linker.cpp revision 2ea504fed199a63c7f24f7fd3233affe5b6c940f
1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <inttypes.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/mman.h> 38#include <sys/param.h> 39#include <sys/personality.h> 40#include <unistd.h> 41 42#include <new> 43#include <string> 44#include <vector> 45 46// Private C library headers. 47#include "private/bionic_tls.h" 48#include "private/KernelArgumentBlock.h" 49#include "private/ScopedPthreadMutexLocker.h" 50#include "private/ScopedFd.h" 51#include "private/ScopeGuard.h" 52#include "private/UniquePtr.h" 53 54#include "linker.h" 55#include "linker_block_allocator.h" 56#include "linker_debug.h" 57#include "linker_environ.h" 58#include "linker_sleb128.h" 59#include "linker_phdr.h" 60#include "linker_relocs.h" 61#include "linker_reloc_iterators.h" 62#include "ziparchive/zip_archive.h" 63 64// Override macros to use C++ style casts 65#undef ELF_ST_TYPE 66#define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 67 68static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 69 70static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 71static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 72 73static soinfo* solist; 74static soinfo* sonext; 75static soinfo* somain; // main process, always the one after libdl_info 76 77static const char* const kDefaultLdPaths[] = { 78#if defined(__LP64__) 79 "/vendor/lib64", 80 "/system/lib64", 81#else 82 "/vendor/lib", 83 "/system/lib", 84#endif 85 nullptr 86}; 87 88static const ElfW(Versym) kVersymNotNeeded = 0; 89static const ElfW(Versym) kVersymGlobal = 1; 90 91static std::vector<std::string> g_ld_library_paths; 92static std::vector<std::string> g_ld_preload_names; 93 94static std::vector<soinfo*> g_ld_preloads; 95 96__LIBC_HIDDEN__ int g_ld_debug_verbosity; 97 98__LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 99 100#if STATS 101struct linker_stats_t { 102 int count[kRelocMax]; 103}; 104 105static linker_stats_t linker_stats; 106 107void count_relocation(RelocationKind kind) { 108 ++linker_stats.count[kind]; 109} 110#else 111void count_relocation(RelocationKind) { 112} 113#endif 114 115#if COUNT_PAGES 116uint32_t bitmask[4096]; 117#endif 118 119static char __linker_dl_err_buf[768]; 120 121char* linker_get_error_buffer() { 122 return &__linker_dl_err_buf[0]; 123} 124 125size_t linker_get_error_buffer_size() { 126 return sizeof(__linker_dl_err_buf); 127} 128 129// This function is an empty stub where GDB locates a breakpoint to get notified 130// about linker activity. 131extern "C" 132void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 133 134static pthread_mutex_t g__r_debug_mutex = PTHREAD_MUTEX_INITIALIZER; 135static r_debug _r_debug = 136 {1, nullptr, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 137 138static link_map* r_debug_tail = 0; 139 140static void insert_soinfo_into_debug_map(soinfo* info) { 141 // Copy the necessary fields into the debug structure. 142 link_map* map = &(info->link_map_head); 143 map->l_addr = info->load_bias; 144 // link_map l_name field is not const. 145 map->l_name = const_cast<char*>(info->get_realpath()); 146 map->l_ld = info->dynamic; 147 148 // Stick the new library at the end of the list. 149 // gdb tends to care more about libc than it does 150 // about leaf libraries, and ordering it this way 151 // reduces the back-and-forth over the wire. 152 if (r_debug_tail) { 153 r_debug_tail->l_next = map; 154 map->l_prev = r_debug_tail; 155 map->l_next = 0; 156 } else { 157 _r_debug.r_map = map; 158 map->l_prev = 0; 159 map->l_next = 0; 160 } 161 r_debug_tail = map; 162} 163 164static void remove_soinfo_from_debug_map(soinfo* info) { 165 link_map* map = &(info->link_map_head); 166 167 if (r_debug_tail == map) { 168 r_debug_tail = map->l_prev; 169 } 170 171 if (map->l_prev) { 172 map->l_prev->l_next = map->l_next; 173 } 174 if (map->l_next) { 175 map->l_next->l_prev = map->l_prev; 176 } 177} 178 179static void notify_gdb_of_load(soinfo* info) { 180 if (info->is_main_executable()) { 181 // GDB already knows about the main executable 182 return; 183 } 184 185 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 186 187 _r_debug.r_state = r_debug::RT_ADD; 188 rtld_db_dlactivity(); 189 190 insert_soinfo_into_debug_map(info); 191 192 _r_debug.r_state = r_debug::RT_CONSISTENT; 193 rtld_db_dlactivity(); 194} 195 196static void notify_gdb_of_unload(soinfo* info) { 197 if (info->is_main_executable()) { 198 // GDB already knows about the main executable 199 return; 200 } 201 202 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 203 204 _r_debug.r_state = r_debug::RT_DELETE; 205 rtld_db_dlactivity(); 206 207 remove_soinfo_from_debug_map(info); 208 209 _r_debug.r_state = r_debug::RT_CONSISTENT; 210 rtld_db_dlactivity(); 211} 212 213void notify_gdb_of_libraries() { 214 _r_debug.r_state = r_debug::RT_ADD; 215 rtld_db_dlactivity(); 216 _r_debug.r_state = r_debug::RT_CONSISTENT; 217 rtld_db_dlactivity(); 218} 219 220LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 221 return g_soinfo_links_allocator.alloc(); 222} 223 224void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 225 g_soinfo_links_allocator.free(entry); 226} 227 228static soinfo* soinfo_alloc(const char* name, struct stat* file_stat, 229 off64_t file_offset, uint32_t rtld_flags) { 230 if (strlen(name) >= PATH_MAX) { 231 DL_ERR("library name \"%s\" too long", name); 232 return nullptr; 233 } 234 235 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(name, file_stat, file_offset, rtld_flags); 236 237 sonext->next = si; 238 sonext = si; 239 240 TRACE("name %s: allocated soinfo @ %p", name, si); 241 return si; 242} 243 244static void soinfo_free(soinfo* si) { 245 if (si == nullptr) { 246 return; 247 } 248 249 if (si->base != 0 && si->size != 0) { 250 munmap(reinterpret_cast<void*>(si->base), si->size); 251 } 252 253 soinfo *prev = nullptr, *trav; 254 255 TRACE("name %s: freeing soinfo @ %p", si->get_soname(), si); 256 257 for (trav = solist; trav != nullptr; trav = trav->next) { 258 if (trav == si) { 259 break; 260 } 261 prev = trav; 262 } 263 264 if (trav == nullptr) { 265 // si was not in solist 266 DL_ERR("name \"%s\"@%p is not in solist!", si->get_soname(), si); 267 return; 268 } 269 270 // clear links to/from si 271 si->remove_all_links(); 272 273 // prev will never be null, because the first entry in solist is 274 // always the static libdl_info. 275 prev->next = si->next; 276 if (si == sonext) { 277 sonext = prev; 278 } 279 280 g_soinfo_allocator.free(si); 281} 282 283static void parse_path(const char* path, const char* delimiters, 284 std::vector<std::string>* paths) { 285 if (path == nullptr) { 286 return; 287 } 288 289 paths->clear(); 290 291 for (const char *p = path; ; ++p) { 292 size_t len = strcspn(p, delimiters); 293 // skip empty tokens 294 if (len == 0) { 295 continue; 296 } 297 298 paths->push_back(std::string(p, len)); 299 p += len; 300 301 if (*p == '\0') { 302 break; 303 } 304 } 305} 306 307static void parse_LD_LIBRARY_PATH(const char* path) { 308 parse_path(path, ":", &g_ld_library_paths); 309} 310 311static void parse_LD_PRELOAD(const char* path) { 312 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 313 parse_path(path, " :", &g_ld_preload_names); 314} 315 316static bool realpath_fd(int fd, std::string* realpath) { 317 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX); 318 snprintf(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd); 319 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) { 320 return false; 321 } 322 323 *realpath = std::string(&buf[0]); 324 return true; 325} 326 327#if defined(__arm__) 328 329// For a given PC, find the .so that it belongs to. 330// Returns the base address of the .ARM.exidx section 331// for that .so, and the number of 8-byte entries 332// in that section (via *pcount). 333// 334// Intended to be called by libc's __gnu_Unwind_Find_exidx(). 335// 336// This function is exposed via dlfcn.cpp and libdl.so. 337_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 338 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 339 340 for (soinfo* si = solist; si != 0; si = si->next) { 341 if ((addr >= si->base) && (addr < (si->base + si->size))) { 342 *pcount = si->ARM_exidx_count; 343 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 344 } 345 } 346 *pcount = 0; 347 return nullptr; 348} 349 350#endif 351 352// Here, we only have to provide a callback to iterate across all the 353// loaded libraries. gcc_eh does the rest. 354int dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 355 int rv = 0; 356 for (soinfo* si = solist; si != nullptr; si = si->next) { 357 dl_phdr_info dl_info; 358 dl_info.dlpi_addr = si->link_map_head.l_addr; 359 dl_info.dlpi_name = si->link_map_head.l_name; 360 dl_info.dlpi_phdr = si->phdr; 361 dl_info.dlpi_phnum = si->phnum; 362 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 363 if (rv != 0) { 364 break; 365 } 366 } 367 return rv; 368} 369 370const ElfW(Versym)* soinfo::get_versym(size_t n) const { 371 if (has_min_version(2) && versym_ != nullptr) { 372 return versym_ + n; 373 } 374 375 return nullptr; 376} 377 378ElfW(Addr) soinfo::get_verneed_ptr() const { 379 if (has_min_version(2)) { 380 return verneed_ptr_; 381 } 382 383 return 0; 384} 385 386size_t soinfo::get_verneed_cnt() const { 387 if (has_min_version(2)) { 388 return verneed_cnt_; 389 } 390 391 return 0; 392} 393 394ElfW(Addr) soinfo::get_verdef_ptr() const { 395 if (has_min_version(2)) { 396 return verdef_ptr_; 397 } 398 399 return 0; 400} 401 402size_t soinfo::get_verdef_cnt() const { 403 if (has_min_version(2)) { 404 return verdef_cnt_; 405 } 406 407 return 0; 408} 409 410template<typename F> 411static bool for_each_verdef(const soinfo* si, F functor) { 412 if (!si->has_min_version(2)) { 413 return true; 414 } 415 416 uintptr_t verdef_ptr = si->get_verdef_ptr(); 417 if (verdef_ptr == 0) { 418 return true; 419 } 420 421 size_t offset = 0; 422 423 size_t verdef_cnt = si->get_verdef_cnt(); 424 for (size_t i = 0; i<verdef_cnt; ++i) { 425 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset); 426 size_t verdaux_offset = offset + verdef->vd_aux; 427 offset += verdef->vd_next; 428 429 if (verdef->vd_version != 1) { 430 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s", 431 i, verdef->vd_version, si->get_soname()); 432 return false; 433 } 434 435 if ((verdef->vd_flags & VER_FLG_BASE) != 0) { 436 // "this is the version of the file itself. It must not be used for 437 // matching a symbol. It can be used to match references." 438 // 439 // http://www.akkadia.org/drepper/symbol-versioning 440 continue; 441 } 442 443 if (verdef->vd_cnt == 0) { 444 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i); 445 return false; 446 } 447 448 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset); 449 450 if (functor(i, verdef, verdaux) == true) { 451 break; 452 } 453 } 454 455 return true; 456} 457 458bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const { 459 if (vi == nullptr) { 460 *versym = kVersymNotNeeded; 461 return true; 462 } 463 464 *versym = kVersymGlobal; 465 466 return for_each_verdef(this, 467 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 468 if (verdef->vd_hash == vi->elf_hash && 469 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) { 470 *versym = verdef->vd_ndx; 471 return true; 472 } 473 474 return false; 475 } 476 ); 477} 478 479bool soinfo::find_symbol_by_name(SymbolName& symbol_name, 480 const version_info* vi, 481 const ElfW(Sym)** symbol) const { 482 uint32_t symbol_index; 483 bool success = 484 is_gnu_hash() ? 485 gnu_lookup(symbol_name, vi, &symbol_index) : 486 elf_lookup(symbol_name, vi, &symbol_index); 487 488 if (success) { 489 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index; 490 } 491 492 return success; 493} 494 495static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 496 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 497 ELF_ST_BIND(s->st_info) == STB_WEAK) { 498 return s->st_shndx != SHN_UNDEF; 499 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 500 DL_WARN("unexpected ST_BIND value: %d for '%s' in '%s'", 501 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_soname()); 502 } 503 504 return false; 505} 506 507static const ElfW(Versym) kVersymHiddenBit = 0x8000; 508 509static inline bool is_versym_hidden(const ElfW(Versym)* versym) { 510 // the symbol is hidden if bit 15 of versym is set. 511 return versym != nullptr && (*versym & kVersymHiddenBit) != 0; 512} 513 514static inline bool check_symbol_version(const ElfW(Versym) verneed, 515 const ElfW(Versym)* verdef) { 516 return verneed == kVersymNotNeeded || 517 verdef == nullptr || 518 verneed == (*verdef & ~kVersymHiddenBit); 519} 520 521bool soinfo::gnu_lookup(SymbolName& symbol_name, 522 const version_info* vi, 523 uint32_t* symbol_index) const { 524 uint32_t hash = symbol_name.gnu_hash(); 525 uint32_t h2 = hash >> gnu_shift2_; 526 527 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 528 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 529 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 530 531 *symbol_index = 0; 532 533 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 534 symbol_name.get_name(), get_soname(), reinterpret_cast<void*>(base)); 535 536 // test against bloom filter 537 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 538 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 539 symbol_name.get_name(), get_soname(), reinterpret_cast<void*>(base)); 540 541 return true; 542 } 543 544 // bloom test says "probably yes"... 545 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 546 547 if (n == 0) { 548 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 549 symbol_name.get_name(), get_soname(), reinterpret_cast<void*>(base)); 550 551 return true; 552 } 553 554 // lookup versym for the version definition in this library 555 // note the difference between "version is not requested" (vi == nullptr) 556 // and "version not found". In the first case verneed is kVersymNotNeeded 557 // which implies that the default version can be accepted; the second case results in 558 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols 559 // for this library and consider only *global* ones. 560 ElfW(Versym) verneed = 0; 561 if (!find_verdef_version_index(vi, &verneed)) { 562 return false; 563 } 564 565 do { 566 ElfW(Sym)* s = symtab_ + n; 567 const ElfW(Versym)* verdef = get_versym(n); 568 // skip hidden versions when verneed == kVersymNotNeeded (0) 569 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 570 continue; 571 } 572 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 573 check_symbol_version(verneed, verdef) && 574 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 575 is_symbol_global_and_defined(this, s)) { 576 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 577 symbol_name.get_name(), get_soname(), reinterpret_cast<void*>(s->st_value), 578 static_cast<size_t>(s->st_size)); 579 *symbol_index = n; 580 return true; 581 } 582 } while ((gnu_chain_[n++] & 1) == 0); 583 584 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 585 symbol_name.get_name(), get_soname(), reinterpret_cast<void*>(base)); 586 587 return true; 588} 589 590bool soinfo::elf_lookup(SymbolName& symbol_name, 591 const version_info* vi, 592 uint32_t* symbol_index) const { 593 uint32_t hash = symbol_name.elf_hash(); 594 595 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 596 symbol_name.get_name(), get_soname(), 597 reinterpret_cast<void*>(base), hash, hash % nbucket_); 598 599 ElfW(Versym) verneed = 0; 600 if (!find_verdef_version_index(vi, &verneed)) { 601 return false; 602 } 603 604 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 605 ElfW(Sym)* s = symtab_ + n; 606 const ElfW(Versym)* verdef = get_versym(n); 607 608 // skip hidden versions when verneed == 0 609 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 610 continue; 611 } 612 613 if (check_symbol_version(verneed, verdef) && 614 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 615 is_symbol_global_and_defined(this, s)) { 616 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 617 symbol_name.get_name(), get_soname(), 618 reinterpret_cast<void*>(s->st_value), 619 static_cast<size_t>(s->st_size)); 620 *symbol_index = n; 621 return true; 622 } 623 } 624 625 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 626 symbol_name.get_name(), get_soname(), 627 reinterpret_cast<void*>(base), hash, hash % nbucket_); 628 629 *symbol_index = 0; 630 return true; 631} 632 633soinfo::soinfo(const char* realpath, const struct stat* file_stat, 634 off64_t file_offset, int rtld_flags) { 635 memset(this, 0, sizeof(*this)); 636 637 if (realpath != nullptr) { 638 realpath_ = realpath; 639 } 640 641 flags_ = FLAG_NEW_SOINFO; 642 version_ = SOINFO_VERSION; 643 644 if (file_stat != nullptr) { 645 this->st_dev_ = file_stat->st_dev; 646 this->st_ino_ = file_stat->st_ino; 647 this->file_offset_ = file_offset; 648 } 649 650 this->rtld_flags_ = rtld_flags; 651} 652 653 654uint32_t SymbolName::elf_hash() { 655 if (!has_elf_hash_) { 656 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 657 uint32_t h = 0, g; 658 659 while (*name) { 660 h = (h << 4) + *name++; 661 g = h & 0xf0000000; 662 h ^= g; 663 h ^= g >> 24; 664 } 665 666 elf_hash_ = h; 667 has_elf_hash_ = true; 668 } 669 670 return elf_hash_; 671} 672 673uint32_t SymbolName::gnu_hash() { 674 if (!has_gnu_hash_) { 675 uint32_t h = 5381; 676 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 677 while (*name != 0) { 678 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 679 } 680 681 gnu_hash_ = h; 682 has_gnu_hash_ = true; 683 } 684 685 return gnu_hash_; 686} 687 688bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi, 689 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group, 690 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) { 691 SymbolName symbol_name(name); 692 const ElfW(Sym)* s = nullptr; 693 694 /* "This element's presence in a shared object library alters the dynamic linker's 695 * symbol resolution algorithm for references within the library. Instead of starting 696 * a symbol search with the executable file, the dynamic linker starts from the shared 697 * object itself. If the shared object fails to supply the referenced symbol, the 698 * dynamic linker then searches the executable file and other shared objects as usual." 699 * 700 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 701 * 702 * Note that this is unlikely since static linker avoids generating 703 * relocations for -Bsymbolic linked dynamic executables. 704 */ 705 if (si_from->has_DT_SYMBOLIC) { 706 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_soname(), name); 707 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) { 708 return false; 709 } 710 711 if (s != nullptr) { 712 *si_found_in = si_from; 713 } 714 } 715 716 // 1. Look for it in global_group 717 if (s == nullptr) { 718 bool error = false; 719 global_group.visit([&](soinfo* global_si) { 720 DEBUG("%s: looking up %s in %s (from global group)", 721 si_from->get_soname(), name, global_si->get_soname()); 722 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) { 723 error = true; 724 return false; 725 } 726 727 if (s != nullptr) { 728 *si_found_in = global_si; 729 return false; 730 } 731 732 return true; 733 }); 734 735 if (error) { 736 return false; 737 } 738 } 739 740 // 2. Look for it in the local group 741 if (s == nullptr) { 742 bool error = false; 743 local_group.visit([&](soinfo* local_si) { 744 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 745 // we already did this - skip 746 return true; 747 } 748 749 DEBUG("%s: looking up %s in %s (from local group)", 750 si_from->get_soname(), name, local_si->get_soname()); 751 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) { 752 error = true; 753 return false; 754 } 755 756 if (s != nullptr) { 757 *si_found_in = local_si; 758 return false; 759 } 760 761 return true; 762 }); 763 764 if (error) { 765 return false; 766 } 767 } 768 769 if (s != nullptr) { 770 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 771 "found in %s, base = %p, load bias = %p", 772 si_from->get_soname(), name, reinterpret_cast<void*>(s->st_value), 773 (*si_found_in)->get_soname(), reinterpret_cast<void*>((*si_found_in)->base), 774 reinterpret_cast<void*>((*si_found_in)->load_bias)); 775 } 776 777 *symbol = s; 778 return true; 779} 780 781class ProtectedDataGuard { 782 public: 783 ProtectedDataGuard() { 784 if (ref_count_++ == 0) { 785 protect_data(PROT_READ | PROT_WRITE); 786 } 787 } 788 789 ~ProtectedDataGuard() { 790 if (ref_count_ == 0) { // overflow 791 __libc_fatal("Too many nested calls to dlopen()"); 792 } 793 794 if (--ref_count_ == 0) { 795 protect_data(PROT_READ); 796 } 797 } 798 private: 799 void protect_data(int protection) { 800 g_soinfo_allocator.protect_all(protection); 801 g_soinfo_links_allocator.protect_all(protection); 802 } 803 804 static size_t ref_count_; 805}; 806 807size_t ProtectedDataGuard::ref_count_ = 0; 808 809// Each size has it's own allocator. 810template<size_t size> 811class SizeBasedAllocator { 812 public: 813 static void* alloc() { 814 return allocator_.alloc(); 815 } 816 817 static void free(void* ptr) { 818 allocator_.free(ptr); 819 } 820 821 private: 822 static LinkerBlockAllocator allocator_; 823}; 824 825template<size_t size> 826LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 827 828template<typename T> 829class TypeBasedAllocator { 830 public: 831 static T* alloc() { 832 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 833 } 834 835 static void free(T* ptr) { 836 SizeBasedAllocator<sizeof(T)>::free(ptr); 837 } 838}; 839 840class LoadTask { 841 public: 842 struct deleter_t { 843 void operator()(LoadTask* t) { 844 TypeBasedAllocator<LoadTask>::free(t); 845 } 846 }; 847 848 typedef UniquePtr<LoadTask, deleter_t> unique_ptr; 849 850 static deleter_t deleter; 851 852 static LoadTask* create(const char* name, soinfo* needed_by) { 853 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 854 return new (ptr) LoadTask(name, needed_by); 855 } 856 857 const char* get_name() const { 858 return name_; 859 } 860 861 soinfo* get_needed_by() const { 862 return needed_by_; 863 } 864 private: 865 LoadTask(const char* name, soinfo* needed_by) 866 : name_(name), needed_by_(needed_by) {} 867 868 const char* name_; 869 soinfo* needed_by_; 870 871 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 872}; 873 874LoadTask::deleter_t LoadTask::deleter; 875 876template <typename T> 877using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 878 879typedef linked_list_t<soinfo> SoinfoLinkedList; 880typedef linked_list_t<const char> StringLinkedList; 881typedef linked_list_t<LoadTask> LoadTaskList; 882 883 884// This function walks down the tree of soinfo dependencies 885// in breadth-first order and 886// * calls action(soinfo* si) for each node, and 887// * terminates walk if action returns false. 888// 889// walk_dependencies_tree returns false if walk was terminated 890// by the action and true otherwise. 891template<typename F> 892static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 893 SoinfoLinkedList visit_list; 894 SoinfoLinkedList visited; 895 896 for (size_t i = 0; i < root_soinfos_size; ++i) { 897 visit_list.push_back(root_soinfos[i]); 898 } 899 900 soinfo* si; 901 while ((si = visit_list.pop_front()) != nullptr) { 902 if (visited.contains(si)) { 903 continue; 904 } 905 906 if (!action(si)) { 907 return false; 908 } 909 910 visited.push_back(si); 911 912 si->get_children().for_each([&](soinfo* child) { 913 visit_list.push_back(child); 914 }); 915 } 916 917 return true; 918} 919 920 921// This is used by dlsym(3). It performs symbol lookup only within the 922// specified soinfo object and its dependencies in breadth first order. 923const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, const char* name) { 924 const ElfW(Sym)* result = nullptr; 925 SymbolName symbol_name(name); 926 927 walk_dependencies_tree(&si, 1, [&](soinfo* current_soinfo) { 928 if (!current_soinfo->find_symbol_by_name(symbol_name, nullptr, &result)) { 929 result = nullptr; 930 return false; 931 } 932 933 if (result != nullptr) { 934 *found = current_soinfo; 935 return false; 936 } 937 938 return true; 939 }); 940 941 return result; 942} 943 944/* This is used by dlsym(3) to performs a global symbol lookup. If the 945 start value is null (for RTLD_DEFAULT), the search starts at the 946 beginning of the global solist. Otherwise the search starts at the 947 specified soinfo (for RTLD_NEXT). 948 */ 949const ElfW(Sym)* dlsym_linear_lookup(const char* name, 950 soinfo** found, 951 soinfo* caller, 952 void* handle) { 953 SymbolName symbol_name(name); 954 955 soinfo* start = solist; 956 957 if (handle == RTLD_NEXT) { 958 if (caller == nullptr || caller->next == nullptr) { 959 return nullptr; 960 } else { 961 start = caller->next; 962 } 963 } 964 965 const ElfW(Sym)* s = nullptr; 966 for (soinfo* si = start; si != nullptr; si = si->next) { 967 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0) { 968 continue; 969 } 970 971 if (!si->find_symbol_by_name(symbol_name, nullptr, &s)) { 972 return nullptr; 973 } 974 975 if (s != nullptr) { 976 *found = si; 977 break; 978 } 979 } 980 981 // If not found - look into local_group unless 982 // caller is part of the global group in which 983 // case we already did it. 984 if (s == nullptr && caller != nullptr && 985 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) { 986 soinfo* local_group_root = caller->get_local_group_root(); 987 988 if (handle == RTLD_DEFAULT) { 989 start = local_group_root; 990 } 991 992 for (soinfo* si = start; si != nullptr; si = si->next) { 993 if (si->get_local_group_root() != local_group_root) { 994 break; 995 } 996 997 if (!si->find_symbol_by_name(symbol_name, nullptr, &s)) { 998 return nullptr; 999 } 1000 1001 if (s != nullptr) { 1002 *found = si; 1003 break; 1004 } 1005 } 1006 } 1007 1008 if (s != nullptr) { 1009 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 1010 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 1011 } 1012 1013 return s; 1014} 1015 1016soinfo* find_containing_library(const void* p) { 1017 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 1018 for (soinfo* si = solist; si != nullptr; si = si->next) { 1019 if (address >= si->base && address - si->base < si->size) { 1020 return si; 1021 } 1022 } 1023 return nullptr; 1024} 1025 1026ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 1027 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 1028} 1029 1030static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 1031 return sym->st_shndx != SHN_UNDEF && 1032 soaddr >= sym->st_value && 1033 soaddr < sym->st_value + sym->st_size; 1034} 1035 1036ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 1037 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1038 1039 for (size_t i = 0; i < gnu_nbucket_; ++i) { 1040 uint32_t n = gnu_bucket_[i]; 1041 1042 if (n == 0) { 1043 continue; 1044 } 1045 1046 do { 1047 ElfW(Sym)* sym = symtab_ + n; 1048 if (symbol_matches_soaddr(sym, soaddr)) { 1049 return sym; 1050 } 1051 } while ((gnu_chain_[n++] & 1) == 0); 1052 } 1053 1054 return nullptr; 1055} 1056 1057ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 1058 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1059 1060 // Search the library's symbol table for any defined symbol which 1061 // contains this address. 1062 for (size_t i = 0; i < nchain_; ++i) { 1063 ElfW(Sym)* sym = symtab_ + i; 1064 if (symbol_matches_soaddr(sym, soaddr)) { 1065 return sym; 1066 } 1067 } 1068 1069 return nullptr; 1070} 1071 1072static int open_library_in_zipfile(const char* const path, 1073 off64_t* file_offset) { 1074 TRACE("Trying zip file open from path '%s'", path); 1075 1076 // Treat an '!' character inside a path as the separator between the name 1077 // of the zip file on disk and the subdirectory to search within it. 1078 // For example, if path is "foo.zip!bar/bas/x.so", then we search for 1079 // "bar/bas/x.so" within "foo.zip". 1080 const char* separator = strchr(path, '!'); 1081 if (separator == nullptr) { 1082 return -1; 1083 } 1084 1085 char buf[512]; 1086 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) { 1087 PRINT("Warning: ignoring very long library path: %s", path); 1088 return -1; 1089 } 1090 1091 buf[separator - path] = '\0'; 1092 1093 const char* zip_path = buf; 1094 const char* file_path = &buf[separator - path + 1]; 1095 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1096 if (fd == -1) { 1097 return -1; 1098 } 1099 1100 ZipArchiveHandle handle; 1101 if (OpenArchiveFd(fd, "", &handle, false) != 0) { 1102 // invalid zip-file (?) 1103 close(fd); 1104 return -1; 1105 } 1106 1107 auto archive_guard = make_scope_guard([&]() { 1108 CloseArchive(handle); 1109 }); 1110 1111 ZipEntry entry; 1112 1113 if (FindEntry(handle, ZipEntryName(file_path), &entry) != 0) { 1114 // Entry was not found. 1115 close(fd); 1116 return -1; 1117 } 1118 1119 // Check if it is properly stored 1120 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) { 1121 close(fd); 1122 return -1; 1123 } 1124 1125 *file_offset = entry.offset; 1126 return fd; 1127} 1128 1129static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) { 1130 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name); 1131 if (n < 0 || n >= static_cast<int>(buf_size)) { 1132 PRINT("Warning: ignoring very long library path: %s/%s", path, name); 1133 return false; 1134 } 1135 1136 return true; 1137} 1138 1139static int open_library_on_default_path(const char* name, off64_t* file_offset) { 1140 for (size_t i = 0; kDefaultLdPaths[i] != nullptr; ++i) { 1141 char buf[512]; 1142 if (!format_path(buf, sizeof(buf), kDefaultLdPaths[i], name)) { 1143 continue; 1144 } 1145 1146 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1147 if (fd != -1) { 1148 *file_offset = 0; 1149 return fd; 1150 } 1151 } 1152 1153 return -1; 1154} 1155 1156static int open_library_on_ld_library_path(const char* name, off64_t* file_offset) { 1157 for (const auto& path_str : g_ld_library_paths) { 1158 char buf[512]; 1159 const char* const path = path_str.c_str(); 1160 if (!format_path(buf, sizeof(buf), path, name)) { 1161 continue; 1162 } 1163 1164 int fd = -1; 1165 if (strchr(buf, '!') != nullptr) { 1166 fd = open_library_in_zipfile(buf, file_offset); 1167 } 1168 1169 if (fd == -1) { 1170 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1171 if (fd != -1) { 1172 *file_offset = 0; 1173 } 1174 } 1175 1176 if (fd != -1) { 1177 return fd; 1178 } 1179 } 1180 1181 return -1; 1182} 1183 1184static int open_library(const char* name, off64_t* file_offset) { 1185 TRACE("[ opening %s ]", name); 1186 1187 // If the name contains a slash, we should attempt to open it directly and not search the paths. 1188 if (strchr(name, '/') != nullptr) { 1189 if (strchr(name, '!') != nullptr) { 1190 int fd = open_library_in_zipfile(name, file_offset); 1191 if (fd != -1) { 1192 return fd; 1193 } 1194 } 1195 1196 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 1197 if (fd != -1) { 1198 *file_offset = 0; 1199 } 1200 return fd; 1201 } 1202 1203 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 1204 int fd = open_library_on_ld_library_path(name, file_offset); 1205 if (fd == -1) { 1206 fd = open_library_on_default_path(name, file_offset); 1207 } 1208 return fd; 1209} 1210 1211template<typename F> 1212static void for_each_dt_needed(const soinfo* si, F action) { 1213 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1214 if (d->d_tag == DT_NEEDED) { 1215 action(si->get_string(d->d_un.d_val)); 1216 } 1217 } 1218} 1219 1220static soinfo* load_library(LoadTaskList& load_tasks, 1221 const char* name, int rtld_flags, 1222 const android_dlextinfo* extinfo) { 1223 int fd = -1; 1224 off64_t file_offset = 0; 1225 ScopedFd file_guard(-1); 1226 1227 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 1228 fd = extinfo->library_fd; 1229 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1230 file_offset = extinfo->library_fd_offset; 1231 } 1232 } else { 1233 // Open the file. 1234 fd = open_library(name, &file_offset); 1235 if (fd == -1) { 1236 DL_ERR("library \"%s\" not found", name); 1237 return nullptr; 1238 } 1239 1240 file_guard.reset(fd); 1241 } 1242 1243 if ((file_offset % PAGE_SIZE) != 0) { 1244 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 1245 return nullptr; 1246 } 1247 if (file_offset < 0) { 1248 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 1249 return nullptr; 1250 } 1251 1252 struct stat file_stat; 1253 if (TEMP_FAILURE_RETRY(fstat(fd, &file_stat)) != 0) { 1254 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 1255 return nullptr; 1256 } 1257 if (file_offset >= file_stat.st_size) { 1258 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, 1259 name, file_offset, file_stat.st_size); 1260 return nullptr; 1261 } 1262 1263 // Check for symlink and other situations where 1264 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set 1265 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) { 1266 for (soinfo* si = solist; si != nullptr; si = si->next) { 1267 if (si->get_st_dev() != 0 && 1268 si->get_st_ino() != 0 && 1269 si->get_st_dev() == file_stat.st_dev && 1270 si->get_st_ino() == file_stat.st_ino && 1271 si->get_file_offset() == file_offset) { 1272 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - " 1273 "will return existing soinfo", name, si->get_realpath()); 1274 return si; 1275 } 1276 } 1277 } 1278 1279 if ((rtld_flags & RTLD_NOLOAD) != 0) { 1280 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 1281 return nullptr; 1282 } 1283 1284 std::string realpath = name; 1285 if (!realpath_fd(fd, &realpath)) { 1286 PRINT("cannot resolve realpath for the library \"%s\": %s", name, strerror(errno)); 1287 realpath = name; 1288 } 1289 1290 // Read the ELF header and load the segments. 1291 ElfReader elf_reader(realpath.c_str(), fd, file_offset); 1292 if (!elf_reader.Load(extinfo)) { 1293 return nullptr; 1294 } 1295 1296 soinfo* si = soinfo_alloc(realpath.c_str(), &file_stat, file_offset, rtld_flags); 1297 if (si == nullptr) { 1298 return nullptr; 1299 } 1300 si->base = elf_reader.load_start(); 1301 si->size = elf_reader.load_size(); 1302 si->load_bias = elf_reader.load_bias(); 1303 si->phnum = elf_reader.phdr_count(); 1304 si->phdr = elf_reader.loaded_phdr(); 1305 1306 if (!si->prelink_image()) { 1307 soinfo_free(si); 1308 return nullptr; 1309 } 1310 1311 for_each_dt_needed(si, [&] (const char* name) { 1312 load_tasks.push_back(LoadTask::create(name, si)); 1313 }); 1314 1315 return si; 1316} 1317 1318static soinfo *find_loaded_library_by_soname(const char* name) { 1319 // Ignore filename with path. 1320 if (strchr(name, '/') != nullptr) { 1321 return nullptr; 1322 } 1323 1324 for (soinfo* si = solist; si != nullptr; si = si->next) { 1325 const char* soname = si->get_soname(); 1326 if (soname != nullptr && (strcmp(name, soname) == 0)) { 1327 return si; 1328 } 1329 } 1330 return nullptr; 1331} 1332 1333static soinfo* find_library_internal(LoadTaskList& load_tasks, const char* name, 1334 int rtld_flags, const android_dlextinfo* extinfo) { 1335 soinfo* si = find_loaded_library_by_soname(name); 1336 1337 // Library might still be loaded, the accurate detection 1338 // of this fact is done by load_library. 1339 if (si == nullptr) { 1340 TRACE("[ '%s' has not been found by soname. Trying harder...]", name); 1341 si = load_library(load_tasks, name, rtld_flags, extinfo); 1342 } 1343 1344 return si; 1345} 1346 1347static void soinfo_unload(soinfo* si); 1348 1349// TODO: this is slightly unusual way to construct 1350// the global group for relocation. Not every RTLD_GLOBAL 1351// library is included in this group for backwards-compatibility 1352// reasons. 1353// 1354// This group consists of the main executable, LD_PRELOADs 1355// and libraries with the DF_1_GLOBAL flag set. 1356static soinfo::soinfo_list_t make_global_group() { 1357 soinfo::soinfo_list_t global_group; 1358 for (soinfo* si = somain; si != nullptr; si = si->next) { 1359 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1360 global_group.push_back(si); 1361 } 1362 } 1363 1364 return global_group; 1365} 1366 1367static bool find_libraries(soinfo* start_with, const char* const library_names[], 1368 size_t library_names_count, soinfo* soinfos[], std::vector<soinfo*>* ld_preloads, 1369 size_t ld_preloads_count, int rtld_flags, const android_dlextinfo* extinfo) { 1370 // Step 0: prepare. 1371 LoadTaskList load_tasks; 1372 for (size_t i = 0; i < library_names_count; ++i) { 1373 const char* name = library_names[i]; 1374 load_tasks.push_back(LoadTask::create(name, start_with)); 1375 } 1376 1377 // Construct global_group. 1378 soinfo::soinfo_list_t global_group = make_global_group(); 1379 1380 // If soinfos array is null allocate one on stack. 1381 // The array is needed in case of failure; for example 1382 // when library_names[] = {libone.so, libtwo.so} and libone.so 1383 // is loaded correctly but libtwo.so failed for some reason. 1384 // In this case libone.so should be unloaded on return. 1385 // See also implementation of failure_guard below. 1386 1387 if (soinfos == nullptr) { 1388 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 1389 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 1390 memset(soinfos, 0, soinfos_size); 1391 } 1392 1393 // list of libraries to link - see step 2. 1394 size_t soinfos_count = 0; 1395 1396 auto failure_guard = make_scope_guard([&]() { 1397 // Housekeeping 1398 load_tasks.for_each([] (LoadTask* t) { 1399 LoadTask::deleter(t); 1400 }); 1401 1402 for (size_t i = 0; i<soinfos_count; ++i) { 1403 soinfo_unload(soinfos[i]); 1404 } 1405 }); 1406 1407 // Step 1: load and pre-link all DT_NEEDED libraries in breadth first order. 1408 for (LoadTask::unique_ptr task(load_tasks.pop_front()); 1409 task.get() != nullptr; task.reset(load_tasks.pop_front())) { 1410 soinfo* si = find_library_internal(load_tasks, task->get_name(), rtld_flags, extinfo); 1411 if (si == nullptr) { 1412 return false; 1413 } 1414 1415 soinfo* needed_by = task->get_needed_by(); 1416 1417 if (needed_by != nullptr) { 1418 needed_by->add_child(si); 1419 } 1420 1421 if (si->is_linked()) { 1422 si->increment_ref_count(); 1423 } 1424 1425 // When ld_preloads is not null, the first 1426 // ld_preloads_count libs are in fact ld_preloads. 1427 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 1428 // Add LD_PRELOADed libraries to the global group for future runs. 1429 // There is no need to explicitly add them to the global group 1430 // for this run because they are going to appear in the local 1431 // group in the correct order. 1432 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 1433 ld_preloads->push_back(si); 1434 } 1435 1436 if (soinfos_count < library_names_count) { 1437 soinfos[soinfos_count++] = si; 1438 } 1439 } 1440 1441 // Step 2: link libraries. 1442 soinfo::soinfo_list_t local_group; 1443 walk_dependencies_tree( 1444 start_with == nullptr ? soinfos : &start_with, 1445 start_with == nullptr ? soinfos_count : 1, 1446 [&] (soinfo* si) { 1447 local_group.push_back(si); 1448 return true; 1449 }); 1450 1451 // We need to increment ref_count in case 1452 // the root of the local group was not linked. 1453 bool was_local_group_root_linked = local_group.front()->is_linked(); 1454 1455 bool linked = local_group.visit([&](soinfo* si) { 1456 if (!si->is_linked()) { 1457 if (!si->link_image(global_group, local_group, extinfo)) { 1458 return false; 1459 } 1460 si->set_linked(); 1461 } 1462 1463 return true; 1464 }); 1465 1466 if (linked) { 1467 failure_guard.disable(); 1468 } 1469 1470 if (!was_local_group_root_linked) { 1471 local_group.front()->increment_ref_count(); 1472 } 1473 1474 return linked; 1475} 1476 1477static soinfo* find_library(const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 1478 soinfo* si; 1479 1480 if (name == nullptr) { 1481 si = somain; 1482 } else if (!find_libraries(nullptr, &name, 1, &si, nullptr, 0, rtld_flags, extinfo)) { 1483 return nullptr; 1484 } 1485 1486 return si; 1487} 1488 1489static void soinfo_unload(soinfo* root) { 1490 // Note that the library can be loaded but not linked; 1491 // in which case there is no root but we still need 1492 // to walk the tree and unload soinfos involved. 1493 // 1494 // This happens on unsuccessful dlopen, when one of 1495 // the DT_NEEDED libraries could not be linked/found. 1496 if (root->is_linked()) { 1497 root = root->get_local_group_root(); 1498 } 1499 1500 if (!root->can_unload()) { 1501 TRACE("not unloading '%s' - the binary is flagged with NODELETE", root->get_soname()); 1502 return; 1503 } 1504 1505 size_t ref_count = root->is_linked() ? root->decrement_ref_count() : 0; 1506 1507 if (ref_count == 0) { 1508 soinfo::soinfo_list_t local_unload_list; 1509 soinfo::soinfo_list_t external_unload_list; 1510 soinfo::soinfo_list_t depth_first_list; 1511 depth_first_list.push_back(root); 1512 soinfo* si = nullptr; 1513 1514 while ((si = depth_first_list.pop_front()) != nullptr) { 1515 if (local_unload_list.contains(si)) { 1516 continue; 1517 } 1518 1519 local_unload_list.push_back(si); 1520 1521 if (si->has_min_version(0)) { 1522 soinfo* child = nullptr; 1523 while ((child = si->get_children().pop_front()) != nullptr) { 1524 TRACE("%s@%p needs to unload %s@%p", si->get_soname(), si, child->get_soname(), child); 1525 if (local_unload_list.contains(child)) { 1526 continue; 1527 } else if (child->is_linked() && child->get_local_group_root() != root) { 1528 external_unload_list.push_back(child); 1529 } else { 1530 depth_first_list.push_front(child); 1531 } 1532 } 1533 } else { 1534#if !defined(__arm__) 1535 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_soname(), si); 1536#else 1537 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_soname(), si); 1538 for_each_dt_needed(si, [&] (const char* library_name) { 1539 TRACE("deprecated (old format of soinfo): %s needs to unload %s", 1540 si->get_soname(), library_name); 1541 1542 soinfo* needed = find_library(library_name, RTLD_NOLOAD, nullptr); 1543 if (needed != nullptr) { 1544 // Not found: for example if symlink was deleted between dlopen and dlclose 1545 // Since we cannot really handle errors at this point - print and continue. 1546 PRINT("warning: couldn't find %s needed by %s on unload.", 1547 library_name, si->get_soname()); 1548 return; 1549 } else if (local_unload_list.contains(needed)) { 1550 // already visited 1551 return; 1552 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 1553 // external group 1554 external_unload_list.push_back(needed); 1555 } else { 1556 // local group 1557 depth_first_list.push_front(needed); 1558 } 1559 }); 1560#endif 1561 } 1562 } 1563 1564 local_unload_list.for_each([](soinfo* si) { 1565 si->call_destructors(); 1566 }); 1567 1568 while ((si = local_unload_list.pop_front()) != nullptr) { 1569 notify_gdb_of_unload(si); 1570 soinfo_free(si); 1571 } 1572 1573 while ((si = external_unload_list.pop_front()) != nullptr) { 1574 soinfo_unload(si); 1575 } 1576 } else { 1577 TRACE("not unloading '%s' group, decrementing ref_count to %zd", root->get_soname(), ref_count); 1578 } 1579} 1580 1581void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 1582 // Use basic string manipulation calls to avoid snprintf. 1583 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 1584 // When debug malloc is enabled, this call returns 0. This in turn causes 1585 // snprintf to do nothing, which causes libraries to fail to load. 1586 // See b/17302493 for further details. 1587 // Once the above bug is fixed, this code can be modified to use 1588 // snprintf again. 1589 size_t required_len = strlen(kDefaultLdPaths[0]) + strlen(kDefaultLdPaths[1]) + 2; 1590 if (buffer_size < required_len) { 1591 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: " 1592 "buffer len %zu, required len %zu", buffer_size, required_len); 1593 } 1594 char* end = stpcpy(buffer, kDefaultLdPaths[0]); 1595 *end = ':'; 1596 strcpy(end + 1, kDefaultLdPaths[1]); 1597} 1598 1599void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 1600 parse_LD_LIBRARY_PATH(ld_library_path); 1601} 1602 1603soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 1604 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 1605 DL_ERR("invalid flags to dlopen: %x", flags); 1606 return nullptr; 1607 } 1608 if (extinfo != nullptr) { 1609 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 1610 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 1611 return nullptr; 1612 } 1613 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 1614 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1615 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without " 1616 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 1617 return nullptr; 1618 } 1619 } 1620 1621 ProtectedDataGuard guard; 1622 soinfo* si = find_library(name, flags, extinfo); 1623 if (si != nullptr) { 1624 si->call_constructors(); 1625 } 1626 return si; 1627} 1628 1629void do_dlclose(soinfo* si) { 1630 ProtectedDataGuard guard; 1631 soinfo_unload(si); 1632} 1633 1634static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 1635 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 1636 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 1637 ElfW(Addr) ifunc_addr = ifunc_resolver(); 1638 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", 1639 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 1640 1641 return ifunc_addr; 1642} 1643 1644const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const { 1645 if (source_symver < 2 || 1646 source_symver >= version_infos.size() || 1647 version_infos[source_symver].name == nullptr) { 1648 return nullptr; 1649 } 1650 1651 return &version_infos[source_symver]; 1652} 1653 1654void VersionTracker::add_version_info(size_t source_index, 1655 ElfW(Word) elf_hash, 1656 const char* ver_name, 1657 const soinfo* target_si) { 1658 if (source_index >= version_infos.size()) { 1659 version_infos.resize(source_index+1); 1660 } 1661 1662 version_infos[source_index].elf_hash = elf_hash; 1663 version_infos[source_index].name = ver_name; 1664 version_infos[source_index].target_si = target_si; 1665} 1666 1667bool VersionTracker::init_verneed(const soinfo* si_from) { 1668 uintptr_t verneed_ptr = si_from->get_verneed_ptr(); 1669 1670 if (verneed_ptr == 0) { 1671 return true; 1672 } 1673 1674 size_t verneed_cnt = si_from->get_verneed_cnt(); 1675 1676 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) { 1677 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset); 1678 size_t vernaux_offset = offset + verneed->vn_aux; 1679 offset += verneed->vn_next; 1680 1681 if (verneed->vn_version != 1) { 1682 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version); 1683 return false; 1684 } 1685 1686 const char* target_soname = si_from->get_string(verneed->vn_file); 1687 // find it in dependencies 1688 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) { 1689 return strcmp(si->get_soname(), target_soname) == 0; 1690 }); 1691 1692 if (target_si == nullptr) { 1693 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"", 1694 target_soname, i, si_from->get_soname()); 1695 return false; 1696 } 1697 1698 for (size_t j = 0; j<verneed->vn_cnt; ++j) { 1699 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset); 1700 vernaux_offset += vernaux->vna_next; 1701 1702 const ElfW(Word) elf_hash = vernaux->vna_hash; 1703 const char* ver_name = si_from->get_string(vernaux->vna_name); 1704 ElfW(Half) source_index = vernaux->vna_other; 1705 1706 add_version_info(source_index, elf_hash, ver_name, target_si); 1707 } 1708 } 1709 1710 return true; 1711} 1712 1713bool VersionTracker::init_verdef(const soinfo* si_from) { 1714 return for_each_verdef(si_from, 1715 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 1716 add_version_info(verdef->vd_ndx, verdef->vd_hash, 1717 si_from->get_string(verdaux->vda_name), si_from); 1718 return false; 1719 } 1720 ); 1721} 1722 1723bool VersionTracker::init(const soinfo* si_from) { 1724 if (!si_from->has_min_version(2)) { 1725 return true; 1726 } 1727 1728 return init_verneed(si_from) && init_verdef(si_from); 1729} 1730 1731#if !defined(__mips__) 1732#if defined(USE_RELA) 1733static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 1734 return rela->r_addend; 1735} 1736#else 1737static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 1738 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || 1739 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 1740 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 1741 } 1742 return 0; 1743} 1744#endif 1745 1746template<typename ElfRelIteratorT> 1747bool soinfo::relocate(ElfRelIteratorT&& rel_iterator, const soinfo_list_t& global_group, 1748 const soinfo_list_t& local_group) { 1749 VersionTracker version_tracker; 1750 1751 if (!version_tracker.init(this)) { 1752 return false; 1753 } 1754 1755 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 1756 const auto rel = rel_iterator.next(); 1757 if (rel == nullptr) { 1758 return false; 1759 } 1760 1761 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 1762 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 1763 1764 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 1765 ElfW(Addr) sym_addr = 0; 1766 const char* sym_name = nullptr; 1767 ElfW(Addr) addend = get_addend(rel, reloc); 1768 1769 DEBUG("Processing '%s' relocation at index %zd", get_soname(), idx); 1770 if (type == R_GENERIC_NONE) { 1771 continue; 1772 } 1773 1774 const ElfW(Sym)* s = nullptr; 1775 soinfo* lsi = nullptr; 1776 1777 if (sym != 0) { 1778 sym_name = get_string(symtab_[sym].st_name); 1779 const ElfW(Versym)* sym_ver_ptr = get_versym(sym); 1780 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr; 1781 1782 if (sym_ver == VER_NDX_LOCAL || sym_ver == VER_NDX_GLOBAL) { 1783 // there is no version info for this one 1784 if (!soinfo_do_lookup(this, sym_name, nullptr, &lsi, global_group, local_group, &s)) { 1785 return false; 1786 } 1787 } else { 1788 const version_info* vi = version_tracker.get_version_info(sym_ver); 1789 1790 if (vi == nullptr) { 1791 DL_ERR("cannot find verneed/verdef for version index=%d " 1792 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_soname()); 1793 return false; 1794 } 1795 1796 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) { 1797 return false; 1798 } 1799 } 1800 if (s == nullptr) { 1801 // We only allow an undefined symbol if this is a weak reference... 1802 s = &symtab_[sym]; 1803 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1804 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_soname()); 1805 return false; 1806 } 1807 1808 /* IHI0044C AAELF 4.5.1.1: 1809 1810 Libraries are not searched to resolve weak references. 1811 It is not an error for a weak reference to remain unsatisfied. 1812 1813 During linking, the value of an undefined weak reference is: 1814 - Zero if the relocation type is absolute 1815 - The address of the place if the relocation is pc-relative 1816 - The address of nominal base address if the relocation 1817 type is base-relative. 1818 */ 1819 1820 switch (type) { 1821 case R_GENERIC_JUMP_SLOT: 1822 case R_GENERIC_GLOB_DAT: 1823 case R_GENERIC_RELATIVE: 1824 case R_GENERIC_IRELATIVE: 1825#if defined(__aarch64__) 1826 case R_AARCH64_ABS64: 1827 case R_AARCH64_ABS32: 1828 case R_AARCH64_ABS16: 1829#elif defined(__x86_64__) 1830 case R_X86_64_32: 1831 case R_X86_64_64: 1832#elif defined(__arm__) 1833 case R_ARM_ABS32: 1834#elif defined(__i386__) 1835 case R_386_32: 1836#endif 1837 /* 1838 * The sym_addr was initialized to be zero above, or the relocation 1839 * code below does not care about value of sym_addr. 1840 * No need to do anything. 1841 */ 1842 break; 1843#if defined(__x86_64__) 1844 case R_X86_64_PC32: 1845 sym_addr = reloc; 1846 break; 1847#elif defined(__i386__) 1848 case R_386_PC32: 1849 sym_addr = reloc; 1850 break; 1851#endif 1852 default: 1853 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1854 return false; 1855 } 1856 } else { 1857 // We got a definition. 1858 sym_addr = lsi->resolve_symbol_address(s); 1859 } 1860 count_relocation(kRelocSymbol); 1861 } 1862 1863 switch (type) { 1864 case R_GENERIC_JUMP_SLOT: 1865 count_relocation(kRelocAbsolute); 1866 MARK(rel->r_offset); 1867 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 1868 reinterpret_cast<void*>(reloc), 1869 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1870 1871 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1872 break; 1873 case R_GENERIC_GLOB_DAT: 1874 count_relocation(kRelocAbsolute); 1875 MARK(rel->r_offset); 1876 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 1877 reinterpret_cast<void*>(reloc), 1878 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1879 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1880 break; 1881 case R_GENERIC_RELATIVE: 1882 count_relocation(kRelocRelative); 1883 MARK(rel->r_offset); 1884 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 1885 reinterpret_cast<void*>(reloc), 1886 reinterpret_cast<void*>(load_bias + addend)); 1887 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 1888 break; 1889 case R_GENERIC_IRELATIVE: 1890 count_relocation(kRelocRelative); 1891 MARK(rel->r_offset); 1892 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 1893 reinterpret_cast<void*>(reloc), 1894 reinterpret_cast<void*>(load_bias + addend)); 1895 *reinterpret_cast<ElfW(Addr)*>(reloc) = call_ifunc_resolver(load_bias + addend); 1896 break; 1897 1898#if defined(__aarch64__) 1899 case R_AARCH64_ABS64: 1900 count_relocation(kRelocAbsolute); 1901 MARK(rel->r_offset); 1902 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 1903 reloc, (sym_addr + addend), sym_name); 1904 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1905 break; 1906 case R_AARCH64_ABS32: 1907 count_relocation(kRelocAbsolute); 1908 MARK(rel->r_offset); 1909 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 1910 reloc, (sym_addr + addend), sym_name); 1911 { 1912 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 1913 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 1914 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 1915 if ((min_value <= (reloc_value + (sym_addr + addend))) && 1916 ((reloc_value + (sym_addr + addend)) <= max_value)) { 1917 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1918 } else { 1919 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1920 (reloc_value + (sym_addr + addend)), min_value, max_value); 1921 return false; 1922 } 1923 } 1924 break; 1925 case R_AARCH64_ABS16: 1926 count_relocation(kRelocAbsolute); 1927 MARK(rel->r_offset); 1928 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 1929 reloc, (sym_addr + addend), sym_name); 1930 { 1931 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 1932 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 1933 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 1934 if ((min_value <= (reloc_value + (sym_addr + addend))) && 1935 ((reloc_value + (sym_addr + addend)) <= max_value)) { 1936 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1937 } else { 1938 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1939 reloc_value + (sym_addr + addend), min_value, max_value); 1940 return false; 1941 } 1942 } 1943 break; 1944 case R_AARCH64_PREL64: 1945 count_relocation(kRelocRelative); 1946 MARK(rel->r_offset); 1947 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 1948 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1949 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend) - rel->r_offset; 1950 break; 1951 case R_AARCH64_PREL32: 1952 count_relocation(kRelocRelative); 1953 MARK(rel->r_offset); 1954 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 1955 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1956 { 1957 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 1958 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 1959 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 1960 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 1961 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 1962 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 1963 } else { 1964 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1965 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 1966 return false; 1967 } 1968 } 1969 break; 1970 case R_AARCH64_PREL16: 1971 count_relocation(kRelocRelative); 1972 MARK(rel->r_offset); 1973 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 1974 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1975 { 1976 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 1977 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 1978 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 1979 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 1980 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 1981 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 1982 } else { 1983 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1984 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 1985 return false; 1986 } 1987 } 1988 break; 1989 1990 case R_AARCH64_COPY: 1991 /* 1992 * ET_EXEC is not supported so this should not happen. 1993 * 1994 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf 1995 * 1996 * Section 4.6.11 "Dynamic relocations" 1997 * R_AARCH64_COPY may only appear in executable objects where e_type is 1998 * set to ET_EXEC. 1999 */ 2000 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_soname()); 2001 return false; 2002 case R_AARCH64_TLS_TPREL64: 2003 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 2004 reloc, (sym_addr + addend), rel->r_offset); 2005 break; 2006 case R_AARCH64_TLS_DTPREL32: 2007 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 2008 reloc, (sym_addr + addend), rel->r_offset); 2009 break; 2010#elif defined(__x86_64__) 2011 case R_X86_64_32: 2012 count_relocation(kRelocRelative); 2013 MARK(rel->r_offset); 2014 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2015 static_cast<size_t>(sym_addr), sym_name); 2016 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2017 break; 2018 case R_X86_64_64: 2019 count_relocation(kRelocRelative); 2020 MARK(rel->r_offset); 2021 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2022 static_cast<size_t>(sym_addr), sym_name); 2023 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2024 break; 2025 case R_X86_64_PC32: 2026 count_relocation(kRelocRelative); 2027 MARK(rel->r_offset); 2028 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 2029 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 2030 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 2031 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - reloc; 2032 break; 2033#elif defined(__arm__) 2034 case R_ARM_ABS32: 2035 count_relocation(kRelocAbsolute); 2036 MARK(rel->r_offset); 2037 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 2038 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2039 break; 2040 case R_ARM_REL32: 2041 count_relocation(kRelocRelative); 2042 MARK(rel->r_offset); 2043 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 2044 reloc, sym_addr, rel->r_offset, sym_name); 2045 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 2046 break; 2047 case R_ARM_COPY: 2048 /* 2049 * ET_EXEC is not supported so this should not happen. 2050 * 2051 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 2052 * 2053 * Section 4.6.1.10 "Dynamic relocations" 2054 * R_ARM_COPY may only appear in executable objects where e_type is 2055 * set to ET_EXEC. 2056 */ 2057 DL_ERR("%s R_ARM_COPY relocations are not supported", get_soname()); 2058 return false; 2059#elif defined(__i386__) 2060 case R_386_32: 2061 count_relocation(kRelocRelative); 2062 MARK(rel->r_offset); 2063 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 2064 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2065 break; 2066 case R_386_PC32: 2067 count_relocation(kRelocRelative); 2068 MARK(rel->r_offset); 2069 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 2070 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 2071 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 2072 break; 2073#endif 2074 default: 2075 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 2076 return false; 2077 } 2078 } 2079 return true; 2080} 2081#endif // !defined(__mips__) 2082 2083void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, 2084 size_t count, bool reverse) { 2085 if (functions == nullptr) { 2086 return; 2087 } 2088 2089 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, get_soname()); 2090 2091 int begin = reverse ? (count - 1) : 0; 2092 int end = reverse ? -1 : count; 2093 int step = reverse ? -1 : 1; 2094 2095 for (int i = begin; i != end; i += step) { 2096 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 2097 call_function("function", functions[i]); 2098 } 2099 2100 TRACE("[ Done calling %s for '%s' ]", array_name, get_soname()); 2101} 2102 2103void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 2104 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 2105 return; 2106 } 2107 2108 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, get_soname()); 2109 function(); 2110 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, get_soname()); 2111} 2112 2113void soinfo::call_pre_init_constructors() { 2114 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 2115 // but ignored in a shared library. 2116 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 2117} 2118 2119void soinfo::call_constructors() { 2120 if (constructors_called) { 2121 return; 2122 } 2123 2124 // We set constructors_called before actually calling the constructors, otherwise it doesn't 2125 // protect against recursive constructor calls. One simple example of constructor recursion 2126 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 2127 // 1. The program depends on libc, so libc's constructor is called here. 2128 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 2129 // 3. dlopen() calls the constructors on the newly created 2130 // soinfo for libc_malloc_debug_leak.so. 2131 // 4. The debug .so depends on libc, so CallConstructors is 2132 // called again with the libc soinfo. If it doesn't trigger the early- 2133 // out above, the libc constructor will be called again (recursively!). 2134 constructors_called = true; 2135 2136 if (!is_main_executable() && preinit_array_ != nullptr) { 2137 // The GNU dynamic linker silently ignores these, but we warn the developer. 2138 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 2139 get_soname(), preinit_array_count_); 2140 } 2141 2142 get_children().for_each([] (soinfo* si) { 2143 si->call_constructors(); 2144 }); 2145 2146 TRACE("\"%s\": calling constructors", get_soname()); 2147 2148 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 2149 call_function("DT_INIT", init_func_); 2150 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 2151} 2152 2153void soinfo::call_destructors() { 2154 if (!constructors_called) { 2155 return; 2156 } 2157 TRACE("\"%s\": calling destructors", get_soname()); 2158 2159 // DT_FINI_ARRAY must be parsed in reverse order. 2160 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 2161 2162 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 2163 call_function("DT_FINI", fini_func_); 2164 2165 // This is needed on second call to dlopen 2166 // after library has been unloaded with RTLD_NODELETE 2167 constructors_called = false; 2168} 2169 2170void soinfo::add_child(soinfo* child) { 2171 if (has_min_version(0)) { 2172 child->parents_.push_back(this); 2173 this->children_.push_back(child); 2174 } 2175} 2176 2177void soinfo::remove_all_links() { 2178 if (!has_min_version(0)) { 2179 return; 2180 } 2181 2182 // 1. Untie connected soinfos from 'this'. 2183 children_.for_each([&] (soinfo* child) { 2184 child->parents_.remove_if([&] (const soinfo* parent) { 2185 return parent == this; 2186 }); 2187 }); 2188 2189 parents_.for_each([&] (soinfo* parent) { 2190 parent->children_.remove_if([&] (const soinfo* child) { 2191 return child == this; 2192 }); 2193 }); 2194 2195 // 2. Once everything untied - clear local lists. 2196 parents_.clear(); 2197 children_.clear(); 2198} 2199 2200dev_t soinfo::get_st_dev() const { 2201 if (has_min_version(0)) { 2202 return st_dev_; 2203 } 2204 2205 return 0; 2206}; 2207 2208ino_t soinfo::get_st_ino() const { 2209 if (has_min_version(0)) { 2210 return st_ino_; 2211 } 2212 2213 return 0; 2214} 2215 2216off64_t soinfo::get_file_offset() const { 2217 if (has_min_version(1)) { 2218 return file_offset_; 2219 } 2220 2221 return 0; 2222} 2223 2224uint32_t soinfo::get_rtld_flags() const { 2225 if (has_min_version(1)) { 2226 return rtld_flags_; 2227 } 2228 2229 return 0; 2230} 2231 2232uint32_t soinfo::get_dt_flags_1() const { 2233 if (has_min_version(1)) { 2234 return dt_flags_1_; 2235 } 2236 2237 return 0; 2238} 2239 2240void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 2241 if (has_min_version(1)) { 2242 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 2243 rtld_flags_ |= RTLD_GLOBAL; 2244 } 2245 2246 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 2247 rtld_flags_ |= RTLD_NODELETE; 2248 } 2249 2250 dt_flags_1_ = dt_flags_1; 2251 } 2252} 2253 2254const char* soinfo::get_realpath() const { 2255#if defined(__arm__) 2256 if (has_min_version(2)) { 2257 return realpath_.c_str(); 2258 } else { 2259 return old_name_; 2260 } 2261#else 2262 return realpath_.c_str(); 2263#endif 2264} 2265 2266const char* soinfo::get_soname() const { 2267#if defined(__arm__) 2268 if (has_min_version(2)) { 2269 return soname_; 2270 } else { 2271 return old_name_; 2272 } 2273#else 2274 return soname_; 2275#endif 2276} 2277 2278// This is a return on get_children()/get_parents() if 2279// 'this->flags' does not have FLAG_NEW_SOINFO set. 2280static soinfo::soinfo_list_t g_empty_list; 2281 2282soinfo::soinfo_list_t& soinfo::get_children() { 2283 if (has_min_version(0)) { 2284 return children_; 2285 } 2286 2287 return g_empty_list; 2288} 2289 2290const soinfo::soinfo_list_t& soinfo::get_children() const { 2291 if (has_min_version(0)) { 2292 return children_; 2293 } 2294 2295 return g_empty_list; 2296} 2297 2298soinfo::soinfo_list_t& soinfo::get_parents() { 2299 if (has_min_version(0)) { 2300 return parents_; 2301 } 2302 2303 return g_empty_list; 2304} 2305 2306ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const { 2307 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 2308 return call_ifunc_resolver(s->st_value + load_bias); 2309 } 2310 2311 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 2312} 2313 2314const char* soinfo::get_string(ElfW(Word) index) const { 2315 if (has_min_version(1) && (index >= strtab_size_)) { 2316 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", 2317 get_soname(), strtab_size_, index); 2318 } 2319 2320 return strtab_ + index; 2321} 2322 2323bool soinfo::is_gnu_hash() const { 2324 return (flags_ & FLAG_GNU_HASH) != 0; 2325} 2326 2327bool soinfo::can_unload() const { 2328 return (get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0; 2329} 2330 2331bool soinfo::is_linked() const { 2332 return (flags_ & FLAG_LINKED) != 0; 2333} 2334 2335bool soinfo::is_main_executable() const { 2336 return (flags_ & FLAG_EXE) != 0; 2337} 2338 2339void soinfo::set_linked() { 2340 flags_ |= FLAG_LINKED; 2341} 2342 2343void soinfo::set_linker_flag() { 2344 flags_ |= FLAG_LINKER; 2345} 2346 2347void soinfo::set_main_executable() { 2348 flags_ |= FLAG_EXE; 2349} 2350 2351void soinfo::increment_ref_count() { 2352 local_group_root_->ref_count_++; 2353} 2354 2355size_t soinfo::decrement_ref_count() { 2356 return --local_group_root_->ref_count_; 2357} 2358 2359soinfo* soinfo::get_local_group_root() const { 2360 return local_group_root_; 2361} 2362 2363/* Force any of the closed stdin, stdout and stderr to be associated with 2364 /dev/null. */ 2365static int nullify_closed_stdio() { 2366 int dev_null, i, status; 2367 int return_value = 0; 2368 2369 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 2370 if (dev_null < 0) { 2371 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 2372 return -1; 2373 } 2374 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 2375 2376 /* If any of the stdio file descriptors is valid and not associated 2377 with /dev/null, dup /dev/null to it. */ 2378 for (i = 0; i < 3; i++) { 2379 /* If it is /dev/null already, we are done. */ 2380 if (i == dev_null) { 2381 continue; 2382 } 2383 2384 TRACE("[ Nullifying stdio file descriptor %d]", i); 2385 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 2386 2387 /* If file is opened, we are good. */ 2388 if (status != -1) { 2389 continue; 2390 } 2391 2392 /* The only error we allow is that the file descriptor does not 2393 exist, in which case we dup /dev/null to it. */ 2394 if (errno != EBADF) { 2395 DL_ERR("fcntl failed: %s", strerror(errno)); 2396 return_value = -1; 2397 continue; 2398 } 2399 2400 /* Try dupping /dev/null to this stdio file descriptor and 2401 repeat if there is a signal. Note that any errors in closing 2402 the stdio descriptor are lost. */ 2403 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 2404 if (status < 0) { 2405 DL_ERR("dup2 failed: %s", strerror(errno)); 2406 return_value = -1; 2407 continue; 2408 } 2409 } 2410 2411 /* If /dev/null is not one of the stdio file descriptors, close it. */ 2412 if (dev_null > 2) { 2413 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 2414 status = TEMP_FAILURE_RETRY(close(dev_null)); 2415 if (status == -1) { 2416 DL_ERR("close failed: %s", strerror(errno)); 2417 return_value = -1; 2418 } 2419 } 2420 2421 return return_value; 2422} 2423 2424bool soinfo::prelink_image() { 2425 /* Extract dynamic section */ 2426 ElfW(Word) dynamic_flags = 0; 2427 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 2428 2429 /* We can't log anything until the linker is relocated */ 2430 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 2431 if (!relocating_linker) { 2432 INFO("[ linking %s ]", get_soname()); 2433 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 2434 } 2435 2436 if (dynamic == nullptr) { 2437 if (!relocating_linker) { 2438 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_soname()); 2439 } 2440 return false; 2441 } else { 2442 if (!relocating_linker) { 2443 DEBUG("dynamic = %p", dynamic); 2444 } 2445 } 2446 2447#if defined(__arm__) 2448 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 2449 &ARM_exidx, &ARM_exidx_count); 2450#endif 2451 2452 // Extract useful information from dynamic section. 2453 // Note that: "Except for the DT_NULL element at the end of the array, 2454 // and the relative order of DT_NEEDED elements, entries may appear in any order." 2455 // 2456 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html 2457 uint32_t needed_count = 0; 2458 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2459 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 2460 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2461 switch (d->d_tag) { 2462 case DT_SONAME: 2463 // this is parsed after we have strtab initialized (see below). 2464 break; 2465 2466 case DT_HASH: 2467 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2468 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2469 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 2470 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 2471 break; 2472 2473 case DT_GNU_HASH: 2474 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2475 // skip symndx 2476 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 2477 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 2478 2479 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 2480 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 2481 // amend chain for symndx = header[1] 2482 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - 2483 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2484 2485 if (!powerof2(gnu_maskwords_)) { 2486 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", 2487 gnu_maskwords_, get_realpath()); 2488 return false; 2489 } 2490 --gnu_maskwords_; 2491 2492 flags_ |= FLAG_GNU_HASH; 2493 break; 2494 2495 case DT_STRTAB: 2496 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 2497 break; 2498 2499 case DT_STRSZ: 2500 strtab_size_ = d->d_un.d_val; 2501 break; 2502 2503 case DT_SYMTAB: 2504 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 2505 break; 2506 2507 case DT_SYMENT: 2508 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 2509 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", 2510 static_cast<size_t>(d->d_un.d_val), get_realpath()); 2511 return false; 2512 } 2513 break; 2514 2515 case DT_PLTREL: 2516#if defined(USE_RELA) 2517 if (d->d_un.d_val != DT_RELA) { 2518 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath()); 2519 return false; 2520 } 2521#else 2522 if (d->d_un.d_val != DT_REL) { 2523 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath()); 2524 return false; 2525 } 2526#endif 2527 break; 2528 2529 case DT_JMPREL: 2530#if defined(USE_RELA) 2531 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2532#else 2533 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2534#endif 2535 break; 2536 2537 case DT_PLTRELSZ: 2538#if defined(USE_RELA) 2539 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2540#else 2541 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2542#endif 2543 break; 2544 2545 case DT_PLTGOT: 2546#if defined(__mips__) 2547 // Used by mips and mips64. 2548 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 2549#endif 2550 // Ignore for other platforms... (because RTLD_LAZY is not supported) 2551 break; 2552 2553 case DT_DEBUG: 2554 // Set the DT_DEBUG entry to the address of _r_debug for GDB 2555 // if the dynamic table is writable 2556// FIXME: not working currently for N64 2557// The flags for the LOAD and DYNAMIC program headers do not agree. 2558// The LOAD section containing the dynamic table has been mapped as 2559// read-only, but the DYNAMIC header claims it is writable. 2560#if !(defined(__mips__) && defined(__LP64__)) 2561 if ((dynamic_flags & PF_W) != 0) { 2562 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 2563 } 2564#endif 2565 break; 2566#if defined(USE_RELA) 2567 case DT_RELA: 2568 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2569 break; 2570 2571 case DT_RELASZ: 2572 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2573 break; 2574 2575 case DT_ANDROID_RELA: 2576 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2577 break; 2578 2579 case DT_ANDROID_RELASZ: 2580 android_relocs_size_ = d->d_un.d_val; 2581 break; 2582 2583 case DT_ANDROID_REL: 2584 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath()); 2585 return false; 2586 2587 case DT_ANDROID_RELSZ: 2588 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath()); 2589 return false; 2590 2591 case DT_RELAENT: 2592 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 2593 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2594 return false; 2595 } 2596 break; 2597 2598 // ignored (see DT_RELCOUNT comments for details) 2599 case DT_RELACOUNT: 2600 break; 2601 2602 case DT_REL: 2603 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath()); 2604 return false; 2605 2606 case DT_RELSZ: 2607 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath()); 2608 return false; 2609 2610#else 2611 case DT_REL: 2612 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2613 break; 2614 2615 case DT_RELSZ: 2616 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2617 break; 2618 2619 case DT_RELENT: 2620 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 2621 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2622 return false; 2623 } 2624 break; 2625 2626 case DT_ANDROID_REL: 2627 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2628 break; 2629 2630 case DT_ANDROID_RELSZ: 2631 android_relocs_size_ = d->d_un.d_val; 2632 break; 2633 2634 case DT_ANDROID_RELA: 2635 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath()); 2636 return false; 2637 2638 case DT_ANDROID_RELASZ: 2639 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath()); 2640 return false; 2641 2642 // "Indicates that all RELATIVE relocations have been concatenated together, 2643 // and specifies the RELATIVE relocation count." 2644 // 2645 // TODO: Spec also mentions that this can be used to optimize relocation process; 2646 // Not currently used by bionic linker - ignored. 2647 case DT_RELCOUNT: 2648 break; 2649 2650 case DT_RELA: 2651 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath()); 2652 return false; 2653 2654 case DT_RELASZ: 2655 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath()); 2656 return false; 2657 2658#endif 2659 case DT_INIT: 2660 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2661 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); 2662 break; 2663 2664 case DT_FINI: 2665 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2666 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); 2667 break; 2668 2669 case DT_INIT_ARRAY: 2670 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2671 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); 2672 break; 2673 2674 case DT_INIT_ARRAYSZ: 2675 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2676 break; 2677 2678 case DT_FINI_ARRAY: 2679 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2680 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); 2681 break; 2682 2683 case DT_FINI_ARRAYSZ: 2684 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2685 break; 2686 2687 case DT_PREINIT_ARRAY: 2688 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2689 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_); 2690 break; 2691 2692 case DT_PREINIT_ARRAYSZ: 2693 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2694 break; 2695 2696 case DT_TEXTREL: 2697#if defined(__LP64__) 2698 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2699 return false; 2700#else 2701 has_text_relocations = true; 2702 break; 2703#endif 2704 2705 case DT_SYMBOLIC: 2706 has_DT_SYMBOLIC = true; 2707 break; 2708 2709 case DT_NEEDED: 2710 ++needed_count; 2711 break; 2712 2713 case DT_FLAGS: 2714 if (d->d_un.d_val & DF_TEXTREL) { 2715#if defined(__LP64__) 2716 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2717 return false; 2718#else 2719 has_text_relocations = true; 2720#endif 2721 } 2722 if (d->d_un.d_val & DF_SYMBOLIC) { 2723 has_DT_SYMBOLIC = true; 2724 } 2725 break; 2726 2727 case DT_FLAGS_1: 2728 set_dt_flags_1(d->d_un.d_val); 2729 2730 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 2731 DL_WARN("Unsupported flags DT_FLAGS_1=%p", reinterpret_cast<void*>(d->d_un.d_val)); 2732 } 2733 break; 2734#if defined(__mips__) 2735 case DT_MIPS_RLD_MAP: 2736 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 2737 { 2738 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 2739 *dp = &_r_debug; 2740 } 2741 break; 2742 case DT_MIPS_RLD_MAP2: 2743 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 2744 { 2745 r_debug** dp = reinterpret_cast<r_debug**>( 2746 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 2747 *dp = &_r_debug; 2748 } 2749 break; 2750 2751 case DT_MIPS_RLD_VERSION: 2752 case DT_MIPS_FLAGS: 2753 case DT_MIPS_BASE_ADDRESS: 2754 case DT_MIPS_UNREFEXTNO: 2755 break; 2756 2757 case DT_MIPS_SYMTABNO: 2758 mips_symtabno_ = d->d_un.d_val; 2759 break; 2760 2761 case DT_MIPS_LOCAL_GOTNO: 2762 mips_local_gotno_ = d->d_un.d_val; 2763 break; 2764 2765 case DT_MIPS_GOTSYM: 2766 mips_gotsym_ = d->d_un.d_val; 2767 break; 2768#endif 2769 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 2770 case DT_BIND_NOW: 2771 break; 2772 2773 case DT_VERSYM: 2774 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr); 2775 break; 2776 2777 case DT_VERDEF: 2778 verdef_ptr_ = load_bias + d->d_un.d_ptr; 2779 break; 2780 case DT_VERDEFNUM: 2781 verdef_cnt_ = d->d_un.d_val; 2782 break; 2783 2784 case DT_VERNEED: 2785 verneed_ptr_ = load_bias + d->d_un.d_ptr; 2786 break; 2787 2788 case DT_VERNEEDNUM: 2789 verneed_cnt_ = d->d_un.d_val; 2790 break; 2791 2792 default: 2793 if (!relocating_linker) { 2794 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(), 2795 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2796 } 2797 break; 2798 } 2799 } 2800 2801 // second pass - parse entries relying on strtab 2802 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2803 if (d->d_tag == DT_SONAME) { 2804 soname_ = get_string(d->d_un.d_val); 2805#if defined(__arm__) 2806 strlcpy(old_name_, soname_, sizeof(old_name_)); 2807#endif 2808 break; 2809 } 2810 } 2811 2812 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 2813 reinterpret_cast<void*>(base), strtab_, symtab_); 2814 2815 // Sanity checks. 2816 if (relocating_linker && needed_count != 0) { 2817 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 2818 return false; 2819 } 2820 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 2821 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" " 2822 "(new hash type from the future?)", get_soname()); 2823 return false; 2824 } 2825 if (strtab_ == 0) { 2826 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_soname()); 2827 return false; 2828 } 2829 if (symtab_ == 0) { 2830 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_soname()); 2831 return false; 2832 } 2833 return true; 2834} 2835 2836bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 2837 const android_dlextinfo* extinfo) { 2838 2839 local_group_root_ = local_group.front(); 2840 if (local_group_root_ == nullptr) { 2841 local_group_root_ = this; 2842 } 2843 2844#if !defined(__LP64__) 2845 if (has_text_relocations) { 2846 // Make segments writable to allow text relocations to work properly. We will later call 2847 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 2848 DL_WARN("%s has text relocations. This is wasting memory and prevents " 2849 "security hardening. Please fix.", get_soname()); 2850 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2851 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2852 get_soname(), strerror(errno)); 2853 return false; 2854 } 2855 } 2856#endif 2857 2858 if (android_relocs_ != nullptr) { 2859 // check signature 2860 if (android_relocs_size_ > 3 && 2861 android_relocs_[0] == 'A' && 2862 android_relocs_[1] == 'P' && 2863 android_relocs_[2] == 'S' && 2864 android_relocs_[3] == '2') { 2865 DEBUG("[ android relocating %s ]", get_soname()); 2866 2867 bool relocated = false; 2868 const uint8_t* packed_relocs = android_relocs_ + 4; 2869 const size_t packed_relocs_size = android_relocs_size_ - 4; 2870 2871 relocated = relocate( 2872 packed_reloc_iterator<sleb128_decoder>( 2873 sleb128_decoder(packed_relocs, packed_relocs_size)), 2874 global_group, local_group); 2875 2876 if (!relocated) { 2877 return false; 2878 } 2879 } else { 2880 DL_ERR("bad android relocation header."); 2881 return false; 2882 } 2883 } 2884 2885#if defined(USE_RELA) 2886 if (rela_ != nullptr) { 2887 DEBUG("[ relocating %s ]", get_soname()); 2888 if (!relocate(plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 2889 return false; 2890 } 2891 } 2892 if (plt_rela_ != nullptr) { 2893 DEBUG("[ relocating %s plt ]", get_soname()); 2894 if (!relocate(plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 2895 return false; 2896 } 2897 } 2898#else 2899 if (rel_ != nullptr) { 2900 DEBUG("[ relocating %s ]", get_soname()); 2901 if (!relocate(plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 2902 return false; 2903 } 2904 } 2905 if (plt_rel_ != nullptr) { 2906 DEBUG("[ relocating %s plt ]", get_soname()); 2907 if (!relocate(plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 2908 return false; 2909 } 2910 } 2911#endif 2912 2913#if defined(__mips__) 2914 if (!mips_relocate_got(global_group, local_group)) { 2915 return false; 2916 } 2917#endif 2918 2919 DEBUG("[ finished linking %s ]", get_soname()); 2920 2921#if !defined(__LP64__) 2922 if (has_text_relocations) { 2923 // All relocations are done, we can protect our segments back to read-only. 2924 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2925 DL_ERR("can't protect segments for \"%s\": %s", 2926 get_soname(), strerror(errno)); 2927 return false; 2928 } 2929 } 2930#endif 2931 2932 /* We can also turn on GNU RELRO protection */ 2933 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 2934 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 2935 get_soname(), strerror(errno)); 2936 return false; 2937 } 2938 2939 /* Handle serializing/sharing the RELRO segment */ 2940 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 2941 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 2942 extinfo->relro_fd) < 0) { 2943 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 2944 get_soname(), strerror(errno)); 2945 return false; 2946 } 2947 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 2948 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 2949 extinfo->relro_fd) < 0) { 2950 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 2951 get_soname(), strerror(errno)); 2952 return false; 2953 } 2954 } 2955 2956 notify_gdb_of_load(this); 2957 return true; 2958} 2959 2960/* 2961 * This function add vdso to internal dso list. 2962 * It helps to stack unwinding through signal handlers. 2963 * Also, it makes bionic more like glibc. 2964 */ 2965static void add_vdso(KernelArgumentBlock& args __unused) { 2966#if defined(AT_SYSINFO_EHDR) 2967 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 2968 if (ehdr_vdso == nullptr) { 2969 return; 2970 } 2971 2972 soinfo* si = soinfo_alloc("[vdso]", nullptr, 0, 0); 2973 2974 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 2975 si->phnum = ehdr_vdso->e_phnum; 2976 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 2977 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2978 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 2979 2980 si->prelink_image(); 2981 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 2982#endif 2983} 2984 2985/* 2986 * This is linker soinfo for GDB. See details below. 2987 */ 2988#if defined(__LP64__) 2989#define LINKER_PATH "/system/bin/linker64" 2990#else 2991#define LINKER_PATH "/system/bin/linker" 2992#endif 2993 2994// This is done to avoid calling c-tor prematurely 2995// because soinfo c-tor needs memory allocator 2996// which might be initialized after global variables. 2997static uint8_t linker_soinfo_for_gdb_buf[sizeof(soinfo)] __attribute__((aligned(8))); 2998static soinfo* linker_soinfo_for_gdb = nullptr; 2999 3000/* gdb expects the linker to be in the debug shared object list. 3001 * Without this, gdb has trouble locating the linker's ".text" 3002 * and ".plt" sections. Gdb could also potentially use this to 3003 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 3004 * Don't use soinfo_alloc(), because the linker shouldn't 3005 * be on the soinfo list. 3006 */ 3007static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 3008 linker_soinfo_for_gdb = new (linker_soinfo_for_gdb_buf) soinfo(LINKER_PATH, nullptr, 0, 0); 3009 3010 linker_soinfo_for_gdb->base = linker_base; 3011 3012 /* 3013 * Set the dynamic field in the link map otherwise gdb will complain with 3014 * the following: 3015 * warning: .dynamic section for "/system/bin/linker" is not at the 3016 * expected address (wrong library or version mismatch?) 3017 */ 3018 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 3019 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 3020 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 3021 &linker_soinfo_for_gdb->dynamic, nullptr); 3022 insert_soinfo_into_debug_map(linker_soinfo_for_gdb); 3023} 3024 3025/* 3026 * This code is called after the linker has linked itself and 3027 * fixed it's own GOT. It is safe to make references to externs 3028 * and other non-local data at this point. 3029 */ 3030static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 3031#if TIMING 3032 struct timeval t0, t1; 3033 gettimeofday(&t0, 0); 3034#endif 3035 3036 // Initialize environment functions, and get to the ELF aux vectors table. 3037 linker_env_init(args); 3038 3039 // If this is a setuid/setgid program, close the security hole described in 3040 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 3041 if (get_AT_SECURE()) { 3042 nullify_closed_stdio(); 3043 } 3044 3045 debuggerd_init(); 3046 3047 // Get a few environment variables. 3048 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 3049 if (LD_DEBUG != nullptr) { 3050 g_ld_debug_verbosity = atoi(LD_DEBUG); 3051 } 3052 3053 // Normally, these are cleaned by linker_env_init, but the test 3054 // doesn't cost us anything. 3055 const char* ldpath_env = nullptr; 3056 const char* ldpreload_env = nullptr; 3057 if (!get_AT_SECURE()) { 3058 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 3059 ldpreload_env = linker_env_get("LD_PRELOAD"); 3060 } 3061 3062#if !defined(__LP64__) 3063 if (personality(PER_LINUX32) == -1) { 3064 __libc_fatal("error setting PER_LINUX32 personality: %s", strerror(errno)); 3065 } 3066#endif 3067 3068 INFO("[ android linker & debugger ]"); 3069 3070 soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); 3071 if (si == nullptr) { 3072 exit(EXIT_FAILURE); 3073 } 3074 3075 /* bootstrap the link map, the main exe always needs to be first */ 3076 si->set_main_executable(); 3077 link_map* map = &(si->link_map_head); 3078 3079 map->l_addr = 0; 3080 map->l_name = args.argv[0]; 3081 map->l_prev = nullptr; 3082 map->l_next = nullptr; 3083 3084 _r_debug.r_map = map; 3085 r_debug_tail = map; 3086 3087 init_linker_info_for_gdb(linker_base); 3088 3089 // Extract information passed from the kernel. 3090 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 3091 si->phnum = args.getauxval(AT_PHNUM); 3092 si->entry = args.getauxval(AT_ENTRY); 3093 3094 /* Compute the value of si->base. We can't rely on the fact that 3095 * the first entry is the PHDR because this will not be true 3096 * for certain executables (e.g. some in the NDK unit test suite) 3097 */ 3098 si->base = 0; 3099 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 3100 si->load_bias = 0; 3101 for (size_t i = 0; i < si->phnum; ++i) { 3102 if (si->phdr[i].p_type == PT_PHDR) { 3103 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 3104 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 3105 break; 3106 } 3107 } 3108 si->dynamic = nullptr; 3109 3110 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 3111 if (elf_hdr->e_type != ET_DYN) { 3112 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 3113 exit(EXIT_FAILURE); 3114 } 3115 3116 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 3117 parse_LD_LIBRARY_PATH(ldpath_env); 3118 parse_LD_PRELOAD(ldpreload_env); 3119 3120 somain = si; 3121 3122 if (!si->prelink_image()) { 3123 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3124 exit(EXIT_FAILURE); 3125 } 3126 3127 // add somain to global group 3128 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 3129 3130 // Load ld_preloads and dependencies. 3131 StringLinkedList needed_library_name_list; 3132 size_t needed_libraries_count = 0; 3133 size_t ld_preloads_count = 0; 3134 3135 for (const auto& ld_preload_name : g_ld_preload_names) { 3136 needed_library_name_list.push_back(ld_preload_name.c_str()); 3137 ++needed_libraries_count; 3138 } 3139 3140 for_each_dt_needed(si, [&](const char* name) { 3141 needed_library_name_list.push_back(name); 3142 ++needed_libraries_count; 3143 }); 3144 3145 const char* needed_library_names[needed_libraries_count]; 3146 3147 memset(needed_library_names, 0, sizeof(needed_library_names)); 3148 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 3149 3150 if (needed_libraries_count > 0 && 3151 !find_libraries(si, needed_library_names, needed_libraries_count, nullptr, 3152 &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr)) { 3153 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3154 exit(EXIT_FAILURE); 3155 } else if (needed_libraries_count == 0) { 3156 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 3157 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3158 exit(EXIT_FAILURE); 3159 } 3160 si->increment_ref_count(); 3161 } 3162 3163 add_vdso(args); 3164 3165 { 3166 ProtectedDataGuard guard; 3167 3168 si->call_pre_init_constructors(); 3169 3170 /* After the prelink_image, the si->load_bias is initialized. 3171 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 3172 * We need to update this value for so exe here. So Unwind_Backtrace 3173 * for some arch like x86 could work correctly within so exe. 3174 */ 3175 map->l_addr = si->load_bias; 3176 si->call_constructors(); 3177 } 3178 3179#if TIMING 3180 gettimeofday(&t1, nullptr); 3181 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 3182 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 3183 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 3184#endif 3185#if STATS 3186 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 3187 linker_stats.count[kRelocAbsolute], 3188 linker_stats.count[kRelocRelative], 3189 linker_stats.count[kRelocCopy], 3190 linker_stats.count[kRelocSymbol]); 3191#endif 3192#if COUNT_PAGES 3193 { 3194 unsigned n; 3195 unsigned i; 3196 unsigned count = 0; 3197 for (n = 0; n < 4096; n++) { 3198 if (bitmask[n]) { 3199 unsigned x = bitmask[n]; 3200#if defined(__LP64__) 3201 for (i = 0; i < 32; i++) { 3202#else 3203 for (i = 0; i < 8; i++) { 3204#endif 3205 if (x & 1) { 3206 count++; 3207 } 3208 x >>= 1; 3209 } 3210 } 3211 } 3212 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 3213 } 3214#endif 3215 3216#if TIMING || STATS || COUNT_PAGES 3217 fflush(stdout); 3218#endif 3219 3220 TRACE("[ Ready to execute '%s' @ %p ]", si->get_soname(), reinterpret_cast<void*>(si->entry)); 3221 return si->entry; 3222} 3223 3224/* Compute the load-bias of an existing executable. This shall only 3225 * be used to compute the load bias of an executable or shared library 3226 * that was loaded by the kernel itself. 3227 * 3228 * Input: 3229 * elf -> address of ELF header, assumed to be at the start of the file. 3230 * Return: 3231 * load bias, i.e. add the value of any p_vaddr in the file to get 3232 * the corresponding address in memory. 3233 */ 3234static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 3235 ElfW(Addr) offset = elf->e_phoff; 3236 const ElfW(Phdr)* phdr_table = reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 3237 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 3238 3239 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 3240 if (phdr->p_type == PT_LOAD) { 3241 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 3242 } 3243 } 3244 return 0; 3245} 3246 3247extern "C" void _start(); 3248 3249/* 3250 * This is the entry point for the linker, called from begin.S. This 3251 * method is responsible for fixing the linker's own relocations, and 3252 * then calling __linker_init_post_relocation(). 3253 * 3254 * Because this method is called before the linker has fixed it's own 3255 * relocations, any attempt to reference an extern variable, extern 3256 * function, or other GOT reference will generate a segfault. 3257 */ 3258extern "C" ElfW(Addr) __linker_init(void* raw_args) { 3259 KernelArgumentBlock args(raw_args); 3260 3261 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 3262 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 3263 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 3264 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 3265 3266 soinfo linker_so(nullptr, nullptr, 0, 0); 3267 3268 // If the linker is not acting as PT_INTERP entry_point is equal to 3269 // _start. Which means that the linker is running as an executable and 3270 // already linked by PT_INTERP. 3271 // 3272 // This happens when user tries to run 'adb shell /system/bin/linker' 3273 // see also https://code.google.com/p/android/issues/detail?id=63174 3274 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 3275 __libc_fatal("This is %s, the helper program for shared library executables.\n", args.argv[0]); 3276 } 3277 3278 linker_so.base = linker_addr; 3279 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 3280 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 3281 linker_so.dynamic = nullptr; 3282 linker_so.phdr = phdr; 3283 linker_so.phnum = elf_hdr->e_phnum; 3284 linker_so.set_linker_flag(); 3285 3286 // This might not be obvious... The reasons why we pass g_empty_list 3287 // in place of local_group here are (1) we do not really need it, because 3288 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 3289 // itself without having to look into local_group and (2) allocators 3290 // are not yet initialized, and therefore we cannot use linked_list.push_* 3291 // functions at this point. 3292 if (!(linker_so.prelink_image() && linker_so.link_image(g_empty_list, g_empty_list, nullptr))) { 3293 // It would be nice to print an error message, but if the linker 3294 // can't link itself, there's no guarantee that we'll be able to 3295 // call write() (because it involves a GOT reference). We may as 3296 // well try though... 3297 const char* msg = "CANNOT LINK EXECUTABLE: "; 3298 write(2, msg, strlen(msg)); 3299 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 3300 write(2, "\n", 1); 3301 _exit(EXIT_FAILURE); 3302 } 3303 3304 __libc_init_tls(args); 3305 3306 // Initialize the linker's own global variables 3307 linker_so.call_constructors(); 3308 3309 // Initialize static variables. Note that in order to 3310 // get correct libdl_info we need to call constructors 3311 // before get_libdl_info(). 3312 solist = get_libdl_info(); 3313 sonext = get_libdl_info(); 3314 3315 // We have successfully fixed our own relocations. It's safe to run 3316 // the main part of the linker now. 3317 args.abort_message_ptr = &g_abort_message; 3318 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 3319 3320 INFO("[ jumping to _start ]"); 3321 3322 // Return the address that the calling assembly stub should jump to. 3323 return start_address; 3324} 3325