h = 0, g; 443 444 while(*name) { 445 h = (h << 4) + *name++; 446 g = h & 0xf0000000; 447 h ^= g; 448 h ^= g >> 24; 449 } 450 return h; 451} 452 453static Elf32_Sym * 454soinfo_do_lookup(soinfo *si, const char *name, soinfo **lsi, 455 soinfo *needed[]) 456{ 457 unsigned elf_hash = elfhash(name); 458 Elf32_Sym *s = NULL; 459 int i; 460 461 if (si != NULL) { 462 463 /* 464 * If this object was built with symbolic relocations disabled, the 465 * first place to look to resolve external references is the main 466 * executable. 467 */ 468 469 if (!si->has_DT_SYMBOLIC) { 470 DEBUG("%5d %s: looking up %s in executable %s\n", 471 pid, si->name, name, somain->name); 472 s = soinfo_elf_lookup(somain, elf_hash, name); 473 if (s != NULL) { 474 *lsi = somain; 475 goto done; 476 } 477 } 478 479 /* Look for symbols in the local scope (the object who is 480 * searching). This happens with C++ templates on i386 for some 481 * reason. 482 * 483 * Notes on weak symbols: 484 * The ELF specs are ambiguous about treatment of weak definitions in 485 * dynamic linking. Some systems return the first definition found 486 * and some the first non-weak definition. This is system dependent. 487 * Here we return the first definition found for simplicity. */ 488 489 s = soinfo_elf_lookup(si, elf_hash, name); 490 if (s != NULL) { 491 *lsi = si; 492 goto done; 493 } 494 } 495 496 /* Next, look for it in the preloads list */ 497 for(i = 0; preloads[i] != NULL; i++) { 498 s = soinfo_elf_lookup(preloads[i], elf_hash, name); 499 if(s != NULL) { 500 *lsi = preloads[i]; 501 goto done; 502 } 503 } 504 505 for(i = 0; needed[i] != NULL; i++) { 506 DEBUG("%5d %s: looking up %s in %s\n", 507 pid, si->name, name, needed[i]->name); 508 s = soinfo_elf_lookup(needed[i], elf_hash, name); 509 if (s != NULL) { 510 *lsi = needed[i]; 511 goto done; 512 } 513 } 514 515done: 516 if(s != NULL) { 517 TRACE_TYPE(LOOKUP, "%5d si %s sym %s s->st_value = 0x%08x, " 518 "found in %s, base = 0x%08x, load bias = 0x%08x\n", 519 pid, si->name, name, s->st_value, 520 (*lsi)->name, (*lsi)->base, (*lsi)->load_bias); 521 return s; 522 } 523 524 return NULL; 525} 526 527/* This is used by dl_sym(). It performs symbol lookup only within the 528 specified soinfo object and not in any of its dependencies. 529 */ 530Elf32_Sym *soinfo_lookup(soinfo *si, const char *name) 531{ 532 return soinfo_elf_lookup(si, elfhash(name), name); 533} 534 535/* This is used by dl_sym(). It performs a global symbol lookup. 536 */ 537Elf32_Sym *lookup(const char *name, soinfo **found, soinfo *start) 538{ 539 unsigned elf_hash = elfhash(name); 540 Elf32_Sym *s = NULL; 541 soinfo *si; 542 543 if(start == NULL) { 544 start = solist; 545 } 546 547 for(si = start; (s == NULL) && (si != NULL); si = si->next) 548 { 549 if(si->flags & FLAG_ERROR) 550 continue; 551 s = soinfo_elf_lookup(si, elf_hash, name); 552 if (s != NULL) { 553 *found = si; 554 break; 555 } 556 } 557 558 if(s != NULL) { 559 TRACE_TYPE(LOOKUP, "%5d %s s->st_value = 0x%08x, " 560 "si->base = 0x%08x\n", pid, name, s->st_value, si->base); 561 return s; 562 } 563 564 return NULL; 565} 566 567soinfo *find_containing_library(const void *addr) 568{ 569 soinfo *si; 570 571 for(si = solist; si != NULL; si = si->next) 572 { 573 if((unsigned)addr >= si->base && (unsigned)addr - si->base < si->size) { 574 return si; 575 } 576 } 577 578 return NULL; 579} 580 581Elf32_Sym *soinfo_find_symbol(soinfo* si, const void *addr) 582{ 583 unsigned int i; 584 unsigned soaddr = (unsigned)addr - si->base; 585 586 /* Search the library's symbol table for any defined symbol which 587 * contains this address */ 588 for(i=0; i<si->nchain; i++) { 589 Elf32_Sym *sym = &si->symtab[i]; 590 591 if(sym->st_shndx != SHN_UNDEF && 592 soaddr >= sym->st_value && 593 soaddr < sym->st_value + sym->st_size) { 594 return sym; 595 } 596 } 597 598 return NULL; 599} 600 601#if 0 602static void dump(soinfo *si) 603{ 604 Elf32_Sym *s = si->symtab; 605 unsigned n; 606 607 for(n = 0; n < si->nchain; n++) { 608 TRACE("%5d %04d> %08x: %02x %04x %08x %08x %s\n", pid, n, s, 609 s->st_info, s->st_shndx, s->st_value, s->st_size, 610 si->strtab + s->st_name); 611 s++; 612 } 613} 614#endif 615 616static int open_library_on_path(const char* name, const char* const paths[]) { 617 char buf[512]; 618 for (size_t i = 0; paths[i] != NULL; ++i) { 619 int n = format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 620 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 621 WARN("Ignoring very long library path: %s/%s\n", paths[i], name); 622 continue; 623 } 624 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 625 if (fd != -1) { 626 return fd; 627 } 628 } 629 return -1; 630} 631 632static int open_library(const char* name) { 633 TRACE("[ %5d opening %s ]\n", pid, name); 634 635 // If the name contains a slash, we should attempt to open it directly and not search the paths. 636 if (strchr(name, '/') != NULL) { 637 return TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 638 } 639 640 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 641 int fd = open_library_on_path(name, gLdPaths); 642 if (fd == -1) { 643 fd = open_library_on_path(name, gSoPaths); 644 } 645 return fd; 646} 647 648// Returns 'true' if the library is prelinked or on failure so we error out 649// either way. We no longer support prelinking. 650static bool is_prelinked(int fd, const char* name) 651{ 652 struct prelink_info_t { 653 long mmap_addr; 654 char tag[4]; // "PRE ". 655 }; 656 657 off_t sz = lseek(fd, -sizeof(prelink_info_t), SEEK_END); 658 if (sz < 0) { 659 DL_ERR("lseek failed: %s", strerror(errno)); 660 return true; 661 } 662 663 prelink_info_t info; 664 int rc = TEMP_FAILURE_RETRY(read(fd, &info, sizeof(info))); 665 if (rc != sizeof(info)) { 666 DL_ERR("could not read prelink_info_t structure for \"%s\":", name, strerror(errno)); 667 return true; 668 } 669 670 if (memcmp(info.tag, "PRE ", 4) == 0) { 671 DL_ERR("prelinked libraries no longer supported: %s", name); 672 return true; 673 } 674 return false; 675} 676 677/* verify_elf_header 678 * Verifies the content of an ELF header. 679 * 680 * Args: 681 * 682 * Returns: 683 * 0 on success 684 * -1 if no valid ELF object is found @ base. 685 */ 686static int 687verify_elf_header(const Elf32_Ehdr* hdr) 688{ 689 if (hdr->e_ident[EI_MAG0] != ELFMAG0) return -1; 690 if (hdr->e_ident[EI_MAG1] != ELFMAG1) return -1; 691 if (hdr->e_ident[EI_MAG2] != ELFMAG2) return -1; 692 if (hdr->e_ident[EI_MAG3] != ELFMAG3) return -1; 693 if (hdr->e_type != ET_DYN) return -1; 694 695 /* TODO: Should we verify anything else in the header? */ 696#ifdef ANDROID_ARM_LINKER 697 if (hdr->e_machine != EM_ARM) return -1; 698#elif defined(ANDROID_X86_LINKER) 699 if (hdr->e_machine != EM_386) return -1; 700#elif defined(ANDROID_MIPS_LINKER) 701 if (hdr->e_machine != EM_MIPS) return -1; 702#endif 703 return 0; 704} 705 706struct scoped_fd { 707 ~scoped_fd() { 708 if (fd != -1) { 709 close(fd); 710 } 711 } 712 int fd; 713}; 714 715struct soinfo_ptr { 716 soinfo_ptr(const char* name) { 717 const char* bname = strrchr(name, '/'); 718 ptr = soinfo_alloc(bname ? bname + 1 : name); 719 } 720 ~soinfo_ptr() { 721 soinfo_free(ptr); 722 } 723 soinfo* release() { 724 soinfo* result = ptr; 725 ptr = NULL; 726 return result; 727 } 728 soinfo* ptr; 729}; 730 731// TODO: rewrite linker_phdr.h to use a class, then lose this. 732struct phdr_ptr { 733 phdr_ptr() : phdr_mmap(NULL) {} 734 ~phdr_ptr() { 735 if (phdr_mmap != NULL) { 736 phdr_table_unload(phdr_mmap, phdr_size); 737 } 738 } 739 void* phdr_mmap; 740 Elf32_Addr phdr_size; 741}; 742 743static soinfo* load_library(const char* name) { 744 // Open the file. 745 scoped_fd fd; 746 fd.fd = open_library(name); 747 if (fd.fd == -1) { 748 DL_ERR("library \"%s\" not found", name); 749 return NULL; 750 } 751 752 // Read the ELF header. 753 Elf32_Ehdr header[1]; 754 int ret = TEMP_FAILURE_RETRY(read(fd.fd, (void*)header, sizeof(header))); 755 if (ret < 0) { 756 DL_ERR("can't read file \"%s\": %s", name, strerror(errno)); 757 return NULL; 758 } 759 if (ret != (int)sizeof(header)) { 760 DL_ERR("too small to be an ELF executable: %s", name); 761 return NULL; 762 } 763 if (verify_elf_header(header) < 0) { 764 DL_ERR("not a valid ELF executable: %s", name); 765 return NULL; 766 } 767 768 // Read the program header table. 769 const Elf32_Phdr* phdr_table; 770 phdr_ptr phdr_holder; 771 ret = phdr_table_load(fd.fd, header->e_phoff, header->e_phnum, 772 &phdr_holder.phdr_mmap, &phdr_holder.phdr_size, &phdr_table); 773 if (ret < 0) { 774 DL_ERR("can't load program header table: %s: %s", name, strerror(errno)); 775 return NULL; 776 } 777 size_t phdr_count = header->e_phnum; 778 779 // Get the load extents. 780 Elf32_Addr ext_sz = phdr_table_get_load_size(phdr_table, phdr_count); 781 TRACE("[ %5d - '%s' wants sz=0x%08x ]\n", pid, name, ext_sz); 782 if (ext_sz == 0) { 783 DL_ERR("no loadable segments in file: %s", name); 784 return NULL; 785 } 786 787 // We no longer support pre-linked libraries. 788 if (is_prelinked(fd.fd, name)) { 789 return NULL; 790 } 791 792 // Reserve address space for all loadable segments. 793 void* load_start = NULL; 794 Elf32_Addr load_size = 0; 795 Elf32_Addr load_bias = 0; 796 ret = phdr_table_reserve_memory(phdr_table, 797 phdr_count, 798 &load_start, 799 &load_size, 800 &load_bias); 801 if (ret < 0) { 802 DL_ERR("can't reserve %d bytes in address space for \"%s\": %s", 803 ext_sz, name, strerror(errno)); 804 return NULL; 805 } 806 807 TRACE("[ %5d allocated memory for %s @ %p (0x%08x) ]\n", 808 pid, name, load_start, load_size); 809 810 /* Map all the segments in our address space with default protections */ 811 ret = phdr_table_load_segments(phdr_table, 812 phdr_count, 813 load_bias, 814 fd.fd); 815 if (ret < 0) { 816 DL_ERR("can't map loadable segments for \"%s\": %s", 817 name, strerror(errno)); 818 return NULL; 819 } 820 821 soinfo_ptr si(name); 822 if (si.ptr == NULL) { 823 return NULL; 824 } 825 826 si.ptr->base = (Elf32_Addr) load_start; 827 si.ptr->size = load_size; 828 si.ptr->load_bias = load_bias; 829 si.ptr->flags = 0; 830 si.ptr->entry = 0; 831 si.ptr->dynamic = (unsigned *)-1; 832 si.ptr->phnum = phdr_count; 833 si.ptr->phdr = phdr_table_get_loaded_phdr(phdr_table, phdr_count, load_bias); 834 if (si.ptr->phdr == NULL) { 835 DL_ERR("can't find loaded PHDR for \"%s\"", name); 836 return NULL; 837 } 838 839 return si.release(); 840} 841 842static soinfo* init_library(soinfo* si) { 843 // At this point we know that whatever is loaded @ base is a valid ELF 844 // shared library whose segments are properly mapped in. 845 TRACE("[ %5d init_library base=0x%08x sz=0x%08x name='%s') ]\n", 846 pid, si->base, si->size, si->name); 847 848 if (!soinfo_link_image(si)) { 849 munmap((void *)si->base, si->size); 850 return NULL; 851 } 852 853 return si; 854} 855 856static soinfo *find_loaded_library(const char *name) 857{ 858 soinfo *si; 859 const char *bname; 860 861 // TODO: don't use basename only for determining libraries 862 // http://code.google.com/p/android/issues/detail?id=6670 863 864 bname = strrchr(name, '/'); 865 bname = bname ? bname + 1 : name; 866 867 for(si = solist; si != NULL; si = si->next){ 868 if(!strcmp(bname, si->name)) { 869 return si; 870 } 871 } 872 return NULL; 873} 874 875static soinfo* find_library_internal(const char* name) { 876 if (name == NULL) { 877 return somain; 878 } 879 880 soinfo* si = find_loaded_library(name); 881 if (si != NULL) { 882 if (si->flags & FLAG_ERROR) { 883 DL_ERR("\"%s\" failed to load previously", name); 884 return NULL; 885 } 886 if (si->flags & FLAG_LINKED) { 887 return si; 888 } 889 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 890 return NULL; 891 } 892 893 TRACE("[ %5d '%s' has not been loaded yet. Locating...]\n", pid, name); 894 si = load_library(name); 895 if (si != NULL) { 896 si = init_library(si); 897 } 898 899 return si; 900} 901 902static soinfo* find_library(const char* name) { 903 soinfo* si = find_library_internal(name); 904 if (si != NULL) { 905 si->refcount++; 906 } 907 return si; 908} 909 910static int soinfo_unload(soinfo* si) { 911 if (si->refcount == 1) { 912 TRACE("%5d unloading '%s'\n", pid, si->name); 913 si->CallDestructors(); 914 915 for (unsigned* d = si->dynamic; *d; d += 2) { 916 if (d[0] == DT_NEEDED) { 917 soinfo* lsi = find_loaded_library(si->strtab + d[1]); 918 if (lsi != NULL) { 919 TRACE("%5d %s needs to unload %s\n", pid, si->name, lsi->name); 920 soinfo_unload(lsi); 921 } else { 922 // TODO: should we return -1 in this case? 923 DL_ERR("\"%s\": could not unload dependent library", si->name); 924 } 925 } 926 } 927 928 munmap(reinterpret_cast<void*>(si->base), si->size); 929 notify_gdb_of_unload(si); 930 soinfo_free(si); 931 si->refcount = 0; 932 } else { 933 si->refcount--; 934 PRINT("%5d not unloading '%s', decrementing refcount to %d\n", 935 pid, si->name, si->refcount); 936 } 937 return 0; 938} 939 940soinfo* do_dlopen(const char* name) { 941 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 942 soinfo* si = find_library(name); 943 if (si != NULL) { 944 si->CallConstructors(); 945 } 946 set_soinfo_pool_protection(PROT_READ); 947 return si; 948} 949 950int do_dlclose(soinfo* si) { 951 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 952 int result = soinfo_unload(si); 953 set_soinfo_pool_protection(PROT_READ); 954 return result; 955} 956 957/* TODO: don't use unsigned for addrs below. It works, but is not 958 * ideal. They should probably be either uint32_t, Elf32_Addr, or unsigned 959 * long. 960 */ 961static int soinfo_relocate(soinfo *si, Elf32_Rel *rel, unsigned count, 962 soinfo *needed[]) 963{ 964 Elf32_Sym *symtab = si->symtab; 965 const char *strtab = si->strtab; 966 Elf32_Sym *s; 967 Elf32_Rel *start = rel; 968 soinfo *lsi; 969 970 for (size_t idx = 0; idx < count; ++idx, ++rel) { 971 unsigned type = ELF32_R_TYPE(rel->r_info); 972 unsigned sym = ELF32_R_SYM(rel->r_info); 973 unsigned reloc = (unsigned)(rel->r_offset + si->load_bias); 974 unsigned sym_addr = 0; 975 char *sym_name = NULL; 976 977 DEBUG("%5d Processing '%s' relocation at index %d\n", pid, 978 si->name, idx); 979 if (type == 0) { // R_*_NONE 980 continue; 981 } 982 if(sym != 0) { 983 sym_name = (char *)(strtab + symtab[sym].st_name); 984 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 985 if(s == NULL) { 986 /* We only allow an undefined symbol if this is a weak 987 reference.. */ 988 s = &symtab[sym]; 989 if (ELF32_ST_BIND(s->st_info) != STB_WEAK) { 990 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 991 return -1; 992 } 993 994 /* IHI0044C AAELF 4.5.1.1: 995 996 Libraries are not searched to resolve weak references. 997 It is not an error for a weak reference to remain 998 unsatisfied. 999 1000 During linking, the value of an undefined weak reference is: 1001 - Zero if the relocation type is absolute 1002 - The address of the place if the relocation is pc-relative 1003 - The address of nominal base address if the relocation 1004 type is base-relative. 1005 */ 1006 1007 switch (type) { 1008#if defined(ANDROID_ARM_LINKER) 1009 case R_ARM_JUMP_SLOT: 1010 case R_ARM_GLOB_DAT: 1011 case R_ARM_ABS32: 1012 case R_ARM_RELATIVE: /* Don't care. */ 1013#elif defined(ANDROID_X86_LINKER) 1014 case R_386_JMP_SLOT: 1015 case R_386_GLOB_DAT: 1016 case R_386_32: 1017 case R_386_RELATIVE: /* Dont' care. */ 1018#endif /* ANDROID_*_LINKER */ 1019 /* sym_addr was initialized to be zero above or relocation 1020 code below does not care about value of sym_addr. 1021 No need to do anything. */ 1022 break; 1023 1024#if defined(ANDROID_X86_LINKER) 1025 case R_386_PC32: 1026 sym_addr = reloc; 1027 break; 1028#endif /* ANDROID_X86_LINKER */ 1029 1030#if defined(ANDROID_ARM_LINKER) 1031 case R_ARM_COPY: 1032 /* Fall through. Can't really copy if weak symbol is 1033 not found in run-time. */ 1034#endif /* ANDROID_ARM_LINKER */ 1035 default: 1036 DL_ERR("unknown weak reloc type %d @ %p (%d)", 1037 type, rel, (int) (rel - start)); 1038 return -1; 1039 } 1040 } else { 1041 /* We got a definition. */ 1042#if 0 1043 if((base == 0) && (si->base != 0)){ 1044 /* linking from libraries to main image is bad */ 1045 DL_ERR("cannot locate \"%s\"...", 1046 strtab + symtab[sym].st_name); 1047 return -1; 1048 } 1049#endif 1050 sym_addr = (unsigned)(s->st_value + lsi->load_bias); 1051 } 1052 count_relocation(kRelocSymbol); 1053 } else { 1054 s = NULL; 1055 } 1056 1057/* TODO: This is ugly. Split up the relocations by arch into 1058 * different files. 1059 */ 1060 switch(type){ 1061#if defined(ANDROID_ARM_LINKER) 1062 case R_ARM_JUMP_SLOT: 1063 count_relocation(kRelocAbsolute); 1064 MARK(rel->r_offset); 1065 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1066 reloc, sym_addr, sym_name); 1067 *((unsigned*)reloc) = sym_addr; 1068 break; 1069 case R_ARM_GLOB_DAT: 1070 count_relocation(kRelocAbsolute); 1071 MARK(rel->r_offset); 1072 TRACE_TYPE(RELO, "%5d RELO GLOB_DAT %08x <- %08x %s\n", pid, 1073 reloc, sym_addr, sym_name); 1074 *((unsigned*)reloc) = sym_addr; 1075 break; 1076 case R_ARM_ABS32: 1077 count_relocation(kRelocAbsolute); 1078 MARK(rel->r_offset); 1079 TRACE_TYPE(RELO, "%5d RELO ABS %08x <- %08x %s\n", pid, 1080 reloc, sym_addr, sym_name); 1081 *((unsigned*)reloc) += sym_addr; 1082 break; 1083 case R_ARM_REL32: 1084 count_relocation(kRelocRelative); 1085 MARK(rel->r_offset); 1086 TRACE_TYPE(RELO, "%5d RELO REL32 %08x <- %08x - %08x %s\n", pid, 1087 reloc, sym_addr, rel->r_offset, sym_name); 1088 *((unsigned*)reloc) += sym_addr - rel->r_offset; 1089 break; 1090#elif defined(ANDROID_X86_LINKER) 1091 case R_386_JMP_SLOT: 1092 count_relocation(kRelocAbsolute); 1093 MARK(rel->r_offset); 1094 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1095 reloc, sym_addr, sym_name); 1096 *((unsigned*)reloc) = sym_addr; 1097 break; 1098 case R_386_GLOB_DAT: 1099 count_relocation(kRelocAbsolute); 1100 MARK(rel->r_offset); 1101 TRACE_TYPE(RELO, "%5d RELO GLOB_DAT %08x <- %08x %s\n", pid, 1102 reloc, sym_addr, sym_name); 1103 *((unsigned*)reloc) = sym_addr; 1104 break; 1105#elif defined(ANDROID_MIPS_LINKER) 1106 case R_MIPS_JUMP_SLOT: 1107 count_relocation(kRelocAbsolute); 1108 MARK(rel->r_offset); 1109 TRACE_TYPE(RELO, "%5d RELO JMP_SLOT %08x <- %08x %s\n", pid, 1110 reloc, sym_addr, sym_name); 1111 *((unsigned*)reloc) = sym_addr; 1112 break; 1113 case R_MIPS_REL32: 1114 count_relocation(kRelocAbsolute); 1115 MARK(rel->r_offset); 1116 TRACE_TYPE(RELO, "%5d RELO REL32 %08x <- %08x %s\n", pid, 1117 reloc, sym_addr, (sym_name) ? sym_name : "*SECTIONHDR*"); 1118 if (s) { 1119 *((unsigned*)reloc) += sym_addr; 1120 } else { 1121 *((unsigned*)reloc) += si->base; 1122 } 1123 break; 1124#endif /* ANDROID_*_LINKER */ 1125 1126#if defined(ANDROID_ARM_LINKER) 1127 case R_ARM_RELATIVE: 1128#elif defined(ANDROID_X86_LINKER) 1129 case R_386_RELATIVE: 1130#endif /* ANDROID_*_LINKER */ 1131 count_relocation(kRelocRelative); 1132 MARK(rel->r_offset); 1133 if (sym) { 1134 DL_ERR("odd RELATIVE form...", pid); 1135 return -1; 1136 } 1137 TRACE_TYPE(RELO, "%5d RELO RELATIVE %08x <- +%08x\n", pid, 1138 reloc, si->base); 1139 *((unsigned*)reloc) += si->base; 1140 break; 1141 1142#if defined(ANDROID_X86_LINKER) 1143 case R_386_32: 1144 count_relocation(kRelocRelative); 1145 MARK(rel->r_offset); 1146 1147 TRACE_TYPE(RELO, "%5d RELO R_386_32 %08x <- +%08x %s\n", pid, 1148 reloc, sym_addr, sym_name); 1149 *((unsigned *)reloc) += (unsigned)sym_addr; 1150 break; 1151 1152 case R_386_PC32: 1153 count_relocation(kRelocRelative); 1154 MARK(rel->r_offset); 1155 TRACE_TYPE(RELO, "%5d RELO R_386_PC32 %08x <- " 1156 "+%08x (%08x - %08x) %s\n", pid, reloc, 1157 (sym_addr - reloc), sym_addr, reloc, sym_name); 1158 *((unsigned *)reloc) += (unsigned)(sym_addr - reloc); 1159 break; 1160#endif /* ANDROID_X86_LINKER */ 1161 1162#ifdef ANDROID_ARM_LINKER 1163 case R_ARM_COPY: 1164 if ((si->flags & FLAG_EXE) == 0) { 1165 /* 1166 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1167 * 1168 * Section 4.7.1.10 "Dynamic relocations" 1169 * R_ARM_COPY may only appear in executable objects where e_type is 1170 * set to ET_EXEC. 1171 * 1172 * TODO: FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1173 * We should explicitly disallow ET_DYN executables from having 1174 * R_ARM_COPY relocations. 1175 */ 1176 DL_ERR("%s R_ARM_COPY relocations only supported for ET_EXEC", si->name); 1177 return -1; 1178 } 1179 count_relocation(kRelocCopy); 1180 MARK(rel->r_offset); 1181 TRACE_TYPE(RELO, "%5d RELO %08x <- %d @ %08x %s\n", pid, 1182 reloc, s->st_size, sym_addr, sym_name); 1183 if (reloc == sym_addr) { 1184 Elf32_Sym *src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1185 1186 if (src == NULL) { 1187 DL_ERR("%s R_ARM_COPY relocation source cannot be resolved", si->name); 1188 return -1; 1189 } 1190 if (lsi->has_DT_SYMBOLIC) { 1191 DL_ERR("%s invalid R_ARM_COPY relocation against DT_SYMBOLIC shared " 1192 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1193 return -1; 1194 } 1195 if (s->st_size < src->st_size) { 1196 DL_ERR("%s R_ARM_COPY relocation size mismatch (%d < %d)", 1197 si->name, s->st_size, src->st_size); 1198 return -1; 1199 } 1200 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1201 } else { 1202 DL_ERR("%s R_ARM_COPY relocation target cannot be resolved", si->name); 1203 return -1; 1204 } 1205 break; 1206#endif /* ANDROID_ARM_LINKER */ 1207 1208 default: 1209 DL_ERR("unknown reloc type %d @ %p (%d)", 1210 type, rel, (int) (rel - start)); 1211 return -1; 1212 } 1213 } 1214 return 0; 1215} 1216 1217#ifdef ANDROID_MIPS_LINKER 1218static int mips_relocate_got(soinfo* si, soinfo* needed[]) { 1219 unsigned *got; 1220 unsigned local_gotno, gotsym, symtabno; 1221 Elf32_Sym *symtab, *sym; 1222 unsigned g; 1223 1224 got = si->plt_got; 1225 local_gotno = si->mips_local_gotno; 1226 gotsym = si->mips_gotsym; 1227 symtabno = si->mips_symtabno; 1228 symtab = si->symtab; 1229 1230 /* 1231 * got[0] is address of lazy resolver function 1232 * got[1] may be used for a GNU extension 1233 * set it to a recognizable address in case someone calls it 1234 * (should be _rtld_bind_start) 1235 * FIXME: maybe this should be in a separate routine 1236 */ 1237 1238 if ((si->flags & FLAG_LINKER) == 0) { 1239 g = 0; 1240 got[g++] = 0xdeadbeef; 1241 if (got[g] & 0x80000000) { 1242 got[g++] = 0xdeadfeed; 1243 } 1244 /* 1245 * Relocate the local GOT entries need to be relocated 1246 */ 1247 for (; g < local_gotno; g++) { 1248 got[g] += si->load_bias; 1249 } 1250 } 1251 1252 /* Now for the global GOT entries */ 1253 sym = symtab + gotsym; 1254 got = si->plt_got + local_gotno; 1255 for (g = gotsym; g < symtabno; g++, sym++, got++) { 1256 const char *sym_name; 1257 Elf32_Sym *s; 1258 soinfo *lsi; 1259 1260 /* This is an undefined reference... try to locate it */ 1261 sym_name = si->strtab + sym->st_name; 1262 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1263 if (s == NULL) { 1264 /* We only allow an undefined symbol if this is a weak 1265 reference.. */ 1266 s = &symtab[g]; 1267 if (ELF32_ST_BIND(s->st_info) != STB_WEAK) { 1268 DL_ERR("cannot locate \"%s\"...", sym_name); 1269 return -1; 1270 } 1271 *got = 0; 1272 } 1273 else { 1274 /* FIXME: is this sufficient? 1275 * For reference see NetBSD link loader 1276 * http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1277 */ 1278 *got = lsi->load_bias + s->st_value; 1279 } 1280 } 1281 return 0; 1282} 1283#endif 1284 1285/* Please read the "Initialization and Termination functions" functions. 1286 * of the linker design note in bionic/linker/README.TXT to understand 1287 * what the following code is doing. 1288 * 1289 * The important things to remember are: 1290 * 1291 * DT_PREINIT_ARRAY must be called first for executables, and should 1292 * not appear in shared libraries. 1293 * 1294 * DT_INIT should be called before DT_INIT_ARRAY if both are present 1295 * 1296 * DT_FINI should be called after DT_FINI_ARRAY if both are present 1297 * 1298 * DT_FINI_ARRAY must be parsed in reverse order. 1299 */ 1300void soinfo::CallArray(const char* array_name UNUSED, unsigned* array, int count, bool reverse) { 1301 if (array == NULL) { 1302 return; 1303 } 1304 1305 int step = 1; 1306 if (reverse) { 1307 array += (count-1); 1308 step = -1; 1309 } 1310 1311 TRACE("[ %5d Calling %s @ %p [%d] for '%s' ]\n", pid, array_name, array, count, name); 1312 1313 for (int n = count; n > 0; n--) { 1314 TRACE("[ %5d Looking at %s[%d] *%p == 0x%08x ]\n", pid, array_name, n, array, *array); 1315 void (*func)() = (void (*)()) *array; 1316 array += step; 1317 if (((int) func == 0) || ((int) func == -1)) { 1318 continue; 1319 } 1320 TRACE("[ %5d Calling func @ %p ]\n", pid, func); 1321 func(); 1322 } 1323 1324 TRACE("[ %5d Done calling %s for '%s' ]\n", pid, array_name, name); 1325} 1326 1327void soinfo::CallFunction(const char* function_name UNUSED, void (*function)()) { 1328 if (function == NULL) { 1329 return; 1330 } 1331 1332 TRACE("[ %5d Calling %s @ %p for '%s' ]\n", pid, function_name, function, name); 1333 function(); 1334 TRACE("[ %5d Done calling %s for '%s' ]\n", pid, function_name, name); 1335} 1336 1337void soinfo::CallPreInitConstructors() { 1338 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1339} 1340 1341void soinfo::CallConstructors() { 1342 if (constructors_called) { 1343 return; 1344 } 1345 1346 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1347 // protect against recursive constructor calls. One simple example of constructor recursion 1348 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1349 // 1. The program depends on libc, so libc's constructor is called here. 1350 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1351 // 3. dlopen() calls the constructors on the newly created 1352 // soinfo for libc_malloc_debug_leak.so. 1353 // 4. The debug .so depends on libc, so CallConstructors is 1354 // called again with the libc soinfo. If it doesn't trigger the early- 1355 // out above, the libc constructor will be called again (recursively!). 1356 constructors_called = true; 1357 1358 if (!(flags & FLAG_EXE) && preinit_array) { 1359 DL_ERR("shared library \"%s\" has a preinit_array table @ %p", name, preinit_array); 1360 return; 1361 } 1362 1363 if (dynamic) { 1364 for (unsigned* d = dynamic; *d; d += 2) { 1365 if (d[0] == DT_NEEDED) { 1366 soinfo* lsi = find_loaded_library(strtab + d[1]); 1367 if (lsi == NULL) { 1368 DL_ERR("\"%s\": could not initialize dependent library", name); 1369 } else { 1370 lsi->CallConstructors(); 1371 } 1372 } 1373 } 1374 } 1375 1376 CallFunction("DT_INIT", init_func); 1377 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1378} 1379 1380void soinfo::CallDestructors() { 1381 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1382 CallFunction("DT_FINI", fini_func); 1383} 1384 1385/* Force any of the closed stdin, stdout and stderr to be associated with 1386 /dev/null. */ 1387static int nullify_closed_stdio() { 1388 int dev_null, i, status; 1389 int return_value = 0; 1390 1391 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1392 if (dev_null < 0) { 1393 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1394 return -1; 1395 } 1396 TRACE("[ %5d Opened /dev/null file-descriptor=%d]\n", pid, dev_null); 1397 1398 /* If any of the stdio file descriptors is valid and not associated 1399 with /dev/null, dup /dev/null to it. */ 1400 for (i = 0; i < 3; i++) { 1401 /* If it is /dev/null already, we are done. */ 1402 if (i == dev_null) { 1403 continue; 1404 } 1405 1406 TRACE("[ %5d Nullifying stdio file descriptor %d]\n", pid, i); 1407 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1408 1409 /* If file is opened, we are good. */ 1410 if (status != -1) { 1411 continue; 1412 } 1413 1414 /* The only error we allow is that the file descriptor does not 1415 exist, in which case we dup /dev/null to it. */ 1416 if (errno != EBADF) { 1417 DL_ERR("fcntl failed: %s", strerror(errno)); 1418 return_value = -1; 1419 continue; 1420 } 1421 1422 /* Try dupping /dev/null to this stdio file descriptor and 1423 repeat if there is a signal. Note that any errors in closing 1424 the stdio descriptor are lost. */ 1425 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1426 if (status < 0) { 1427 DL_ERR("dup2 failed: %s", strerror(errno)); 1428 return_value = -1; 1429 continue; 1430 } 1431 } 1432 1433 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1434 if (dev_null > 2) { 1435 TRACE("[ %5d Closing /dev/null file-descriptor=%d]\n", pid, dev_null); 1436 status = TEMP_FAILURE_RETRY(close(dev_null)); 1437 if (status == -1) { 1438 DL_ERR("close failed: %s", strerror(errno)); 1439 return_value = -1; 1440 } 1441 } 1442 1443 return return_value; 1444} 1445 1446static bool soinfo_link_image(soinfo* si) { 1447 si->flags |= FLAG_ERROR; 1448 1449 /* "base" might wrap around UINT32_MAX. */ 1450 Elf32_Addr base = si->load_bias; 1451 const Elf32_Phdr *phdr = si->phdr; 1452 int phnum = si->phnum; 1453 int relocating_linker = (si->flags & FLAG_LINKER) != 0; 1454 soinfo **needed, **pneeded; 1455 1456 /* We can't debug anything until the linker is relocated */ 1457 if (!relocating_linker) { 1458 INFO("[ %5d linking %s ]\n", pid, si->name); 1459 DEBUG("%5d si->base = 0x%08x si->flags = 0x%08x\n", pid, 1460 si->base, si->flags); 1461 } 1462 1463 /* Extract dynamic section */ 1464 size_t dynamic_count; 1465 phdr_table_get_dynamic_section(phdr, phnum, base, &si->dynamic, 1466 &dynamic_count); 1467 if (si->dynamic == NULL) { 1468 if (!relocating_linker) { 1469 DL_ERR("missing PT_DYNAMIC in \"%s\"", si->name); 1470 } 1471 return false; 1472 } else { 1473 if (!relocating_linker) { 1474 DEBUG("%5d dynamic = %p\n", pid, si->dynamic); 1475 } 1476 } 1477 1478#ifdef ANDROID_ARM_LINKER 1479 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1480 &si->ARM_exidx, &si->ARM_exidx_count); 1481#endif 1482 1483 /* extract useful information from dynamic section */ 1484 for (unsigned* d = si->dynamic; *d; ++d) { 1485 DEBUG("%5d d = %p, d[0] = 0x%08x d[1] = 0x%08x\n", pid, d, d[0], d[1]); 1486 switch(*d++){ 1487 case DT_HASH: 1488 si->nbucket = ((unsigned *) (base + *d))[0]; 1489 si->nchain = ((unsigned *) (base + *d))[1]; 1490 si->bucket = (unsigned *) (base + *d + 8); 1491 si->chain = (unsigned *) (base + *d + 8 + si->nbucket * 4); 1492 break; 1493 case DT_STRTAB: 1494 si->strtab = (const char *) (base + *d); 1495 break; 1496 case DT_SYMTAB: 1497 si->symtab = (Elf32_Sym *) (base + *d); 1498 break; 1499 case DT_PLTREL: 1500 if(*d != DT_REL) { 1501 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1502 return false; 1503 } 1504 break; 1505 case DT_JMPREL: 1506 si->plt_rel = (Elf32_Rel*) (base + *d); 1507 break; 1508 case DT_PLTRELSZ: 1509 si->plt_rel_count = *d / 8; 1510 break; 1511 case DT_REL: 1512 si->rel = (Elf32_Rel*) (base + *d); 1513 break; 1514 case DT_RELSZ: 1515 si->rel_count = *d / 8; 1516 break; 1517 case DT_PLTGOT: 1518 /* Save this in case we decide to do lazy binding. We don't yet. */ 1519 si->plt_got = (unsigned *)(base + *d); 1520 break; 1521 case DT_DEBUG: 1522#if !defined(ANDROID_MIPS_LINKER) 1523 // Set the DT_DEBUG entry to the address of _r_debug for GDB 1524 *d = (int) &_r_debug; 1525#endif 1526 break; 1527 case DT_RELA: 1528 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1529 return false; 1530 case DT_INIT: 1531 si->init_func = (void (*)(void))(base + *d); 1532 DEBUG("%5d %s constructors (init func) found at %p\n", 1533 pid, si->name, si->init_func); 1534 break; 1535 case DT_FINI: 1536 si->fini_func = (void (*)(void))(base + *d); 1537 DEBUG("%5d %s destructors (fini func) found at %p\n", 1538 pid, si->name, si->fini_func); 1539 break; 1540 case DT_INIT_ARRAY: 1541 si->init_array = (unsigned *)(base + *d); 1542 DEBUG("%5d %s constructors (init_array) found at %p\n", 1543 pid, si->name, si->init_array); 1544 break; 1545 case DT_INIT_ARRAYSZ: 1546 si->init_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1547 break; 1548 case DT_FINI_ARRAY: 1549 si->fini_array = (unsigned *)(base + *d); 1550 DEBUG("%5d %s destructors (fini_array) found at %p\n", 1551 pid, si->name, si->fini_array); 1552 break; 1553 case DT_FINI_ARRAYSZ: 1554 si->fini_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1555 break; 1556 case DT_PREINIT_ARRAY: 1557 si->preinit_array = (unsigned *)(base + *d); 1558 DEBUG("%5d %s constructors (preinit_array) found at %p\n", 1559 pid, si->name, si->preinit_array); 1560 break; 1561 case DT_PREINIT_ARRAYSZ: 1562 si->preinit_array_count = ((unsigned)*d) / sizeof(Elf32_Addr); 1563 break; 1564 case DT_TEXTREL: 1565 si->has_text_relocations = true; 1566 break; 1567 case DT_SYMBOLIC: 1568 si->has_DT_SYMBOLIC = true; 1569 break; 1570#if defined(DT_FLAGS) 1571 case DT_FLAGS: 1572 if (*d & DF_TEXTREL) { 1573 si->has_text_relocations = true; 1574 } 1575 if (*d & DF_SYMBOLIC) { 1576 si->has_DT_SYMBOLIC = true; 1577 } 1578 break; 1579#endif 1580#if defined(ANDROID_MIPS_LINKER) 1581 case DT_NEEDED: 1582 case DT_STRSZ: 1583 case DT_SYMENT: 1584 case DT_RELENT: 1585 break; 1586 case DT_MIPS_RLD_MAP: 1587 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 1588 { 1589 r_debug** dp = (r_debug**) *d; 1590 *dp = &_r_debug; 1591 } 1592 break; 1593 case DT_MIPS_RLD_VERSION: 1594 case DT_MIPS_FLAGS: 1595 case DT_MIPS_BASE_ADDRESS: 1596 case DT_MIPS_UNREFEXTNO: 1597 case DT_MIPS_RWPLT: 1598 break; 1599 1600 case DT_MIPS_PLTGOT: 1601#if 0 1602 /* not yet... */ 1603 si->mips_pltgot = (unsigned *)(si->base + *d); 1604#endif 1605 break; 1606 1607 case DT_MIPS_SYMTABNO: 1608 si->mips_symtabno = *d; 1609 break; 1610 1611 case DT_MIPS_LOCAL_GOTNO: 1612 si->mips_local_gotno = *d; 1613 break; 1614 1615 case DT_MIPS_GOTSYM: 1616 si->mips_gotsym = *d; 1617 break; 1618 1619 default: 1620 DEBUG("%5d Unused DT entry: type 0x%08x arg 0x%08x\n", 1621 pid, d[-1], d[0]); 1622 break; 1623#endif 1624 } 1625 } 1626 1627 DEBUG("%5d si->base = 0x%08x, si->strtab = %p, si->symtab = %p\n", 1628 pid, si->base, si->strtab, si->symtab); 1629 1630 // Sanity checks. 1631 if (si->nbucket == 0) { 1632 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", si->name); 1633 return false; 1634 } 1635 if (si->strtab == 0) { 1636 DL_ERR("empty/missing DT_STRTAB in \"%s\"", si->name); 1637 return false; 1638 } 1639 if (si->symtab == 0) { 1640 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", si->name); 1641 return false; 1642 } 1643 1644 /* if this is the main executable, then load all of the preloads now */ 1645 if (si->flags & FLAG_EXE) { 1646 memset(preloads, 0, sizeof(preloads)); 1647 for (size_t i = 0; gLdPreloadNames[i] != NULL; i++) { 1648 soinfo* lsi = find_library(gLdPreloadNames[i]); 1649 if (lsi == NULL) { 1650 strlcpy(tmp_err_buf, linker_get_error(), sizeof(tmp_err_buf)); 1651 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1652 gLdPreloadNames[i], si->name, tmp_err_buf); 1653 return false; 1654 } 1655 preloads[i] = lsi; 1656 } 1657 } 1658 1659 /* dynamic_count is an upper bound for the number of needed libs */ 1660 pneeded = needed = (soinfo**) alloca((1 + dynamic_count) * sizeof(soinfo*)); 1661 1662 for (unsigned* d = si->dynamic; *d; d += 2) { 1663 if (d[0] == DT_NEEDED) { 1664 DEBUG("%5d %s needs %s\n", pid, si->name, si->strtab + d[1]); 1665 soinfo* lsi = find_library(si->strtab + d[1]); 1666 if (lsi == NULL) { 1667 strlcpy(tmp_err_buf, linker_get_error(), sizeof(tmp_err_buf)); 1668 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1669 si->strtab + d[1], si->name, tmp_err_buf); 1670 return false; 1671 } 1672 *pneeded++ = lsi; 1673 } 1674 } 1675 *pneeded = NULL; 1676 1677 if (si->has_text_relocations) { 1678 /* Unprotect the segments, i.e. make them writable, to allow 1679 * text relocations to work properly. We will later call 1680 * phdr_table_protect_segments() after all of them are applied 1681 * and all constructors are run. 1682 */ 1683 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1684 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1685 si->name, strerror(errno)); 1686 return false; 1687 } 1688 } 1689 1690 if (si->plt_rel) { 1691 DEBUG("[ %5d relocating %s plt ]\n", pid, si->name ); 1692 if(soinfo_relocate(si, si->plt_rel, si->plt_rel_count, needed)) { 1693 return false; 1694 } 1695 } 1696 if (si->rel) { 1697 DEBUG("[ %5d relocating %s ]\n", pid, si->name ); 1698 if(soinfo_relocate(si, si->rel, si->rel_count, needed)) { 1699 return false; 1700 } 1701 } 1702 1703#ifdef ANDROID_MIPS_LINKER 1704 if (mips_relocate_got(si, needed)) { 1705 return false; 1706 } 1707#endif 1708 1709 si->flags |= FLAG_LINKED; 1710 DEBUG("[ %5d finished linking %s ]\n", pid, si->name); 1711 1712 if (si->has_text_relocations) { 1713 /* All relocations are done, we can protect our segments back to 1714 * read-only. */ 1715 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1716 DL_ERR("can't protect segments for \"%s\": %s", 1717 si->name, strerror(errno)); 1718 return false; 1719 } 1720 } 1721 1722 /* We can also turn on GNU RELRO protection */ 1723 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1724 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1725 si->name, strerror(errno)); 1726 return false; 1727 } 1728 1729 // If this is a setuid/setgid program, close the security hole described in 1730 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 1731 if (get_AT_SECURE()) { 1732 nullify_closed_stdio(); 1733 } 1734 notify_gdb_of_load(si); 1735 si->flags &= ~FLAG_ERROR; 1736 return true; 1737} 1738 1739static void parse_path(const char* path, const char* delimiters, 1740 const char** array, char* buf, size_t buf_size, size_t max_count) 1741{ 1742 if (path == NULL) { 1743 return; 1744 } 1745 1746 size_t len = strlcpy(buf, path, buf_size); 1747 1748 size_t i = 0; 1749 char* buf_p = buf; 1750 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 1751 if (*array[i] != '\0') { 1752 ++i; 1753 } 1754 } 1755 1756 // Forget the last path if we had to truncate; this occurs if the 2nd to 1757 // last char isn't '\0' (i.e. wasn't originally a delimiter). 1758 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 1759 array[i - 1] = NULL; 1760 } else { 1761 array[i] = NULL; 1762 } 1763} 1764 1765static void parse_LD_LIBRARY_PATH(const char* path) { 1766 parse_path(path, ":", gLdPaths, 1767 gLdPathsBuffer, sizeof(gLdPathsBuffer), LDPATH_MAX); 1768} 1769 1770static void parse_LD_PRELOAD(const char* path) { 1771 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 1772 parse_path(path, " :", gLdPreloadNames, 1773 gLdPreloadsBuffer, sizeof(gLdPreloadsBuffer), LDPRELOAD_MAX); 1774} 1775 1776/* 1777 * This code is called after the linker has linked itself and 1778 * fixed it's own GOT. It is safe to make references to externs 1779 * and other non-local data at this point. 1780 */ 1781static unsigned __linker_init_post_relocation(unsigned **elfdata, unsigned linker_base) 1782{ 1783 static soinfo linker_soinfo; 1784 1785 int argc = (int) *elfdata; 1786 char **argv = (char**) (elfdata + 1); 1787 unsigned *vecs = (unsigned*) (argv + argc + 1); 1788 1789 /* NOTE: we store the elfdata pointer on a special location 1790 * of the temporary TLS area in order to pass it to 1791 * the C Library's runtime initializer. 1792 * 1793 * The initializer must clear the slot and reset the TLS 1794 * to point to a different location to ensure that no other 1795 * shared library constructor can access it. 1796 */ 1797 __libc_init_tls(elfdata); 1798 1799 pid = getpid(); 1800 1801#if TIMING 1802 struct timeval t0, t1; 1803 gettimeofday(&t0, 0); 1804#endif 1805 1806 // Initialize environment functions, and get to the ELF aux vectors table. 1807 vecs = linker_env_init(vecs); 1808 1809 debugger_init(); 1810 1811 // Get a few environment variables. 1812#if LINKER_DEBUG 1813 { 1814 const char* env = linker_env_get("LD_DEBUG"); 1815 if (env != NULL) { 1816 debug_verbosity = atoi(env); 1817 } 1818 } 1819#endif 1820 1821 // Normally, these are cleaned by linker_env_init, but the test 1822 // doesn't cost us anything. 1823 const char* ldpath_env = NULL; 1824 const char* ldpreload_env = NULL; 1825 if (!get_AT_SECURE()) { 1826 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 1827 ldpreload_env = linker_env_get("LD_PRELOAD"); 1828 } 1829 1830 INFO("[ android linker & debugger ]\n"); 1831 DEBUG("%5d elfdata @ 0x%08x\n", pid, (unsigned)elfdata); 1832 1833 soinfo* si = soinfo_alloc(argv[0]); 1834 if (si == NULL) { 1835 exit(EXIT_FAILURE); 1836 } 1837 1838 /* bootstrap the link map, the main exe always needs to be first */ 1839 si->flags |= FLAG_EXE; 1840 link_map* map = &(si->linkmap); 1841 1842 map->l_addr = 0; 1843 map->l_name = argv[0]; 1844 map->l_prev = NULL; 1845 map->l_next = NULL; 1846 1847 _r_debug.r_map = map; 1848 r_debug_tail = map; 1849 1850 /* gdb expects the linker to be in the debug shared object list. 1851 * Without this, gdb has trouble locating the linker's ".text" 1852 * and ".plt" sections. Gdb could also potentially use this to 1853 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 1854 * Don't use soinfo_alloc(), because the linker shouldn't 1855 * be on the soinfo list. 1856 */ 1857 strlcpy((char*) linker_soinfo.name, "/system/bin/linker", sizeof linker_soinfo.name); 1858 linker_soinfo.flags = 0; 1859 linker_soinfo.base = linker_base; 1860 /* 1861 * Set the dynamic field in the link map otherwise gdb will complain with 1862 * the following: 1863 * warning: .dynamic section for "/system/bin/linker" is not at the 1864 * expected address (wrong library or version mismatch?) 1865 */ 1866 Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *) linker_base; 1867 Elf32_Phdr *phdr = 1868 (Elf32_Phdr *)((unsigned char *) linker_base + elf_hdr->e_phoff); 1869 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 1870 &linker_soinfo.dynamic, NULL); 1871 insert_soinfo_into_debug_map(&linker_soinfo); 1872 1873 /* extract information passed from the kernel */ 1874 while (vecs[0] != 0){ 1875 switch(vecs[0]){ 1876 case AT_PHDR: 1877 si->phdr = (Elf32_Phdr*) vecs[1]; 1878 break; 1879 case AT_PHNUM: 1880 si->phnum = (int) vecs[1]; 1881 break; 1882 case AT_ENTRY: 1883 si->entry = vecs[1]; 1884 break; 1885 } 1886 vecs += 2; 1887 } 1888 1889 /* Compute the value of si->base. We can't rely on the fact that 1890 * the first entry is the PHDR because this will not be true 1891 * for certain executables (e.g. some in the NDK unit test suite) 1892 */ 1893 int nn; 1894 si->base = 0; 1895 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1896 si->load_bias = 0; 1897 for ( nn = 0; nn < si->phnum; nn++ ) { 1898 if (si->phdr[nn].p_type == PT_PHDR) { 1899 si->load_bias = (Elf32_Addr)si->phdr - si->phdr[nn].p_vaddr; 1900 si->base = (Elf32_Addr) si->phdr - si->phdr[nn].p_offset; 1901 break; 1902 } 1903 } 1904 si->dynamic = (unsigned *)-1; 1905 si->refcount = 1; 1906 1907 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 1908 parse_LD_LIBRARY_PATH(ldpath_env); 1909 parse_LD_PRELOAD(ldpreload_env); 1910 1911 somain = si; 1912 1913 if (!soinfo_link_image(si)) { 1914 char errmsg[] = "CANNOT LINK EXECUTABLE\n"; 1915 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 1916 write(2, errmsg, sizeof(errmsg)); 1917 exit(EXIT_FAILURE); 1918 } 1919 1920 si->CallPreInitConstructors(); 1921 1922 for (size_t i = 0; preloads[i] != NULL; ++i) { 1923 preloads[i]->CallConstructors(); 1924 } 1925 1926 /*After the link_image, the si->base is initialized. 1927 *For so lib, the map->l_addr will be updated in notify_gdb_of_load. 1928 *We need to update this value for so exe here. So Unwind_Backtrace 1929 *for some arch like x86 could work correctly within so exe. 1930 */ 1931 map->l_addr = si->base; 1932 si->CallConstructors(); 1933 1934#if TIMING 1935 gettimeofday(&t1,NULL); 1936 PRINT("LINKER TIME: %s: %d microseconds\n", argv[0], (int) ( 1937 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 1938 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec) 1939 )); 1940#endif 1941#if STATS 1942 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol\n", argv[0], 1943 linker_stats.count[kRelocAbsolute], 1944 linker_stats.count[kRelocRelative], 1945 linker_stats.count[kRelocCopy], 1946 linker_stats.count[kRelocSymbol]); 1947#endif 1948#if COUNT_PAGES 1949 { 1950 unsigned n; 1951 unsigned i; 1952 unsigned count = 0; 1953 for(n = 0; n < 4096; n++){ 1954 if(bitmask[n]){ 1955 unsigned x = bitmask[n]; 1956 for(i = 0; i < 8; i++){ 1957 if(x & 1) count++; 1958 x >>= 1; 1959 } 1960 } 1961 } 1962 PRINT("PAGES MODIFIED: %s: %d (%dKB)\n", argv[0], count, count * 4); 1963 } 1964#endif 1965 1966#if TIMING || STATS || COUNT_PAGES 1967 fflush(stdout); 1968#endif 1969 1970 TRACE("[ %5d Ready to execute '%s' @ 0x%08x ]\n", pid, si->name, 1971 si->entry); 1972 return si->entry; 1973} 1974 1975/* 1976 * Find the value of AT_BASE passed to us by the kernel. This is the load 1977 * location of the linker. 1978 */ 1979static unsigned find_linker_base(unsigned **elfdata) { 1980 int argc = (int) *elfdata; 1981 char **argv = (char**) (elfdata + 1); 1982 unsigned *vecs = (unsigned*) (argv + argc + 1); 1983 while (vecs[0] != 0) { 1984 vecs++; 1985 } 1986 1987 /* The end of the environment block is marked by two NULL pointers */ 1988 vecs++; 1989 1990 while(vecs[0]) { 1991 if (vecs[0] == AT_BASE) { 1992 return vecs[1]; 1993 } 1994 vecs += 2; 1995 } 1996 1997 return 0; // should never happen 1998} 1999 2000/* Compute the load-bias of an existing executable. This shall only 2001 * be used to compute the load bias of an executable or shared library 2002 * that was loaded by the kernel itself. 2003 * 2004 * Input: 2005 * elf -> address of ELF header, assumed to be at the start of the file. 2006 * Return: 2007 * load bias, i.e. add the value of any p_vaddr in the file to get 2008 * the corresponding address in memory. 2009 */ 2010static Elf32_Addr 2011get_elf_exec_load_bias(const Elf32_Ehdr* elf) 2012{ 2013 Elf32_Addr offset = elf->e_phoff; 2014 const Elf32_Phdr* phdr_table = (const Elf32_Phdr*)((char*)elf + offset); 2015 const Elf32_Phdr* phdr_end = phdr_table + elf->e_phnum; 2016 const Elf32_Phdr* phdr; 2017 2018 for (phdr = phdr_table; phdr < phdr_end; phdr++) { 2019 if (phdr->p_type == PT_LOAD) { 2020 return (Elf32_Addr)elf + phdr->p_offset - phdr->p_vaddr; 2021 } 2022 } 2023 return 0; 2024} 2025 2026/* 2027 * This is the entry point for the linker, called from begin.S. This 2028 * method is responsible for fixing the linker's own relocations, and 2029 * then calling __linker_init_post_relocation(). 2030 * 2031 * Because this method is called before the linker has fixed it's own 2032 * relocations, any attempt to reference an extern variable, extern 2033 * function, or other GOT reference will generate a segfault. 2034 */ 2035extern "C" unsigned __linker_init(unsigned **elfdata) { 2036 unsigned linker_addr = find_linker_base(elfdata); 2037 Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *) linker_addr; 2038 Elf32_Phdr *phdr = 2039 (Elf32_Phdr *)((unsigned char *) linker_addr + elf_hdr->e_phoff); 2040 2041 soinfo linker_so; 2042 memset(&linker_so, 0, sizeof(soinfo)); 2043 2044 linker_so.base = linker_addr; 2045 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2046 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2047 linker_so.dynamic = (unsigned *) -1; 2048 linker_so.phdr = phdr; 2049 linker_so.phnum = elf_hdr->e_phnum; 2050 linker_so.flags |= FLAG_LINKER; 2051 2052 if (!soinfo_link_image(&linker_so)) { 2053 // It would be nice to print an error message, but if the linker 2054 // can't link itself, there's no guarantee that we'll be able to 2055 // call write() (because it involves a GOT reference). 2056 // 2057 // This situation should never occur unless the linker itself 2058 // is corrupt. 2059 exit(EXIT_FAILURE); 2060 } 2061 2062 // We have successfully fixed our own relocations. It's safe to run 2063 // the main part of the linker now. 2064 unsigned start_address = __linker_init_post_relocation(elfdata, linker_addr); 2065 2066 set_soinfo_pool_protection(PROT_READ); 2067 2068 // Return the address that the calling assembly stub should jump to. 2069 return start_address; 2070} 2071