linker.cpp revision b93702a0463fa0b87bf25d7ae9bdb09a35ea6a50
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <linux/auxvec.h> 33#include <pthread.h> 34#include <stdint.h> 35#include <stdio.h> 36#include <stdlib.h> 37#include <string.h> 38#include <sys/atomics.h> 39#include <sys/mman.h> 40#include <sys/stat.h> 41#include <unistd.h> 42 43// Private C library headers. 44#include "private/bionic_tls.h" 45#include "private/KernelArgumentBlock.h" 46#include "private/ScopedPthreadMutexLocker.h" 47 48#include "linker.h" 49#include "linker_debug.h" 50#include "linker_environ.h" 51#include "linker_phdr.h" 52 53/* Assume average path length of 64 and max 8 paths */ 54#define LDPATH_BUFSIZE 512 55#define LDPATH_MAX 8 56 57#define LDPRELOAD_BUFSIZE 512 58#define LDPRELOAD_MAX 8 59 60/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 61 * 62 * Do NOT use malloc() and friends or pthread_*() code here. 63 * Don't use printf() either; it's caused mysterious memory 64 * corruption in the past. 65 * The linker runs before we bring up libc and it's easiest 66 * to make sure it does not depend on any complex libc features 67 * 68 * open issues / todo: 69 * 70 * - are we doing everything we should for ARM_COPY relocations? 71 * - cleaner error reporting 72 * - after linking, set as much stuff as possible to READONLY 73 * and NOEXEC 74 */ 75 76static bool soinfo_link_image(soinfo* si); 77static Elf_Addr get_elf_exec_load_bias(const Elf_Ehdr* elf); 78 79// We can't use malloc(3) in the dynamic linker. We use a linked list of anonymous 80// maps, each a single page in size. The pages are broken up into as many struct soinfo 81// objects as will fit, and they're all threaded together on a free list. 82#define SOINFO_PER_POOL ((PAGE_SIZE - sizeof(soinfo_pool_t*)) / sizeof(soinfo)) 83struct soinfo_pool_t { 84 soinfo_pool_t* next; 85 soinfo info[SOINFO_PER_POOL]; 86}; 87static struct soinfo_pool_t* gSoInfoPools = NULL; 88static soinfo* gSoInfoFreeList = NULL; 89 90static soinfo* solist = &libdl_info; 91static soinfo* sonext = &libdl_info; 92static soinfo* somain; /* main process, always the one after libdl_info */ 93 94static const char* const gSoPaths[] = { 95#if defined(__LP64__) 96 "/vendor/lib64", 97 "/system/lib64", 98#else 99 "/vendor/lib", 100 "/system/lib", 101#endif 102 NULL 103}; 104 105static char gLdPathsBuffer[LDPATH_BUFSIZE]; 106static const char* gLdPaths[LDPATH_MAX + 1]; 107 108static char gLdPreloadsBuffer[LDPRELOAD_BUFSIZE]; 109static const char* gLdPreloadNames[LDPRELOAD_MAX + 1]; 110 111static soinfo* gLdPreloads[LDPRELOAD_MAX + 1]; 112 113__LIBC_HIDDEN__ int gLdDebugVerbosity; 114 115__LIBC_HIDDEN__ abort_msg_t* gAbortMessage = NULL; // For debuggerd. 116 117enum RelocationKind { 118 kRelocAbsolute = 0, 119 kRelocRelative, 120 kRelocCopy, 121 kRelocSymbol, 122 kRelocMax 123}; 124 125#if STATS 126struct linker_stats_t { 127 int count[kRelocMax]; 128}; 129 130static linker_stats_t linker_stats; 131 132static void count_relocation(RelocationKind kind) { 133 ++linker_stats.count[kind]; 134} 135#else 136static void count_relocation(RelocationKind) { 137} 138#endif 139 140#if COUNT_PAGES 141static unsigned bitmask[4096]; 142#if defined(__LP64__) 143#define MARK(offset) \ 144 do { \ 145 if ((((offset) >> 12) >> 5) < 4096) \ 146 bitmask[((offset) >> 12) >> 5] |= (1 << (((offset) >> 12) & 31)); \ 147 } while(0) 148#else 149#define MARK(offset) \ 150 do { \ 151 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 152 } while(0) 153#endif 154#else 155#define MARK(x) do {} while (0) 156#endif 157 158// You shouldn't try to call memory-allocating functions in the dynamic linker. 159// Guard against the most obvious ones. 160#define DISALLOW_ALLOCATION(return_type, name, ...) \ 161 return_type name __VA_ARGS__ \ 162 { \ 163 const char* msg = "ERROR: " #name " called from the dynamic linker!\n"; \ 164 __libc_format_log(ANDROID_LOG_FATAL, "linker", "%s", msg); \ 165 write(2, msg, strlen(msg)); \ 166 abort(); \ 167 } 168#define UNUSED __attribute__((unused)) 169DISALLOW_ALLOCATION(void*, malloc, (size_t u UNUSED)); 170DISALLOW_ALLOCATION(void, free, (void* u UNUSED)); 171DISALLOW_ALLOCATION(void*, realloc, (void* u1 UNUSED, size_t u2 UNUSED)); 172DISALLOW_ALLOCATION(void*, calloc, (size_t u1 UNUSED, size_t u2 UNUSED)); 173 174static char tmp_err_buf[768]; 175static char __linker_dl_err_buf[768]; 176 177char* linker_get_error_buffer() { 178 return &__linker_dl_err_buf[0]; 179} 180 181size_t linker_get_error_buffer_size() { 182 return sizeof(__linker_dl_err_buf); 183} 184 185/* 186 * This function is an empty stub where GDB locates a breakpoint to get notified 187 * about linker activity. 188 */ 189extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 190 191static r_debug _r_debug = {1, NULL, &rtld_db_dlactivity, RT_CONSISTENT, 0}; 192static link_map_t* r_debug_tail = 0; 193 194static pthread_mutex_t gDebugMutex = PTHREAD_MUTEX_INITIALIZER; 195 196static void insert_soinfo_into_debug_map(soinfo * info) { 197 // Copy the necessary fields into the debug structure. 198 link_map_t* map = &(info->link_map); 199 map->l_addr = info->load_bias; 200 map->l_name = (char*) info->name; 201 map->l_ld = (uintptr_t)info->dynamic; 202 203 /* Stick the new library at the end of the list. 204 * gdb tends to care more about libc than it does 205 * about leaf libraries, and ordering it this way 206 * reduces the back-and-forth over the wire. 207 */ 208 if (r_debug_tail) { 209 r_debug_tail->l_next = map; 210 map->l_prev = r_debug_tail; 211 map->l_next = 0; 212 } else { 213 _r_debug.r_map = map; 214 map->l_prev = 0; 215 map->l_next = 0; 216 } 217 r_debug_tail = map; 218} 219 220static void remove_soinfo_from_debug_map(soinfo* info) { 221 link_map_t* map = &(info->link_map); 222 223 if (r_debug_tail == map) { 224 r_debug_tail = map->l_prev; 225 } 226 227 if (map->l_prev) { 228 map->l_prev->l_next = map->l_next; 229 } 230 if (map->l_next) { 231 map->l_next->l_prev = map->l_prev; 232 } 233} 234 235static void notify_gdb_of_load(soinfo* info) { 236 if (info->flags & FLAG_EXE) { 237 // GDB already knows about the main executable 238 return; 239 } 240 241 ScopedPthreadMutexLocker locker(&gDebugMutex); 242 243 _r_debug.r_state = RT_ADD; 244 rtld_db_dlactivity(); 245 246 insert_soinfo_into_debug_map(info); 247 248 _r_debug.r_state = RT_CONSISTENT; 249 rtld_db_dlactivity(); 250} 251 252static void notify_gdb_of_unload(soinfo* info) { 253 if (info->flags & FLAG_EXE) { 254 // GDB already knows about the main executable 255 return; 256 } 257 258 ScopedPthreadMutexLocker locker(&gDebugMutex); 259 260 _r_debug.r_state = RT_DELETE; 261 rtld_db_dlactivity(); 262 263 remove_soinfo_from_debug_map(info); 264 265 _r_debug.r_state = RT_CONSISTENT; 266 rtld_db_dlactivity(); 267} 268 269void notify_gdb_of_libraries() { 270 _r_debug.r_state = RT_ADD; 271 rtld_db_dlactivity(); 272 _r_debug.r_state = RT_CONSISTENT; 273 rtld_db_dlactivity(); 274} 275 276static bool ensure_free_list_non_empty() { 277 if (gSoInfoFreeList != NULL) { 278 return true; 279 } 280 281 // Allocate a new pool. 282 soinfo_pool_t* pool = reinterpret_cast<soinfo_pool_t*>(mmap(NULL, sizeof(*pool), 283 PROT_READ|PROT_WRITE, 284 MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)); 285 if (pool == MAP_FAILED) { 286 return false; 287 } 288 289 // Add the pool to our list of pools. 290 pool->next = gSoInfoPools; 291 gSoInfoPools = pool; 292 293 // Chain the entries in the new pool onto the free list. 294 gSoInfoFreeList = &pool->info[0]; 295 soinfo* next = NULL; 296 for (int i = SOINFO_PER_POOL - 1; i >= 0; --i) { 297 pool->info[i].next = next; 298 next = &pool->info[i]; 299 } 300 301 return true; 302} 303 304static void set_soinfo_pool_protection(int protection) { 305 for (soinfo_pool_t* p = gSoInfoPools; p != NULL; p = p->next) { 306 if (mprotect(p, sizeof(*p), protection) == -1) { 307 abort(); // Can't happen. 308 } 309 } 310} 311 312static soinfo* soinfo_alloc(const char* name) { 313 if (strlen(name) >= SOINFO_NAME_LEN) { 314 DL_ERR("library name \"%s\" too long", name); 315 return NULL; 316 } 317 318 if (!ensure_free_list_non_empty()) { 319 DL_ERR("out of memory when loading \"%s\"", name); 320 return NULL; 321 } 322 323 // Take the head element off the free list. 324 soinfo* si = gSoInfoFreeList; 325 gSoInfoFreeList = gSoInfoFreeList->next; 326 327 // Initialize the new element. 328 memset(si, 0, sizeof(soinfo)); 329 strlcpy(si->name, name, sizeof(si->name)); 330 sonext->next = si; 331 sonext = si; 332 333 TRACE("name %s: allocated soinfo @ %p", name, si); 334 return si; 335} 336 337static void soinfo_free(soinfo* si) 338{ 339 if (si == NULL) { 340 return; 341 } 342 343 soinfo *prev = NULL, *trav; 344 345 TRACE("name %s: freeing soinfo @ %p", si->name, si); 346 347 for (trav = solist; trav != NULL; trav = trav->next) { 348 if (trav == si) 349 break; 350 prev = trav; 351 } 352 if (trav == NULL) { 353 /* si was not in solist */ 354 DL_ERR("name \"%s\" is not in solist!", si->name); 355 return; 356 } 357 358 /* prev will never be NULL, because the first entry in solist is 359 always the static libdl_info. 360 */ 361 prev->next = si->next; 362 if (si == sonext) { 363 sonext = prev; 364 } 365 si->next = gSoInfoFreeList; 366 gSoInfoFreeList = si; 367} 368 369 370static void parse_path(const char* path, const char* delimiters, 371 const char** array, char* buf, size_t buf_size, size_t max_count) { 372 if (path == NULL) { 373 return; 374 } 375 376 size_t len = strlcpy(buf, path, buf_size); 377 378 size_t i = 0; 379 char* buf_p = buf; 380 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 381 if (*array[i] != '\0') { 382 ++i; 383 } 384 } 385 386 // Forget the last path if we had to truncate; this occurs if the 2nd to 387 // last char isn't '\0' (i.e. wasn't originally a delimiter). 388 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 389 array[i - 1] = NULL; 390 } else { 391 array[i] = NULL; 392 } 393} 394 395static void parse_LD_LIBRARY_PATH(const char* path) { 396 parse_path(path, ":", gLdPaths, 397 gLdPathsBuffer, sizeof(gLdPathsBuffer), LDPATH_MAX); 398} 399 400static void parse_LD_PRELOAD(const char* path) { 401 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 402 parse_path(path, " :", gLdPreloadNames, 403 gLdPreloadsBuffer, sizeof(gLdPreloadsBuffer), LDPRELOAD_MAX); 404} 405 406#if defined(__arm__) 407 408/* For a given PC, find the .so that it belongs to. 409 * Returns the base address of the .ARM.exidx section 410 * for that .so, and the number of 8-byte entries 411 * in that section (via *pcount). 412 * 413 * Intended to be called by libc's __gnu_Unwind_Find_exidx(). 414 * 415 * This function is exposed via dlfcn.cpp and libdl.so. 416 */ 417_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int *pcount) 418{ 419 soinfo *si; 420 unsigned addr = (unsigned)pc; 421 422 for (si = solist; si != 0; si = si->next) { 423 if ((addr >= si->base) && (addr < (si->base + si->size))) { 424 *pcount = si->ARM_exidx_count; 425 return (_Unwind_Ptr)si->ARM_exidx; 426 } 427 } 428 *pcount = 0; 429 return NULL; 430} 431 432#endif 433 434/* Here, we only have to provide a callback to iterate across all the 435 * loaded libraries. gcc_eh does the rest. */ 436int 437dl_iterate_phdr(int (*cb)(dl_phdr_info *info, size_t size, void *data), 438 void *data) 439{ 440 int rv = 0; 441 for (soinfo* si = solist; si != NULL; si = si->next) { 442 dl_phdr_info dl_info; 443 dl_info.dlpi_addr = si->link_map.l_addr; 444 dl_info.dlpi_name = si->link_map.l_name; 445 dl_info.dlpi_phdr = si->phdr; 446 dl_info.dlpi_phnum = si->phnum; 447 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 448 if (rv != 0) { 449 break; 450 } 451 } 452 return rv; 453} 454 455static Elf_Sym* soinfo_elf_lookup(soinfo* si, unsigned hash, const char* name) { 456 Elf_Sym* symtab = si->symtab; 457 const char* strtab = si->strtab; 458 459 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p %x %zd", 460 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 461 462 for (unsigned n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]) { 463 Elf_Sym* s = symtab + n; 464 if (strcmp(strtab + s->st_name, name)) continue; 465 466 /* only concern ourselves with global and weak symbol definitions */ 467 switch (ELF_ST_BIND(s->st_info)) { 468 case STB_GLOBAL: 469 case STB_WEAK: 470 if (s->st_shndx == SHN_UNDEF) { 471 continue; 472 } 473 474 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 475 name, si->name, reinterpret_cast<void*>(s->st_value), 476 static_cast<size_t>(s->st_size)); 477 return s; 478 } 479 } 480 481 return NULL; 482} 483 484static unsigned elfhash(const char* _name) { 485 const unsigned char* name = (const unsigned char*) _name; 486 unsigned h = 0, g; 487 488 while(*name) { 489 h = (h << 4) + *name++; 490 g = h & 0xf0000000; 491 h ^= g; 492 h ^= g >> 24; 493 } 494 return h; 495} 496 497static Elf_Sym* soinfo_do_lookup(soinfo* si, const char* name, soinfo** lsi, soinfo* needed[]) { 498 unsigned elf_hash = elfhash(name); 499 Elf_Sym* s = NULL; 500 501 if (si != NULL && somain != NULL) { 502 503 /* 504 * Local scope is executable scope. Just start looking into it right away 505 * for the shortcut. 506 */ 507 508 if (si == somain) { 509 s = soinfo_elf_lookup(si, elf_hash, name); 510 if (s != NULL) { 511 *lsi = si; 512 goto done; 513 } 514 } else { 515 /* Order of symbol lookup is controlled by DT_SYMBOLIC flag */ 516 517 /* 518 * If this object was built with symbolic relocations disabled, the 519 * first place to look to resolve external references is the main 520 * executable. 521 */ 522 523 if (!si->has_DT_SYMBOLIC) { 524 DEBUG("%s: looking up %s in executable %s", 525 si->name, name, somain->name); 526 s = soinfo_elf_lookup(somain, elf_hash, name); 527 if (s != NULL) { 528 *lsi = somain; 529 goto done; 530 } 531 } 532 533 /* Look for symbols in the local scope (the object who is 534 * searching). This happens with C++ templates on x86 for some 535 * reason. 536 * 537 * Notes on weak symbols: 538 * The ELF specs are ambiguous about treatment of weak definitions in 539 * dynamic linking. Some systems return the first definition found 540 * and some the first non-weak definition. This is system dependent. 541 * Here we return the first definition found for simplicity. */ 542 543 s = soinfo_elf_lookup(si, elf_hash, name); 544 if (s != NULL) { 545 *lsi = si; 546 goto done; 547 } 548 549 /* 550 * If this object was built with -Bsymbolic and symbol is not found 551 * in the local scope, try to find the symbol in the main executable. 552 */ 553 554 if (si->has_DT_SYMBOLIC) { 555 DEBUG("%s: looking up %s in executable %s after local scope", 556 si->name, name, somain->name); 557 s = soinfo_elf_lookup(somain, elf_hash, name); 558 if (s != NULL) { 559 *lsi = somain; 560 goto done; 561 } 562 } 563 } 564 } 565 566 /* Next, look for it in the preloads list */ 567 for (int i = 0; gLdPreloads[i] != NULL; i++) { 568 s = soinfo_elf_lookup(gLdPreloads[i], elf_hash, name); 569 if (s != NULL) { 570 *lsi = gLdPreloads[i]; 571 goto done; 572 } 573 } 574 575 for (int i = 0; needed[i] != NULL; i++) { 576 DEBUG("%s: looking up %s in %s", 577 si->name, name, needed[i]->name); 578 s = soinfo_elf_lookup(needed[i], elf_hash, name); 579 if (s != NULL) { 580 *lsi = needed[i]; 581 goto done; 582 } 583 } 584 585done: 586 if (s != NULL) { 587 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 588 "found in %s, base = %p, load bias = %p", 589 si->name, name, reinterpret_cast<void*>(s->st_value), 590 (*lsi)->name, reinterpret_cast<void*>((*lsi)->base), 591 reinterpret_cast<void*>((*lsi)->load_bias)); 592 return s; 593 } 594 595 return NULL; 596} 597 598/* This is used by dlsym(3). It performs symbol lookup only within the 599 specified soinfo object and not in any of its dependencies. 600 601 TODO: Only looking in the specified soinfo seems wrong. dlsym(3) says 602 that it should do a breadth first search through the dependency 603 tree. This agrees with the ELF spec (aka System V Application 604 Binary Interface) where in Chapter 5 it discuss resolving "Shared 605 Object Dependencies" in breadth first search order. 606 */ 607Elf_Sym* dlsym_handle_lookup(soinfo* si, const char* name) { 608 return soinfo_elf_lookup(si, elfhash(name), name); 609} 610 611/* This is used by dlsym(3) to performs a global symbol lookup. If the 612 start value is null (for RTLD_DEFAULT), the search starts at the 613 beginning of the global solist. Otherwise the search starts at the 614 specified soinfo (for RTLD_NEXT). 615 */ 616Elf_Sym* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 617 unsigned elf_hash = elfhash(name); 618 619 if (start == NULL) { 620 start = solist; 621 } 622 623 Elf_Sym* s = NULL; 624 for (soinfo* si = start; (s == NULL) && (si != NULL); si = si->next) { 625 s = soinfo_elf_lookup(si, elf_hash, name); 626 if (s != NULL) { 627 *found = si; 628 break; 629 } 630 } 631 632 if (s != NULL) { 633 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 634 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 635 } 636 637 return s; 638} 639 640soinfo* find_containing_library(const void* p) { 641 Elf_Addr address = reinterpret_cast<Elf_Addr>(p); 642 for (soinfo* si = solist; si != NULL; si = si->next) { 643 if (address >= si->base && address - si->base < si->size) { 644 return si; 645 } 646 } 647 return NULL; 648} 649 650Elf_Sym* dladdr_find_symbol(soinfo* si, const void* addr) { 651 Elf_Addr soaddr = reinterpret_cast<Elf_Addr>(addr) - si->base; 652 653 // Search the library's symbol table for any defined symbol which 654 // contains this address. 655 for (size_t i = 0; i < si->nchain; ++i) { 656 Elf_Sym* sym = &si->symtab[i]; 657 if (sym->st_shndx != SHN_UNDEF && 658 soaddr >= sym->st_value && 659 soaddr < sym->st_value + sym->st_size) { 660 return sym; 661 } 662 } 663 664 return NULL; 665} 666 667#if 0 668static void dump(soinfo* si) 669{ 670 Elf_Sym* s = si->symtab; 671 for (unsigned n = 0; n < si->nchain; n++) { 672 TRACE("%04d> %08x: %02x %04x %08x %08x %s", n, s, 673 s->st_info, s->st_shndx, s->st_value, s->st_size, 674 si->strtab + s->st_name); 675 s++; 676 } 677} 678#endif 679 680static int open_library_on_path(const char* name, const char* const paths[]) { 681 char buf[512]; 682 for (size_t i = 0; paths[i] != NULL; ++i) { 683 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 684 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 685 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 686 continue; 687 } 688 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 689 if (fd != -1) { 690 return fd; 691 } 692 } 693 return -1; 694} 695 696static int open_library(const char* name) { 697 TRACE("[ opening %s ]", name); 698 699 // If the name contains a slash, we should attempt to open it directly and not search the paths. 700 if (strchr(name, '/') != NULL) { 701 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 702 if (fd != -1) { 703 return fd; 704 } 705 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 706 } 707 708 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 709 int fd = open_library_on_path(name, gLdPaths); 710 if (fd == -1) { 711 fd = open_library_on_path(name, gSoPaths); 712 } 713 return fd; 714} 715 716static soinfo* load_library(const char* name) { 717 // Open the file. 718 int fd = open_library(name); 719 if (fd == -1) { 720 DL_ERR("library \"%s\" not found", name); 721 return NULL; 722 } 723 724 // Read the ELF header and load the segments. 725 ElfReader elf_reader(name, fd); 726 if (!elf_reader.Load()) { 727 return NULL; 728 } 729 730 const char* bname = strrchr(name, '/'); 731 soinfo* si = soinfo_alloc(bname ? bname + 1 : name); 732 if (si == NULL) { 733 return NULL; 734 } 735 si->base = elf_reader.load_start(); 736 si->size = elf_reader.load_size(); 737 si->load_bias = elf_reader.load_bias(); 738 si->flags = 0; 739 si->entry = 0; 740 si->dynamic = NULL; 741 si->phnum = elf_reader.phdr_count(); 742 si->phdr = elf_reader.loaded_phdr(); 743 return si; 744} 745 746static soinfo *find_loaded_library(const char *name) 747{ 748 soinfo *si; 749 const char *bname; 750 751 // TODO: don't use basename only for determining libraries 752 // http://code.google.com/p/android/issues/detail?id=6670 753 754 bname = strrchr(name, '/'); 755 bname = bname ? bname + 1 : name; 756 757 for (si = solist; si != NULL; si = si->next) { 758 if (!strcmp(bname, si->name)) { 759 return si; 760 } 761 } 762 return NULL; 763} 764 765static soinfo* find_library_internal(const char* name) { 766 if (name == NULL) { 767 return somain; 768 } 769 770 soinfo* si = find_loaded_library(name); 771 if (si != NULL) { 772 if (si->flags & FLAG_LINKED) { 773 return si; 774 } 775 DL_ERR("OOPS: recursive link to \"%s\"", si->name); 776 return NULL; 777 } 778 779 TRACE("[ '%s' has not been loaded yet. Locating...]", name); 780 si = load_library(name); 781 if (si == NULL) { 782 return NULL; 783 } 784 785 // At this point we know that whatever is loaded @ base is a valid ELF 786 // shared library whose segments are properly mapped in. 787 TRACE("[ init_library base=%p sz=0x%08x name='%s' ]", 788 reinterpret_cast<void*>(si->base), si->size, si->name); 789 790 if (!soinfo_link_image(si)) { 791 munmap(reinterpret_cast<void*>(si->base), si->size); 792 soinfo_free(si); 793 return NULL; 794 } 795 796 return si; 797} 798 799static soinfo* find_library(const char* name) { 800 soinfo* si = find_library_internal(name); 801 if (si != NULL) { 802 si->ref_count++; 803 } 804 return si; 805} 806 807static int soinfo_unload(soinfo* si) { 808 if (si->ref_count == 1) { 809 TRACE("unloading '%s'", si->name); 810 si->CallDestructors(); 811 812 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 813 if (d->d_tag == DT_NEEDED) { 814 const char* library_name = si->strtab + d->d_un.d_val; 815 TRACE("%s needs to unload %s", si->name, library_name); 816 soinfo_unload(find_loaded_library(library_name)); 817 } 818 } 819 820 munmap(reinterpret_cast<void*>(si->base), si->size); 821 notify_gdb_of_unload(si); 822 soinfo_free(si); 823 si->ref_count = 0; 824 } else { 825 si->ref_count--; 826 TRACE("not unloading '%s', decrementing ref_count to %zd", si->name, si->ref_count); 827 } 828 return 0; 829} 830 831void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 832 if (!get_AT_SECURE()) { 833 parse_LD_LIBRARY_PATH(ld_library_path); 834 } 835} 836 837soinfo* do_dlopen(const char* name, int flags) { 838 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL)) != 0) { 839 DL_ERR("invalid flags to dlopen: %x", flags); 840 return NULL; 841 } 842 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 843 soinfo* si = find_library(name); 844 if (si != NULL) { 845 si->CallConstructors(); 846 } 847 set_soinfo_pool_protection(PROT_READ); 848 return si; 849} 850 851int do_dlclose(soinfo* si) { 852 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 853 int result = soinfo_unload(si); 854 set_soinfo_pool_protection(PROT_READ); 855 return result; 856} 857 858#if defined(USE_RELA) 859static int soinfo_relocate_a(soinfo* si, Elf_Rela* rela, unsigned count, soinfo* needed[]) { 860 Elf_Sym* symtab = si->symtab; 861 const char* strtab = si->strtab; 862 Elf_Sym* s; 863 Elf_Rela* start = rela; 864 soinfo* lsi; 865 866 for (size_t idx = 0; idx < count; ++idx, ++rela) { 867 unsigned type = ELF_R_TYPE(rela->r_info); 868 unsigned sym = ELF_R_SYM(rela->r_info); 869 Elf_Addr reloc = static_cast<Elf_Addr>(rela->r_offset + si->load_bias); 870 Elf_Addr sym_addr = 0; 871 char* sym_name = NULL; 872 873 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 874 if (type == 0) { // R_*_NONE 875 continue; 876 } 877 if (sym != 0) { 878 sym_name = (char *)(strtab + symtab[sym].st_name); 879 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 880 if (s == NULL) { 881 // We only allow an undefined symbol if this is a weak reference... 882 s = &symtab[sym]; 883 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 884 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 885 return -1; 886 } 887 888 /* IHI0044C AAELF 4.5.1.1: 889 890 Libraries are not searched to resolve weak references. 891 It is not an error for a weak reference to remain unsatisfied. 892 893 During linking, the value of an undefined weak reference is: 894 - Zero if the relocation type is absolute 895 - The address of the place if the relocation is pc-relative 896 - The address of nominal base address if the relocation 897 type is base-relative. 898 */ 899 900 switch (type) { 901#if defined(__aarch64__) 902 case R_AARCH64_JUMP_SLOT: 903 case R_AARCH64_GLOB_DAT: 904 case R_AARCH64_ABS64: 905 case R_AARCH64_ABS32: 906 case R_AARCH64_ABS16: 907 case R_AARCH64_RELATIVE: 908 /* 909 * The sym_addr was initialized to be zero above, or the relocation 910 * code below does not care about value of sym_addr. 911 * No need to do anything. 912 */ 913 break; 914#elif defined(__x86_64__) 915 case R_X86_64_JUMP_SLOT: 916 case R_X86_64_GLOB_DAT: 917 case R_X86_64_32: 918 case R_X86_64_RELATIVE: 919 // No need to do anything. 920 break; 921 case R_X86_64_PC32: 922 sym_addr = reloc; 923 break; 924#endif 925 default: 926 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 927 return -1; 928 } 929 } else { 930 // We got a definition. 931 sym_addr = static_cast<Elf_Addr>(s->st_value + lsi->load_bias); 932 } 933 count_relocation(kRelocSymbol); 934 } else { 935 s = NULL; 936 } 937 938 switch (type) { 939#if defined(__aarch64__) 940 case R_AARCH64_JUMP_SLOT: 941 count_relocation(kRelocAbsolute); 942 MARK(rela->r_offset); 943 TRACE_TYPE(RELO, "RELO JMP_SLOT %16lx <- %16lx %s\n", 944 reloc, 945 (sym_addr + rela->r_addend), 946 sym_name); 947 *reinterpret_cast<Elf_Addr*>(reloc) = (sym_addr + rela->r_addend); 948 break; 949 case R_AARCH64_GLOB_DAT: 950 count_relocation(kRelocAbsolute); 951 MARK(rela->r_offset); 952 TRACE_TYPE(RELO, "RELO GLOB_DAT %16lx <- %16lx %s\n", 953 reloc, 954 (sym_addr + rela->r_addend), 955 sym_name); 956 *reinterpret_cast<Elf_Addr*>(reloc) = (sym_addr + rela->r_addend); 957 break; 958 case R_AARCH64_ABS64: 959 count_relocation(kRelocAbsolute); 960 MARK(rela->r_offset); 961 TRACE_TYPE(RELO, "RELO ABS64 %16lx <- %16lx %s\n", 962 reloc, 963 (sym_addr + rela->r_addend), 964 sym_name); 965 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr + rela->r_addend); 966 break; 967 case R_AARCH64_ABS32: 968 count_relocation(kRelocAbsolute); 969 MARK(rela->r_offset); 970 TRACE_TYPE(RELO, "RELO ABS32 %16lx <- %16lx %s\n", 971 reloc, 972 (sym_addr + rela->r_addend), 973 sym_name); 974 if ((static_cast<Elf_Addr>(INT32_MIN) <= 975 (*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend))) && 976 ((*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend)) <= 977 static_cast<Elf_Addr>(UINT32_MAX))) { 978 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr + rela->r_addend); 979 } else { 980 DL_ERR("0x%016lx out of range 0x%016lx to 0x%016lx", 981 (*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend)), 982 static_cast<Elf_Addr>(INT32_MIN), 983 static_cast<Elf_Addr>(UINT32_MAX)); 984 return -1; 985 } 986 break; 987 case R_AARCH64_ABS16: 988 count_relocation(kRelocAbsolute); 989 MARK(rela->r_offset); 990 TRACE_TYPE(RELO, "RELO ABS16 %16lx <- %16lx %s\n", 991 reloc, 992 (sym_addr + rela->r_addend), 993 sym_name); 994 if ((static_cast<Elf_Addr>(INT16_MIN) <= 995 (*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend))) && 996 ((*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend)) <= 997 static_cast<Elf_Addr>(UINT16_MAX))) { 998 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr + rela->r_addend); 999 } else { 1000 DL_ERR("0x%016lx out of range 0x%016lx to 0x%016lx", 1001 (*reinterpret_cast<Elf_Addr*>(reloc) + (sym_addr + rela->r_addend)), 1002 static_cast<Elf_Addr>(INT16_MIN), 1003 static_cast<Elf_Addr>(UINT16_MAX)); 1004 return -1; 1005 } 1006 break; 1007 case R_AARCH64_PREL64: 1008 count_relocation(kRelocRelative); 1009 MARK(rela->r_offset); 1010 TRACE_TYPE(RELO, "RELO REL64 %16lx <- %16lx - %16lx %s\n", 1011 reloc, 1012 (sym_addr + rela->r_addend), 1013 rela->r_offset, 1014 sym_name); 1015 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr + rela->r_addend) - rela->r_offset; 1016 break; 1017 case R_AARCH64_PREL32: 1018 count_relocation(kRelocRelative); 1019 MARK(rela->r_offset); 1020 TRACE_TYPE(RELO, "RELO REL32 %16lx <- %16lx - %16lx %s\n", 1021 reloc, 1022 (sym_addr + rela->r_addend), 1023 rela->r_offset, sym_name); 1024 if ((static_cast<Elf_Addr>(INT32_MIN) <= 1025 (*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1026 ((*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= 1027 static_cast<Elf_Addr>(UINT32_MAX))) { 1028 *reinterpret_cast<Elf_Addr*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1029 } else { 1030 DL_ERR("0x%016lx out of range 0x%016lx to 0x%016lx", 1031 (*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1032 static_cast<Elf_Addr>(INT32_MIN), 1033 static_cast<Elf_Addr>(UINT32_MAX)); 1034 return -1; 1035 } 1036 break; 1037 case R_AARCH64_PREL16: 1038 count_relocation(kRelocRelative); 1039 MARK(rela->r_offset); 1040 TRACE_TYPE(RELO, "RELO REL16 %16lx <- %16lx - %16lx %s\n", 1041 reloc, 1042 (sym_addr + rela->r_addend), 1043 rela->r_offset, sym_name); 1044 if ((static_cast<Elf_Addr>(INT16_MIN) <= 1045 (*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1046 ((*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= 1047 static_cast<Elf_Addr>(UINT16_MAX))) { 1048 *reinterpret_cast<Elf_Addr*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1049 } else { 1050 DL_ERR("0x%016lx out of range 0x%016lx to 0x%016lx", 1051 (*reinterpret_cast<Elf_Addr*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1052 static_cast<Elf_Addr>(INT16_MIN), 1053 static_cast<Elf_Addr>(UINT16_MAX)); 1054 return -1; 1055 } 1056 break; 1057 1058 case R_AARCH64_RELATIVE: 1059 count_relocation(kRelocRelative); 1060 MARK(rela->r_offset); 1061 if (sym) { 1062 DL_ERR("odd RELATIVE form..."); 1063 return -1; 1064 } 1065 TRACE_TYPE(RELO, "RELO RELATIVE %16lx <- %16lx\n", 1066 reloc, 1067 (si->base + rela->r_addend)); 1068 *reinterpret_cast<Elf_Addr*>(reloc) = (si->base + rela->r_addend); 1069 break; 1070 1071 case R_AARCH64_COPY: 1072 if ((si->flags & FLAG_EXE) == 0) { 1073 /* 1074 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1075 * 1076 * Section 4.7.1.10 "Dynamic relocations" 1077 * R_AARCH64_COPY may only appear in executable objects where e_type is 1078 * set to ET_EXEC. 1079 * 1080 * FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1081 * We should explicitly disallow ET_DYN executables from having 1082 * R_AARCH64_COPY relocations. 1083 */ 1084 DL_ERR("%s R_AARCH64_COPY relocations only supported for ET_EXEC", si->name); 1085 return -1; 1086 } 1087 count_relocation(kRelocCopy); 1088 MARK(rela->r_offset); 1089 TRACE_TYPE(RELO, "RELO COPY %16lx <- %ld @ %16lx %s\n", 1090 reloc, 1091 s->st_size, 1092 (sym_addr + rela->r_addend), 1093 sym_name); 1094 if (reloc == (sym_addr + rela->r_addend)) { 1095 Elf_Sym *src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1096 1097 if (src == NULL) { 1098 DL_ERR("%s R_AARCH64_COPY relocation source cannot be resolved", si->name); 1099 return -1; 1100 } 1101 if (lsi->has_DT_SYMBOLIC) { 1102 DL_ERR("%s invalid R_AARCH64_COPY relocation against DT_SYMBOLIC shared " 1103 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1104 return -1; 1105 } 1106 if (s->st_size < src->st_size) { 1107 DL_ERR("%s R_AARCH64_COPY relocation size mismatch (%ld < %ld)", 1108 si->name, s->st_size, src->st_size); 1109 return -1; 1110 } 1111 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1112 } else { 1113 DL_ERR("%s R_AARCH64_COPY relocation target cannot be resolved", si->name); 1114 return -1; 1115 } 1116 break; 1117 case R_AARCH64_TLS_TPREL64: 1118 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16lx <- %16lx - %16lx\n", 1119 reloc, 1120 (sym_addr + rela->r_addend), 1121 rela->r_offset); 1122 break; 1123 case R_AARCH64_TLS_DTPREL32: 1124 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16lx <- %16lx - %16lx\n", 1125 reloc, 1126 (sym_addr + rela->r_addend), 1127 rela->r_offset); 1128 break; 1129#elif defined(__x86_64__) 1130 case R_X86_64_JUMP_SLOT: 1131 count_relocation(kRelocAbsolute); 1132 MARK(rela->r_offset); 1133 TRACE_TYPE(RELO, "RELO JMP_SLOT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1134 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1135 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 1136 break; 1137 case R_X86_64_GLOB_DAT: 1138 count_relocation(kRelocAbsolute); 1139 MARK(rela->r_offset); 1140 TRACE_TYPE(RELO, "RELO GLOB_DAT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1141 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1142 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 1143 break; 1144 case R_X86_64_RELATIVE: 1145 count_relocation(kRelocRelative); 1146 MARK(rela->r_offset); 1147 if (sym) { 1148 DL_ERR("odd RELATIVE form..."); 1149 return -1; 1150 } 1151 TRACE_TYPE(RELO, "RELO RELATIVE %08zx <- +%08zx", static_cast<size_t>(reloc), 1152 static_cast<size_t>(si->base)); 1153 *reinterpret_cast<Elf_Addr*>(reloc) = si->base + rela->r_addend; 1154 break; 1155 case R_X86_64_32: 1156 count_relocation(kRelocRelative); 1157 MARK(rela->r_offset); 1158 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1159 static_cast<size_t>(sym_addr), sym_name); 1160 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 1161 break; 1162 case R_X86_64_64: 1163 count_relocation(kRelocRelative); 1164 MARK(rela->r_offset); 1165 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1166 static_cast<size_t>(sym_addr), sym_name); 1167 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend; 1168 break; 1169 case R_X86_64_PC32: 1170 count_relocation(kRelocRelative); 1171 MARK(rela->r_offset); 1172 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 1173 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 1174 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 1175 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr + rela->r_addend - reloc; 1176 break; 1177#endif 1178 1179 default: 1180 DL_ERR("unknown reloc type %d @ %p (%d)", type, rela, (int) (rela - start)); 1181 return -1; 1182 } 1183 } 1184 return 0; 1185} 1186#else 1187static int soinfo_relocate(soinfo* si, Elf_Rel* rel, unsigned count, 1188 soinfo* needed[]) 1189{ 1190 Elf_Sym* symtab = si->symtab; 1191 const char* strtab = si->strtab; 1192 Elf_Sym* s; 1193 Elf_Rel* start = rel; 1194 soinfo* lsi; 1195 1196 for (size_t idx = 0; idx < count; ++idx, ++rel) { 1197 unsigned type = ELF_R_TYPE(rel->r_info); 1198 // TODO: don't use unsigned for 'sym'. Use uint32_t or Elf_Addr instead. 1199 unsigned sym = ELF_R_SYM(rel->r_info); 1200 Elf_Addr reloc = static_cast<Elf_Addr>(rel->r_offset + si->load_bias); 1201 Elf_Addr sym_addr = 0; 1202 char* sym_name = NULL; 1203 1204 DEBUG("Processing '%s' relocation at index %zd", si->name, idx); 1205 if (type == 0) { // R_*_NONE 1206 continue; 1207 } 1208 if (sym != 0) { 1209 sym_name = (char *)(strtab + symtab[sym].st_name); 1210 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1211 if (s == NULL) { 1212 // We only allow an undefined symbol if this is a weak reference... 1213 s = &symtab[sym]; 1214 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1215 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, si->name); 1216 return -1; 1217 } 1218 1219 /* IHI0044C AAELF 4.5.1.1: 1220 1221 Libraries are not searched to resolve weak references. 1222 It is not an error for a weak reference to remain 1223 unsatisfied. 1224 1225 During linking, the value of an undefined weak reference is: 1226 - Zero if the relocation type is absolute 1227 - The address of the place if the relocation is pc-relative 1228 - The address of nominal base address if the relocation 1229 type is base-relative. 1230 */ 1231 1232 switch (type) { 1233#if defined(__arm__) 1234 case R_ARM_JUMP_SLOT: 1235 case R_ARM_GLOB_DAT: 1236 case R_ARM_ABS32: 1237 case R_ARM_RELATIVE: /* Don't care. */ 1238 // sym_addr was initialized to be zero above or relocation 1239 // code below does not care about value of sym_addr. 1240 // No need to do anything. 1241 break; 1242#elif defined(__i386__) 1243 case R_386_JMP_SLOT: 1244 case R_386_GLOB_DAT: 1245 case R_386_32: 1246 case R_386_RELATIVE: /* Don't care. */ 1247 // sym_addr was initialized to be zero above or relocation 1248 // code below does not care about value of sym_addr. 1249 // No need to do anything. 1250 break; 1251 case R_386_PC32: 1252 sym_addr = reloc; 1253 break; 1254#endif 1255 1256#if defined(__arm__) 1257 case R_ARM_COPY: 1258 // Fall through. Can't really copy if weak symbol is not found at run-time. 1259#endif 1260 default: 1261 DL_ERR("unknown weak reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1262 return -1; 1263 } 1264 } else { 1265 // We got a definition. 1266 sym_addr = static_cast<Elf_Addr>(s->st_value + lsi->load_bias); 1267 } 1268 count_relocation(kRelocSymbol); 1269 } else { 1270 s = NULL; 1271 } 1272 1273 switch (type) { 1274#if defined(__arm__) 1275 case R_ARM_JUMP_SLOT: 1276 count_relocation(kRelocAbsolute); 1277 MARK(rel->r_offset); 1278 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1279 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1280 break; 1281 case R_ARM_GLOB_DAT: 1282 count_relocation(kRelocAbsolute); 1283 MARK(rel->r_offset); 1284 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1285 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1286 break; 1287 case R_ARM_ABS32: 1288 count_relocation(kRelocAbsolute); 1289 MARK(rel->r_offset); 1290 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1291 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1292 break; 1293 case R_ARM_REL32: 1294 count_relocation(kRelocRelative); 1295 MARK(rel->r_offset); 1296 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1297 reloc, sym_addr, rel->r_offset, sym_name); 1298 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr - rel->r_offset; 1299 break; 1300 case R_ARM_COPY: 1301 if ((si->flags & FLAG_EXE) == 0) { 1302 /* 1303 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1304 * 1305 * Section 4.7.1.10 "Dynamic relocations" 1306 * R_ARM_COPY may only appear in executable objects where e_type is 1307 * set to ET_EXEC. 1308 * 1309 * TODO: FLAG_EXE is set for both ET_DYN and ET_EXEC executables. 1310 * We should explicitly disallow ET_DYN executables from having 1311 * R_ARM_COPY relocations. 1312 */ 1313 DL_ERR("%s R_ARM_COPY relocations only supported for ET_EXEC", si->name); 1314 return -1; 1315 } 1316 count_relocation(kRelocCopy); 1317 MARK(rel->r_offset); 1318 TRACE_TYPE(RELO, "RELO %08x <- %d @ %08x %s", reloc, s->st_size, sym_addr, sym_name); 1319 if (reloc == sym_addr) { 1320 Elf_Sym *src = soinfo_do_lookup(NULL, sym_name, &lsi, needed); 1321 1322 if (src == NULL) { 1323 DL_ERR("%s R_ARM_COPY relocation source cannot be resolved", si->name); 1324 return -1; 1325 } 1326 if (lsi->has_DT_SYMBOLIC) { 1327 DL_ERR("%s invalid R_ARM_COPY relocation against DT_SYMBOLIC shared " 1328 "library %s (built with -Bsymbolic?)", si->name, lsi->name); 1329 return -1; 1330 } 1331 if (s->st_size < src->st_size) { 1332 DL_ERR("%s R_ARM_COPY relocation size mismatch (%d < %d)", 1333 si->name, s->st_size, src->st_size); 1334 return -1; 1335 } 1336 memcpy((void*)reloc, (void*)(src->st_value + lsi->load_bias), src->st_size); 1337 } else { 1338 DL_ERR("%s R_ARM_COPY relocation target cannot be resolved", si->name); 1339 return -1; 1340 } 1341 break; 1342#elif defined(__i386__) 1343 case R_386_JMP_SLOT: 1344 count_relocation(kRelocAbsolute); 1345 MARK(rel->r_offset); 1346 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1347 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1348 break; 1349 case R_386_GLOB_DAT: 1350 count_relocation(kRelocAbsolute); 1351 MARK(rel->r_offset); 1352 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1353 *reinterpret_cast<Elf_Addr*>(reloc) = sym_addr; 1354 break; 1355 case R_386_32: 1356 count_relocation(kRelocRelative); 1357 MARK(rel->r_offset); 1358 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1359 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1360 break; 1361 case R_386_PC32: 1362 count_relocation(kRelocRelative); 1363 MARK(rel->r_offset); 1364 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1365 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1366 *reinterpret_cast<Elf_Addr*>(reloc) += (sym_addr - reloc); 1367 break; 1368#elif defined(__mips__) 1369 case R_MIPS_REL32: 1370 count_relocation(kRelocAbsolute); 1371 MARK(rel->r_offset); 1372 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x %s", 1373 reloc, sym_addr, (sym_name) ? sym_name : "*SECTIONHDR*"); 1374 if (s) { 1375 *reinterpret_cast<Elf_Addr*>(reloc) += sym_addr; 1376 } else { 1377 *reinterpret_cast<Elf_Addr*>(reloc) += si->base; 1378 } 1379 break; 1380#endif 1381 1382#if defined(__arm__) 1383 case R_ARM_RELATIVE: 1384#elif defined(__i386__) 1385 case R_386_RELATIVE: 1386#endif 1387 count_relocation(kRelocRelative); 1388 MARK(rel->r_offset); 1389 if (sym) { 1390 DL_ERR("odd RELATIVE form..."); 1391 return -1; 1392 } 1393 TRACE_TYPE(RELO, "RELO RELATIVE %p <- +%p", 1394 reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(si->base)); 1395 *reinterpret_cast<Elf_Addr*>(reloc) += si->base; 1396 break; 1397 1398 default: 1399 DL_ERR("unknown reloc type %d @ %p (%d)", type, rel, (int) (rel - start)); 1400 return -1; 1401 } 1402 } 1403 return 0; 1404} 1405#endif 1406 1407#if defined(__mips__) 1408static bool mips_relocate_got(soinfo* si, soinfo* needed[]) { 1409 unsigned* got = si->plt_got; 1410 if (got == NULL) { 1411 return true; 1412 } 1413 unsigned local_gotno = si->mips_local_gotno; 1414 unsigned gotsym = si->mips_gotsym; 1415 unsigned symtabno = si->mips_symtabno; 1416 Elf_Sym* symtab = si->symtab; 1417 1418 /* 1419 * got[0] is address of lazy resolver function 1420 * got[1] may be used for a GNU extension 1421 * set it to a recognizable address in case someone calls it 1422 * (should be _rtld_bind_start) 1423 * FIXME: maybe this should be in a separate routine 1424 */ 1425 1426 if ((si->flags & FLAG_LINKER) == 0) { 1427 size_t g = 0; 1428 got[g++] = 0xdeadbeef; 1429 if (got[g] & 0x80000000) { 1430 got[g++] = 0xdeadfeed; 1431 } 1432 /* 1433 * Relocate the local GOT entries need to be relocated 1434 */ 1435 for (; g < local_gotno; g++) { 1436 got[g] += si->load_bias; 1437 } 1438 } 1439 1440 /* Now for the global GOT entries */ 1441 Elf_Sym* sym = symtab + gotsym; 1442 got = si->plt_got + local_gotno; 1443 for (size_t g = gotsym; g < symtabno; g++, sym++, got++) { 1444 const char* sym_name; 1445 Elf_Sym* s; 1446 soinfo* lsi; 1447 1448 /* This is an undefined reference... try to locate it */ 1449 sym_name = si->strtab + sym->st_name; 1450 s = soinfo_do_lookup(si, sym_name, &lsi, needed); 1451 if (s == NULL) { 1452 /* We only allow an undefined symbol if this is a weak 1453 reference.. */ 1454 s = &symtab[g]; 1455 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1456 DL_ERR("cannot locate \"%s\"...", sym_name); 1457 return false; 1458 } 1459 *got = 0; 1460 } 1461 else { 1462 /* FIXME: is this sufficient? 1463 * For reference see NetBSD link loader 1464 * http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1465 */ 1466 *got = lsi->load_bias + s->st_value; 1467 } 1468 } 1469 return true; 1470} 1471#endif 1472 1473void soinfo::CallArray(const char* array_name UNUSED, linker_function_t* functions, size_t count, bool reverse) { 1474 if (functions == NULL) { 1475 return; 1476 } 1477 1478 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1479 1480 int begin = reverse ? (count - 1) : 0; 1481 int end = reverse ? -1 : count; 1482 int step = reverse ? -1 : 1; 1483 1484 for (int i = begin; i != end; i += step) { 1485 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1486 CallFunction("function", functions[i]); 1487 } 1488 1489 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1490} 1491 1492void soinfo::CallFunction(const char* function_name UNUSED, linker_function_t function) { 1493 if (function == NULL || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1494 return; 1495 } 1496 1497 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1498 function(); 1499 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1500 1501 // The function may have called dlopen(3) or dlclose(3), so we need to ensure our data structures 1502 // are still writable. This happens with our debug malloc (see http://b/7941716). 1503 set_soinfo_pool_protection(PROT_READ | PROT_WRITE); 1504} 1505 1506void soinfo::CallPreInitConstructors() { 1507 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1508 // but ignored in a shared library. 1509 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1510} 1511 1512void soinfo::CallConstructors() { 1513 if (constructors_called) { 1514 return; 1515 } 1516 1517 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1518 // protect against recursive constructor calls. One simple example of constructor recursion 1519 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1520 // 1. The program depends on libc, so libc's constructor is called here. 1521 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1522 // 3. dlopen() calls the constructors on the newly created 1523 // soinfo for libc_malloc_debug_leak.so. 1524 // 4. The debug .so depends on libc, so CallConstructors is 1525 // called again with the libc soinfo. If it doesn't trigger the early- 1526 // out above, the libc constructor will be called again (recursively!). 1527 constructors_called = true; 1528 1529 if ((flags & FLAG_EXE) == 0 && preinit_array != NULL) { 1530 // The GNU dynamic linker silently ignores these, but we warn the developer. 1531 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1532 name, preinit_array_count); 1533 } 1534 1535 if (dynamic != NULL) { 1536 for (Elf_Dyn* d = dynamic; d->d_tag != DT_NULL; ++d) { 1537 if (d->d_tag == DT_NEEDED) { 1538 const char* library_name = strtab + d->d_un.d_val; 1539 TRACE("\"%s\": calling constructors in DT_NEEDED \"%s\"", name, library_name); 1540 find_loaded_library(library_name)->CallConstructors(); 1541 } 1542 } 1543 } 1544 1545 TRACE("\"%s\": calling constructors", name); 1546 1547 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1548 CallFunction("DT_INIT", init_func); 1549 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1550} 1551 1552void soinfo::CallDestructors() { 1553 TRACE("\"%s\": calling destructors", name); 1554 1555 // DT_FINI_ARRAY must be parsed in reverse order. 1556 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1557 1558 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1559 CallFunction("DT_FINI", fini_func); 1560} 1561 1562/* Force any of the closed stdin, stdout and stderr to be associated with 1563 /dev/null. */ 1564static int nullify_closed_stdio() { 1565 int dev_null, i, status; 1566 int return_value = 0; 1567 1568 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1569 if (dev_null < 0) { 1570 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1571 return -1; 1572 } 1573 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1574 1575 /* If any of the stdio file descriptors is valid and not associated 1576 with /dev/null, dup /dev/null to it. */ 1577 for (i = 0; i < 3; i++) { 1578 /* If it is /dev/null already, we are done. */ 1579 if (i == dev_null) { 1580 continue; 1581 } 1582 1583 TRACE("[ Nullifying stdio file descriptor %d]", i); 1584 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1585 1586 /* If file is opened, we are good. */ 1587 if (status != -1) { 1588 continue; 1589 } 1590 1591 /* The only error we allow is that the file descriptor does not 1592 exist, in which case we dup /dev/null to it. */ 1593 if (errno != EBADF) { 1594 DL_ERR("fcntl failed: %s", strerror(errno)); 1595 return_value = -1; 1596 continue; 1597 } 1598 1599 /* Try dupping /dev/null to this stdio file descriptor and 1600 repeat if there is a signal. Note that any errors in closing 1601 the stdio descriptor are lost. */ 1602 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1603 if (status < 0) { 1604 DL_ERR("dup2 failed: %s", strerror(errno)); 1605 return_value = -1; 1606 continue; 1607 } 1608 } 1609 1610 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1611 if (dev_null > 2) { 1612 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1613 status = TEMP_FAILURE_RETRY(close(dev_null)); 1614 if (status == -1) { 1615 DL_ERR("close failed: %s", strerror(errno)); 1616 return_value = -1; 1617 } 1618 } 1619 1620 return return_value; 1621} 1622 1623static bool soinfo_link_image(soinfo* si) { 1624 /* "base" might wrap around UINT32_MAX. */ 1625 Elf_Addr base = si->load_bias; 1626 const Elf_Phdr *phdr = si->phdr; 1627 int phnum = si->phnum; 1628 bool relocating_linker = (si->flags & FLAG_LINKER) != 0; 1629 1630 /* We can't debug anything until the linker is relocated */ 1631 if (!relocating_linker) { 1632 INFO("[ linking %s ]", si->name); 1633 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(si->base), si->flags); 1634 } 1635 1636 /* Extract dynamic section */ 1637 size_t dynamic_count; 1638 Elf_Word dynamic_flags; 1639 phdr_table_get_dynamic_section(phdr, phnum, base, &si->dynamic, 1640 &dynamic_count, &dynamic_flags); 1641 if (si->dynamic == NULL) { 1642 if (!relocating_linker) { 1643 DL_ERR("missing PT_DYNAMIC in \"%s\"", si->name); 1644 } 1645 return false; 1646 } else { 1647 if (!relocating_linker) { 1648 DEBUG("dynamic = %p", si->dynamic); 1649 } 1650 } 1651 1652#if defined(__arm__) 1653 (void) phdr_table_get_arm_exidx(phdr, phnum, base, 1654 &si->ARM_exidx, &si->ARM_exidx_count); 1655#endif 1656 1657 // Extract useful information from dynamic section. 1658 uint32_t needed_count = 0; 1659 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1660 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1661 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1662 switch (d->d_tag) { 1663 case DT_HASH: 1664 si->nbucket = ((unsigned *) (base + d->d_un.d_ptr))[0]; 1665 si->nchain = ((unsigned *) (base + d->d_un.d_ptr))[1]; 1666 si->bucket = (unsigned *) (base + d->d_un.d_ptr + 8); 1667 si->chain = (unsigned *) (base + d->d_un.d_ptr + 8 + si->nbucket * 4); 1668 break; 1669 case DT_STRTAB: 1670 si->strtab = (const char *) (base + d->d_un.d_ptr); 1671 break; 1672 case DT_SYMTAB: 1673 si->symtab = (Elf_Sym *) (base + d->d_un.d_ptr); 1674 break; 1675#if !defined(__LP64__) 1676 case DT_PLTREL: 1677 if (d->d_un.d_val != DT_REL) { 1678 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1679 return false; 1680 } 1681 break; 1682#endif 1683 case DT_JMPREL: 1684#if defined(USE_RELA) 1685 si->plt_rela = (Elf_Rela*) (base + d->d_un.d_ptr); 1686#else 1687 si->plt_rel = (Elf_Rel*) (base + d->d_un.d_ptr); 1688#endif 1689 break; 1690 case DT_PLTRELSZ: 1691#if defined(USE_RELA) 1692 si->plt_rela_count = d->d_un.d_val / sizeof(Elf_Rela); 1693#else 1694 si->plt_rel_count = d->d_un.d_val / sizeof(Elf_Rel); 1695#endif 1696 break; 1697#if !defined(__LP64__) 1698 case DT_PLTGOT: 1699 // Used by 32-bit MIPS. 1700 si->plt_got = (unsigned *)(base + d->d_un.d_ptr); 1701 break; 1702#endif 1703 case DT_DEBUG: 1704 // Set the DT_DEBUG entry to the address of _r_debug for GDB 1705 // if the dynamic table is writable 1706 if ((dynamic_flags & PF_W) != 0) { 1707 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 1708 } 1709 break; 1710#if defined(USE_RELA) 1711 case DT_RELA: 1712 si->rela = (Elf_Rela*) (base + d->d_un.d_ptr); 1713 break; 1714 case DT_RELASZ: 1715 si->rela_count = d->d_un.d_val / sizeof(Elf_Rela); 1716 break; 1717 case DT_REL: 1718 DL_ERR("unsupported DT_REL in \"%s\"", si->name); 1719 return false; 1720 case DT_RELSZ: 1721 DL_ERR("unsupported DT_RELSZ in \"%s\"", si->name); 1722 return false; 1723#else 1724 case DT_REL: 1725 si->rel = (Elf_Rel*) (base + d->d_un.d_ptr); 1726 break; 1727 case DT_RELSZ: 1728 si->rel_count = d->d_un.d_val / sizeof(Elf_Rel); 1729 break; 1730 case DT_RELA: 1731 DL_ERR("unsupported DT_RELA in \"%s\"", si->name); 1732 return false; 1733#endif 1734 case DT_INIT: 1735 si->init_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1736 DEBUG("%s constructors (DT_INIT) found at %p", si->name, si->init_func); 1737 break; 1738 case DT_FINI: 1739 si->fini_func = reinterpret_cast<linker_function_t>(base + d->d_un.d_ptr); 1740 DEBUG("%s destructors (DT_FINI) found at %p", si->name, si->fini_func); 1741 break; 1742 case DT_INIT_ARRAY: 1743 si->init_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1744 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", si->name, si->init_array); 1745 break; 1746 case DT_INIT_ARRAYSZ: 1747 si->init_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1748 break; 1749 case DT_FINI_ARRAY: 1750 si->fini_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1751 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", si->name, si->fini_array); 1752 break; 1753 case DT_FINI_ARRAYSZ: 1754 si->fini_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1755 break; 1756 case DT_PREINIT_ARRAY: 1757 si->preinit_array = reinterpret_cast<linker_function_t*>(base + d->d_un.d_ptr); 1758 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", si->name, si->preinit_array); 1759 break; 1760 case DT_PREINIT_ARRAYSZ: 1761 si->preinit_array_count = ((unsigned)d->d_un.d_val) / sizeof(Elf_Addr); 1762 break; 1763 case DT_TEXTREL: 1764#if defined(__LP64__) 1765 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1766 return false; 1767#else 1768 si->has_text_relocations = true; 1769 break; 1770#endif 1771 case DT_SYMBOLIC: 1772 si->has_DT_SYMBOLIC = true; 1773 break; 1774 case DT_NEEDED: 1775 ++needed_count; 1776 break; 1777 case DT_FLAGS: 1778 if (d->d_un.d_val & DF_TEXTREL) { 1779#if defined(__LP64__) 1780 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", si->name); 1781 return false; 1782#else 1783 si->has_text_relocations = true; 1784#endif 1785 } 1786 if (d->d_un.d_val & DF_SYMBOLIC) { 1787 si->has_DT_SYMBOLIC = true; 1788 } 1789 break; 1790#if defined(__mips__) 1791 case DT_STRSZ: 1792 case DT_SYMENT: 1793 case DT_RELENT: 1794 break; 1795 case DT_MIPS_RLD_MAP: 1796 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 1797 { 1798 r_debug** dp = (r_debug**) d->d_un.d_ptr; 1799 *dp = &_r_debug; 1800 } 1801 break; 1802 case DT_MIPS_RLD_VERSION: 1803 case DT_MIPS_FLAGS: 1804 case DT_MIPS_BASE_ADDRESS: 1805 case DT_MIPS_UNREFEXTNO: 1806 break; 1807 1808 case DT_MIPS_SYMTABNO: 1809 si->mips_symtabno = d->d_un.d_val; 1810 break; 1811 1812 case DT_MIPS_LOCAL_GOTNO: 1813 si->mips_local_gotno = d->d_un.d_val; 1814 break; 1815 1816 case DT_MIPS_GOTSYM: 1817 si->mips_gotsym = d->d_un.d_val; 1818 break; 1819#endif 1820 1821 default: 1822 DEBUG("Unused DT entry: type %p arg %p", 1823 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1824 break; 1825 } 1826 } 1827 1828 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 1829 reinterpret_cast<void*>(si->base), si->strtab, si->symtab); 1830 1831 // Sanity checks. 1832 if (relocating_linker && needed_count != 0) { 1833 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 1834 return false; 1835 } 1836 if (si->nbucket == 0) { 1837 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", si->name); 1838 return false; 1839 } 1840 if (si->strtab == 0) { 1841 DL_ERR("empty/missing DT_STRTAB in \"%s\"", si->name); 1842 return false; 1843 } 1844 if (si->symtab == 0) { 1845 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", si->name); 1846 return false; 1847 } 1848 1849 // If this is the main executable, then load all of the libraries from LD_PRELOAD now. 1850 if (si->flags & FLAG_EXE) { 1851 memset(gLdPreloads, 0, sizeof(gLdPreloads)); 1852 size_t preload_count = 0; 1853 for (size_t i = 0; gLdPreloadNames[i] != NULL; i++) { 1854 soinfo* lsi = find_library(gLdPreloadNames[i]); 1855 if (lsi != NULL) { 1856 gLdPreloads[preload_count++] = lsi; 1857 } else { 1858 // As with glibc, failure to load an LD_PRELOAD library is just a warning. 1859 DL_WARN("could not load library \"%s\" from LD_PRELOAD for \"%s\"; caused by %s", 1860 gLdPreloadNames[i], si->name, linker_get_error_buffer()); 1861 } 1862 } 1863 } 1864 1865 soinfo** needed = (soinfo**) alloca((1 + needed_count) * sizeof(soinfo*)); 1866 soinfo** pneeded = needed; 1867 1868 for (Elf_Dyn* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1869 if (d->d_tag == DT_NEEDED) { 1870 const char* library_name = si->strtab + d->d_un.d_val; 1871 DEBUG("%s needs %s", si->name, library_name); 1872 soinfo* lsi = find_library(library_name); 1873 if (lsi == NULL) { 1874 strlcpy(tmp_err_buf, linker_get_error_buffer(), sizeof(tmp_err_buf)); 1875 DL_ERR("could not load library \"%s\" needed by \"%s\"; caused by %s", 1876 library_name, si->name, tmp_err_buf); 1877 return false; 1878 } 1879 *pneeded++ = lsi; 1880 } 1881 } 1882 *pneeded = NULL; 1883 1884#if !defined(__LP64__) 1885 if (si->has_text_relocations) { 1886 // Make segments writable to allow text relocations to work properly. We will later call 1887 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 1888 DL_WARN("%s has text relocations. This is wasting memory and prevents " 1889 "security hardening. Please fix.", si->name); 1890 if (phdr_table_unprotect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1891 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1892 si->name, strerror(errno)); 1893 return false; 1894 } 1895 } 1896#endif 1897 1898#if defined(USE_RELA) 1899 if (si->plt_rela != NULL) { 1900 DEBUG("[ relocating %s plt ]\n", si->name ); 1901 if (soinfo_relocate_a(si, si->plt_rela, si->plt_rela_count, needed)) { 1902 return false; 1903 } 1904 } 1905 if (si->rela != NULL) { 1906 DEBUG("[ relocating %s ]\n", si->name ); 1907 if (soinfo_relocate_a(si, si->rela, si->rela_count, needed)) { 1908 return false; 1909 } 1910 } 1911#else 1912 if (si->plt_rel != NULL) { 1913 DEBUG("[ relocating %s plt ]", si->name ); 1914 if (soinfo_relocate(si, si->plt_rel, si->plt_rel_count, needed)) { 1915 return false; 1916 } 1917 } 1918 if (si->rel != NULL) { 1919 DEBUG("[ relocating %s ]", si->name ); 1920 if (soinfo_relocate(si, si->rel, si->rel_count, needed)) { 1921 return false; 1922 } 1923 } 1924#endif 1925 1926#if defined(__mips__) 1927 if (!mips_relocate_got(si, needed)) { 1928 return false; 1929 } 1930#endif 1931 1932 si->flags |= FLAG_LINKED; 1933 DEBUG("[ finished linking %s ]", si->name); 1934 1935#if !defined(__LP64__) 1936 if (si->has_text_relocations) { 1937 // All relocations are done, we can protect our segments back to read-only. 1938 if (phdr_table_protect_segments(si->phdr, si->phnum, si->load_bias) < 0) { 1939 DL_ERR("can't protect segments for \"%s\": %s", 1940 si->name, strerror(errno)); 1941 return false; 1942 } 1943 } 1944#endif 1945 1946 /* We can also turn on GNU RELRO protection */ 1947 if (phdr_table_protect_gnu_relro(si->phdr, si->phnum, si->load_bias) < 0) { 1948 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 1949 si->name, strerror(errno)); 1950 return false; 1951 } 1952 1953 notify_gdb_of_load(si); 1954 return true; 1955} 1956 1957/* 1958 * This function add vdso to internal dso list. 1959 * It helps to stack unwinding through signal handlers. 1960 * Also, it makes bionic more like glibc. 1961 */ 1962static void add_vdso(KernelArgumentBlock& args UNUSED) { 1963#if defined(AT_SYSINFO_EHDR) 1964 Elf_Ehdr* ehdr_vdso = reinterpret_cast<Elf_Ehdr*>(args.getauxval(AT_SYSINFO_EHDR)); 1965 if (ehdr_vdso == NULL) { 1966 return; 1967 } 1968 1969 soinfo* si = soinfo_alloc("[vdso]"); 1970 1971 si->phdr = reinterpret_cast<Elf_Phdr*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 1972 si->phnum = ehdr_vdso->e_phnum; 1973 si->base = reinterpret_cast<Elf_Addr>(ehdr_vdso); 1974 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 1975 si->flags = 0; 1976 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 1977 1978 soinfo_link_image(si); 1979#endif 1980} 1981 1982/* 1983 * This code is called after the linker has linked itself and 1984 * fixed it's own GOT. It is safe to make references to externs 1985 * and other non-local data at this point. 1986 */ 1987static Elf_Addr __linker_init_post_relocation(KernelArgumentBlock& args, Elf_Addr linker_base) { 1988 /* NOTE: we store the args pointer on a special location 1989 * of the temporary TLS area in order to pass it to 1990 * the C Library's runtime initializer. 1991 * 1992 * The initializer must clear the slot and reset the TLS 1993 * to point to a different location to ensure that no other 1994 * shared library constructor can access it. 1995 */ 1996 __libc_init_tls(args); 1997 1998#if TIMING 1999 struct timeval t0, t1; 2000 gettimeofday(&t0, 0); 2001#endif 2002 2003 // Initialize environment functions, and get to the ELF aux vectors table. 2004 linker_env_init(args); 2005 2006 // If this is a setuid/setgid program, close the security hole described in 2007 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 2008 if (get_AT_SECURE()) { 2009 nullify_closed_stdio(); 2010 } 2011 2012 debuggerd_init(); 2013 2014 // Get a few environment variables. 2015 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 2016 if (LD_DEBUG != NULL) { 2017 gLdDebugVerbosity = atoi(LD_DEBUG); 2018 } 2019 2020 // Normally, these are cleaned by linker_env_init, but the test 2021 // doesn't cost us anything. 2022 const char* ldpath_env = NULL; 2023 const char* ldpreload_env = NULL; 2024 if (!get_AT_SECURE()) { 2025 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 2026 ldpreload_env = linker_env_get("LD_PRELOAD"); 2027 } 2028 2029 INFO("[ android linker & debugger ]"); 2030 2031 soinfo* si = soinfo_alloc(args.argv[0]); 2032 if (si == NULL) { 2033 exit(EXIT_FAILURE); 2034 } 2035 2036 /* bootstrap the link map, the main exe always needs to be first */ 2037 si->flags |= FLAG_EXE; 2038 link_map_t* map = &(si->link_map); 2039 2040 map->l_addr = 0; 2041 map->l_name = args.argv[0]; 2042 map->l_prev = NULL; 2043 map->l_next = NULL; 2044 2045 _r_debug.r_map = map; 2046 r_debug_tail = map; 2047 2048 /* gdb expects the linker to be in the debug shared object list. 2049 * Without this, gdb has trouble locating the linker's ".text" 2050 * and ".plt" sections. Gdb could also potentially use this to 2051 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 2052 * Don't use soinfo_alloc(), because the linker shouldn't 2053 * be on the soinfo list. 2054 */ 2055 { 2056 static soinfo linker_soinfo; 2057#if defined(__LP64__) 2058 strlcpy(linker_soinfo.name, "/system/bin/linker64", sizeof(linker_soinfo.name)); 2059#else 2060 strlcpy(linker_soinfo.name, "/system/bin/linker", sizeof(linker_soinfo.name)); 2061#endif 2062 linker_soinfo.flags = 0; 2063 linker_soinfo.base = linker_base; 2064 2065 /* 2066 * Set the dynamic field in the link map otherwise gdb will complain with 2067 * the following: 2068 * warning: .dynamic section for "/system/bin/linker" is not at the 2069 * expected address (wrong library or version mismatch?) 2070 */ 2071 Elf_Ehdr *elf_hdr = (Elf_Ehdr *) linker_base; 2072 Elf_Phdr *phdr = (Elf_Phdr*)((unsigned char*) linker_base + elf_hdr->e_phoff); 2073 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 2074 &linker_soinfo.dynamic, NULL, NULL); 2075 insert_soinfo_into_debug_map(&linker_soinfo); 2076 } 2077 2078 // Extract information passed from the kernel. 2079 si->phdr = reinterpret_cast<Elf_Phdr*>(args.getauxval(AT_PHDR)); 2080 si->phnum = args.getauxval(AT_PHNUM); 2081 si->entry = args.getauxval(AT_ENTRY); 2082 2083 /* Compute the value of si->base. We can't rely on the fact that 2084 * the first entry is the PHDR because this will not be true 2085 * for certain executables (e.g. some in the NDK unit test suite) 2086 */ 2087 si->base = 0; 2088 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2089 si->load_bias = 0; 2090 for (size_t i = 0; i < si->phnum; ++i) { 2091 if (si->phdr[i].p_type == PT_PHDR) { 2092 si->load_bias = reinterpret_cast<Elf_Addr>(si->phdr) - si->phdr[i].p_vaddr; 2093 si->base = reinterpret_cast<Elf_Addr>(si->phdr) - si->phdr[i].p_offset; 2094 break; 2095 } 2096 } 2097 si->dynamic = NULL; 2098 si->ref_count = 1; 2099 2100 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 2101 parse_LD_LIBRARY_PATH(ldpath_env); 2102 parse_LD_PRELOAD(ldpreload_env); 2103 2104 somain = si; 2105 2106 if (!soinfo_link_image(si)) { 2107 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2108 exit(EXIT_FAILURE); 2109 } 2110 2111 add_vdso(args); 2112 2113 si->CallPreInitConstructors(); 2114 2115 for (size_t i = 0; gLdPreloads[i] != NULL; ++i) { 2116 gLdPreloads[i]->CallConstructors(); 2117 } 2118 2119 /* After the link_image, the si->load_bias is initialized. 2120 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 2121 * We need to update this value for so exe here. So Unwind_Backtrace 2122 * for some arch like x86 could work correctly within so exe. 2123 */ 2124 map->l_addr = si->load_bias; 2125 si->CallConstructors(); 2126 2127#if TIMING 2128 gettimeofday(&t1,NULL); 2129 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 2130 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 2131 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec) 2132 )); 2133#endif 2134#if STATS 2135 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 2136 linker_stats.count[kRelocAbsolute], 2137 linker_stats.count[kRelocRelative], 2138 linker_stats.count[kRelocCopy], 2139 linker_stats.count[kRelocSymbol]); 2140#endif 2141#if COUNT_PAGES 2142 { 2143 unsigned n; 2144 unsigned i; 2145 unsigned count = 0; 2146 for (n = 0; n < 4096; n++) { 2147 if (bitmask[n]) { 2148 unsigned x = bitmask[n]; 2149#if defined(__LP64__) 2150 for (i = 0; i < 32; i++) { 2151#else 2152 for (i = 0; i < 8; i++) { 2153#endif 2154 if (x & 1) { 2155 count++; 2156 } 2157 x >>= 1; 2158 } 2159 } 2160 } 2161 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 2162 } 2163#endif 2164 2165#if TIMING || STATS || COUNT_PAGES 2166 fflush(stdout); 2167#endif 2168 2169 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 2170 return si->entry; 2171} 2172 2173/* Compute the load-bias of an existing executable. This shall only 2174 * be used to compute the load bias of an executable or shared library 2175 * that was loaded by the kernel itself. 2176 * 2177 * Input: 2178 * elf -> address of ELF header, assumed to be at the start of the file. 2179 * Return: 2180 * load bias, i.e. add the value of any p_vaddr in the file to get 2181 * the corresponding address in memory. 2182 */ 2183static Elf_Addr get_elf_exec_load_bias(const Elf_Ehdr* elf) { 2184 Elf_Addr offset = elf->e_phoff; 2185 const Elf_Phdr* phdr_table = (const Elf_Phdr*)((char*)elf + offset); 2186 const Elf_Phdr* phdr_end = phdr_table + elf->e_phnum; 2187 2188 for (const Elf_Phdr* phdr = phdr_table; phdr < phdr_end; phdr++) { 2189 if (phdr->p_type == PT_LOAD) { 2190 return reinterpret_cast<Elf_Addr>(elf) + phdr->p_offset - phdr->p_vaddr; 2191 } 2192 } 2193 return 0; 2194} 2195 2196/* 2197 * This is the entry point for the linker, called from begin.S. This 2198 * method is responsible for fixing the linker's own relocations, and 2199 * then calling __linker_init_post_relocation(). 2200 * 2201 * Because this method is called before the linker has fixed it's own 2202 * relocations, any attempt to reference an extern variable, extern 2203 * function, or other GOT reference will generate a segfault. 2204 */ 2205extern "C" Elf_Addr __linker_init(void* raw_args) { 2206 KernelArgumentBlock args(raw_args); 2207 2208 Elf_Addr linker_addr = args.getauxval(AT_BASE); 2209 Elf_Ehdr* elf_hdr = reinterpret_cast<Elf_Ehdr*>(linker_addr); 2210 Elf_Phdr* phdr = (Elf_Phdr*)((unsigned char*) linker_addr + elf_hdr->e_phoff); 2211 2212 soinfo linker_so; 2213 memset(&linker_so, 0, sizeof(soinfo)); 2214 2215 strcpy(linker_so.name, "[dynamic linker]"); 2216 linker_so.base = linker_addr; 2217 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2218 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2219 linker_so.dynamic = NULL; 2220 linker_so.phdr = phdr; 2221 linker_so.phnum = elf_hdr->e_phnum; 2222 linker_so.flags |= FLAG_LINKER; 2223 2224 if (!soinfo_link_image(&linker_so)) { 2225 // It would be nice to print an error message, but if the linker 2226 // can't link itself, there's no guarantee that we'll be able to 2227 // call write() (because it involves a GOT reference). We may as 2228 // well try though... 2229 const char* msg = "CANNOT LINK EXECUTABLE: "; 2230 write(2, msg, strlen(msg)); 2231 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 2232 write(2, "\n", 1); 2233 _exit(EXIT_FAILURE); 2234 } 2235 2236 // We have successfully fixed our own relocations. It's safe to run 2237 // the main part of the linker now. 2238 args.abort_message_ptr = &gAbortMessage; 2239 Elf_Addr start_address = __linker_init_post_relocation(args, linker_addr); 2240 2241 set_soinfo_pool_protection(PROT_READ); 2242 2243 // Return the address that the calling assembly stub should jump to. 2244 return start_address; 2245} 2246