linker.cpp revision 600bc3cb9342fbb1dc16ea25f5b676ce072e3e1b
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <inttypes.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/mman.h> 38#include <sys/param.h> 39#include <sys/personality.h> 40#include <unistd.h> 41 42#include <new> 43 44// Private C library headers. 45#include "private/bionic_tls.h" 46#include "private/KernelArgumentBlock.h" 47#include "private/ScopedPthreadMutexLocker.h" 48#include "private/ScopedFd.h" 49#include "private/ScopeGuard.h" 50#include "private/UniquePtr.h" 51 52#include "linker.h" 53#include "linker_block_allocator.h" 54#include "linker_debug.h" 55#include "linker_environ.h" 56#include "linker_leb128.h" 57#include "linker_phdr.h" 58#include "linker_relocs.h" 59#include "linker_reloc_iterators.h" 60 61/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 62 * 63 * Do NOT use malloc() and friends or pthread_*() code here. 64 * Don't use printf() either; it's caused mysterious memory 65 * corruption in the past. 66 * The linker runs before we bring up libc and it's easiest 67 * to make sure it does not depend on any complex libc features 68 * 69 * open issues / todo: 70 * 71 * - cleaner error reporting 72 * - after linking, set as much stuff as possible to READONLY 73 * and NOEXEC 74 */ 75 76// Override macros to use C++ style casts 77#undef ELF_ST_TYPE 78#define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 79 80#if defined(__LP64__) 81#define SEARCH_NAME(x) x 82#else 83// Nvidia drivers are relying on the bug: 84// http://code.google.com/p/android/issues/detail?id=6670 85// so we continue to use base-name lookup for lp32 86static const char* get_base_name(const char* name) { 87 const char* bname = strrchr(name, '/'); 88 return bname ? bname + 1 : name; 89} 90#define SEARCH_NAME(x) get_base_name(x) 91#endif 92 93static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 94 95static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 96static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 97 98static soinfo* solist; 99static soinfo* sonext; 100static soinfo* somain; // main process, always the one after libdl_info 101 102static const char* const kDefaultLdPaths[] = { 103#if defined(__LP64__) 104 "/vendor/lib64", 105 "/system/lib64", 106#else 107 "/vendor/lib", 108 "/system/lib", 109#endif 110 nullptr 111}; 112 113#define LDPATH_BUFSIZE (LDPATH_MAX*64) 114#define LDPATH_MAX 8 115 116#define LDPRELOAD_BUFSIZE (LDPRELOAD_MAX*64) 117#define LDPRELOAD_MAX 8 118 119static char g_ld_library_paths_buffer[LDPATH_BUFSIZE]; 120static const char* g_ld_library_paths[LDPATH_MAX + 1]; 121 122static char g_ld_preloads_buffer[LDPRELOAD_BUFSIZE]; 123static const char* g_ld_preload_names[LDPRELOAD_MAX + 1]; 124 125static soinfo* g_ld_preloads[LDPRELOAD_MAX + 1]; 126 127__LIBC_HIDDEN__ int g_ld_debug_verbosity; 128 129__LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 130 131#if STATS 132struct linker_stats_t { 133 int count[kRelocMax]; 134}; 135 136static linker_stats_t linker_stats; 137 138void count_relocation(RelocationKind kind) { 139 ++linker_stats.count[kind]; 140} 141#else 142void count_relocation(RelocationKind) { 143} 144#endif 145 146#if COUNT_PAGES 147uint32_t bitmask[4096]; 148#endif 149 150// You shouldn't try to call memory-allocating functions in the dynamic linker. 151// Guard against the most obvious ones. 152#define DISALLOW_ALLOCATION(return_type, name, ...) \ 153 return_type name __VA_ARGS__ \ 154 { \ 155 __libc_fatal("ERROR: " #name " called from the dynamic linker!\n"); \ 156 } 157DISALLOW_ALLOCATION(void*, malloc, (size_t u __unused)); 158DISALLOW_ALLOCATION(void, free, (void* u __unused)); 159DISALLOW_ALLOCATION(void*, realloc, (void* u1 __unused, size_t u2 __unused)); 160DISALLOW_ALLOCATION(void*, calloc, (size_t u1 __unused, size_t u2 __unused)); 161 162static char __linker_dl_err_buf[768]; 163 164char* linker_get_error_buffer() { 165 return &__linker_dl_err_buf[0]; 166} 167 168size_t linker_get_error_buffer_size() { 169 return sizeof(__linker_dl_err_buf); 170} 171 172// This function is an empty stub where GDB locates a breakpoint to get notified 173// about linker activity. 174extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 175 176static pthread_mutex_t g__r_debug_mutex = PTHREAD_MUTEX_INITIALIZER; 177static r_debug _r_debug = {1, nullptr, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 178static link_map* r_debug_tail = 0; 179 180static void insert_soinfo_into_debug_map(soinfo* info) { 181 // Copy the necessary fields into the debug structure. 182 link_map* map = &(info->link_map_head); 183 map->l_addr = info->load_bias; 184 map->l_name = info->name; 185 map->l_ld = info->dynamic; 186 187 // Stick the new library at the end of the list. 188 // gdb tends to care more about libc than it does 189 // about leaf libraries, and ordering it this way 190 // reduces the back-and-forth over the wire. 191 if (r_debug_tail) { 192 r_debug_tail->l_next = map; 193 map->l_prev = r_debug_tail; 194 map->l_next = 0; 195 } else { 196 _r_debug.r_map = map; 197 map->l_prev = 0; 198 map->l_next = 0; 199 } 200 r_debug_tail = map; 201} 202 203static void remove_soinfo_from_debug_map(soinfo* info) { 204 link_map* map = &(info->link_map_head); 205 206 if (r_debug_tail == map) { 207 r_debug_tail = map->l_prev; 208 } 209 210 if (map->l_prev) { 211 map->l_prev->l_next = map->l_next; 212 } 213 if (map->l_next) { 214 map->l_next->l_prev = map->l_prev; 215 } 216} 217 218static void notify_gdb_of_load(soinfo* info) { 219 if (info->is_main_executable()) { 220 // GDB already knows about the main executable 221 return; 222 } 223 224 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 225 226 _r_debug.r_state = r_debug::RT_ADD; 227 rtld_db_dlactivity(); 228 229 insert_soinfo_into_debug_map(info); 230 231 _r_debug.r_state = r_debug::RT_CONSISTENT; 232 rtld_db_dlactivity(); 233} 234 235static void notify_gdb_of_unload(soinfo* info) { 236 if (info->is_main_executable()) { 237 // GDB already knows about the main executable 238 return; 239 } 240 241 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 242 243 _r_debug.r_state = r_debug::RT_DELETE; 244 rtld_db_dlactivity(); 245 246 remove_soinfo_from_debug_map(info); 247 248 _r_debug.r_state = r_debug::RT_CONSISTENT; 249 rtld_db_dlactivity(); 250} 251 252void notify_gdb_of_libraries() { 253 _r_debug.r_state = r_debug::RT_ADD; 254 rtld_db_dlactivity(); 255 _r_debug.r_state = r_debug::RT_CONSISTENT; 256 rtld_db_dlactivity(); 257} 258 259LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 260 return g_soinfo_links_allocator.alloc(); 261} 262 263void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 264 g_soinfo_links_allocator.free(entry); 265} 266 267static soinfo* soinfo_alloc(const char* name, struct stat* file_stat, off64_t file_offset, uint32_t rtld_flags) { 268 if (strlen(name) >= SOINFO_NAME_LEN) { 269 DL_ERR("library name \"%s\" too long", name); 270 return nullptr; 271 } 272 273 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(name, file_stat, file_offset, rtld_flags); 274 275 sonext->next = si; 276 sonext = si; 277 278 TRACE("name %s: allocated soinfo @ %p", name, si); 279 return si; 280} 281 282static void soinfo_free(soinfo* si) { 283 if (si == nullptr) { 284 return; 285 } 286 287 if (si->base != 0 && si->size != 0) { 288 munmap(reinterpret_cast<void*>(si->base), si->size); 289 } 290 291 soinfo *prev = nullptr, *trav; 292 293 TRACE("name %s: freeing soinfo @ %p", si->name, si); 294 295 for (trav = solist; trav != nullptr; trav = trav->next) { 296 if (trav == si) { 297 break; 298 } 299 prev = trav; 300 } 301 302 if (trav == nullptr) { 303 // si was not in solist 304 DL_ERR("name \"%s\"@%p is not in solist!", si->name, si); 305 return; 306 } 307 308 // clear links to/from si 309 si->remove_all_links(); 310 311 // prev will never be null, because the first entry in solist is 312 // always the static libdl_info. 313 prev->next = si->next; 314 if (si == sonext) { 315 sonext = prev; 316 } 317 318 g_soinfo_allocator.free(si); 319} 320 321static void parse_path(const char* path, const char* delimiters, 322 const char** array, char* buf, size_t buf_size, size_t max_count) { 323 if (path == nullptr) { 324 return; 325 } 326 327 size_t len = strlcpy(buf, path, buf_size); 328 329 size_t i = 0; 330 char* buf_p = buf; 331 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 332 if (*array[i] != '\0') { 333 ++i; 334 } 335 } 336 337 // Forget the last path if we had to truncate; this occurs if the 2nd to 338 // last char isn't '\0' (i.e. wasn't originally a delimiter). 339 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 340 array[i - 1] = nullptr; 341 } else { 342 array[i] = nullptr; 343 } 344} 345 346static void parse_LD_LIBRARY_PATH(const char* path) { 347 parse_path(path, ":", g_ld_library_paths, 348 g_ld_library_paths_buffer, sizeof(g_ld_library_paths_buffer), LDPATH_MAX); 349} 350 351static void parse_LD_PRELOAD(const char* path) { 352 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 353 parse_path(path, " :", g_ld_preload_names, 354 g_ld_preloads_buffer, sizeof(g_ld_preloads_buffer), LDPRELOAD_MAX); 355} 356 357#if defined(__arm__) 358 359// For a given PC, find the .so that it belongs to. 360// Returns the base address of the .ARM.exidx section 361// for that .so, and the number of 8-byte entries 362// in that section (via *pcount). 363// 364// Intended to be called by libc's __gnu_Unwind_Find_exidx(). 365// 366// This function is exposed via dlfcn.cpp and libdl.so. 367_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 368 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 369 370 for (soinfo* si = solist; si != 0; si = si->next) { 371 if ((addr >= si->base) && (addr < (si->base + si->size))) { 372 *pcount = si->ARM_exidx_count; 373 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 374 } 375 } 376 *pcount = 0; 377 return nullptr; 378} 379 380#endif 381 382// Here, we only have to provide a callback to iterate across all the 383// loaded libraries. gcc_eh does the rest. 384int dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 385 int rv = 0; 386 for (soinfo* si = solist; si != nullptr; si = si->next) { 387 dl_phdr_info dl_info; 388 dl_info.dlpi_addr = si->link_map_head.l_addr; 389 dl_info.dlpi_name = si->link_map_head.l_name; 390 dl_info.dlpi_phdr = si->phdr; 391 dl_info.dlpi_phnum = si->phnum; 392 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 393 if (rv != 0) { 394 break; 395 } 396 } 397 return rv; 398} 399 400ElfW(Sym)* soinfo::find_symbol_by_name(SymbolName& symbol_name) { 401 return is_gnu_hash() ? gnu_lookup(symbol_name) : elf_lookup(symbol_name); 402} 403 404static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 405 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 406 ELF_ST_BIND(s->st_info) == STB_WEAK) { 407 return s->st_shndx != SHN_UNDEF; 408 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 409 DL_WARN("unexpected ST_BIND value: %d for '%s' in '%s'", 410 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->name); 411 } 412 413 return false; 414} 415 416ElfW(Sym)* soinfo::gnu_lookup(SymbolName& symbol_name) { 417 uint32_t hash = symbol_name.gnu_hash(); 418 uint32_t h2 = hash >> gnu_shift2_; 419 420 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 421 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 422 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 423 424 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 425 symbol_name.get_name(), name, reinterpret_cast<void*>(base)); 426 427 // test against bloom filter 428 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 429 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 430 symbol_name.get_name(), name, reinterpret_cast<void*>(base)); 431 432 return nullptr; 433 } 434 435 // bloom test says "probably yes"... 436 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 437 438 if (n == 0) { 439 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 440 symbol_name.get_name(), name, reinterpret_cast<void*>(base)); 441 442 return nullptr; 443 } 444 445 do { 446 ElfW(Sym)* s = symtab_ + n; 447 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 448 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 449 is_symbol_global_and_defined(this, s)) { 450 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 451 symbol_name.get_name(), name, reinterpret_cast<void*>(s->st_value), 452 static_cast<size_t>(s->st_size)); 453 return s; 454 } 455 } while ((gnu_chain_[n++] & 1) == 0); 456 457 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 458 symbol_name.get_name(), name, reinterpret_cast<void*>(base)); 459 460 return nullptr; 461} 462 463ElfW(Sym)* soinfo::elf_lookup(SymbolName& symbol_name) { 464 uint32_t hash = symbol_name.elf_hash(); 465 466 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 467 symbol_name.get_name(), name, reinterpret_cast<void*>(base), hash, hash % nbucket_); 468 469 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 470 ElfW(Sym)* s = symtab_ + n; 471 if (strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && is_symbol_global_and_defined(this, s)) { 472 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 473 symbol_name.get_name(), name, reinterpret_cast<void*>(s->st_value), 474 static_cast<size_t>(s->st_size)); 475 return s; 476 } 477 } 478 479 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 480 symbol_name.get_name(), name, reinterpret_cast<void*>(base), hash, hash % nbucket_); 481 482 return nullptr; 483} 484 485soinfo::soinfo(const char* name, const struct stat* file_stat, off64_t file_offset, int rtld_flags) { 486 memset(this, 0, sizeof(*this)); 487 488 strlcpy(this->name, name, sizeof(this->name)); 489 flags_ = FLAG_NEW_SOINFO; 490 version_ = SOINFO_VERSION; 491 492 if (file_stat != nullptr) { 493 this->st_dev_ = file_stat->st_dev; 494 this->st_ino_ = file_stat->st_ino; 495 this->file_offset_ = file_offset; 496 } 497 498 this->rtld_flags_ = rtld_flags; 499} 500 501 502uint32_t SymbolName::elf_hash() { 503 if (!has_elf_hash_) { 504 const unsigned char* name = reinterpret_cast<const unsigned char*>(name_); 505 uint32_t h = 0, g; 506 507 while (*name) { 508 h = (h << 4) + *name++; 509 g = h & 0xf0000000; 510 h ^= g; 511 h ^= g >> 24; 512 } 513 514 elf_hash_ = h; 515 has_elf_hash_ = true; 516 } 517 518 return elf_hash_; 519} 520 521uint32_t SymbolName::gnu_hash() { 522 if (!has_gnu_hash_) { 523 uint32_t h = 5381; 524 const unsigned char* name = reinterpret_cast<const unsigned char*>(name_); 525 while (*name != 0) { 526 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 527 } 528 529 gnu_hash_ = h; 530 has_gnu_hash_ = true; 531 } 532 533 return gnu_hash_; 534} 535 536ElfW(Sym)* soinfo_do_lookup(soinfo* si_from, const char* name, soinfo** si_found_in, 537 const soinfo::soinfo_list_t& global_group, const soinfo::soinfo_list_t& local_group) { 538 SymbolName symbol_name(name); 539 ElfW(Sym)* s = nullptr; 540 541 /* "This element's presence in a shared object library alters the dynamic linker's 542 * symbol resolution algorithm for references within the library. Instead of starting 543 * a symbol search with the executable file, the dynamic linker starts from the shared 544 * object itself. If the shared object fails to supply the referenced symbol, the 545 * dynamic linker then searches the executable file and other shared objects as usual." 546 * 547 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 548 * 549 * Note that this is unlikely since static linker avoids generating 550 * relocations for -Bsymbolic linked dynamic executables. 551 */ 552 if (si_from->has_DT_SYMBOLIC) { 553 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->name, name); 554 s = si_from->find_symbol_by_name(symbol_name); 555 if (s != nullptr) { 556 *si_found_in = si_from; 557 } 558 } 559 560 // 1. Look for it in global_group 561 if (s == nullptr) { 562 global_group.visit([&](soinfo* global_si) { 563 DEBUG("%s: looking up %s in %s (from global group)", si_from->name, name, global_si->name); 564 s = global_si->find_symbol_by_name(symbol_name); 565 if (s != nullptr) { 566 *si_found_in = global_si; 567 return false; 568 } 569 570 return true; 571 }); 572 } 573 574 // 2. Look for it in the local group 575 if (s == nullptr) { 576 local_group.visit([&](soinfo* local_si) { 577 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 578 // we already did this - skip 579 return true; 580 } 581 582 DEBUG("%s: looking up %s in %s (from local group)", si_from->name, name, local_si->name); 583 s = local_si->find_symbol_by_name(symbol_name); 584 if (s != nullptr) { 585 *si_found_in = local_si; 586 return false; 587 } 588 589 return true; 590 }); 591 } 592 593 if (s != nullptr) { 594 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 595 "found in %s, base = %p, load bias = %p", 596 si_from->name, name, reinterpret_cast<void*>(s->st_value), 597 (*si_found_in)->name, reinterpret_cast<void*>((*si_found_in)->base), 598 reinterpret_cast<void*>((*si_found_in)->load_bias)); 599 } 600 601 return s; 602} 603 604class ProtectedDataGuard { 605 public: 606 ProtectedDataGuard() { 607 if (ref_count_++ == 0) { 608 protect_data(PROT_READ | PROT_WRITE); 609 } 610 } 611 612 ~ProtectedDataGuard() { 613 if (ref_count_ == 0) { // overflow 614 __libc_fatal("Too many nested calls to dlopen()"); 615 } 616 617 if (--ref_count_ == 0) { 618 protect_data(PROT_READ); 619 } 620 } 621 private: 622 void protect_data(int protection) { 623 g_soinfo_allocator.protect_all(protection); 624 g_soinfo_links_allocator.protect_all(protection); 625 } 626 627 static size_t ref_count_; 628}; 629 630size_t ProtectedDataGuard::ref_count_ = 0; 631 632// Each size has it's own allocator. 633template<size_t size> 634class SizeBasedAllocator { 635 public: 636 static void* alloc() { 637 return allocator_.alloc(); 638 } 639 640 static void free(void* ptr) { 641 allocator_.free(ptr); 642 } 643 644 private: 645 static LinkerBlockAllocator allocator_; 646}; 647 648template<size_t size> 649LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 650 651template<typename T> 652class TypeBasedAllocator { 653 public: 654 static T* alloc() { 655 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 656 } 657 658 static void free(T* ptr) { 659 SizeBasedAllocator<sizeof(T)>::free(ptr); 660 } 661}; 662 663class LoadTask { 664 public: 665 struct deleter_t { 666 void operator()(LoadTask* t) { 667 TypeBasedAllocator<LoadTask>::free(t); 668 } 669 }; 670 671 typedef UniquePtr<LoadTask, deleter_t> unique_ptr; 672 673 static deleter_t deleter; 674 675 static LoadTask* create(const char* name, soinfo* needed_by) { 676 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 677 return new (ptr) LoadTask(name, needed_by); 678 } 679 680 const char* get_name() const { 681 return name_; 682 } 683 684 soinfo* get_needed_by() const { 685 return needed_by_; 686 } 687 private: 688 LoadTask(const char* name, soinfo* needed_by) 689 : name_(name), needed_by_(needed_by) {} 690 691 const char* name_; 692 soinfo* needed_by_; 693 694 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 695}; 696 697LoadTask::deleter_t LoadTask::deleter; 698 699template <typename T> 700using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 701 702typedef linked_list_t<soinfo> SoinfoLinkedList; 703typedef linked_list_t<const char> StringLinkedList; 704typedef linked_list_t<LoadTask> LoadTaskList; 705 706 707// This function walks down the tree of soinfo dependencies 708// in breadth-first order and 709// * calls action(soinfo* si) for each node, and 710// * terminates walk if action returns false. 711// 712// walk_dependencies_tree returns false if walk was terminated 713// by the action and true otherwise. 714template<typename F> 715static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 716 SoinfoLinkedList visit_list; 717 SoinfoLinkedList visited; 718 719 for (size_t i = 0; i < root_soinfos_size; ++i) { 720 visit_list.push_back(root_soinfos[i]); 721 } 722 723 soinfo* si; 724 while ((si = visit_list.pop_front()) != nullptr) { 725 if (visited.contains(si)) { 726 continue; 727 } 728 729 if (!action(si)) { 730 return false; 731 } 732 733 visited.push_back(si); 734 735 si->get_children().for_each([&](soinfo* child) { 736 visit_list.push_back(child); 737 }); 738 } 739 740 return true; 741} 742 743 744// This is used by dlsym(3). It performs symbol lookup only within the 745// specified soinfo object and its dependencies in breadth first order. 746ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, const char* name) { 747 ElfW(Sym)* result = nullptr; 748 SymbolName symbol_name(name); 749 750 751 walk_dependencies_tree(&si, 1, [&](soinfo* current_soinfo) { 752 result = current_soinfo->find_symbol_by_name(symbol_name); 753 if (result != nullptr) { 754 *found = current_soinfo; 755 return false; 756 } 757 758 return true; 759 }); 760 761 return result; 762} 763 764/* This is used by dlsym(3) to performs a global symbol lookup. If the 765 start value is null (for RTLD_DEFAULT), the search starts at the 766 beginning of the global solist. Otherwise the search starts at the 767 specified soinfo (for RTLD_NEXT). 768 */ 769ElfW(Sym)* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 770 SymbolName symbol_name(name); 771 772 if (start == nullptr) { 773 start = solist; 774 } 775 776 ElfW(Sym)* s = nullptr; 777 for (soinfo* si = start; (s == nullptr) && (si != nullptr); si = si->next) { 778 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0) { 779 continue; 780 } 781 782 s = si->find_symbol_by_name(symbol_name); 783 if (s != nullptr) { 784 *found = si; 785 break; 786 } 787 } 788 789 if (s != nullptr) { 790 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 791 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 792 } 793 794 return s; 795} 796 797soinfo* find_containing_library(const void* p) { 798 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 799 for (soinfo* si = solist; si != nullptr; si = si->next) { 800 if (address >= si->base && address - si->base < si->size) { 801 return si; 802 } 803 } 804 return nullptr; 805} 806 807ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 808 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 809} 810 811static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 812 return sym->st_shndx != SHN_UNDEF && 813 soaddr >= sym->st_value && 814 soaddr < sym->st_value + sym->st_size; 815} 816 817ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 818 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 819 820 for (size_t i = 0; i < gnu_nbucket_; ++i) { 821 uint32_t n = gnu_bucket_[i]; 822 823 if (n == 0) { 824 continue; 825 } 826 827 do { 828 ElfW(Sym)* sym = symtab_ + n; 829 if (symbol_matches_soaddr(sym, soaddr)) { 830 return sym; 831 } 832 } while ((gnu_chain_[n++] & 1) == 0); 833 } 834 835 return nullptr; 836} 837 838ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 839 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 840 841 // Search the library's symbol table for any defined symbol which 842 // contains this address. 843 for (size_t i = 0; i < nchain_; ++i) { 844 ElfW(Sym)* sym = symtab_ + i; 845 if (symbol_matches_soaddr(sym, soaddr)) { 846 return sym; 847 } 848 } 849 850 return nullptr; 851} 852 853static int open_library_on_path(const char* name, const char* const paths[]) { 854 char buf[512]; 855 for (size_t i = 0; paths[i] != nullptr; ++i) { 856 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 857 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 858 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 859 continue; 860 } 861 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 862 if (fd != -1) { 863 return fd; 864 } 865 } 866 return -1; 867} 868 869static int open_library(const char* name) { 870 TRACE("[ opening %s ]", name); 871 872 // If the name contains a slash, we should attempt to open it directly and not search the paths. 873 if (strchr(name, '/') != nullptr) { 874 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 875 if (fd != -1) { 876 return fd; 877 } 878 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 879#if defined(__LP64__) 880 return -1; 881#endif 882 } 883 884 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 885 int fd = open_library_on_path(name, g_ld_library_paths); 886 if (fd == -1) { 887 fd = open_library_on_path(name, kDefaultLdPaths); 888 } 889 return fd; 890} 891 892template<typename F> 893static void for_each_dt_needed(const soinfo* si, F action) { 894 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 895 if (d->d_tag == DT_NEEDED) { 896 action(si->get_string(d->d_un.d_val)); 897 } 898 } 899} 900 901static soinfo* load_library(LoadTaskList& load_tasks, const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 902 int fd = -1; 903 off64_t file_offset = 0; 904 ScopedFd file_guard(-1); 905 906 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 907 fd = extinfo->library_fd; 908 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 909 file_offset = extinfo->library_fd_offset; 910 } 911 } else { 912 // Open the file. 913 fd = open_library(name); 914 if (fd == -1) { 915 DL_ERR("library \"%s\" not found", name); 916 return nullptr; 917 } 918 919 file_guard.reset(fd); 920 } 921 922 if ((file_offset % PAGE_SIZE) != 0) { 923 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 924 return nullptr; 925 } 926 if (file_offset < 0) { 927 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 928 return nullptr; 929 } 930 931 struct stat file_stat; 932 if (TEMP_FAILURE_RETRY(fstat(fd, &file_stat)) != 0) { 933 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 934 return nullptr; 935 } 936 if (file_offset >= file_stat.st_size) { 937 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, name, file_offset, file_stat.st_size); 938 return nullptr; 939 } 940 941 // Check for symlink and other situations where 942 // file can have different names. 943 for (soinfo* si = solist; si != nullptr; si = si->next) { 944 if (si->get_st_dev() != 0 && 945 si->get_st_ino() != 0 && 946 si->get_st_dev() == file_stat.st_dev && 947 si->get_st_ino() == file_stat.st_ino && 948 si->get_file_offset() == file_offset) { 949 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - will return existing soinfo", name, si->name); 950 return si; 951 } 952 } 953 954 if ((rtld_flags & RTLD_NOLOAD) != 0) { 955 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 956 return nullptr; 957 } 958 959 // Read the ELF header and load the segments. 960 ElfReader elf_reader(name, fd, file_offset); 961 if (!elf_reader.Load(extinfo)) { 962 return nullptr; 963 } 964 965 soinfo* si = soinfo_alloc(SEARCH_NAME(name), &file_stat, file_offset, rtld_flags); 966 if (si == nullptr) { 967 return nullptr; 968 } 969 si->base = elf_reader.load_start(); 970 si->size = elf_reader.load_size(); 971 si->load_bias = elf_reader.load_bias(); 972 si->phnum = elf_reader.phdr_count(); 973 si->phdr = elf_reader.loaded_phdr(); 974 975 if (!si->prelink_image()) { 976 soinfo_free(si); 977 return nullptr; 978 } 979 980 for_each_dt_needed(si, [&] (const char* name) { 981 load_tasks.push_back(LoadTask::create(name, si)); 982 }); 983 984 return si; 985} 986 987static soinfo *find_loaded_library_by_name(const char* name) { 988 const char* search_name = SEARCH_NAME(name); 989 for (soinfo* si = solist; si != nullptr; si = si->next) { 990 if (!strcmp(search_name, si->name)) { 991 return si; 992 } 993 } 994 return nullptr; 995} 996 997static soinfo* find_library_internal(LoadTaskList& load_tasks, const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 998 999 soinfo* si = find_loaded_library_by_name(name); 1000 1001 // Library might still be loaded, the accurate detection 1002 // of this fact is done by load_library. 1003 if (si == nullptr) { 1004 TRACE("[ '%s' has not been found by name. Trying harder...]", name); 1005 si = load_library(load_tasks, name, rtld_flags, extinfo); 1006 } 1007 1008 return si; 1009} 1010 1011static void soinfo_unload(soinfo* si); 1012 1013// TODO: this is slightly unusual way to construct 1014// the global group for relocation. Not every RTLD_GLOBAL 1015// library is included in this group for backwards-compatibility 1016// reasons. 1017// 1018// This group consists of the main executable, LD_PRELOADs 1019// and libraries with the DF_1_GLOBAL flag set. 1020static soinfo::soinfo_list_t make_global_group() { 1021 soinfo::soinfo_list_t global_group; 1022 for (soinfo* si = somain; si != nullptr; si = si->next) { 1023 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1024 global_group.push_back(si); 1025 } 1026 } 1027 1028 return global_group; 1029} 1030 1031static bool find_libraries(soinfo* start_with, const char* const library_names[], size_t library_names_count, soinfo* soinfos[], 1032 soinfo* ld_preloads[], size_t ld_preloads_count, int rtld_flags, const android_dlextinfo* extinfo) { 1033 // Step 0: prepare. 1034 LoadTaskList load_tasks; 1035 for (size_t i = 0; i < library_names_count; ++i) { 1036 const char* name = library_names[i]; 1037 load_tasks.push_back(LoadTask::create(name, start_with)); 1038 } 1039 1040 // Construct global_group. 1041 soinfo::soinfo_list_t global_group = make_global_group(); 1042 1043 // If soinfos array is null allocate one on stack. 1044 // The array is needed in case of failure; for example 1045 // when library_names[] = {libone.so, libtwo.so} and libone.so 1046 // is loaded correctly but libtwo.so failed for some reason. 1047 // In this case libone.so should be unloaded on return. 1048 // See also implementation of failure_guard below. 1049 1050 if (soinfos == nullptr) { 1051 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 1052 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 1053 memset(soinfos, 0, soinfos_size); 1054 } 1055 1056 // list of libraries to link - see step 2. 1057 size_t soinfos_count = 0; 1058 1059 auto failure_guard = make_scope_guard([&]() { 1060 // Housekeeping 1061 load_tasks.for_each([] (LoadTask* t) { 1062 LoadTask::deleter(t); 1063 }); 1064 1065 for (size_t i = 0; i<soinfos_count; ++i) { 1066 soinfo_unload(soinfos[i]); 1067 } 1068 }); 1069 1070 // Step 1: load and pre-link all DT_NEEDED libraries in breadth first order. 1071 for (LoadTask::unique_ptr task(load_tasks.pop_front()); task.get() != nullptr; task.reset(load_tasks.pop_front())) { 1072 soinfo* si = find_library_internal(load_tasks, task->get_name(), rtld_flags, extinfo); 1073 if (si == nullptr) { 1074 return false; 1075 } 1076 1077 soinfo* needed_by = task->get_needed_by(); 1078 1079 if (needed_by != nullptr) { 1080 needed_by->add_child(si); 1081 } 1082 1083 if (si->is_linked()) { 1084 si->increment_ref_count(); 1085 } 1086 1087 // When ld_preloads is not null, the first 1088 // ld_preloads_count libs are in fact ld_preloads. 1089 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 1090 // Add LD_PRELOADed libraries to the global group for future runs. 1091 // There is no need to explicitly add them to the global group 1092 // for this run because they are going to appear in the local 1093 // group in the correct order. 1094 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 1095 ld_preloads[soinfos_count] = si; 1096 } 1097 1098 if (soinfos_count < library_names_count) { 1099 soinfos[soinfos_count++] = si; 1100 } 1101 } 1102 1103 // Step 2: link libraries. 1104 soinfo::soinfo_list_t local_group; 1105 walk_dependencies_tree( 1106 start_with == nullptr ? soinfos : &start_with, 1107 start_with == nullptr ? soinfos_count : 1, 1108 [&] (soinfo* si) { 1109 local_group.push_back(si); 1110 return true; 1111 }); 1112 1113 // We need to increment ref_count in case 1114 // the root of the local group was not linked. 1115 bool was_local_group_root_linked = local_group.front()->is_linked(); 1116 1117 bool linked = local_group.visit([&](soinfo* si) { 1118 if (!si->is_linked()) { 1119 if (!si->link_image(global_group, local_group, extinfo)) { 1120 return false; 1121 } 1122 si->set_linked(); 1123 } 1124 1125 return true; 1126 }); 1127 1128 if (linked) { 1129 failure_guard.disable(); 1130 } 1131 1132 if (!was_local_group_root_linked) { 1133 local_group.front()->increment_ref_count(); 1134 } 1135 1136 return linked; 1137} 1138 1139static soinfo* find_library(const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 1140 soinfo* si; 1141 1142 if (name == nullptr) { 1143 si = somain; 1144 } else if (!find_libraries(nullptr, &name, 1, &si, nullptr, 0, rtld_flags, extinfo)) { 1145 return nullptr; 1146 } 1147 1148 return si; 1149} 1150 1151static void soinfo_unload(soinfo* root) { 1152 // Note that the library can be loaded but not linked; 1153 // in which case there is no root but we still need 1154 // to walk the tree and unload soinfos involved. 1155 // 1156 // This happens on unsuccessful dlopen, when one of 1157 // the DT_NEEDED libraries could not be linked/found. 1158 if (root->is_linked()) { 1159 root = root->get_local_group_root(); 1160 } 1161 1162 if (!root->can_unload()) { 1163 TRACE("not unloading '%s' - the binary is flagged with NODELETE", root->name); 1164 return; 1165 } 1166 1167 size_t ref_count = root->is_linked() ? root->decrement_ref_count() : 0; 1168 1169 if (ref_count == 0) { 1170 soinfo::soinfo_list_t local_unload_list; 1171 soinfo::soinfo_list_t external_unload_list; 1172 soinfo::soinfo_list_t depth_first_list; 1173 depth_first_list.push_back(root); 1174 soinfo* si = nullptr; 1175 1176 while ((si = depth_first_list.pop_front()) != nullptr) { 1177 if (local_unload_list.contains(si)) { 1178 continue; 1179 } 1180 1181 local_unload_list.push_back(si); 1182 1183 if (si->has_min_version(0)) { 1184 soinfo* child = nullptr; 1185 while ((child = si->get_children().pop_front()) != nullptr) { 1186 TRACE("%s@%p needs to unload %s@%p", si->name, si, child->name, child); 1187 if (local_unload_list.contains(child)) { 1188 continue; 1189 } else if (child->is_linked() && child->get_local_group_root() != root) { 1190 external_unload_list.push_back(child); 1191 } else { 1192 depth_first_list.push_front(child); 1193 } 1194 } 1195 } else { 1196#ifdef __LP64__ 1197 __libc_fatal("soinfo for \"%s\"@%p has no version", si->name, si); 1198#else 1199 PRINT("warning: soinfo for \"%s\"@%p has no version", si->name, si); 1200 for_each_dt_needed(si, [&] (const char* library_name) { 1201 TRACE("deprecated (old format of soinfo): %s needs to unload %s", si->name, library_name); 1202 soinfo* needed = find_library(library_name, RTLD_NOLOAD, nullptr); 1203 if (needed != nullptr) { 1204 // Not found: for example if symlink was deleted between dlopen and dlclose 1205 // Since we cannot really handle errors at this point - print and continue. 1206 PRINT("warning: couldn't find %s needed by %s on unload.", library_name, si->name); 1207 return; 1208 } else if (local_unload_list.contains(needed)) { 1209 // already visited 1210 return; 1211 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 1212 // external group 1213 external_unload_list.push_back(needed); 1214 } else { 1215 // local group 1216 depth_first_list.push_front(needed); 1217 } 1218 }); 1219#endif 1220 } 1221 } 1222 1223 local_unload_list.for_each([](soinfo* si) { 1224 si->call_destructors(); 1225 }); 1226 1227 while ((si = local_unload_list.pop_front()) != nullptr) { 1228 notify_gdb_of_unload(si); 1229 soinfo_free(si); 1230 } 1231 1232 while ((si = external_unload_list.pop_front()) != nullptr) { 1233 soinfo_unload(si); 1234 } 1235 } else { 1236 TRACE("not unloading '%s' group, decrementing ref_count to %zd", root->name, ref_count); 1237 } 1238} 1239 1240void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 1241 // Use basic string manipulation calls to avoid snprintf. 1242 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 1243 // When debug malloc is enabled, this call returns 0. This in turn causes 1244 // snprintf to do nothing, which causes libraries to fail to load. 1245 // See b/17302493 for further details. 1246 // Once the above bug is fixed, this code can be modified to use 1247 // snprintf again. 1248 size_t required_len = strlen(kDefaultLdPaths[0]) + strlen(kDefaultLdPaths[1]) + 2; 1249 if (buffer_size < required_len) { 1250 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: buffer len %zu, required len %zu", 1251 buffer_size, required_len); 1252 } 1253 char* end = stpcpy(buffer, kDefaultLdPaths[0]); 1254 *end = ':'; 1255 strcpy(end + 1, kDefaultLdPaths[1]); 1256} 1257 1258void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 1259 parse_LD_LIBRARY_PATH(ld_library_path); 1260} 1261 1262soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 1263 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 1264 DL_ERR("invalid flags to dlopen: %x", flags); 1265 return nullptr; 1266 } 1267 if (extinfo != nullptr) { 1268 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 1269 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 1270 return nullptr; 1271 } 1272 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 1273 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1274 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 1275 return nullptr; 1276 } 1277 } 1278 1279 ProtectedDataGuard guard; 1280 soinfo* si = find_library(name, flags, extinfo); 1281 if (si != nullptr) { 1282 si->call_constructors(); 1283 } 1284 return si; 1285} 1286 1287void do_dlclose(soinfo* si) { 1288 ProtectedDataGuard guard; 1289 soinfo_unload(si); 1290} 1291 1292static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 1293 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 1294 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 1295 ElfW(Addr) ifunc_addr = ifunc_resolver(); 1296 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 1297 1298 return ifunc_addr; 1299} 1300 1301#if !defined(__mips__) 1302#if defined(USE_RELA) 1303static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 1304 return rela->r_addend; 1305} 1306#else 1307static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 1308 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 1309 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 1310 } 1311 return 0; 1312} 1313#endif 1314 1315template<typename ElfRelIteratorT> 1316bool soinfo::relocate(ElfRelIteratorT&& rel_iterator, const soinfo_list_t& global_group, const soinfo_list_t& local_group) { 1317 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 1318 const auto rel = rel_iterator.next(); 1319 if (rel == nullptr) { 1320 return false; 1321 } 1322 1323 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 1324 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 1325 1326 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 1327 ElfW(Addr) sym_addr = 0; 1328 const char* sym_name = nullptr; 1329 ElfW(Addr) addend = get_addend(rel, reloc); 1330 1331 DEBUG("Processing '%s' relocation at index %zd", this->name, idx); 1332 if (type == R_GENERIC_NONE) { 1333 continue; 1334 } 1335 1336 ElfW(Sym)* s = nullptr; 1337 soinfo* lsi = nullptr; 1338 1339 if (sym != 0) { 1340 sym_name = get_string(symtab_[sym].st_name); 1341 s = soinfo_do_lookup(this, sym_name, &lsi, global_group,local_group); 1342 if (s == nullptr) { 1343 // We only allow an undefined symbol if this is a weak reference... 1344 s = &symtab_[sym]; 1345 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1346 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, name); 1347 return false; 1348 } 1349 1350 /* IHI0044C AAELF 4.5.1.1: 1351 1352 Libraries are not searched to resolve weak references. 1353 It is not an error for a weak reference to remain unsatisfied. 1354 1355 During linking, the value of an undefined weak reference is: 1356 - Zero if the relocation type is absolute 1357 - The address of the place if the relocation is pc-relative 1358 - The address of nominal base address if the relocation 1359 type is base-relative. 1360 */ 1361 1362 switch (type) { 1363 case R_GENERIC_JUMP_SLOT: 1364 case R_GENERIC_GLOB_DAT: 1365 case R_GENERIC_RELATIVE: 1366 case R_GENERIC_IRELATIVE: 1367#if defined(__aarch64__) 1368 case R_AARCH64_ABS64: 1369 case R_AARCH64_ABS32: 1370 case R_AARCH64_ABS16: 1371#elif defined(__x86_64__) 1372 case R_X86_64_32: 1373 case R_X86_64_64: 1374#elif defined(__arm__) 1375 case R_ARM_ABS32: 1376#elif defined(__i386__) 1377 case R_386_32: 1378#endif 1379 /* 1380 * The sym_addr was initialized to be zero above, or the relocation 1381 * code below does not care about value of sym_addr. 1382 * No need to do anything. 1383 */ 1384 break; 1385#if defined(__x86_64__) 1386 case R_X86_64_PC32: 1387 sym_addr = reloc; 1388 break; 1389#elif defined(__i386__) 1390 case R_386_PC32: 1391 sym_addr = reloc; 1392 break; 1393#endif 1394 default: 1395 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1396 return false; 1397 } 1398 } else { 1399 // We got a definition. 1400 sym_addr = lsi->resolve_symbol_address(s); 1401 } 1402 count_relocation(kRelocSymbol); 1403 } 1404 1405 switch (type) { 1406 case R_GENERIC_JUMP_SLOT: 1407 count_relocation(kRelocAbsolute); 1408 MARK(rel->r_offset); 1409 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 1410 reinterpret_cast<void*>(reloc), 1411 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1412 1413 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1414 break; 1415 case R_GENERIC_GLOB_DAT: 1416 count_relocation(kRelocAbsolute); 1417 MARK(rel->r_offset); 1418 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 1419 reinterpret_cast<void*>(reloc), 1420 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1421 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1422 break; 1423 case R_GENERIC_RELATIVE: 1424 count_relocation(kRelocRelative); 1425 MARK(rel->r_offset); 1426 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 1427 reinterpret_cast<void*>(reloc), 1428 reinterpret_cast<void*>(load_bias + addend)); 1429 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 1430 break; 1431 case R_GENERIC_IRELATIVE: 1432 count_relocation(kRelocRelative); 1433 MARK(rel->r_offset); 1434 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 1435 reinterpret_cast<void*>(reloc), 1436 reinterpret_cast<void*>(load_bias + addend)); 1437 *reinterpret_cast<ElfW(Addr)*>(reloc) = call_ifunc_resolver(load_bias + addend); 1438 break; 1439 1440#if defined(__aarch64__) 1441 case R_AARCH64_ABS64: 1442 count_relocation(kRelocAbsolute); 1443 MARK(rel->r_offset); 1444 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 1445 reloc, (sym_addr + addend), sym_name); 1446 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1447 break; 1448 case R_AARCH64_ABS32: 1449 count_relocation(kRelocAbsolute); 1450 MARK(rel->r_offset); 1451 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 1452 reloc, (sym_addr + addend), sym_name); 1453 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend))) && 1454 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 1455 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1456 } else { 1457 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1458 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend)), 1459 static_cast<ElfW(Addr)>(INT32_MIN), 1460 static_cast<ElfW(Addr)>(UINT32_MAX)); 1461 return false; 1462 } 1463 break; 1464 case R_AARCH64_ABS16: 1465 count_relocation(kRelocAbsolute); 1466 MARK(rel->r_offset); 1467 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 1468 reloc, (sym_addr + addend), sym_name); 1469 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend))) && 1470 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1471 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 1472 } else { 1473 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1474 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + addend)), 1475 static_cast<ElfW(Addr)>(INT16_MIN), 1476 static_cast<ElfW(Addr)>(UINT16_MAX)); 1477 return false; 1478 } 1479 break; 1480 case R_AARCH64_PREL64: 1481 count_relocation(kRelocRelative); 1482 MARK(rel->r_offset); 1483 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 1484 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1485 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend) - rel->r_offset; 1486 break; 1487 case R_AARCH64_PREL32: 1488 count_relocation(kRelocRelative); 1489 MARK(rel->r_offset); 1490 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 1491 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1492 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset))) && 1493 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 1494 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 1495 } else { 1496 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1497 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset)), 1498 static_cast<ElfW(Addr)>(INT32_MIN), 1499 static_cast<ElfW(Addr)>(UINT32_MAX)); 1500 return false; 1501 } 1502 break; 1503 case R_AARCH64_PREL16: 1504 count_relocation(kRelocRelative); 1505 MARK(rel->r_offset); 1506 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 1507 reloc, (sym_addr + addend), rel->r_offset, sym_name); 1508 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset))) && 1509 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1510 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 1511 } else { 1512 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1513 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + addend) - rel->r_offset)), 1514 static_cast<ElfW(Addr)>(INT16_MIN), 1515 static_cast<ElfW(Addr)>(UINT16_MAX)); 1516 return false; 1517 } 1518 break; 1519 1520 case R_AARCH64_COPY: 1521 /* 1522 * ET_EXEC is not supported so this should not happen. 1523 * 1524 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1525 * 1526 * Section 4.7.1.10 "Dynamic relocations" 1527 * R_AARCH64_COPY may only appear in executable objects where e_type is 1528 * set to ET_EXEC. 1529 */ 1530 DL_ERR("%s R_AARCH64_COPY relocations are not supported", name); 1531 return false; 1532 case R_AARCH64_TLS_TPREL64: 1533 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 1534 reloc, (sym_addr + addend), rel->r_offset); 1535 break; 1536 case R_AARCH64_TLS_DTPREL32: 1537 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 1538 reloc, (sym_addr + addend), rel->r_offset); 1539 break; 1540#elif defined(__x86_64__) 1541 case R_X86_64_32: 1542 count_relocation(kRelocRelative); 1543 MARK(rel->r_offset); 1544 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1545 static_cast<size_t>(sym_addr), sym_name); 1546 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 1547 break; 1548 case R_X86_64_64: 1549 count_relocation(kRelocRelative); 1550 MARK(rel->r_offset); 1551 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1552 static_cast<size_t>(sym_addr), sym_name); 1553 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 1554 break; 1555 case R_X86_64_PC32: 1556 count_relocation(kRelocRelative); 1557 MARK(rel->r_offset); 1558 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 1559 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 1560 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 1561 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - reloc; 1562 break; 1563#elif defined(__arm__) 1564 case R_ARM_ABS32: 1565 count_relocation(kRelocAbsolute); 1566 MARK(rel->r_offset); 1567 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1568 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1569 break; 1570 case R_ARM_REL32: 1571 count_relocation(kRelocRelative); 1572 MARK(rel->r_offset); 1573 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1574 reloc, sym_addr, rel->r_offset, sym_name); 1575 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 1576 break; 1577 case R_ARM_COPY: 1578 /* 1579 * ET_EXEC is not supported so this should not happen. 1580 * 1581 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1582 * 1583 * Section 4.7.1.10 "Dynamic relocations" 1584 * R_ARM_COPY may only appear in executable objects where e_type is 1585 * set to ET_EXEC. 1586 */ 1587 DL_ERR("%s R_ARM_COPY relocations are not supported", name); 1588 return false; 1589#elif defined(__i386__) 1590 case R_386_32: 1591 count_relocation(kRelocRelative); 1592 MARK(rel->r_offset); 1593 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1594 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1595 break; 1596 case R_386_PC32: 1597 count_relocation(kRelocRelative); 1598 MARK(rel->r_offset); 1599 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1600 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1601 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 1602 break; 1603#endif 1604 default: 1605 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 1606 return false; 1607 } 1608 } 1609 return true; 1610} 1611#endif // !defined(__mips__) 1612 1613void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, size_t count, bool reverse) { 1614 if (functions == nullptr) { 1615 return; 1616 } 1617 1618 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1619 1620 int begin = reverse ? (count - 1) : 0; 1621 int end = reverse ? -1 : count; 1622 int step = reverse ? -1 : 1; 1623 1624 for (int i = begin; i != end; i += step) { 1625 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1626 call_function("function", functions[i]); 1627 } 1628 1629 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1630} 1631 1632void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 1633 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1634 return; 1635 } 1636 1637 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1638 function(); 1639 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1640} 1641 1642void soinfo::call_pre_init_constructors() { 1643 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1644 // but ignored in a shared library. 1645 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 1646} 1647 1648void soinfo::call_constructors() { 1649 if (constructors_called) { 1650 return; 1651 } 1652 1653 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1654 // protect against recursive constructor calls. One simple example of constructor recursion 1655 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1656 // 1. The program depends on libc, so libc's constructor is called here. 1657 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1658 // 3. dlopen() calls the constructors on the newly created 1659 // soinfo for libc_malloc_debug_leak.so. 1660 // 4. The debug .so depends on libc, so CallConstructors is 1661 // called again with the libc soinfo. If it doesn't trigger the early- 1662 // out above, the libc constructor will be called again (recursively!). 1663 constructors_called = true; 1664 1665 if (!is_main_executable() && preinit_array_ != nullptr) { 1666 // The GNU dynamic linker silently ignores these, but we warn the developer. 1667 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1668 name, preinit_array_count_); 1669 } 1670 1671 get_children().for_each([] (soinfo* si) { 1672 si->call_constructors(); 1673 }); 1674 1675 TRACE("\"%s\": calling constructors", name); 1676 1677 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1678 call_function("DT_INIT", init_func_); 1679 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 1680} 1681 1682void soinfo::call_destructors() { 1683 if (!constructors_called) { 1684 return; 1685 } 1686 TRACE("\"%s\": calling destructors", name); 1687 1688 // DT_FINI_ARRAY must be parsed in reverse order. 1689 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 1690 1691 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1692 call_function("DT_FINI", fini_func_); 1693 1694 // This is needed on second call to dlopen 1695 // after library has been unloaded with RTLD_NODELETE 1696 constructors_called = false; 1697} 1698 1699void soinfo::add_child(soinfo* child) { 1700 if (has_min_version(0)) { 1701 child->parents_.push_back(this); 1702 this->children_.push_back(child); 1703 } 1704} 1705 1706void soinfo::remove_all_links() { 1707 if (!has_min_version(0)) { 1708 return; 1709 } 1710 1711 // 1. Untie connected soinfos from 'this'. 1712 children_.for_each([&] (soinfo* child) { 1713 child->parents_.remove_if([&] (const soinfo* parent) { 1714 return parent == this; 1715 }); 1716 }); 1717 1718 parents_.for_each([&] (soinfo* parent) { 1719 parent->children_.remove_if([&] (const soinfo* child) { 1720 return child == this; 1721 }); 1722 }); 1723 1724 // 2. Once everything untied - clear local lists. 1725 parents_.clear(); 1726 children_.clear(); 1727} 1728 1729dev_t soinfo::get_st_dev() const { 1730 if (has_min_version(0)) { 1731 return st_dev_; 1732 } 1733 1734 return 0; 1735}; 1736 1737ino_t soinfo::get_st_ino() const { 1738 if (has_min_version(0)) { 1739 return st_ino_; 1740 } 1741 1742 return 0; 1743} 1744 1745off64_t soinfo::get_file_offset() const { 1746 if (has_min_version(1)) { 1747 return file_offset_; 1748 } 1749 1750 return 0; 1751} 1752 1753uint32_t soinfo::get_rtld_flags() const { 1754 if (has_min_version(1)) { 1755 return rtld_flags_; 1756 } 1757 1758 return 0; 1759} 1760 1761uint32_t soinfo::get_dt_flags_1() const { 1762 if (has_min_version(1)) { 1763 return dt_flags_1_; 1764 } 1765 1766 return 0; 1767} 1768void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 1769 if (has_min_version(1)) { 1770 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 1771 rtld_flags_ |= RTLD_GLOBAL; 1772 } 1773 1774 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 1775 rtld_flags_ |= RTLD_NODELETE; 1776 } 1777 1778 dt_flags_1_ = dt_flags_1; 1779 } 1780} 1781 1782// This is a return on get_children()/get_parents() if 1783// 'this->flags' does not have FLAG_NEW_SOINFO set. 1784static soinfo::soinfo_list_t g_empty_list; 1785 1786soinfo::soinfo_list_t& soinfo::get_children() { 1787 if (has_min_version(0)) { 1788 return children_; 1789 } 1790 1791 return g_empty_list; 1792} 1793 1794soinfo::soinfo_list_t& soinfo::get_parents() { 1795 if (has_min_version(0)) { 1796 return parents_; 1797 } 1798 1799 return g_empty_list; 1800} 1801 1802ElfW(Addr) soinfo::resolve_symbol_address(ElfW(Sym)* s) { 1803 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 1804 return call_ifunc_resolver(s->st_value + load_bias); 1805 } 1806 1807 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 1808} 1809 1810const char* soinfo::get_string(ElfW(Word) index) const { 1811 if (has_min_version(1) && (index >= strtab_size_)) { 1812 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", name, strtab_size_, index); 1813 } 1814 1815 return strtab_ + index; 1816} 1817 1818bool soinfo::is_gnu_hash() const { 1819 return (flags_ & FLAG_GNU_HASH) != 0; 1820} 1821 1822bool soinfo::can_unload() const { 1823 return (get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0; 1824} 1825 1826bool soinfo::is_linked() const { 1827 return (flags_ & FLAG_LINKED) != 0; 1828} 1829 1830bool soinfo::is_main_executable() const { 1831 return (flags_ & FLAG_EXE) != 0; 1832} 1833 1834void soinfo::set_linked() { 1835 flags_ |= FLAG_LINKED; 1836} 1837 1838void soinfo::set_linker_flag() { 1839 flags_ |= FLAG_LINKER; 1840} 1841 1842void soinfo::set_main_executable() { 1843 flags_ |= FLAG_EXE; 1844} 1845 1846void soinfo::increment_ref_count() { 1847 local_group_root_->ref_count_++; 1848} 1849 1850size_t soinfo::decrement_ref_count() { 1851 return --local_group_root_->ref_count_; 1852} 1853 1854soinfo* soinfo::get_local_group_root() const { 1855 return local_group_root_; 1856} 1857 1858/* Force any of the closed stdin, stdout and stderr to be associated with 1859 /dev/null. */ 1860static int nullify_closed_stdio() { 1861 int dev_null, i, status; 1862 int return_value = 0; 1863 1864 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1865 if (dev_null < 0) { 1866 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1867 return -1; 1868 } 1869 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1870 1871 /* If any of the stdio file descriptors is valid and not associated 1872 with /dev/null, dup /dev/null to it. */ 1873 for (i = 0; i < 3; i++) { 1874 /* If it is /dev/null already, we are done. */ 1875 if (i == dev_null) { 1876 continue; 1877 } 1878 1879 TRACE("[ Nullifying stdio file descriptor %d]", i); 1880 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1881 1882 /* If file is opened, we are good. */ 1883 if (status != -1) { 1884 continue; 1885 } 1886 1887 /* The only error we allow is that the file descriptor does not 1888 exist, in which case we dup /dev/null to it. */ 1889 if (errno != EBADF) { 1890 DL_ERR("fcntl failed: %s", strerror(errno)); 1891 return_value = -1; 1892 continue; 1893 } 1894 1895 /* Try dupping /dev/null to this stdio file descriptor and 1896 repeat if there is a signal. Note that any errors in closing 1897 the stdio descriptor are lost. */ 1898 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1899 if (status < 0) { 1900 DL_ERR("dup2 failed: %s", strerror(errno)); 1901 return_value = -1; 1902 continue; 1903 } 1904 } 1905 1906 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1907 if (dev_null > 2) { 1908 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1909 status = TEMP_FAILURE_RETRY(close(dev_null)); 1910 if (status == -1) { 1911 DL_ERR("close failed: %s", strerror(errno)); 1912 return_value = -1; 1913 } 1914 } 1915 1916 return return_value; 1917} 1918 1919bool soinfo::prelink_image() { 1920 /* Extract dynamic section */ 1921 ElfW(Word) dynamic_flags = 0; 1922 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 1923 1924 /* We can't log anything until the linker is relocated */ 1925 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 1926 if (!relocating_linker) { 1927 INFO("[ linking %s ]", name); 1928 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 1929 } 1930 1931 if (dynamic == nullptr) { 1932 if (!relocating_linker) { 1933 DL_ERR("missing PT_DYNAMIC in \"%s\"", name); 1934 } 1935 return false; 1936 } else { 1937 if (!relocating_linker) { 1938 DEBUG("dynamic = %p", dynamic); 1939 } 1940 } 1941 1942#if defined(__arm__) 1943 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 1944 &ARM_exidx, &ARM_exidx_count); 1945#endif 1946 1947 // Extract useful information from dynamic section. 1948 uint32_t needed_count = 0; 1949 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 1950 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1951 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1952 switch (d->d_tag) { 1953 case DT_SONAME: 1954 // TODO: glibc dynamic linker uses this name for 1955 // initial library lookup; consider doing the same here. 1956 break; 1957 1958 case DT_HASH: 1959 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 1960 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 1961 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 1962 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 1963 break; 1964 1965 case DT_GNU_HASH: 1966 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 1967 // skip symndx 1968 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 1969 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 1970 1971 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 1972 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 1973 // amend chain for symndx = header[1] 1974 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 1975 1976 if (!powerof2(gnu_maskwords_)) { 1977 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", gnu_maskwords_, name); 1978 return false; 1979 } 1980 --gnu_maskwords_; 1981 1982 flags_ |= FLAG_GNU_HASH; 1983 break; 1984 1985 case DT_STRTAB: 1986 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 1987 break; 1988 1989 case DT_STRSZ: 1990 strtab_size_ = d->d_un.d_val; 1991 break; 1992 1993 case DT_SYMTAB: 1994 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 1995 break; 1996 1997 case DT_SYMENT: 1998 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 1999 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", static_cast<size_t>(d->d_un.d_val), name); 2000 return false; 2001 } 2002 break; 2003 2004 case DT_PLTREL: 2005#if defined(USE_RELA) 2006 if (d->d_un.d_val != DT_RELA) { 2007 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", name); 2008 return false; 2009 } 2010#else 2011 if (d->d_un.d_val != DT_REL) { 2012 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", name); 2013 return false; 2014 } 2015#endif 2016 break; 2017 2018 case DT_JMPREL: 2019#if defined(USE_RELA) 2020 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2021#else 2022 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2023#endif 2024 break; 2025 2026 case DT_PLTRELSZ: 2027#if defined(USE_RELA) 2028 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2029#else 2030 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2031#endif 2032 break; 2033 2034 case DT_PLTGOT: 2035#if defined(__mips__) 2036 // Used by mips and mips64. 2037 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 2038#endif 2039 // Ignore for other platforms... (because RTLD_LAZY is not supported) 2040 break; 2041 2042 case DT_DEBUG: 2043 // Set the DT_DEBUG entry to the address of _r_debug for GDB 2044 // if the dynamic table is writable 2045// FIXME: not working currently for N64 2046// The flags for the LOAD and DYNAMIC program headers do not agree. 2047// The LOAD section containing the dynamic table has been mapped as 2048// read-only, but the DYNAMIC header claims it is writable. 2049#if !(defined(__mips__) && defined(__LP64__)) 2050 if ((dynamic_flags & PF_W) != 0) { 2051 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 2052 } 2053#endif 2054 break; 2055#if defined(USE_RELA) 2056 case DT_RELA: 2057 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2058 break; 2059 2060 case DT_RELASZ: 2061 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2062 break; 2063 2064 case DT_ANDROID_RELA: 2065 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2066 break; 2067 2068 case DT_ANDROID_RELASZ: 2069 android_relocs_size_ = d->d_un.d_val; 2070 break; 2071 2072 case DT_ANDROID_REL: 2073 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", name); 2074 return false; 2075 2076 case DT_ANDROID_RELSZ: 2077 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", name); 2078 return false; 2079 2080 case DT_RELAENT: 2081 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 2082 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2083 return false; 2084 } 2085 break; 2086 2087 // ignored (see DT_RELCOUNT comments for details) 2088 case DT_RELACOUNT: 2089 break; 2090 2091 case DT_REL: 2092 DL_ERR("unsupported DT_REL in \"%s\"", name); 2093 return false; 2094 2095 case DT_RELSZ: 2096 DL_ERR("unsupported DT_RELSZ in \"%s\"", name); 2097 return false; 2098 2099#else 2100 case DT_REL: 2101 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2102 break; 2103 2104 case DT_RELSZ: 2105 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2106 break; 2107 2108 case DT_RELENT: 2109 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 2110 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2111 return false; 2112 } 2113 break; 2114 2115 case DT_ANDROID_REL: 2116 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2117 break; 2118 2119 case DT_ANDROID_RELSZ: 2120 android_relocs_size_ = d->d_un.d_val; 2121 break; 2122 2123 case DT_ANDROID_RELA: 2124 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", name); 2125 return false; 2126 2127 case DT_ANDROID_RELASZ: 2128 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", name); 2129 return false; 2130 2131 // "Indicates that all RELATIVE relocations have been concatenated together, 2132 // and specifies the RELATIVE relocation count." 2133 // 2134 // TODO: Spec also mentions that this can be used to optimize relocation process; 2135 // Not currently used by bionic linker - ignored. 2136 case DT_RELCOUNT: 2137 break; 2138 2139 case DT_RELA: 2140 DL_ERR("unsupported DT_RELA in \"%s\"", name); 2141 return false; 2142 2143 case DT_RELASZ: 2144 DL_ERR("unsupported DT_RELASZ in \"%s\"", name); 2145 return false; 2146 2147#endif 2148 case DT_INIT: 2149 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2150 DEBUG("%s constructors (DT_INIT) found at %p", name, init_func_); 2151 break; 2152 2153 case DT_FINI: 2154 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2155 DEBUG("%s destructors (DT_FINI) found at %p", name, fini_func_); 2156 break; 2157 2158 case DT_INIT_ARRAY: 2159 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2160 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", name, init_array_); 2161 break; 2162 2163 case DT_INIT_ARRAYSZ: 2164 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2165 break; 2166 2167 case DT_FINI_ARRAY: 2168 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2169 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", name, fini_array_); 2170 break; 2171 2172 case DT_FINI_ARRAYSZ: 2173 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2174 break; 2175 2176 case DT_PREINIT_ARRAY: 2177 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2178 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", name, preinit_array_); 2179 break; 2180 2181 case DT_PREINIT_ARRAYSZ: 2182 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2183 break; 2184 2185 case DT_TEXTREL: 2186#if defined(__LP64__) 2187 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", name); 2188 return false; 2189#else 2190 has_text_relocations = true; 2191 break; 2192#endif 2193 2194 case DT_SYMBOLIC: 2195 has_DT_SYMBOLIC = true; 2196 break; 2197 2198 case DT_NEEDED: 2199 ++needed_count; 2200 break; 2201 2202 case DT_FLAGS: 2203 if (d->d_un.d_val & DF_TEXTREL) { 2204#if defined(__LP64__) 2205 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", name); 2206 return false; 2207#else 2208 has_text_relocations = true; 2209#endif 2210 } 2211 if (d->d_un.d_val & DF_SYMBOLIC) { 2212 has_DT_SYMBOLIC = true; 2213 } 2214 break; 2215 2216 case DT_FLAGS_1: 2217 set_dt_flags_1(d->d_un.d_val); 2218 2219 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 2220 DL_WARN("Unsupported flags DT_FLAGS_1=%p", reinterpret_cast<void*>(d->d_un.d_val)); 2221 } 2222 break; 2223#if defined(__mips__) 2224 case DT_MIPS_RLD_MAP: 2225 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 2226 { 2227 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 2228 *dp = &_r_debug; 2229 } 2230 break; 2231 case DT_MIPS_RLD_MAP2: 2232 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 2233 { 2234 r_debug** dp = reinterpret_cast<r_debug**>(reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 2235 *dp = &_r_debug; 2236 } 2237 break; 2238 2239 case DT_MIPS_RLD_VERSION: 2240 case DT_MIPS_FLAGS: 2241 case DT_MIPS_BASE_ADDRESS: 2242 case DT_MIPS_UNREFEXTNO: 2243 break; 2244 2245 case DT_MIPS_SYMTABNO: 2246 mips_symtabno_ = d->d_un.d_val; 2247 break; 2248 2249 case DT_MIPS_LOCAL_GOTNO: 2250 mips_local_gotno_ = d->d_un.d_val; 2251 break; 2252 2253 case DT_MIPS_GOTSYM: 2254 mips_gotsym_ = d->d_un.d_val; 2255 break; 2256#endif 2257 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 2258 case DT_BIND_NOW: 2259 break; 2260 2261 // Ignore: bionic does not support symbol versioning... 2262 case DT_VERSYM: 2263 case DT_VERDEF: 2264 case DT_VERDEFNUM: 2265 case DT_VERNEED: 2266 case DT_VERNEEDNUM: 2267 break; 2268 2269 default: 2270 if (!relocating_linker) { 2271 DL_WARN("%s: unused DT entry: type %p arg %p", name, 2272 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2273 } 2274 break; 2275 } 2276 } 2277 2278 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 2279 reinterpret_cast<void*>(base), strtab_, symtab_); 2280 2281 // Sanity checks. 2282 if (relocating_linker && needed_count != 0) { 2283 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 2284 return false; 2285 } 2286 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 2287 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" (new hash type from the future?)", name); 2288 return false; 2289 } 2290 if (strtab_ == 0) { 2291 DL_ERR("empty/missing DT_STRTAB in \"%s\"", name); 2292 return false; 2293 } 2294 if (symtab_ == 0) { 2295 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", name); 2296 return false; 2297 } 2298 return true; 2299} 2300 2301bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 2302 const android_dlextinfo* extinfo) { 2303 2304 local_group_root_ = local_group.front(); 2305 if (local_group_root_ == nullptr) { 2306 local_group_root_ = this; 2307 } 2308 2309#if !defined(__LP64__) 2310 if (has_text_relocations) { 2311 // Make segments writable to allow text relocations to work properly. We will later call 2312 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 2313 DL_WARN("%s has text relocations. This is wasting memory and prevents " 2314 "security hardening. Please fix.", name); 2315 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2316 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2317 name, strerror(errno)); 2318 return false; 2319 } 2320 } 2321#endif 2322 2323 if (android_relocs_ != nullptr) { 2324 // check signature 2325 if (android_relocs_size_ > 3 && 2326 android_relocs_[0] == 'A' && 2327 android_relocs_[1] == 'P' && 2328 (android_relocs_[2] == 'U' || android_relocs_[2] == 'S') && 2329 android_relocs_[3] == '2') { 2330 DEBUG("[ android relocating %s ]", name); 2331 2332 bool relocated = false; 2333 const uint8_t* packed_relocs = android_relocs_ + 4; 2334 const size_t packed_relocs_size = android_relocs_size_ - 4; 2335 2336 if (android_relocs_[2] == 'U') { 2337 relocated = relocate( 2338 packed_reloc_iterator<leb128_decoder>( 2339 leb128_decoder(packed_relocs, packed_relocs_size)), 2340 global_group, local_group); 2341 } else { // android_relocs_[2] == 'S' 2342 relocated = relocate( 2343 packed_reloc_iterator<sleb128_decoder>( 2344 sleb128_decoder(packed_relocs, packed_relocs_size)), 2345 global_group, local_group); 2346 } 2347 2348 if (!relocated) { 2349 return false; 2350 } 2351 } else { 2352 DL_ERR("bad android relocation header."); 2353 return false; 2354 } 2355 } 2356 2357#if defined(USE_RELA) 2358 if (rela_ != nullptr) { 2359 DEBUG("[ relocating %s ]", name); 2360 if (!relocate(plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 2361 return false; 2362 } 2363 } 2364 if (plt_rela_ != nullptr) { 2365 DEBUG("[ relocating %s plt ]", name); 2366 if (!relocate(plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 2367 return false; 2368 } 2369 } 2370#else 2371 if (rel_ != nullptr) { 2372 DEBUG("[ relocating %s ]", name); 2373 if (!relocate(plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 2374 return false; 2375 } 2376 } 2377 if (plt_rel_ != nullptr) { 2378 DEBUG("[ relocating %s plt ]", name); 2379 if (!relocate(plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 2380 return false; 2381 } 2382 } 2383#endif 2384 2385#if defined(__mips__) 2386 if (!mips_relocate_got(global_group, local_group)) { 2387 return false; 2388 } 2389#endif 2390 2391 DEBUG("[ finished linking %s ]", name); 2392 2393#if !defined(__LP64__) 2394 if (has_text_relocations) { 2395 // All relocations are done, we can protect our segments back to read-only. 2396 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2397 DL_ERR("can't protect segments for \"%s\": %s", 2398 name, strerror(errno)); 2399 return false; 2400 } 2401 } 2402#endif 2403 2404 /* We can also turn on GNU RELRO protection */ 2405 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 2406 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 2407 name, strerror(errno)); 2408 return false; 2409 } 2410 2411 /* Handle serializing/sharing the RELRO segment */ 2412 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 2413 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 2414 extinfo->relro_fd) < 0) { 2415 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 2416 name, strerror(errno)); 2417 return false; 2418 } 2419 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 2420 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 2421 extinfo->relro_fd) < 0) { 2422 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 2423 name, strerror(errno)); 2424 return false; 2425 } 2426 } 2427 2428 notify_gdb_of_load(this); 2429 return true; 2430} 2431 2432/* 2433 * This function add vdso to internal dso list. 2434 * It helps to stack unwinding through signal handlers. 2435 * Also, it makes bionic more like glibc. 2436 */ 2437static void add_vdso(KernelArgumentBlock& args __unused) { 2438#if defined(AT_SYSINFO_EHDR) 2439 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 2440 if (ehdr_vdso == nullptr) { 2441 return; 2442 } 2443 2444 soinfo* si = soinfo_alloc("[vdso]", nullptr, 0, 0); 2445 2446 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 2447 si->phnum = ehdr_vdso->e_phnum; 2448 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 2449 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2450 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 2451 2452 si->prelink_image(); 2453 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 2454#endif 2455} 2456 2457/* 2458 * This is linker soinfo for GDB. See details below. 2459 */ 2460#if defined(__LP64__) 2461#define LINKER_PATH "/system/bin/linker64" 2462#else 2463#define LINKER_PATH "/system/bin/linker" 2464#endif 2465static soinfo linker_soinfo_for_gdb(LINKER_PATH, nullptr, 0, 0); 2466 2467/* gdb expects the linker to be in the debug shared object list. 2468 * Without this, gdb has trouble locating the linker's ".text" 2469 * and ".plt" sections. Gdb could also potentially use this to 2470 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 2471 * Don't use soinfo_alloc(), because the linker shouldn't 2472 * be on the soinfo list. 2473 */ 2474static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 2475 linker_soinfo_for_gdb.base = linker_base; 2476 2477 /* 2478 * Set the dynamic field in the link map otherwise gdb will complain with 2479 * the following: 2480 * warning: .dynamic section for "/system/bin/linker" is not at the 2481 * expected address (wrong library or version mismatch?) 2482 */ 2483 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 2484 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 2485 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 2486 &linker_soinfo_for_gdb.dynamic, nullptr); 2487 insert_soinfo_into_debug_map(&linker_soinfo_for_gdb); 2488} 2489 2490/* 2491 * This code is called after the linker has linked itself and 2492 * fixed it's own GOT. It is safe to make references to externs 2493 * and other non-local data at this point. 2494 */ 2495static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 2496#if TIMING 2497 struct timeval t0, t1; 2498 gettimeofday(&t0, 0); 2499#endif 2500 2501 // Initialize environment functions, and get to the ELF aux vectors table. 2502 linker_env_init(args); 2503 2504 // If this is a setuid/setgid program, close the security hole described in 2505 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 2506 if (get_AT_SECURE()) { 2507 nullify_closed_stdio(); 2508 } 2509 2510 debuggerd_init(); 2511 2512 // Get a few environment variables. 2513 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 2514 if (LD_DEBUG != nullptr) { 2515 g_ld_debug_verbosity = atoi(LD_DEBUG); 2516 } 2517 2518 // Normally, these are cleaned by linker_env_init, but the test 2519 // doesn't cost us anything. 2520 const char* ldpath_env = nullptr; 2521 const char* ldpreload_env = nullptr; 2522 if (!get_AT_SECURE()) { 2523 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 2524 ldpreload_env = linker_env_get("LD_PRELOAD"); 2525 } 2526 2527#if !defined(__LP64__) 2528 if (personality(PER_LINUX32) == -1) { 2529 __libc_fatal("error setting PER_LINUX32 personality: %s", strerror(errno)); 2530 } 2531#endif 2532 2533 INFO("[ android linker & debugger ]"); 2534 2535 soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); 2536 if (si == nullptr) { 2537 exit(EXIT_FAILURE); 2538 } 2539 2540 /* bootstrap the link map, the main exe always needs to be first */ 2541 si->set_main_executable(); 2542 link_map* map = &(si->link_map_head); 2543 2544 map->l_addr = 0; 2545 map->l_name = args.argv[0]; 2546 map->l_prev = nullptr; 2547 map->l_next = nullptr; 2548 2549 _r_debug.r_map = map; 2550 r_debug_tail = map; 2551 2552 init_linker_info_for_gdb(linker_base); 2553 2554 // Extract information passed from the kernel. 2555 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 2556 si->phnum = args.getauxval(AT_PHNUM); 2557 si->entry = args.getauxval(AT_ENTRY); 2558 2559 /* Compute the value of si->base. We can't rely on the fact that 2560 * the first entry is the PHDR because this will not be true 2561 * for certain executables (e.g. some in the NDK unit test suite) 2562 */ 2563 si->base = 0; 2564 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2565 si->load_bias = 0; 2566 for (size_t i = 0; i < si->phnum; ++i) { 2567 if (si->phdr[i].p_type == PT_PHDR) { 2568 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 2569 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 2570 break; 2571 } 2572 } 2573 si->dynamic = nullptr; 2574 2575 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 2576 if (elf_hdr->e_type != ET_DYN) { 2577 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 2578 exit(EXIT_FAILURE); 2579 } 2580 2581 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 2582 parse_LD_LIBRARY_PATH(ldpath_env); 2583 parse_LD_PRELOAD(ldpreload_env); 2584 2585 somain = si; 2586 2587 if (!si->prelink_image()) { 2588 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2589 exit(EXIT_FAILURE); 2590 } 2591 2592 // add somain to global group 2593 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 2594 2595 // Load ld_preloads and dependencies. 2596 StringLinkedList needed_library_name_list; 2597 size_t needed_libraries_count = 0; 2598 size_t ld_preloads_count = 0; 2599 while (g_ld_preload_names[ld_preloads_count] != nullptr) { 2600 needed_library_name_list.push_back(g_ld_preload_names[ld_preloads_count++]); 2601 ++needed_libraries_count; 2602 } 2603 2604 for_each_dt_needed(si, [&](const char* name) { 2605 needed_library_name_list.push_back(name); 2606 ++needed_libraries_count; 2607 }); 2608 2609 const char* needed_library_names[needed_libraries_count]; 2610 2611 memset(needed_library_names, 0, sizeof(needed_library_names)); 2612 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 2613 2614 if (needed_libraries_count > 0 && !find_libraries(si, needed_library_names, needed_libraries_count, nullptr, g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr)) { 2615 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2616 exit(EXIT_FAILURE); 2617 } else if (needed_libraries_count == 0) { 2618 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 2619 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2620 exit(EXIT_FAILURE); 2621 } 2622 si->increment_ref_count(); 2623 } 2624 2625 add_vdso(args); 2626 2627 { 2628 ProtectedDataGuard guard; 2629 2630 si->call_pre_init_constructors(); 2631 2632 /* After the prelink_image, the si->load_bias is initialized. 2633 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 2634 * We need to update this value for so exe here. So Unwind_Backtrace 2635 * for some arch like x86 could work correctly within so exe. 2636 */ 2637 map->l_addr = si->load_bias; 2638 si->call_constructors(); 2639 } 2640 2641#if TIMING 2642 gettimeofday(&t1, nullptr); 2643 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 2644 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 2645 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 2646#endif 2647#if STATS 2648 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 2649 linker_stats.count[kRelocAbsolute], 2650 linker_stats.count[kRelocRelative], 2651 linker_stats.count[kRelocCopy], 2652 linker_stats.count[kRelocSymbol]); 2653#endif 2654#if COUNT_PAGES 2655 { 2656 unsigned n; 2657 unsigned i; 2658 unsigned count = 0; 2659 for (n = 0; n < 4096; n++) { 2660 if (bitmask[n]) { 2661 unsigned x = bitmask[n]; 2662#if defined(__LP64__) 2663 for (i = 0; i < 32; i++) { 2664#else 2665 for (i = 0; i < 8; i++) { 2666#endif 2667 if (x & 1) { 2668 count++; 2669 } 2670 x >>= 1; 2671 } 2672 } 2673 } 2674 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 2675 } 2676#endif 2677 2678#if TIMING || STATS || COUNT_PAGES 2679 fflush(stdout); 2680#endif 2681 2682 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 2683 return si->entry; 2684} 2685 2686/* Compute the load-bias of an existing executable. This shall only 2687 * be used to compute the load bias of an executable or shared library 2688 * that was loaded by the kernel itself. 2689 * 2690 * Input: 2691 * elf -> address of ELF header, assumed to be at the start of the file. 2692 * Return: 2693 * load bias, i.e. add the value of any p_vaddr in the file to get 2694 * the corresponding address in memory. 2695 */ 2696static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 2697 ElfW(Addr) offset = elf->e_phoff; 2698 const ElfW(Phdr)* phdr_table = reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 2699 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 2700 2701 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 2702 if (phdr->p_type == PT_LOAD) { 2703 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 2704 } 2705 } 2706 return 0; 2707} 2708 2709extern "C" void _start(); 2710 2711/* 2712 * This is the entry point for the linker, called from begin.S. This 2713 * method is responsible for fixing the linker's own relocations, and 2714 * then calling __linker_init_post_relocation(). 2715 * 2716 * Because this method is called before the linker has fixed it's own 2717 * relocations, any attempt to reference an extern variable, extern 2718 * function, or other GOT reference will generate a segfault. 2719 */ 2720extern "C" ElfW(Addr) __linker_init(void* raw_args) { 2721 KernelArgumentBlock args(raw_args); 2722 2723 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 2724 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 2725 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 2726 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 2727 2728 soinfo linker_so("[dynamic linker]", nullptr, 0, 0); 2729 2730 // If the linker is not acting as PT_INTERP entry_point is equal to 2731 // _start. Which means that the linker is running as an executable and 2732 // already linked by PT_INTERP. 2733 // 2734 // This happens when user tries to run 'adb shell /system/bin/linker' 2735 // see also https://code.google.com/p/android/issues/detail?id=63174 2736 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 2737 __libc_fatal("This is %s, the helper program for shared library executables.\n", args.argv[0]); 2738 } 2739 2740 linker_so.base = linker_addr; 2741 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2742 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2743 linker_so.dynamic = nullptr; 2744 linker_so.phdr = phdr; 2745 linker_so.phnum = elf_hdr->e_phnum; 2746 linker_so.set_linker_flag(); 2747 2748 // This might not be obvious... The reasons why we pass g_empty_list 2749 // in place of local_group here are (1) we do not really need it, because 2750 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 2751 // itself without having to look into local_group and (2) allocators 2752 // are not yet initialized, and therefore we cannot use linked_list.push_* 2753 // functions at this point. 2754 if (!(linker_so.prelink_image() && linker_so.link_image(g_empty_list, g_empty_list, nullptr))) { 2755 // It would be nice to print an error message, but if the linker 2756 // can't link itself, there's no guarantee that we'll be able to 2757 // call write() (because it involves a GOT reference). We may as 2758 // well try though... 2759 const char* msg = "CANNOT LINK EXECUTABLE: "; 2760 write(2, msg, strlen(msg)); 2761 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 2762 write(2, "\n", 1); 2763 _exit(EXIT_FAILURE); 2764 } 2765 2766 __libc_init_tls(args); 2767 2768 // Initialize the linker's own global variables 2769 linker_so.call_constructors(); 2770 2771 // Initialize static variables. Note that in order to 2772 // get correct libdl_info we need to call constructors 2773 // before get_libdl_info(). 2774 solist = get_libdl_info(); 2775 sonext = get_libdl_info(); 2776 2777 // We have successfully fixed our own relocations. It's safe to run 2778 // the main part of the linker now. 2779 args.abort_message_ptr = &g_abort_message; 2780 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 2781 2782 INFO("[ jumping to _start ]"); 2783 2784 // Return the address that the calling assembly stub should jump to. 2785 return start_address; 2786} 2787