linker.cpp revision ebd506c69e12b6dcaf5be94cc8ed1b53af299f9f
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <linux/auxvec.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/atomics.h> 38#include <sys/mman.h> 39#include <sys/stat.h> 40#include <unistd.h> 41 42// Private C library headers. 43#include "private/bionic_tls.h" 44#include "private/KernelArgumentBlock.h" 45#include "private/ScopedPthreadMutexLocker.h" 46 47#include "linker.h" 48#include "linker_debug.h" 49#include "linker_environ.h" 50#include "linker_phdr.h" 51 52/* Assume average path length of 64 and max 8 paths */ 53#define LDPATH_BUFSIZE 512 54#define LDPATH_MAX 8 55 56#define LDPRELOAD_BUFSIZE 512 57#define LDPRELOAD_MAX 8 58 59/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 60 * 61 * Do NOT use malloc() and friends or pthread_*() code here. 62 * Don't use printf() either; it's caused mysterious memory 63 * corruption in the past. 64 * The linker runs before we bring up libc and it's easiest 65 * to make sure it does not depend on any complex libc features 66 * 67 * open issues / todo: 68 * 69 * - are we doing everything we should for ARM_COPY relocations? 70 * - cleaner error reporting 71 * - after linking, set as much stuff as possible to READONLY 72 * and NOEXEC 73 */ 74 75static bool soinfo_link_image(soinfo* si); 76static Elf_Addr get_elf_exec_load_bias(const Elf_Ehdr* elf); 77 78// We can't use malloc(3) in the dynamic linker. We use a linked list of anonymous 79// maps, each a single page in size. The pages are broken up into as many struct soinfo 80// objects as will fit, and they're all threaded together on a free list. 81#define SOINFO_PER_POOL ((PAGE_SIZE - sizeof(soinfo_pool_t*)) / sizeof(soinfo)) 82struct soinfo_pool_t { 83 soinfo_pool_t* next; 84 soinfo info[SOINFO_PER_POOL]; 85}; 86static struct soinfo_pool_t* gSoInfoPools = NULL; 87static soinfo* gSoInfoFreeList = NULL; 88 89static soinfo* solist = &libdl_info; 90static soinfo* sonext = &libdl_info; 91static soinfo* somain; /* main process, always the one after libdl_info */ 92 93static const char* const gSoPaths[] = { 94#if defined(__LP64__) 95 "/vendor/lib64", 96 "/system/lib64", 97#else 98 "/vendor/lib", 99 "/system/lib", 100#endif 101 NULL 102}; 103 104static char gLdPathsBuffer[LDPATH_BUFSIZE]; 105static const char* gLdPaths[LDPATH_MAX + 1]; 106 107static char gLdPreloadsBuffer[LDPRELOAD_BUFSIZE]; 108static const char* gLdPreloadNames[LDPRELOAD_MAX + 1]; 109 110static soinfo* gLdPreloads[LDPRELOAD_MAX + 1]; 111 112__LIBC_HIDDEN__ int gLdDebugVerbosity; 113 114__LIBC_HIDDEN__ abort_msg_t* gAbortMessage = NULL; // For debuggerd. 115 116enum RelocationKind { 117 kRelocAbsolute = 0, 118 kRelocRelative, 119 kRelocCopy, 120 kRelocSymbol, 121 kRelocMax 122}; 123 124#if STATS 125struct linker_stats_t { 126 int count[kRelocMax]; 127}; 128 129static linker_stats_t linker_stats; 130 131static void count_relocation(RelocationKind kind) { 132 ++linker_stats.count[kind]; 133} 134#else 135static void count_relocation(RelocationKind) { 136} 137#endif 138 139#if COUNT_PAGES 140static unsigned bitmask[4096]; 141#define MARK(offset) \ 142 do { \ 143 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 144 } while(0) 145#else 146#define MARK(x) do {} while (0) 147#endif 148 149// You shouldn't try to call memory-allocating functions in the dynamic linker. 150// Guard against the most obvious ones. 151#define DISALLOW_ALLOCATION(return_type, name, ...) \ 152 return_type name __VA_ARGS__ \ 153 { \ 154 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 155 __libc_format_log(ANDROID_LOG_FATAL, "linker", "%s", msg); \ 156 write(2, msg, strlen(msg)); \ 157 abort(); \ 158 } 159#define UNUSED __attribute__((unused)) 160DISALLOW_ALLOCATION(void*, malloc, (size_t u UNUSED)); 161DISALLOW_ALLOCATION(void, free, (void* u UNUSED)); 162DISALLOW_ALLOCATION(void*, realloc, (void* u1 UNUSED, size_t u2 UNUSED)); 163DISALLOW_ALLOCATION(void*, calloc, (size_t u1 UNUSED, size_t u2 UNUSED)); 164 165static char tmp_err_buf[768]; 166static char __linker_dl_err_buf[768]; 167 168char* linker_get_error_buffer() { 169 return &__linker_dl_err_buf[0]; 170} 171 172size_t linker_get_error_buffer_size() { 173 return sizeof(__linker_dl_err_buf); 174} 175 176/* 177 * This function is an empty stub where GDB locates a breakpoint to get notified 178 * about linker activity. 179 */ 180extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 181 182static r_debug _r_debug = {1, NULL, &rtld_db_dlactivity, RT_CONSISTENT, 0}; 183static link_map_t* r_debug_tail = 0; 184 185static pthread_mutex_t gDebugMutex = PTHREAD_MUTEX_INITIALIZER; 186 187static void insert_soinfo_into_debug_map(soinfo * info) { 188 // Copy the necessary fields into the debug structure. 189 link_map_t* map = &(info->link_map); 190 map->l_addr = info->load_bias; 191 map->l_name = (char*) info->name; 192 map->l_ld = (uintptr_t)info->dynamic; 193 194 /* Stick the new library at the end of the list. 195 * gdb tends to care more about libc than it does 196 * about leaf libraries, and ordering it this way 197 * reduces the back-and-forth over the wire. 198 */ 199 if (r_debug_tail) { 200 r_debug_tail->l_next = map; 201 map->l_prev = r_debug_tail; 202 map->l_next = 0; 203 } else { 204 _r_debug.r_map = map; 205 map->l_prev = 0; 206 map->l_next = 0; 207 } 208 r_debug_tail = map; 209} 210 211static void remove_soinfo_from_debug_map(soinfo* info) { 212 link_map_t* map = &(info->link_map); 213 214 if (r_debug_tail == map) { 215 r_debug_tail = map->l_prev; 216 } 217 218 if (map->l_prev) { 219 map->l_prev->l_next = map->l_next; 220 } 221 if (map->l_next) { 222 map->l_next->l_prev = map->l_prev; 223 } 224} 225 226static void notify_gdb_of_load(soinfo* info) { 227 if (info->flags & FLAG_EXE) { 228 // GDB already knows about the main executable 229 return; 230 } 231 232 ScopedPthreadMutexLocker locker(&gDebugMutex); 233 234 _r_debug.r_state = RT_ADD; 235 rtld_db_dlactivity(); 236 237 insert_soinfo_into_debug_map(info); 238 239 _r_debug.r_state = RT_CONSISTENT; 240 rtld_db_dlactivity(); 241} 242 243static void notify_gdb_of_unload(soinfo* info) { 244 if (info->flags & FLAG_EXE) { 245 // GDB already knows about the main executable 246 return; 247 } 248 249 ScopedPthreadMutexLocker locker(&gDebugMutex); 250 251 _r_debug.r_state = RT_DELETE; 252 rtld_db_dlactivity(); 253 254 remove_soinfo_from_debug_map(info); 255 256 _r_debug.r_state = RT_CONSISTENT; 257 rtld_db_dlactivity(); 258} 259 260void notify_gdb_of_libraries() { 261 _r_debug.r_state = RT_ADD; 262 rtld_db_dlactivity(); 263 _r_debug.r_state = RT_CONSISTENT; 264 rtld_db_dlactivity(); 265} 266 267static bool ensure_free_list_non_empty() { 268 if (gSoInfoFreeList != NULL) { 269 return true; 270 } 271 272 // Allocate a new pool. 273 soinfo_pool_t* pool = reinterpret_cast<soinfo_pool_t*>(mmap(NULL, sizeof(*pool), 274 PROT_READ|PROT_WRITE, 275 MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)); 276 if (pool == MAP_FAILED) { 277 return false; 278 } 279 280 // Add the pool to our list of pools. 281 pool->next = gSoInfoPools; 282 gSoInfoPools = pool; 283 284 // Chain the entries in the new pool onto the free list. 285 gSoInfoFreeList = &pool->info[0]; 286 soinfo* next = NULL; 287 for (int i = SOINFO_PER_POOL - 1; i >= 0; --i) { 288 pool->info[i].next = next; 289 next = &pool->info[i]; 290 } 291 292 return true; 293} 294 295static void set_soinfo_pool_protection(int protection) { 296 for (soinfo_pool_t* p = gSoInfoPools; p != NULL; p = p->next) { 297 if (mprotect(p, sizeof(*p), protection) == -1) { 298 abort(); // Can't happen. 299 } 300 } 301} 302 303static soinfo* soinfo_alloc(const char* name) { 304 if (strlen(name) >= SOINFO_NAME_LEN) { 305 DL_ERR("library name \"%s\" too long", name); 306 return NULL; 307 } 308 309 if (!ensure_free_list_non_empty()) { 310 DL_ERR("out of memory when loading \"%s\"", name); 311 return NULL; 312 } 313 314 // Take the head element off the free list. 315 soinfo* si = gSoInfoFreeList; 316 gSoInfoFreeList = gSoInfoFreeList->next; 317 318 // Initialize the new element. 319 memset(si, 0, sizeof(soinfo)); 320 strlcpy(si->name, name, sizeof(si->name)); 321 sonext->next = si; 322 sonext = si; 323 324 TRACE("name %s: allocated soinfo @ %p", name, si); 325 return si; 326} 327 328static void soinfo_free(soinfo* si) 329{ 330 if (si == NULL) { 331 return; 332 } 333 334 soinfo *prev = NULL, *trav; 335 336 TRACE("name %s: freeing soinfo @ %p", si->name, si); 337 338 for (trav = solist; trav != NULL; trav = trav->next) { 339 if (trav == si) 340 break; 341 prev = trav; 342 } 343 if (trav == NULL) { 344 /* si was not in solist */ 345 DL_ERR("name \"%s\" is not in solist!", si->name); 346 return; 347 } 348 349 /* prev will never be NULL, because the first entry in solist is 350 always the static libdl_info. 351 */ 352 prev->next = si->next; 353 if (si == sonext) { 354 sonext = prev; 355 } 356 si->next = gSoInfoFreeList; 357 gSoInfoFreeList = si; 358} 359 360 361static void parse_path(const char* path, const char* delimiters, 362 const char** array, char* buf, size_t buf_size, size_t max_count) { 363 if (path == NULL) { 364 return; 365 } 366 367 size_t len = strlcpy(buf, path, buf_size); 368 369 size_t i = 0; 370 char* buf_p = buf; 371 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 372 if (*array[i] != '\0') { 373 ++i; 374 } 375 } 376 377 // Forget the last path if we had to truncate; this occurs if the 2nd to 378 // last char isn't '\0' (i.e. wasn't originally a delimiter). 379 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 380 array[i - 1] = NULL; 381 } else { 382 array[i] = NULL; 383 } 384} 385 386static void parse_LD_LIBRARY_PATH(const char* path) { 387 parse_path(path, ":", gLdPaths, 388 gLdPathsBuffer, sizeof(gLdPathsBuffer), LDPATH_MAX); 389} 390 391static void parse_LD_PRELOAD(const char* path) { 392 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 393 parse_path(path, " :", gLdPreloadNames, 394 gLdPreloadsBuffer, sizeof(gLdPreloadsBuffer), LDPRELOAD_MAX); 395} 396 397#if defined(__arm__) 398 399/* For a given PC, find the .so that it belongs to. 400 * Returns the base address of the .ARM.exidx section 401 * for that .so, and the number of 8-byte entries 402 * in that section (via *pcount). 403 * 404 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 405 * 406 * This function is exposed via dlfcn.cpp and libdl.so. 407 */ 408_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int *pcount) 409{ 410 soinfo *si; 411 unsigned addr = (unsigned)pc; 412 413 for (si = solist; si != 0; si = si->next) { 414 if ((addr >= si->base) && (addr < (si->base + si->size))) { 415 *pcount = si->ARM_exidx_count; 416 return (_Unwind_Ptr)si->ARM_exidx; 417 } 418 } 419 *pcount = 0; 420 return NULL; 421} 422 423#endif 424 425/* Here, we only have to provide a callback to iterate across all the 426 * loaded libraries. gcc_eh does the rest. */ 427int 428dl_iterate_phdr(int (*cb)(dl_phdr_info *info, size_t size, void *data), 429 void *data) 430{ 431 int rv = 0; 432 for (soinfo* si = solist; si != NULL; si = si->next) { 433 dl_phdr_info dl_info; 434 dl_info.dlpi_addr = si->link_map.l_addr; 435 dl_info.dlpi_name = si->link_map.l_name; 436 dl_info.dlpi_phdr = si->phdr; 437 dl_info.dlpi_phnum = si->phnum; 438 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 439 if (rv != 0) { 440 break; 441 } 442 } 443 return rv; 444} 445 446static Elf_Sym* soinfo_elf_lookup(soinfo* si, unsigned hash, const char* name) { 447 Elf_Sym* symtab = si->symtab; 448 const char* strtab = si->strtab; 449 450 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p %x %zd", 451 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 452 453 for (unsigned n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]) { 454 Elf_Sym* s = symtab + n; 455 if (strcmp(strtab + s->st_name, name)) continue; 456 457 /* only concern ourselves with global and weak symbol definitions */ 458 switch (ELF_ST_BIND(s->st_info)) { 459 case STB_GLOBAL: 460 case STB_WEAK: 461 if (s->st_shndx == SHN_UNDEF) { 462 continue; 463 } 464 465 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 466 name, si->name, reinterpret_cast<void*>(s->st_value), 467 static_cast<size_t>(s->st_size)); 468 return s; 469 } 470 } 471 472 return NULL; 473} 474 475static unsigned elfhash(const char* _name) { 476 const unsigned char* name = (const unsigned char*) _name; 477 unsigned h = 0, g; 478 479 while(*name) { 480 h = (h << 4) + *name++; 481 g = h & 0xf0000000; 482 h ^= g; 483 h ^= g >> 24; 484 } 485 return h; 486} 487 488static Elf_Sym* soinfo_do_lookup(soinfo* si, const char* name, soinfo** lsi, soinfo* needed[]) { 489 unsigned elf_hash = elfhash(name); 490 Elf_Sym* s = NULL; 491 492 if (si != NULL && somain != NULL) { 493 494 /* 495 * Local scope is executable scope. Just start looking into it right away 496 * for the shortcut. 497 */ 498 499 if (si == somain) { 500 s = soinfo_elf_lookup(si, elf_hash, name); 501 if (s != NULL) { 502 *lsi = si; 503 goto done; 504 } 505 } else { 506 /* Order of symbol lookup is controlled by DT_SYMBOLIC flag */ 507 508 /* 509 * If this object was built with symbolic relocations disabled, the 510 * first place to look to resolve external references is the main 511 * executable. 512 */ 513 514 if (!si->has_DT_SYMBOLIC) { 515 DEBUG("%s: looking up %s in executable %s", 516 si->name, name, somain->name); 517 s = soinfo_elf_lookup(somain, elf_hash, name); 518 if (s != NULL) { 519 *lsi = somain; 520 goto done; 521 } 522 } 523 524 /* Look for symbols in the local scope (the object who is 525 * searching). This happens with C++ templates on x86 for some 526 * reason. 527 * 528 * Notes on weak symbols: 529 * The ELF specs are ambiguous about treatment of weak definitions in 530 * dynamic linking. Some systems return the first definition found 531 * and some the first non-weak definition. This is system dependent. 532 * Here we return the first definition found for simplicity. */ 533 534 s = soinfo_elf_lookup(si, elf_hash, name); 535 if (s != NULL) { 536 *lsi = si; 537 goto done; 538 } 539 540 /* 541 * If this object was built with -Bsymbolic and symbol is not found 542 * in the local scope, try to find the symbol in the main executable. 543 */ 544 545 if (si->has_DT_SYMBOLIC) { 546 DEBUG("%s: looking up %s in executable %s after local scope", 547 si->name, name, somain->name); 548 s = soinfo_elf_lookup(somain, elf_hash, name); 549 if (s != NULL) { 550 *lsi = somain; 551 goto done; 552 } 553 } 554 } 555 } 556 557 /* Next, look for it in the preloads list */ 558 for (int i = 0; gLdPreloads[i] != NULL; i++) { 559 s = soinfo_elf_lookup(gLdPreloads[i], elf_hash, name); 560 if (s != NULL) { 561 *lsi = gLdPreloads[i]; 562 goto done; 563 } 564 } 565 566 for (int i = 0; needed[i] != NULL; i++) { 567 DEBUG("%s: looking up %s in %s", 568 si->name, name, needed[i]->name); 569 s = soinfo_elf_lookup(needed[i], elf_hash, name); 570 if (s != NULL) { 571 *lsi = needed[i]; 572 goto done; 573 } 574 } 575 576done: 577 if (s != NULL) { 578 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 579 "found in %s, base = %p, load bias = %p", 580 si->name, name, reinterpret_cast<void*>(s->st_value), 581 (*lsi)->name, reinterpret_cast<void*>((*lsi)->base), 582 reinterpret_cast<void*>((*lsi)->load_bias)); 583 return s; 584 } 585 586 return NULL; 587} 588 589/* This is used by dlsym(3). It performs symbol lookup only within the 590 specified soinfo object and not in any of its dependencies. 591 592 TODO: Only looking in the specified soinfo seems wrong. dlsym(3) says 593 that it should do a breadth first search through the dependency 594 tree. This agrees with the ELF spec (aka System V Application 595 Binary Interface) where in Chapter 5 it discuss resolving "Shared 596 Object Dependencies" in breadth first search order. 597 */ 598Elf_Sym* dlsym_handle_lookup(soinfo* si, const char* name) { 599 return soinfo_elf_lookup(si, elfhash(name), name); 600} 601 602/* This is used by dlsym(3) to performs a global symbol lookup. If the 603 start value is null (for RTLD_DEFAULT), the search starts at the 604 beginning of the global solist. Otherwise the search starts at the 605 specified soinfo (for RTLD_NEXT). 606 */ 607Elf_Sym* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 608 unsigned elf_hash = elfhash(name); 609 610 if (start == NULL) { 611 start = solist; 612 } 613 614 Elf_Sym* s = NULL; 615 for (soinfo* si = start; (s == NULL) && (si != NULL); si = si->next) { 616 s = soinfo_elf_lookup(si, elf_hash, name); 617 if (s != NULL) { 618 *found = si; 619 break; 620 } 621 } 622 623 if (s != NULL) { 624 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 625 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 626 } 627 628 return s; 629} 630 631soinfo* find_containing_library(const void* p) { 632 Elf_Addr address = reinterpret_cast<Elf_Addr>(p); 633 for (soinfo* si = solist; si != NULL; si = si->next) { 634 if (address >= si->base && address - si->base < si->size) { 635 return si; 636 } 637 } 638 return NULL; 639} 640 641Elf_Sym* dladdr_find_symbol(soinfo* si, const void* addr) { 642 Elf_Addr soaddr = reinterpret_cast<Elf_Addr>(addr) - si->base; 643 644 // Search the library's symbol table for any defined symbol which 645 // contains this address. 646 for (size_t i = 0; i < si->nchain; ++i) { 647 Elf_Sym* sym = &si->symtab[i]; 648 if (sym->st_shndx != SHN_UNDEF && 649 soaddr >= sym->st_value && 650 soaddr < sym->st_value + sym->st_size) { 651 return sym; 652 } 653 } 654 655 return NULL; 656} 657 658#if 0 659static void dump(soinfo* si) 660{ 661 Elf_Sym* s = si->symtab; 662 for (unsigned n = 0; n < si->nchain; n++) { 663 TRACE("%04d> %08x: %02x %04x %08x %08x %s", n, s, 664 s->st_info, s->st_shndx, s->st_value, s->st_size, 665 si->strtab + s->st_name); 666 s++; 667 } 668} 669#endif 670 671static int open_library_on_path(const char* name, const char* const paths[]) { 672 char buf[512]; 673 for (size_t i = 0; paths[i] != NULL; ++i) { 674 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 675 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 676 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 677 continue; 678 } 679 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 680 if (fd != -1) { 681 return fd; 682 } 683 } 684 return -1; 685} 686 687static int open_library(const char* name) { 688 TRACE("[ opening %s ]", name); 689 690 // If the name contains a slash, we should attempt to open it directly and not search the paths. 691 if (strchr(name, '/') != NULL) { 692 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 693 if (fd != -1) { 694 return fd; 695 } 696 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 697 } 698 699 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 700 int fd = open_library_on_path(name, gLdPaths); 701 if (fd == -1) { 702 fd = open_library_on_path(name, gSoPaths); 703 } 704 return fd; 705} 706 707static soinfo* load_library(const char* name) { 708 // Open the file. 709 int fd = open_library(name); 710 if (fd == -1) { 711 DL_ERR("library \"%s\" not found", name); 712 return NULL; 713 } 714 715 // Read the ELF header and load the segments. 716 ElfReader elf_reader(name, fd); 717 if (!elf_reader.Load()) { 718 return NULL; 719 } 720 721 const char* bname = strrchr(name, '/'); 722 soinfo* si = soinfo_alloc(bname ? bname + 1 : name); 723 if (si == NULL) { 724 return NULL; 725 } 726 si->base = elf_reader.load_start(); 727 si->size = elf_reader.load_size(); 728 si->load_bias = elf_reader.load_bias(); 729 si->flags = 0; 730 si->entry = 0; 731 si->dynamic = NULL; 732 si->phnum = elf_reader.phdr_count(); 733 si->phdr = elf_reader.loaded_phdr(); 734 return si; 735} 736 737static soinfo *find_loaded_library(const char *name) 738{ 739 soinfo *si; 740 const char *bname; 741 742 // TODO: don't use basename only for determining libraries 743 // http://code.google.com/p/android/issues/detail?id=6670 744 745 bname = strrchr(name, '/'); 746 bname = bname ? bname + 1 : name; 747 748 for (si = solist; si != NULL; si = si->next) { 749 if (!strcmp(bname, si->name)) { 750 return si; 751 } 752 } 753 return NULL; 754} 755 756static soinfo* find_library_internal(const char* name) { 757 if (name == NULL) { 758 return somain; 759 } 760 761 soinfo* si = find_loaded_library(name); 762 if (si != NULL) { 763 if (si->flags & FLAG_LINKED) { 764 return si; 765 } 766 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 767 return NULL; 768 } 769 770 TRACE("[ '%s' has not been loaded yet. Locating...]", name); 771 si = load_library(name); 772 if (si == NULL) { 773 return NULL; 774 } 775 776 // At this point we know that whatever is loaded @ base is a valid ELF 777 // shared library whose segments are properly mapped in. 778 TRACE("[ init_library base=%p sz=0x%08x name='%s' ]", 779 reinterpret_cast<void*>(si->base), si->size, si->name); 780 781 if (!soinfo_link_image(si)) { 782 munmap(reinterpret_cast<void*>(si->base), si->size); 783 soinfo_free(si); 784 return NULL; 785 } 786 787 return si; 788} 789 790static soinfo* find_library(const char* name) { 791 soinfo* si = find_library_internal(name); 792 if (si != NULL) { 793 si->ref_count++; 794 } 795 return si; 796} 797 798static int soinfo_unload(soinfo* si) { 799 if (si->ref_count == 1) { 800 TRACE("unloading '%s'", si->name); 801 si->CallDestructors(); 802 803 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 804 if (d->d_tag == DT_NEEDED) { 805 const char* library_name = si->strtab + d->d_un.d_val; 806 TRACE("%s needs to unload %s", si->name, library_name); 807 soinfo_unload(find_loaded_library(library_name)); 808 } 809 } 810 811 munmap(reinterpret_cast<void*>(si->base), si->size); 812 notify_gdb_of_unload(si); 813 soinfo_free(si); 814 si->ref_count = 0; 815 } else { 816 si->ref_count--; 817 TRACE("not unloading '%s', decrementing ref_count to %zd", si->name, si->ref_count); 818 } 819 return 0; 820} 821 822void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 823 if (!get_AT_SECURE()) { 824 parse_LD_LIBRARY_PATH(ld_library_path); 825 } 826} 827 828soinfo* do_dlopen(const char* name, int flags) { 829 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL)) != 0) { 830 DL_ERR("invalid flags to dlopen: %x", flags); 831 return NULL; 832 } 833 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 834 soinfo* si = find_library(name); 835 if (si != NULL) { 836 si->CallConstructors(); 837 } 838 set_soinfo_pool_protection(PROT_READ); 839 return si; 840} 841 842int do_dlclose(soinfo* si) { 843 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 844 int result = soinfo_unload(si); 845 set_soinfo_pool_protection(PROT_READ); 846 return result; 847} 848 849#if defined(USE_RELA) 850static int soinfo_relocate_a(soinfo* si, Elf_Rela* rela, unsigned count, soinfo* needed[]) { 851 Elf_Sym* symtab = si->symtab; 852 const char* strtab = si->strtab; 853 Elf_Sym* s; 854 Elf_Rela* start = rela; 855 soinfo* lsi; 856 857 for (size_t idx = 0; idx < count; ++idx, ++rela) { 858 unsigned type = ELF_R_TYPE(rela->r_info); 859 unsigned sym = ELF_R_SYM(rela->r_info); 860 Elf_Addr reloc = static_cast<Elf_Addr>(rela->r_offset + si->load_bias); 861 Elf_Addr sym_addr = 0; 862 char* sym_name = NULL; 863 864 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 865 if (type == 0) { // R_*_NONE 866 continue; 867 } 868 if (sym != 0) { 869 sym_name = (char *)(strtab + symtab[sym].st_name); 870 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 871 if (s == NULL) { 872 // We only allow an undefined symbol if this is a weak reference... 873 s = &symtab[sym]; 874 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 875 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 876 return -1; 877 } 878 879 /* IHI0044C AAELF 4.5.1.1: 880 881 Libraries are not searched to resolve weak references. 882 It is not an error for a weak reference to remain unsatisfied. 883 884 During linking, the value of an undefined weak reference is: 885 - Zero if the relocation type is absolute 886 - The address of the place if the relocation is pc-relative 887 - The address of nominal base address if the relocation 888 type is base-relative. 889 */ 890 891 switch (type) { 892#if defined(__x86_64__) 893 case R_X86_64_JUMP_SLOT: 894 case R_X86_64_GLOB_DAT: 895 case R_X86_64_32: 896 case R_X86_64_RELATIVE: 897 // No need to do anything. 898 break; 899 case R_X86_64_PC32: 900 sym_addr = reloc; 901 break; 902#endif 903 904 default: 905 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 906 return -1; 907 } 908 } else { 909 // We got a definition. 910 sym_addr = static_cast<Elf_Addr>(s->st_value + lsi->load_bias); 911 } 912 count_relocation(kRelocSymbol); 913 } else { 914 s = NULL; 915 } 916 917 switch (type) { 918#if defined(__x86_64__) 919 case R_X86_64_JUMP_SLOT: 920 count_relocation(kRelocAbsolute); 921 MARK(rela->r_offset); 922 TRACE_TYPE(RELO, "RELO JMP_SLOT %08zx <- %08zx %s", static_cast<size_t>(reloc), 923 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 924 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 925 break; 926 case R_X86_64_GLOB_DAT: 927 count_relocation(kRelocAbsolute); 928 MARK(rela->r_offset); 929 TRACE_TYPE(RELO, "RELO GLOB_DAT %08zx <- %08zx %s", static_cast<size_t>(reloc), 930 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 931 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 932 break; 933 case R_X86_64_RELATIVE: 934 count_relocation(kRelocRelative); 935 MARK(rela->r_offset); 936 if (sym) { 937 DL_ERR("odd RELATIVE form..."); 938 return -1; 939 } 940 TRACE_TYPE(RELO, "RELO RELATIVE %08zx <- +%08zx", static_cast<size_t>(reloc), 941 static_cast<size_t>(si->base)); 942 *reinterpret_cast<Elf_Addr*>(reloc) = si->base + rela->r_addend; 943 break; 944 case R_X86_64_32: 945 count_relocation(kRelocRelative); 946 MARK(rela->r_offset); 947 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 948 static_cast<size_t>(sym_addr), sym_name); 949 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 950 break; 951 case R_X86_64_64: 952 count_relocation(kRelocRelative); 953 MARK(rela->r_offset); 954 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 955 static_cast<size_t>(sym_addr), sym_name); 956 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 957 break; 958 case R_X86_64_PC32: 959 count_relocation(kRelocRelative); 960 MARK(rela->r_offset); 961 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 962 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 963 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 964 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend - reloc; 965 break; 966#endif 967 default: 968 DL_ERR("unknown reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 969 return -1; 970 } 971 } 972 return 0; 973} 974#else 975static int soinfo_relocate(soinfo* si, Elf_Rel* rel, unsigned count, 976 soinfo* needed[]) 977{ 978 Elf_Sym* symtab = si->symtab; 979 const char* strtab = si->strtab; 980 Elf_Sym* s; 981 Elf_Rel* start = rel; 982 soinfo* lsi; 983 984 for (size_t idx = 0; idx < count; ++idx, ++rel) { 985 unsigned type = ELF_R_TYPE(rel->r_info); 986 // TODO: don't use unsigned for 'sym'. Use uint32_t or Elf_Addr instead. 987 unsigned sym = ELF_R_SYM(rel->r_info); 988 Elf_Addr reloc = static_cast<Elf_Addr>(rel->r_offset + si->load_bias); 989 Elf_Addr sym_addr = 0; 990 char* sym_name = NULL; 991 992 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 993 if (type == 0) { // R_*_NONE 994 continue; 995 } 996 if (sym != 0) { 997 sym_name = (char *)(strtab + symtab[sym].st_name); 998 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 999 if (s == NULL) { 1000 // We only allow an undefined symbol if this is a weak reference... 1001 s = &symtab[sym]; 1002 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1003 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 1004 return -1; 1005 } 1006 1007 /* IHI0044C AAELF 4.5.1.1: 1008 1009 Libraries are not searched to resolve weak references. 1010 It is not an error for a weak reference to remain 1011 unsatisfied. 1012 1013 During linking, the value of an undefined weak reference is: 1014 - Zero if the relocation type is absolute 1015 - The address of the place if the relocation is pc-relative 1016 - The address of nominal base address if the relocation 1017 type is base-relative. 1018 */ 1019 1020 switch (type) { 1021#if defined(__arm__) 1022 case R_ARM_JUMP_SLOT: 1023 case R_ARM_GLOB_DAT: 1024 case R_ARM_ABS32: 1025 case R_ARM_RELATIVE: /* Don't care. */ 1026 // sym_addr was initialized to be zero above or relocation 1027 // code below does not care about value of sym_addr. 1028 // No need to do anything. 1029 break; 1030#elif defined(__i386__) 1031 case R_386_JMP_SLOT: 1032 case R_386_GLOB_DAT: 1033 case R_386_32: 1034 case R_386_RELATIVE: /* Don't care. */ 1035 // sym_addr was initialized to be zero above or relocation 1036 // code below does not care about value of sym_addr. 1037 // No need to do anything. 1038 break; 1039 case R_386_PC32: 1040 sym_addr = reloc; 1041 break; 1042#endif 1043 1044#if defined(__arm__) 1045 case R_ARM_COPY: 1046 // Fall through. Can't really copy if weak symbol is not found at run-time. 1047#endif 1048 default: 1049 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1050 return -1; 1051 } 1052 } else { 1053 // We got a definition. 1054 sym_addr = static_cast<Elf_Addr>(s->st_value + lsi->load_bias); 1055 } 1056 count_relocation(kRelocSymbol); 1057 } else { 1058 s = NULL; 1059 } 1060 1061 switch (type) { 1062#if defined(__arm__) 1063 case R_ARM_JUMP_SLOT: 1064 count_relocation(kRelocAbsolute); 1065 MARK(rel->r_offset); 1066 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1067 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1068 break; 1069 case R_ARM_GLOB_DAT: 1070 count_relocation(kRelocAbsolute); 1071 MARK(rel->r_offset); 1072 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1073 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1074 break; 1075 case R_ARM_ABS32: 1076 count_relocation(kRelocAbsolute); 1077 MARK(rel->r_offset); 1078 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1079 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1080 break; 1081 case R_ARM_REL32: 1082 count_relocation(kRelocRelative); 1083 MARK(rel->r_offset); 1084 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1085 reloc, sym_addr, rel->r_offset, sym_name); 1086 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr - rel->r_offset; 1087 break; 1088 case R_ARM_COPY: 1089 if ((si->flags & FLAG_EXE) == 0) { 1090 /* 1091 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1092 * 1093 * Section 4.7.1.10 "Dynamic relocations" 1094 * R_ARM_COPY may only appear in executable objects where e_type is 1095 * set to ET_EXEC. 1096 * 1097 * TODO: FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1098 * We should explicitly disallow ET_DYN executables from having 1099 * R_ARM_COPY relocations. 1100 */ 1101 DL_ERR("%s R_ARM_COPY relocations only supported for ET_EXEC", si->name); 1102 return -1; 1103 } 1104 count_relocation(kRelocCopy); 1105 MARK(rel->r_offset); 1106 TRACE_TYPE(RELO, "RELO %08x <- %d @ %08x %s", reloc, s->st_size, sym_addr, sym_name); 1107 if (reloc == sym_addr) { 1108 Elf_Sym *src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1109 1110 if (src == NULL) { 1111 DL_ERR("%s R_ARM_COPY relocation source cannot be resolved", si->name); 1112 return -1; 1113 } 1114 if (lsi->has_DT_SYMBOLIC) { 1115 DL_ERR("%s invalid R_ARM_COPY relocation against DT_SYMBOLIC shared " 1116 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1117 return -1; 1118 } 1119 if (s->st_size < src->st_size) { 1120 DL_ERR("%s R_ARM_COPY relocation size mismatch (%d < %d)", 1121 si->name, s->st_size, src->st_size); 1122 return -1; 1123 } 1124 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1125 } else { 1126 DL_ERR("%s R_ARM_COPY relocation target cannot be resolved", si->name); 1127 return -1; 1128 } 1129 break; 1130#elif defined(__i386__) 1131 case R_386_JMP_SLOT: 1132 count_relocation(kRelocAbsolute); 1133 MARK(rel->r_offset); 1134 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1135 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1136 break; 1137 case R_386_GLOB_DAT: 1138 count_relocation(kRelocAbsolute); 1139 MARK(rel->r_offset); 1140 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1141 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1142 break; 1143 case R_386_32: 1144 count_relocation(kRelocRelative); 1145 MARK(rel->r_offset); 1146 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1147 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1148 break; 1149 case R_386_PC32: 1150 count_relocation(kRelocRelative); 1151 MARK(rel->r_offset); 1152 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1153 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1154 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr - reloc); 1155 break; 1156#elif defined(__mips__) 1157 case R_MIPS_REL32: 1158 count_relocation(kRelocAbsolute); 1159 MARK(rel->r_offset); 1160 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x %s", 1161 reloc, sym_addr, (sym_name) ? sym_name : "*SECTIONHDR*"); 1162 if (s) { 1163 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1164 } else { 1165 *reinterpret_cast<Elf_Addr*>(reloc) += si->base; 1166 } 1167 break; 1168#endif 1169 1170#if defined(__arm__) 1171 case R_ARM_RELATIVE: 1172#elif defined(__i386__) 1173 case R_386_RELATIVE: 1174#endif 1175 count_relocation(kRelocRelative); 1176 MARK(rel->r_offset); 1177 if (sym) { 1178 DL_ERR("odd RELATIVE form..."); 1179 return -1; 1180 } 1181 TRACE_TYPE(RELO, "RELO RELATIVE %p <- +%p", 1182 reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(si->base)); 1183 *reinterpret_cast<Elf_Addr*>(reloc) += si->base; 1184 break; 1185 1186 default: 1187 DL_ERR("unknown reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1188 return -1; 1189 } 1190 } 1191 return 0; 1192} 1193#endif 1194 1195#if defined(__mips__) 1196static bool mips_relocate_got(soinfo* si, soinfo* needed[]) { 1197 unsigned* got = si->plt_got; 1198 if (got == NULL) { 1199 return true; 1200 } 1201 unsigned local_gotno = si->mips_local_gotno; 1202 unsigned gotsym = si->mips_gotsym; 1203 unsigned symtabno = si->mips_symtabno; 1204 Elf_Sym* symtab = si->symtab; 1205 1206 /* 1207 * got[0] is address of lazy resolver function 1208 * got[1] may be used for a GNU extension 1209 * set it to a recognizable address in case someone calls it 1210 * (should be _rtld_bind_start) 1211 * FIXME: maybe this should be in a separate routine 1212 */ 1213 1214 if ((si->flags & FLAG_LINKER) == 0) { 1215 size_t g = 0; 1216 got[g++] = 0xdeadbeef; 1217 if (got[g] & 0x80000000) { 1218 got[g++] = 0xdeadfeed; 1219 } 1220 /* 1221 * Relocate the local GOT entries need to be relocated 1222 */ 1223 for (; g < local_gotno; g++) { 1224 got[g] += si->load_bias; 1225 } 1226 } 1227 1228 /* Now for the global GOT entries */ 1229 Elf_Sym* sym = symtab + gotsym; 1230 got = si->plt_got + local_gotno; 1231 for (size_t g = gotsym; g < symtabno; g++, sym++, got++) { 1232 const char* sym_name; 1233 Elf_Sym* s; 1234 soinfo* lsi; 1235 1236 /* This is an undefined reference... try to locate it */ 1237 sym_name = si->strtab + sym->st_name; 1238 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1239 if (s == NULL) { 1240 /* We only allow an undefined symbol if this is a weak 1241 reference.. */ 1242 s = &symtab[g]; 1243 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1244 DL_ERR("cannot locate \"%s\"...", sym_name); 1245 return false; 1246 } 1247 *got = 0; 1248 } 1249 else { 1250 /* FIXME: is this sufficient? 1251 * For reference see NetBSD link loader 1252 * http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1253 */ 1254 *got = lsi->load_bias + s->st_value; 1255 } 1256 } 1257 return true; 1258} 1259#endif 1260 1261void soinfo::CallArray(const char* array_name UNUSED, linker_function_t* functions, size_t count, bool reverse) { 1262 if (functions == NULL) { 1263 return; 1264 } 1265 1266 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1267 1268 int begin = reverse ? (count - 1) : 0; 1269 int end = reverse ? -1 : count; 1270 int step = reverse ? -1 : 1; 1271 1272 for (int i = begin; i != end; i += step) { 1273 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1274 CallFunction("function", functions[i]); 1275 } 1276 1277 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1278} 1279 1280void soinfo::CallFunction(const char* function_name UNUSED, linker_function_t function) { 1281 if (function == NULL || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1282 return; 1283 } 1284 1285 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1286 function(); 1287 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1288 1289 // The function may have called dlopen(3) or dlclose(3), so we need to ensure our data structures 1290 // are still writable. This happens with our debug malloc (see http://b/7941716). 1291 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 1292} 1293 1294void soinfo::CallPreInitConstructors() { 1295 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1296 // but ignored in a shared library. 1297 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1298} 1299 1300void soinfo::CallConstructors() { 1301 if (constructors_called) { 1302 return; 1303 } 1304 1305 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1306 // protect against recursive constructor calls. One simple example of constructor recursion 1307 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1308 // 1. The program depends on libc, so libc's constructor is called here. 1309 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1310 // 3. dlopen() calls the constructors on the newly created 1311 // soinfo for libc_malloc_debug_leak.so. 1312 // 4. The debug .so depends on libc, so CallConstructors is 1313 // called again with the libc soinfo. If it doesn't trigger the early- 1314 // out above, the libc constructor will be called again (recursively!). 1315 constructors_called = true; 1316 1317 if ((flags & FLAG_EXE) == 0 && preinit_array != NULL) { 1318 // The GNU dynamic linker silently ignores these, but we warn the developer. 1319 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1320 name, preinit_array_count); 1321 } 1322 1323 if (dynamic != NULL) { 1324 for (Elf_Dyn* d = dynamic; d->d_tag != DT_NULL; ++d) { 1325 if (d->d_tag == DT_NEEDED) { 1326 const char* library_name = strtab + d->d_un.d_val; 1327 TRACE("\"%s\": calling constructors in DT_NEEDED \"%s\"", name, library_name); 1328 find_loaded_library(library_name)->CallConstructors(); 1329 } 1330 } 1331 } 1332 1333 TRACE("\"%s\": calling constructors", name); 1334 1335 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1336 CallFunction("DT_INIT", init_func); 1337 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1338} 1339 1340void soinfo::CallDestructors() { 1341 TRACE("\"%s\": calling destructors", name); 1342 1343 // DT_FINI_ARRAY must be parsed in reverse order. 1344 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1345 1346 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1347 CallFunction("DT_FINI", fini_func); 1348} 1349 1350/* Force any of the closed stdin, stdout and stderr to be associated with 1351 /dev/null. */ 1352static int nullify_closed_stdio() { 1353 int dev_null, i, status; 1354 int return_value = 0; 1355 1356 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1357 if (dev_null < 0) { 1358 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1359 return -1; 1360 } 1361 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1362 1363 /* If any of the stdio file descriptors is valid and not associated 1364 with /dev/null, dup /dev/null to it. */ 1365 for (i = 0; i < 3; i++) { 1366 /* If it is /dev/null already, we are done. */ 1367 if (i == dev_null) { 1368 continue; 1369 } 1370 1371 TRACE("[ Nullifying stdio file descriptor %d]", i); 1372 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1373 1374 /* If file is opened, we are good. */ 1375 if (status != -1) { 1376 continue; 1377 } 1378 1379 /* The only error we allow is that the file descriptor does not 1380 exist, in which case we dup /dev/null to it. */ 1381 if (errno != EBADF) { 1382 DL_ERR("fcntl failed: %s", strerror(errno)); 1383 return_value = -1; 1384 continue; 1385 } 1386 1387 /* Try dupping /dev/null to this stdio file descriptor and 1388 repeat if there is a signal. Note that any errors in closing 1389 the stdio descriptor are lost. */ 1390 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1391 if (status < 0) { 1392 DL_ERR("dup2 failed: %s", strerror(errno)); 1393 return_value = -1; 1394 continue; 1395 } 1396 } 1397 1398 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1399 if (dev_null > 2) { 1400 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1401 status = TEMP_FAILURE_RETRY(close(dev_null)); 1402 if (status == -1) { 1403 DL_ERR("close failed: %s", strerror(errno)); 1404 return_value = -1; 1405 } 1406 } 1407 1408 return return_value; 1409} 1410 1411static bool soinfo_link_image(soinfo* si) { 1412 /* "base" might wrap around UINT32_MAX. */ 1413 Elf_Addr base = si->load_bias; 1414 const Elf_Phdr *phdr = si->phdr; 1415 int phnum = si->phnum; 1416 bool relocating_linker = (si->flags & FLAG_LINKER) != 0; 1417 1418 /* We can't debug anything until the linker is relocated */ 1419 if (!relocating_linker) { 1420 INFO("[ linking %s ]", si->name); 1421 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(si->base), si->flags); 1422 } 1423 1424 /* Extract dynamic section */ 1425 size_t dynamic_count; 1426 Elf_Word dynamic_flags; 1427 phdr_table_get_dynamic_section(phdr, phnum, base, &si->dynamic, 1428 &dynamic_count, &dynamic_flags); 1429 if (si->dynamic == NULL) { 1430 if (!relocating_linker) { 1431 DL_ERR("missing PT_DYNAMIC in \"%s\"", si->name); 1432 } 1433 return false; 1434 } else { 1435 if (!relocating_linker) { 1436 DEBUG("dynamic = %p", si->dynamic); 1437 } 1438 } 1439 1440#if defined(__arm__) 1441 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1442 &si->ARM_exidx, &si->ARM_exidx_count); 1443#endif 1444 1445 // Extract useful information from dynamic section. 1446 uint32_t needed_count = 0; 1447 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1448 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1449 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1450 switch (d->d_tag) { 1451 case DT_HASH: 1452 si->nbucket = ((unsigned *) (base + d->d_un.d_ptr))[0]; 1453 si->nchain = ((unsigned *) (base + d->d_un.d_ptr))[1]; 1454 si->bucket = (unsigned *) (base + d->d_un.d_ptr + 8); 1455 si->chain = (unsigned *) (base + d->d_un.d_ptr + 8 + si->nbucket * 4); 1456 break; 1457 case DT_STRTAB: 1458 si->strtab = (const char *) (base + d->d_un.d_ptr); 1459 break; 1460 case DT_SYMTAB: 1461 si->symtab = (Elf_Sym *) (base + d->d_un.d_ptr); 1462 break; 1463#if !defined(__LP64__) 1464 case DT_PLTREL: 1465 if (d->d_un.d_val != DT_REL) { 1466 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1467 return false; 1468 } 1469 break; 1470#endif 1471 case DT_JMPREL: 1472#if defined(USE_RELA) 1473 si->plt_rela = (Elf_Rela*) (base + d->d_un.d_ptr); 1474#else 1475 si->plt_rel = (Elf_Rel*) (base + d->d_un.d_ptr); 1476#endif 1477 break; 1478 case DT_PLTRELSZ: 1479#if defined(USE_RELA) 1480 si->plt_rela_count = d->d_un.d_val / sizeof(Elf_Rela); 1481#else 1482 si->plt_rel_count = d->d_un.d_val / sizeof(Elf_Rel); 1483#endif 1484 break; 1485#if !defined(__LP64__) 1486 case DT_PLTGOT: 1487 // Used by 32-bit MIPS. 1488 si->plt_got = (unsigned *)(base + d->d_un.d_ptr); 1489 break; 1490#endif 1491 case DT_DEBUG: 1492 // Set the DT_DEBUG entry to the address of _r_debug for GDB 1493 // if the dynamic table is writable 1494 if ((dynamic_flags & PF_W) != 0) { 1495 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 1496 } 1497 break; 1498#if defined(USE_RELA) 1499 case DT_RELA: 1500 si->rela = (Elf_Rela*) (base + d->d_un.d_ptr); 1501 break; 1502 case DT_RELASZ: 1503 si->rela_count = d->d_un.d_val / sizeof(Elf_Rela); 1504 break; 1505 case DT_REL: 1506 DL_ERR("unsupported DT_REL in \"%s\"", si->name); 1507 return false; 1508 case DT_RELSZ: 1509 DL_ERR("unsupported DT_RELSZ in \"%s\"", si->name); 1510 return false; 1511#else 1512 case DT_REL: 1513 si->rel = (Elf_Rel*) (base + d->d_un.d_ptr); 1514 break; 1515 case DT_RELSZ: 1516 si->rel_count = d->d_un.d_val / sizeof(Elf_Rel); 1517 break; 1518 case DT_RELA: 1519 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1520 return false; 1521#endif 1522 case DT_INIT: 1523 si->init_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1524 DEBUG("%s constructors (DT_INIT) found at %p", si->name, si->init_func); 1525 break; 1526 case DT_FINI: 1527 si->fini_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1528 DEBUG("%s destructors (DT_FINI) found at %p", si->name, si->fini_func); 1529 break; 1530 case DT_INIT_ARRAY: 1531 si->init_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1532 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", si->name, si->init_array); 1533 break; 1534 case DT_INIT_ARRAYSZ: 1535 si->init_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1536 break; 1537 case DT_FINI_ARRAY: 1538 si->fini_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1539 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", si->name, si->fini_array); 1540 break; 1541 case DT_FINI_ARRAYSZ: 1542 si->fini_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1543 break; 1544 case DT_PREINIT_ARRAY: 1545 si->preinit_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1546 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", si->name, si->preinit_array); 1547 break; 1548 case DT_PREINIT_ARRAYSZ: 1549 si->preinit_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1550 break; 1551 case DT_TEXTREL: 1552#if defined(__LP64__) 1553 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1554 return false; 1555#else 1556 si->has_text_relocations = true; 1557 break; 1558#endif 1559 case DT_SYMBOLIC: 1560 si->has_DT_SYMBOLIC = true; 1561 break; 1562 case DT_NEEDED: 1563 ++needed_count; 1564 break; 1565 case DT_FLAGS: 1566 if (d->d_un.d_val & DF_TEXTREL) { 1567#if defined(__LP64__) 1568 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1569 return false; 1570#else 1571 si->has_text_relocations = true; 1572#endif 1573 } 1574 if (d->d_un.d_val & DF_SYMBOLIC) { 1575 si->has_DT_SYMBOLIC = true; 1576 } 1577 break; 1578#if defined(__mips__) 1579 case DT_STRSZ: 1580 case DT_SYMENT: 1581 case DT_RELENT: 1582 break; 1583 case DT_MIPS_RLD_MAP: 1584 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 1585 { 1586 r_debug** dp = (r_debug**) d->d_un.d_ptr; 1587 *dp = &_r_debug; 1588 } 1589 break; 1590 case DT_MIPS_RLD_VERSION: 1591 case DT_MIPS_FLAGS: 1592 case DT_MIPS_BASE_ADDRESS: 1593 case DT_MIPS_UNREFEXTNO: 1594 break; 1595 1596 case DT_MIPS_SYMTABNO: 1597 si->mips_symtabno = d->d_un.d_val; 1598 break; 1599 1600 case DT_MIPS_LOCAL_GOTNO: 1601 si->mips_local_gotno = d->d_un.d_val; 1602 break; 1603 1604 case DT_MIPS_GOTSYM: 1605 si->mips_gotsym = d->d_un.d_val; 1606 break; 1607#endif 1608 1609 default: 1610 DEBUG("Unused DT entry: type %p arg %p", 1611 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1612 break; 1613 } 1614 } 1615 1616 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 1617 reinterpret_cast<void*>(si->base), si->strtab, si->symtab); 1618 1619 // Sanity checks. 1620 if (relocating_linker && needed_count != 0) { 1621 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 1622 return false; 1623 } 1624 if (si->nbucket == 0) { 1625 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", si->name); 1626 return false; 1627 } 1628 if (si->strtab == 0) { 1629 DL_ERR("empty/missing DT_STRTAB in \"%s\"", si->name); 1630 return false; 1631 } 1632 if (si->symtab == 0) { 1633 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", si->name); 1634 return false; 1635 } 1636 1637 // If this is the main executable, then load all of the libraries from LD_PRELOAD now. 1638 if (si->flags & FLAG_EXE) { 1639 memset(gLdPreloads, 0, sizeof(gLdPreloads)); 1640 size_t preload_count = 0; 1641 for (size_t i = 0; gLdPreloadNames[i] != NULL; i++) { 1642 soinfo* lsi = find_library(gLdPreloadNames[i]); 1643 if (lsi != NULL) { 1644 gLdPreloads[preload_count++] = lsi; 1645 } else { 1646 // As with glibc, failure to load an LD_PRELOAD library is just a warning. 1647 DL_WARN("could not load library \"%s\" from LD_PRELOAD for \"%s\"; caused by %s", 1648 gLdPreloadNames[i], si->name, linker_get_error_buffer()); 1649 } 1650 } 1651 } 1652 1653 soinfo** needed = (soinfo**) alloca((1 + needed_count) * sizeof(soinfo*)); 1654 soinfo** pneeded = needed; 1655 1656 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1657 if (d->d_tag == DT_NEEDED) { 1658 const char* library_name = si->strtab + d->d_un.d_val; 1659 DEBUG("%s needs %s", si->name, library_name); 1660 soinfo* lsi = find_library(library_name); 1661 if (lsi == NULL) { 1662 strlcpy(tmp_err_buf, linker_get_error_buffer(), sizeof(tmp_err_buf)); 1663 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1664 library_name, si->name, tmp_err_buf); 1665 return false; 1666 } 1667 *pneeded++ = lsi; 1668 } 1669 } 1670 *pneeded = NULL; 1671 1672#if !defined(__LP64__) 1673 if (si->has_text_relocations) { 1674 // Make segments writable to allow text relocations to work properly. We will later call 1675 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 1676 DL_WARN("%s has text relocations. This is wasting memory and prevents " 1677 "security hardening. Please fix.", si->name); 1678 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1679 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1680 si->name, strerror(errno)); 1681 return false; 1682 } 1683 } 1684#endif 1685 1686#if defined(USE_RELA) 1687 if (si->plt_rela != NULL) { 1688 DEBUG("[ relocating %s plt ]\n", si->name ); 1689 if (soinfo_relocate_a(si, si->plt_rela, si->plt_rela_count, needed)) { 1690 return false; 1691 } 1692 } 1693 if (si->rela != NULL) { 1694 DEBUG("[ relocating %s ]\n", si->name ); 1695 if (soinfo_relocate_a(si, si->rela, si->rela_count, needed)) { 1696 return false; 1697 } 1698 } 1699#else 1700 if (si->plt_rel != NULL) { 1701 DEBUG("[ relocating %s plt ]", si->name ); 1702 if (soinfo_relocate(si, si->plt_rel, si->plt_rel_count, needed)) { 1703 return false; 1704 } 1705 } 1706 if (si->rel != NULL) { 1707 DEBUG("[ relocating %s ]", si->name ); 1708 if (soinfo_relocate(si, si->rel, si->rel_count, needed)) { 1709 return false; 1710 } 1711 } 1712#endif 1713 1714#if defined(__mips__) 1715 if (!mips_relocate_got(si, needed)) { 1716 return false; 1717 } 1718#endif 1719 1720 si->flags |= FLAG_LINKED; 1721 DEBUG("[ finished linking %s ]", si->name); 1722 1723#if !defined(__LP64__) 1724 if (si->has_text_relocations) { 1725 // All relocations are done, we can protect our segments back to read-only. 1726 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1727 DL_ERR("can't protect segments for \"%s\": %s", 1728 si->name, strerror(errno)); 1729 return false; 1730 } 1731 } 1732#endif 1733 1734 /* We can also turn on GNU RELRO protection */ 1735 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1736 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1737 si->name, strerror(errno)); 1738 return false; 1739 } 1740 1741 notify_gdb_of_load(si); 1742 return true; 1743} 1744 1745/* 1746 * This function add vdso to internal dso list. 1747 * It helps to stack unwinding through signal handlers. 1748 * Also, it makes bionic more like glibc. 1749 */ 1750static void add_vdso(KernelArgumentBlock& args UNUSED) { 1751#if defined(AT_SYSINFO_EHDR) 1752 Elf_Ehdr* ehdr_vdso = reinterpret_cast<Elf_Ehdr*>(args.getauxval(AT_SYSINFO_EHDR)); 1753 1754 soinfo* si = soinfo_alloc("[vdso]"); 1755 1756 si->phdr = reinterpret_cast<Elf_Phdr*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 1757 si->phnum = ehdr_vdso->e_phnum; 1758 si->base = reinterpret_cast<Elf_Addr>(ehdr_vdso); 1759 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1760 si->flags = 0; 1761 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 1762 1763 soinfo_link_image(si); 1764 insert_soinfo_into_debug_map(si); 1765#endif 1766} 1767 1768/* 1769 * This code is called after the linker has linked itself and 1770 * fixed it's own GOT. It is safe to make references to externs 1771 * and other non-local data at this point. 1772 */ 1773static Elf_Addr __linker_init_post_relocation(KernelArgumentBlock& args, Elf_Addr linker_base) { 1774 /* NOTE: we store the args pointer on a special location 1775 * of the temporary TLS area in order to pass it to 1776 * the C Library's runtime initializer. 1777 * 1778 * The initializer must clear the slot and reset the TLS 1779 * to point to a different location to ensure that no other 1780 * shared library constructor can access it. 1781 */ 1782 __libc_init_tls(args); 1783 1784#if TIMING 1785 struct timeval t0, t1; 1786 gettimeofday(&t0, 0); 1787#endif 1788 1789 // Initialize environment functions, and get to the ELF aux vectors table. 1790 linker_env_init(args); 1791 1792 // If this is a setuid/setgid program, close the security hole described in 1793 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 1794 if (get_AT_SECURE()) { 1795 nullify_closed_stdio(); 1796 } 1797 1798 debuggerd_init(); 1799 1800 // Get a few environment variables. 1801 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 1802 if (LD_DEBUG != NULL) { 1803 gLdDebugVerbosity = atoi(LD_DEBUG); 1804 } 1805 1806 // Normally, these are cleaned by linker_env_init, but the test 1807 // doesn't cost us anything. 1808 const char* ldpath_env = NULL; 1809 const char* ldpreload_env = NULL; 1810 if (!get_AT_SECURE()) { 1811 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 1812 ldpreload_env = linker_env_get("LD_PRELOAD"); 1813 } 1814 1815 INFO("[ android linker & debugger ]"); 1816 1817 soinfo* si = soinfo_alloc(args.argv[0]); 1818 if (si == NULL) { 1819 exit(EXIT_FAILURE); 1820 } 1821 1822 /* bootstrap the link map, the main exe always needs to be first */ 1823 si->flags |= FLAG_EXE; 1824 link_map_t* map = &(si->link_map); 1825 1826 map->l_addr = 0; 1827 map->l_name = args.argv[0]; 1828 map->l_prev = NULL; 1829 map->l_next = NULL; 1830 1831 _r_debug.r_map = map; 1832 r_debug_tail = map; 1833 1834 /* gdb expects the linker to be in the debug shared object list. 1835 * Without this, gdb has trouble locating the linker's ".text" 1836 * and ".plt" sections. Gdb could also potentially use this to 1837 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 1838 * Don't use soinfo_alloc(), because the linker shouldn't 1839 * be on the soinfo list. 1840 */ 1841 { 1842 static soinfo linker_soinfo; 1843#if defined(__LP64__) 1844 strlcpy(linker_soinfo.name, "/system/bin/linker64", sizeof(linker_soinfo.name)); 1845#else 1846 strlcpy(linker_soinfo.name, "/system/bin/linker", sizeof(linker_soinfo.name)); 1847#endif 1848 linker_soinfo.flags = 0; 1849 linker_soinfo.base = linker_base; 1850 1851 /* 1852 * Set the dynamic field in the link map otherwise gdb will complain with 1853 * the following: 1854 * warning: .dynamic section for "/system/bin/linker" is not at the 1855 * expected address (wrong library or version mismatch?) 1856 */ 1857 Elf_Ehdr *elf_hdr = (Elf_Ehdr *) linker_base; 1858 Elf_Phdr *phdr = (Elf_Phdr*)((unsigned char*) linker_base + elf_hdr->e_phoff); 1859 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 1860 &linker_soinfo.dynamic, NULL, NULL); 1861 insert_soinfo_into_debug_map(&linker_soinfo); 1862 } 1863 1864 // Extract information passed from the kernel. 1865 si->phdr = reinterpret_cast<Elf_Phdr*>(args.getauxval(AT_PHDR)); 1866 si->phnum = args.getauxval(AT_PHNUM); 1867 si->entry = args.getauxval(AT_ENTRY); 1868 1869 /* Compute the value of si->base. We can't rely on the fact that 1870 * the first entry is the PHDR because this will not be true 1871 * for certain executables (e.g. some in the NDK unit test suite) 1872 */ 1873 si->base = 0; 1874 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1875 si->load_bias = 0; 1876 for (size_t i = 0; i < si->phnum; ++i) { 1877 if (si->phdr[i].p_type == PT_PHDR) { 1878 si->load_bias = reinterpret_cast<Elf_Addr>(si->phdr) - si->phdr[i].p_vaddr; 1879 si->base = reinterpret_cast<Elf_Addr>(si->phdr) - si->phdr[i].p_offset; 1880 break; 1881 } 1882 } 1883 si->dynamic = NULL; 1884 si->ref_count = 1; 1885 1886 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 1887 parse_LD_LIBRARY_PATH(ldpath_env); 1888 parse_LD_PRELOAD(ldpreload_env); 1889 1890 somain = si; 1891 1892 if (!soinfo_link_image(si)) { 1893 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 1894 exit(EXIT_FAILURE); 1895 } 1896 1897 add_vdso(args); 1898 1899 si->CallPreInitConstructors(); 1900 1901 for (size_t i = 0; gLdPreloads[i] != NULL; ++i) { 1902 gLdPreloads[i]->CallConstructors(); 1903 } 1904 1905 /* After the link_image, the si->load_bias is initialized. 1906 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 1907 * We need to update this value for so exe here. So Unwind_Backtrace 1908 * for some arch like x86 could work correctly within so exe. 1909 */ 1910 map->l_addr = si->load_bias; 1911 si->CallConstructors(); 1912 1913#if TIMING 1914 gettimeofday(&t1,NULL); 1915 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 1916 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 1917 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec) 1918 )); 1919#endif 1920#if STATS 1921 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 1922 linker_stats.count[kRelocAbsolute], 1923 linker_stats.count[kRelocRelative], 1924 linker_stats.count[kRelocCopy], 1925 linker_stats.count[kRelocSymbol]); 1926#endif 1927#if COUNT_PAGES 1928 { 1929 unsigned n; 1930 unsigned i; 1931 unsigned count = 0; 1932 for (n = 0; n < 4096; n++) { 1933 if (bitmask[n]) { 1934 unsigned x = bitmask[n]; 1935 for (i = 0; i < 8; i++) { 1936 if (x & 1) { 1937 count++; 1938 } 1939 x >>= 1; 1940 } 1941 } 1942 } 1943 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 1944 } 1945#endif 1946 1947#if TIMING || STATS || COUNT_PAGES 1948 fflush(stdout); 1949#endif 1950 1951 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 1952 return si->entry; 1953} 1954 1955/* Compute the load-bias of an existing executable. This shall only 1956 * be used to compute the load bias of an executable or shared library 1957 * that was loaded by the kernel itself. 1958 * 1959 * Input: 1960 * elf -> address of ELF header, assumed to be at the start of the file. 1961 * Return: 1962 * load bias, i.e. add the value of any p_vaddr in the file to get 1963 * the corresponding address in memory. 1964 */ 1965static Elf_Addr get_elf_exec_load_bias(const Elf_Ehdr* elf) { 1966 Elf_Addr offset = elf->e_phoff; 1967 const Elf_Phdr* phdr_table = (const Elf_Phdr*)((char*)elf + offset); 1968 const Elf_Phdr* phdr_end = phdr_table + elf->e_phnum; 1969 1970 for (const Elf_Phdr* phdr = phdr_table; phdr < phdr_end; phdr++) { 1971 if (phdr->p_type == PT_LOAD) { 1972 return reinterpret_cast<Elf_Addr>(elf) + phdr->p_offset - phdr->p_vaddr; 1973 } 1974 } 1975 return 0; 1976} 1977 1978/* 1979 * This is the entry point for the linker, called from begin.S. This 1980 * method is responsible for fixing the linker's own relocations, and 1981 * then calling __linker_init_post_relocation(). 1982 * 1983 * Because this method is called before the linker has fixed it's own 1984 * relocations, any attempt to reference an extern variable, extern 1985 * function, or other GOT reference will generate a segfault. 1986 */ 1987extern "C" Elf_Addr __linker_init(void* raw_args) { 1988 KernelArgumentBlock args(raw_args); 1989 1990 Elf_Addr linker_addr = args.getauxval(AT_BASE); 1991 1992 Elf_Ehdr* elf_hdr = reinterpret_cast<Elf_Ehdr*>(linker_addr); 1993 Elf_Phdr* phdr = (Elf_Phdr*)((unsigned char*) linker_addr + elf_hdr->e_phoff); 1994 1995 soinfo linker_so; 1996 memset(&linker_so, 0, sizeof(soinfo)); 1997 1998 linker_so.base = linker_addr; 1999 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2000 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2001 linker_so.dynamic = NULL; 2002 linker_so.phdr = phdr; 2003 linker_so.phnum = elf_hdr->e_phnum; 2004 linker_so.flags |= FLAG_LINKER; 2005 2006 if (!soinfo_link_image(&linker_so)) { 2007 // It would be nice to print an error message, but if the linker 2008 // can't link itself, there's no guarantee that we'll be able to 2009 // call write() (because it involves a GOT reference). 2010 // 2011 // This situation should never occur unless the linker itself 2012 // is corrupt. 2013 exit(EXIT_FAILURE); 2014 } 2015 2016 // We have successfully fixed our own relocations. It's safe to run 2017 // the main part of the linker now. 2018 args.abort_message_ptr = &gAbortMessage; 2019 Elf_Addr start_address = __linker_init_post_relocation(args, linker_addr); 2020 2021 set_soinfo_pool_protection(PROT_READ); 2022 2023 // Return the address that the calling assembly stub should jump to. 2024 return start_address; 2025} 2026