linker.cpp revision 6442dbd3bcadbd5e522465743a8d8cf56338ae1c
1/* 2 * Copyright (C) 2008, 2009 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <dlfcn.h> 30#include <errno.h> 31#include <fcntl.h> 32#include <inttypes.h> 33#include <pthread.h> 34#include <stdio.h> 35#include <stdlib.h> 36#include <string.h> 37#include <sys/mman.h> 38#include <unistd.h> 39 40#include <new> 41 42// Private C library headers. 43#include "private/bionic_tls.h" 44#include "private/KernelArgumentBlock.h" 45#include "private/ScopedPthreadMutexLocker.h" 46#include "private/ScopedFd.h" 47#include "private/ScopeGuard.h" 48#include "private/UniquePtr.h" 49 50#include "linker.h" 51#include "linker_debug.h" 52#include "linker_environ.h" 53#include "linker_phdr.h" 54#include "linker_allocator.h" 55 56/* >>> IMPORTANT NOTE - READ ME BEFORE MODIFYING <<< 57 * 58 * Do NOT use malloc() and friends or pthread_*() code here. 59 * Don't use printf() either; it's caused mysterious memory 60 * corruption in the past. 61 * The linker runs before we bring up libc and it's easiest 62 * to make sure it does not depend on any complex libc features 63 * 64 * open issues / todo: 65 * 66 * - cleaner error reporting 67 * - after linking, set as much stuff as possible to READONLY 68 * and NOEXEC 69 */ 70 71#if defined(__LP64__) 72#define SEARCH_NAME(x) x 73#else 74// Nvidia drivers are relying on the bug: 75// http://code.google.com/p/android/issues/detail?id=6670 76// so we continue to use base-name lookup for lp32 77static const char* get_base_name(const char* name) { 78 const char* bname = strrchr(name, '/'); 79 return bname ? bname + 1 : name; 80} 81#define SEARCH_NAME(x) get_base_name(x) 82#endif 83 84static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 85 86static LinkerAllocator<soinfo> g_soinfo_allocator; 87static LinkerAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 88 89static soinfo* solist; 90static soinfo* sonext; 91static soinfo* somain; // main process, always the one after libdl_info 92 93static const char* const kDefaultLdPaths[] = { 94#if defined(__LP64__) 95 "/vendor/lib64", 96 "/system/lib64", 97#else 98 "/vendor/lib", 99 "/system/lib", 100#endif 101 nullptr 102}; 103 104#define LDPATH_BUFSIZE (LDPATH_MAX*64) 105#define LDPATH_MAX 8 106 107#define LDPRELOAD_BUFSIZE (LDPRELOAD_MAX*64) 108#define LDPRELOAD_MAX 8 109 110static char g_ld_library_paths_buffer[LDPATH_BUFSIZE]; 111static const char* g_ld_library_paths[LDPATH_MAX + 1]; 112 113static char g_ld_preloads_buffer[LDPRELOAD_BUFSIZE]; 114static const char* g_ld_preload_names[LDPRELOAD_MAX + 1]; 115 116static soinfo* g_ld_preloads[LDPRELOAD_MAX + 1]; 117 118__LIBC_HIDDEN__ int g_ld_debug_verbosity; 119 120__LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 121 122enum RelocationKind { 123 kRelocAbsolute = 0, 124 kRelocRelative, 125 kRelocCopy, 126 kRelocSymbol, 127 kRelocMax 128}; 129 130#if STATS 131struct linker_stats_t { 132 int count[kRelocMax]; 133}; 134 135static linker_stats_t linker_stats; 136 137static void count_relocation(RelocationKind kind) { 138 ++linker_stats.count[kind]; 139} 140#else 141static void count_relocation(RelocationKind) { 142} 143#endif 144 145#if COUNT_PAGES 146static unsigned bitmask[4096]; 147#if defined(__LP64__) 148#define MARK(offset) \ 149 do { \ 150 if ((((offset) >> 12) >> 5) < 4096) \ 151 bitmask[((offset) >> 12) >> 5] |= (1 << (((offset) >> 12) & 31)); \ 152 } while (0) 153#else 154#define MARK(offset) \ 155 do { \ 156 bitmask[((offset) >> 12) >> 3] |= (1 << (((offset) >> 12) & 7)); \ 157 } while (0) 158#endif 159#else 160#define MARK(x) do {} while (0) 161#endif 162 163// You shouldn't try to call memory-allocating functions in the dynamic linker. 164// Guard against the most obvious ones. 165#define DISALLOW_ALLOCATION(return_type, name, ...) \ 166 return_type name __VA_ARGS__ \ 167 { \ 168 __libc_fatal("ERROR: " #name " called from the dynamic linker!\n"); \ 169 } 170DISALLOW_ALLOCATION(void*, malloc, (size_t u __unused)); 171DISALLOW_ALLOCATION(void, free, (void* u __unused)); 172DISALLOW_ALLOCATION(void*, realloc, (void* u1 __unused, size_t u2 __unused)); 173DISALLOW_ALLOCATION(void*, calloc, (size_t u1 __unused, size_t u2 __unused)); 174 175static char __linker_dl_err_buf[768]; 176 177char* linker_get_error_buffer() { 178 return &__linker_dl_err_buf[0]; 179} 180 181size_t linker_get_error_buffer_size() { 182 return sizeof(__linker_dl_err_buf); 183} 184 185// This function is an empty stub where GDB locates a breakpoint to get notified 186// about linker activity. 187extern "C" void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 188 189static pthread_mutex_t g__r_debug_mutex = PTHREAD_MUTEX_INITIALIZER; 190static r_debug _r_debug = {1, nullptr, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 191static link_map* r_debug_tail = 0; 192 193static void insert_soinfo_into_debug_map(soinfo* info) { 194 // Copy the necessary fields into the debug structure. 195 link_map* map = &(info->link_map_head); 196 map->l_addr = info->load_bias; 197 map->l_name = reinterpret_cast<char*>(info->name); 198 map->l_ld = info->dynamic; 199 200 // Stick the new library at the end of the list. 201 // gdb tends to care more about libc than it does 202 // about leaf libraries, and ordering it this way 203 // reduces the back-and-forth over the wire. 204 if (r_debug_tail) { 205 r_debug_tail->l_next = map; 206 map->l_prev = r_debug_tail; 207 map->l_next = 0; 208 } else { 209 _r_debug.r_map = map; 210 map->l_prev = 0; 211 map->l_next = 0; 212 } 213 r_debug_tail = map; 214} 215 216static void remove_soinfo_from_debug_map(soinfo* info) { 217 link_map* map = &(info->link_map_head); 218 219 if (r_debug_tail == map) { 220 r_debug_tail = map->l_prev; 221 } 222 223 if (map->l_prev) { 224 map->l_prev->l_next = map->l_next; 225 } 226 if (map->l_next) { 227 map->l_next->l_prev = map->l_prev; 228 } 229} 230 231static void notify_gdb_of_load(soinfo* info) { 232 if (info->flags & FLAG_EXE) { 233 // GDB already knows about the main executable 234 return; 235 } 236 237 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 238 239 _r_debug.r_state = r_debug::RT_ADD; 240 rtld_db_dlactivity(); 241 242 insert_soinfo_into_debug_map(info); 243 244 _r_debug.r_state = r_debug::RT_CONSISTENT; 245 rtld_db_dlactivity(); 246} 247 248static void notify_gdb_of_unload(soinfo* info) { 249 if (info->flags & FLAG_EXE) { 250 // GDB already knows about the main executable 251 return; 252 } 253 254 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 255 256 _r_debug.r_state = r_debug::RT_DELETE; 257 rtld_db_dlactivity(); 258 259 remove_soinfo_from_debug_map(info); 260 261 _r_debug.r_state = r_debug::RT_CONSISTENT; 262 rtld_db_dlactivity(); 263} 264 265void notify_gdb_of_libraries() { 266 _r_debug.r_state = r_debug::RT_ADD; 267 rtld_db_dlactivity(); 268 _r_debug.r_state = r_debug::RT_CONSISTENT; 269 rtld_db_dlactivity(); 270} 271 272LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 273 return g_soinfo_links_allocator.alloc(); 274} 275 276void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 277 g_soinfo_links_allocator.free(entry); 278} 279 280static void protect_data(int protection) { 281 g_soinfo_allocator.protect_all(protection); 282 g_soinfo_links_allocator.protect_all(protection); 283} 284 285static soinfo* soinfo_alloc(const char* name, struct stat* file_stat, off64_t file_offset, int rtld_flags) { 286 if (strlen(name) >= SOINFO_NAME_LEN) { 287 DL_ERR("library name \"%s\" too long", name); 288 return nullptr; 289 } 290 291 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(name, file_stat, file_offset, rtld_flags); 292 293 sonext->next = si; 294 sonext = si; 295 296 TRACE("name %s: allocated soinfo @ %p", name, si); 297 return si; 298} 299 300static void soinfo_free(soinfo* si) { 301 if (si == nullptr) { 302 return; 303 } 304 305 if (si->base != 0 && si->size != 0) { 306 munmap(reinterpret_cast<void*>(si->base), si->size); 307 } 308 309 soinfo *prev = nullptr, *trav; 310 311 TRACE("name %s: freeing soinfo @ %p", si->name, si); 312 313 for (trav = solist; trav != nullptr; trav = trav->next) { 314 if (trav == si) { 315 break; 316 } 317 prev = trav; 318 } 319 if (trav == nullptr) { 320 // si was not in solist 321 DL_ERR("name \"%s\" is not in solist!", si->name); 322 return; 323 } 324 325 // clear links to/from si 326 si->remove_all_links(); 327 328 // prev will never be null, because the first entry in solist is 329 // always the static libdl_info. 330 prev->next = si->next; 331 if (si == sonext) { 332 sonext = prev; 333 } 334 335 g_soinfo_allocator.free(si); 336} 337 338 339static void parse_path(const char* path, const char* delimiters, 340 const char** array, char* buf, size_t buf_size, size_t max_count) { 341 if (path == nullptr) { 342 return; 343 } 344 345 size_t len = strlcpy(buf, path, buf_size); 346 347 size_t i = 0; 348 char* buf_p = buf; 349 while (i < max_count && (array[i] = strsep(&buf_p, delimiters))) { 350 if (*array[i] != '\0') { 351 ++i; 352 } 353 } 354 355 // Forget the last path if we had to truncate; this occurs if the 2nd to 356 // last char isn't '\0' (i.e. wasn't originally a delimiter). 357 if (i > 0 && len >= buf_size && buf[buf_size - 2] != '\0') { 358 array[i - 1] = nullptr; 359 } else { 360 array[i] = nullptr; 361 } 362} 363 364static void parse_LD_LIBRARY_PATH(const char* path) { 365 parse_path(path, ":", g_ld_library_paths, 366 g_ld_library_paths_buffer, sizeof(g_ld_library_paths_buffer), LDPATH_MAX); 367} 368 369static void parse_LD_PRELOAD(const char* path) { 370 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 371 parse_path(path, " :", g_ld_preload_names, 372 g_ld_preloads_buffer, sizeof(g_ld_preloads_buffer), LDPRELOAD_MAX); 373} 374 375#if defined(__arm__) 376 377// For a given PC, find the .so that it belongs to. 378// Returns the base address of the .ARM.exidx section 379// for that .so, and the number of 8-byte entries 380// in that section (via *pcount). 381// 382// Intended to be called by libc's __gnu_Unwind_Find_exidx(). 383// 384// This function is exposed via dlfcn.cpp and libdl.so. 385_Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 386 unsigned addr = (unsigned)pc; 387 388 for (soinfo* si = solist; si != 0; si = si->next) { 389 if ((addr >= si->base) && (addr < (si->base + si->size))) { 390 *pcount = si->ARM_exidx_count; 391 return (_Unwind_Ptr)si->ARM_exidx; 392 } 393 } 394 *pcount = 0; 395 return nullptr; 396} 397 398#endif 399 400// Here, we only have to provide a callback to iterate across all the 401// loaded libraries. gcc_eh does the rest. 402int dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 403 int rv = 0; 404 for (soinfo* si = solist; si != nullptr; si = si->next) { 405 dl_phdr_info dl_info; 406 dl_info.dlpi_addr = si->link_map_head.l_addr; 407 dl_info.dlpi_name = si->link_map_head.l_name; 408 dl_info.dlpi_phdr = si->phdr; 409 dl_info.dlpi_phnum = si->phnum; 410 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 411 if (rv != 0) { 412 break; 413 } 414 } 415 return rv; 416} 417 418static ElfW(Sym)* soinfo_elf_lookup(const soinfo* si, unsigned hash, const char* name) { 419 ElfW(Sym)* symtab = si->symtab; 420 421 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p %x %zd", 422 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 423 424 for (unsigned n = si->bucket[hash % si->nbucket]; n != 0; n = si->chain[n]) { 425 ElfW(Sym)* s = symtab + n; 426 if (strcmp(si->get_string(s->st_name), name)) continue; 427 428 // only concern ourselves with global and weak symbol definitions 429 switch (ELF_ST_BIND(s->st_info)) { 430 case STB_GLOBAL: 431 case STB_WEAK: 432 if (s->st_shndx == SHN_UNDEF) { 433 continue; 434 } 435 436 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 437 name, si->name, reinterpret_cast<void*>(s->st_value), 438 static_cast<size_t>(s->st_size)); 439 return s; 440 case STB_LOCAL: 441 continue; 442 default: 443 __libc_fatal("ERROR: Unexpected ST_BIND value: %d for '%s' in '%s'", 444 ELF_ST_BIND(s->st_info), name, si->name); 445 } 446 } 447 448 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 449 name, si->name, reinterpret_cast<void*>(si->base), hash, hash % si->nbucket); 450 451 452 return nullptr; 453} 454 455soinfo::soinfo(const char* name, const struct stat* file_stat, off64_t file_offset, int rtld_flags) { 456 memset(this, 0, sizeof(*this)); 457 458 strlcpy(this->name, name, sizeof(this->name)); 459 flags = FLAG_NEW_SOINFO; 460 version = SOINFO_VERSION; 461 462 if (file_stat != nullptr) { 463 this->st_dev = file_stat->st_dev; 464 this->st_ino = file_stat->st_ino; 465 this->file_offset = file_offset; 466 } 467 468 this->rtld_flags = rtld_flags; 469} 470 471static unsigned elfhash(const char* _name) { 472 const unsigned char* name = reinterpret_cast<const unsigned char*>(_name); 473 unsigned h = 0, g; 474 475 while (*name) { 476 h = (h << 4) + *name++; 477 g = h & 0xf0000000; 478 h ^= g; 479 h ^= g >> 24; 480 } 481 return h; 482} 483 484static ElfW(Sym)* soinfo_do_lookup(soinfo* si, const char* name, soinfo** lsi, const soinfo::soinfo_list_t& local_group) { 485 unsigned elf_hash = elfhash(name); 486 ElfW(Sym)* s = nullptr; 487 488 /* "This element's presence in a shared object library alters the dynamic linker's 489 * symbol resolution algorithm for references within the library. Instead of starting 490 * a symbol search with the executable file, the dynamic linker starts from the shared 491 * object itself. If the shared object fails to supply the referenced symbol, the 492 * dynamic linker then searches the executable file and other shared objects as usual." 493 * 494 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 495 * 496 * Note that this is unlikely since static linker avoids generating 497 * relocations for -Bsymbolic linked dynamic executables. 498 */ 499 if (si->has_DT_SYMBOLIC) { 500 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si->name, name); 501 s = soinfo_elf_lookup(si, elf_hash, name); 502 if (s != nullptr) { 503 *lsi = si; 504 } 505 } 506 507 if (s == nullptr && somain != nullptr) { 508 // 1. Look for it in the main executable unless we already did. 509 if (si != somain || !si->has_DT_SYMBOLIC) { 510 DEBUG("%s: looking up %s in executable %s", 511 si->name, name, somain->name); 512 s = soinfo_elf_lookup(somain, elf_hash, name); 513 if (s != nullptr) { 514 *lsi = somain; 515 } 516 } 517 518 // 2. Look for it in the ld_preloads 519 if (s == nullptr) { 520 for (int i = 0; g_ld_preloads[i] != NULL; i++) { 521 s = soinfo_elf_lookup(g_ld_preloads[i], elf_hash, name); 522 if (s != nullptr) { 523 *lsi = g_ld_preloads[i]; 524 break; 525 } 526 } 527 } 528 } 529 530 // 3. Look for it in the local group 531 if (s == nullptr) { 532 local_group.visit([&](soinfo* local_si) { 533 if (local_si == si && si->has_DT_SYMBOLIC) { 534 // we already did this - skip 535 return true; 536 } 537 538 DEBUG("%s: looking up %s in %s (from local group)", si->name, name, local_si->name); 539 s = soinfo_elf_lookup(local_si, elf_hash, name); 540 if (s != nullptr) { 541 *lsi = local_si; 542 return false; 543 } 544 545 return true; 546 }); 547 } 548 549 if (s != nullptr) { 550 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 551 "found in %s, base = %p, load bias = %p", 552 si->name, name, reinterpret_cast<void*>(s->st_value), 553 (*lsi)->name, reinterpret_cast<void*>((*lsi)->base), 554 reinterpret_cast<void*>((*lsi)->load_bias)); 555 } 556 557 return s; 558} 559 560// Each size has it's own allocator. 561template<size_t size> 562class SizeBasedAllocator { 563 public: 564 static void* alloc() { 565 return allocator_.alloc(); 566 } 567 568 static void free(void* ptr) { 569 allocator_.free(ptr); 570 } 571 572 private: 573 static LinkerBlockAllocator allocator_; 574}; 575 576template<size_t size> 577LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 578 579template<typename T> 580class TypeBasedAllocator { 581 public: 582 static T* alloc() { 583 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 584 } 585 586 static void free(T* ptr) { 587 SizeBasedAllocator<sizeof(T)>::free(ptr); 588 } 589}; 590 591class LoadTask { 592 public: 593 struct deleter_t { 594 void operator()(LoadTask* t) { 595 TypeBasedAllocator<LoadTask>::free(t); 596 } 597 }; 598 599 typedef UniquePtr<LoadTask, deleter_t> unique_ptr; 600 601 static deleter_t deleter; 602 603 static LoadTask* create(const char* name, soinfo* needed_by) { 604 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 605 return new (ptr) LoadTask(name, needed_by); 606 } 607 608 const char* get_name() const { 609 return name_; 610 } 611 612 soinfo* get_needed_by() const { 613 return needed_by_; 614 } 615 private: 616 LoadTask(const char* name, soinfo* needed_by) 617 : name_(name), needed_by_(needed_by) {} 618 619 const char* name_; 620 soinfo* needed_by_; 621 622 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 623}; 624 625LoadTask::deleter_t LoadTask::deleter; 626 627template <typename T> 628using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 629 630typedef linked_list_t<soinfo> SoinfoLinkedList; 631typedef linked_list_t<const char> StringLinkedList; 632typedef linked_list_t<LoadTask> LoadTaskList; 633 634 635// This function walks down the tree of soinfo dependencies 636// in breadth-first order and 637// * calls action(soinfo* si) for each node, and 638// * terminates walk if action returns false. 639// 640// walk_dependencies_tree returns false if walk was terminated 641// by the action and true otherwise. 642template<typename F> 643static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 644 SoinfoLinkedList visit_list; 645 SoinfoLinkedList visited; 646 647 for (size_t i = 0; i < root_soinfos_size; ++i) { 648 visit_list.push_back(root_soinfos[i]); 649 } 650 651 soinfo* si; 652 while ((si = visit_list.pop_front()) != nullptr) { 653 if (visited.contains(si)) { 654 continue; 655 } 656 657 if (!action(si)) { 658 return false; 659 } 660 661 visited.push_back(si); 662 663 si->get_children().for_each([&](soinfo* child) { 664 visit_list.push_back(child); 665 }); 666 } 667 668 return true; 669} 670 671 672// This is used by dlsym(3). It performs symbol lookup only within the 673// specified soinfo object and its dependencies in breadth first order. 674ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, const char* name) { 675 ElfW(Sym)* result = nullptr; 676 uint32_t elf_hash = elfhash(name); 677 678 679 walk_dependencies_tree(&si, 1, [&](soinfo* current_soinfo) { 680 result = soinfo_elf_lookup(current_soinfo, elf_hash, name); 681 if (result != nullptr) { 682 *found = current_soinfo; 683 return false; 684 } 685 686 return true; 687 }); 688 689 return result; 690} 691 692/* This is used by dlsym(3) to performs a global symbol lookup. If the 693 start value is null (for RTLD_DEFAULT), the search starts at the 694 beginning of the global solist. Otherwise the search starts at the 695 specified soinfo (for RTLD_NEXT). 696 */ 697ElfW(Sym)* dlsym_linear_lookup(const char* name, soinfo** found, soinfo* start) { 698 unsigned elf_hash = elfhash(name); 699 700 if (start == nullptr) { 701 start = solist; 702 } 703 704 ElfW(Sym)* s = nullptr; 705 for (soinfo* si = start; (s == nullptr) && (si != nullptr); si = si->next) { 706 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0) { 707 continue; 708 } 709 710 s = soinfo_elf_lookup(si, elf_hash, name); 711 if (s != nullptr) { 712 *found = si; 713 break; 714 } 715 } 716 717 if (s != nullptr) { 718 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 719 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 720 } 721 722 return s; 723} 724 725soinfo* find_containing_library(const void* p) { 726 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 727 for (soinfo* si = solist; si != nullptr; si = si->next) { 728 if (address >= si->base && address - si->base < si->size) { 729 return si; 730 } 731 } 732 return nullptr; 733} 734 735ElfW(Sym)* dladdr_find_symbol(soinfo* si, const void* addr) { 736 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - si->base; 737 738 // Search the library's symbol table for any defined symbol which 739 // contains this address. 740 for (size_t i = 0; i < si->nchain; ++i) { 741 ElfW(Sym)* sym = &si->symtab[i]; 742 if (sym->st_shndx != SHN_UNDEF && 743 soaddr >= sym->st_value && 744 soaddr < sym->st_value + sym->st_size) { 745 return sym; 746 } 747 } 748 749 return nullptr; 750} 751 752static int open_library_on_path(const char* name, const char* const paths[]) { 753 char buf[512]; 754 for (size_t i = 0; paths[i] != nullptr; ++i) { 755 int n = __libc_format_buffer(buf, sizeof(buf), "%s/%s", paths[i], name); 756 if (n < 0 || n >= static_cast<int>(sizeof(buf))) { 757 PRINT("Warning: ignoring very long library path: %s/%s", paths[i], name); 758 continue; 759 } 760 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 761 if (fd != -1) { 762 return fd; 763 } 764 } 765 return -1; 766} 767 768static int open_library(const char* name) { 769 TRACE("[ opening %s ]", name); 770 771 // If the name contains a slash, we should attempt to open it directly and not search the paths. 772 if (strchr(name, '/') != nullptr) { 773 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 774 if (fd != -1) { 775 return fd; 776 } 777 // ...but nvidia binary blobs (at least) rely on this behavior, so fall through for now. 778#if defined(__LP64__) 779 return -1; 780#endif 781 } 782 783 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 784 int fd = open_library_on_path(name, g_ld_library_paths); 785 if (fd == -1) { 786 fd = open_library_on_path(name, kDefaultLdPaths); 787 } 788 return fd; 789} 790 791template<typename F> 792static void for_each_dt_needed(const soinfo* si, F action) { 793 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 794 if (d->d_tag == DT_NEEDED) { 795 action(si->get_string(d->d_un.d_val)); 796 } 797 } 798} 799 800static soinfo* load_library(LoadTaskList& load_tasks, const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 801 int fd = -1; 802 off64_t file_offset = 0; 803 ScopedFd file_guard(-1); 804 805 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 806 fd = extinfo->library_fd; 807 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 808 file_offset = extinfo->library_fd_offset; 809 } 810 } else { 811 // Open the file. 812 fd = open_library(name); 813 if (fd == -1) { 814 DL_ERR("library \"%s\" not found", name); 815 return nullptr; 816 } 817 818 file_guard.reset(fd); 819 } 820 821 if ((file_offset % PAGE_SIZE) != 0) { 822 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 823 return nullptr; 824 } 825 826 struct stat file_stat; 827 if (TEMP_FAILURE_RETRY(fstat(fd, &file_stat)) != 0) { 828 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 829 return nullptr; 830 } 831 832 // Check for symlink and other situations where 833 // file can have different names. 834 for (soinfo* si = solist; si != nullptr; si = si->next) { 835 if (si->get_st_dev() != 0 && 836 si->get_st_ino() != 0 && 837 si->get_st_dev() == file_stat.st_dev && 838 si->get_st_ino() == file_stat.st_ino && 839 si->get_file_offset() == file_offset) { 840 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - will return existing soinfo", name, si->name); 841 return si; 842 } 843 } 844 845 if ((rtld_flags & RTLD_NOLOAD) != 0) { 846 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 847 return nullptr; 848 } 849 850 // Read the ELF header and load the segments. 851 ElfReader elf_reader(name, fd, file_offset); 852 if (!elf_reader.Load(extinfo)) { 853 return nullptr; 854 } 855 856 soinfo* si = soinfo_alloc(SEARCH_NAME(name), &file_stat, file_offset, rtld_flags); 857 if (si == nullptr) { 858 return nullptr; 859 } 860 si->base = elf_reader.load_start(); 861 si->size = elf_reader.load_size(); 862 si->load_bias = elf_reader.load_bias(); 863 si->phnum = elf_reader.phdr_count(); 864 si->phdr = elf_reader.loaded_phdr(); 865 866 if (!si->PrelinkImage()) { 867 soinfo_free(si); 868 return nullptr; 869 } 870 871 for_each_dt_needed(si, [&] (const char* name) { 872 load_tasks.push_back(LoadTask::create(name, si)); 873 }); 874 875 return si; 876} 877 878static soinfo *find_loaded_library_by_name(const char* name) { 879 const char* search_name = SEARCH_NAME(name); 880 for (soinfo* si = solist; si != nullptr; si = si->next) { 881 if (!strcmp(search_name, si->name)) { 882 return si; 883 } 884 } 885 return nullptr; 886} 887 888static soinfo* find_library_internal(LoadTaskList& load_tasks, const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 889 890 soinfo* si = find_loaded_library_by_name(name); 891 892 // Library might still be loaded, the accurate detection 893 // of this fact is done by load_library. 894 if (si == nullptr) { 895 TRACE("[ '%s' has not been found by name. Trying harder...]", name); 896 si = load_library(load_tasks, name, rtld_flags, extinfo); 897 } 898 899 return si; 900} 901 902static void soinfo_unload(soinfo* si); 903 904static bool is_recursive(soinfo* si, soinfo* parent) { 905 if (parent == nullptr) { 906 return false; 907 } 908 909 if (si == parent) { 910 DL_ERR("recursive link to \"%s\"", si->name); 911 return true; 912 } 913 914 return !parent->get_parents().visit([&](soinfo* grandparent) { 915 return !is_recursive(si, grandparent); 916 }); 917} 918 919static bool find_libraries(soinfo* start_with, const char* const library_names[], size_t library_names_count, soinfo* soinfos[], 920 soinfo* ld_preloads[], size_t ld_preloads_count, int rtld_flags, const android_dlextinfo* extinfo) { 921 // Step 0: prepare. 922 LoadTaskList load_tasks; 923 for (size_t i = 0; i < library_names_count; ++i) { 924 const char* name = library_names[i]; 925 load_tasks.push_back(LoadTask::create(name, start_with)); 926 } 927 928 // If soinfos array is null allocate one on stack. 929 // The array is needed in case of failure; for example 930 // when library_names[] = {libone.so, libtwo.so} and libone.so 931 // is loaded correctly but libtwo.so failed for some reason. 932 // In this case libone.so should be unloaded on return. 933 // See also implementation of failure_guard below. 934 935 if (soinfos == nullptr) { 936 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 937 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 938 memset(soinfos, 0, soinfos_size); 939 } 940 941 // list of libraries to link - see step 2. 942 size_t soinfos_count = 0; 943 944 auto failure_guard = make_scope_guard([&]() { 945 // Housekeeping 946 load_tasks.for_each([] (LoadTask* t) { 947 LoadTask::deleter(t); 948 }); 949 950 for (size_t i = 0; i<soinfos_count; ++i) { 951 soinfo_unload(soinfos[i]); 952 } 953 }); 954 955 // Step 1: load and pre-link all DT_NEEDED libraries in breadth first order. 956 for (LoadTask::unique_ptr task(load_tasks.pop_front()); task.get() != nullptr; task.reset(load_tasks.pop_front())) { 957 soinfo* si = find_library_internal(load_tasks, task->get_name(), rtld_flags, extinfo); 958 if (si == nullptr) { 959 return false; 960 } 961 962 soinfo* needed_by = task->get_needed_by(); 963 964 if (is_recursive(si, needed_by)) { 965 return false; 966 } 967 968 si->ref_count++; 969 if (needed_by != nullptr) { 970 needed_by->add_child(si); 971 } 972 973 // When ld_preloads is not null, the first 974 // ld_preloads_count libs are in fact ld_preloads. 975 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 976 ld_preloads[soinfos_count] = si; 977 } 978 979 if (soinfos_count < library_names_count) { 980 soinfos[soinfos_count++] = si; 981 } 982 } 983 984 // Step 2: link libraries. 985 soinfo::soinfo_list_t local_group; 986 walk_dependencies_tree( 987 start_with == nullptr ? soinfos : &start_with, 988 start_with == nullptr ? soinfos_count : 1, 989 [&] (soinfo* si) { 990 local_group.push_back(si); 991 return true; 992 }); 993 994 bool linked = local_group.visit([&](soinfo* si) { 995 if ((si->flags & FLAG_LINKED) == 0) { 996 if (!si->LinkImage(local_group, extinfo)) { 997 return false; 998 } 999 si->flags |= FLAG_LINKED; 1000 } 1001 1002 return true; 1003 }); 1004 1005 if (linked) { 1006 failure_guard.disable(); 1007 } 1008 1009 return linked; 1010} 1011 1012static soinfo* find_library(const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 1013 if (name == nullptr) { 1014 somain->ref_count++; 1015 return somain; 1016 } 1017 1018 soinfo* si; 1019 1020 if (!find_libraries(nullptr, &name, 1, &si, nullptr, 0, rtld_flags, extinfo)) { 1021 return nullptr; 1022 } 1023 1024 return si; 1025} 1026 1027static void soinfo_unload(soinfo* si) { 1028 if (!si->can_unload()) { 1029 TRACE("not unloading '%s' - the binary is flagged with NODELETE", si->name); 1030 return; 1031 } 1032 1033 if (si->ref_count == 1) { 1034 TRACE("unloading '%s'", si->name); 1035 si->CallDestructors(); 1036 1037 if (si->has_min_version(0)) { 1038 soinfo* child = nullptr; 1039 while ((child = si->get_children().pop_front()) != nullptr) { 1040 TRACE("%s needs to unload %s", si->name, child->name); 1041 soinfo_unload(child); 1042 } 1043 } else { 1044 for_each_dt_needed(si, [&] (const char* library_name) { 1045 TRACE("deprecated (old format of soinfo): %s needs to unload %s", si->name, library_name); 1046 soinfo* needed = find_library(library_name, RTLD_NOLOAD, nullptr); 1047 if (needed != nullptr) { 1048 soinfo_unload(needed); 1049 } else { 1050 // Not found: for example if symlink was deleted between dlopen and dlclose 1051 // Since we cannot really handle errors at this point - print and continue. 1052 PRINT("warning: couldn't find %s needed by %s on unload.", library_name, si->name); 1053 } 1054 }); 1055 } 1056 1057 notify_gdb_of_unload(si); 1058 si->ref_count = 0; 1059 soinfo_free(si); 1060 } else { 1061 si->ref_count--; 1062 TRACE("not unloading '%s', decrementing ref_count to %zd", si->name, si->ref_count); 1063 } 1064} 1065 1066void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 1067 // Use basic string manipulation calls to avoid snprintf. 1068 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 1069 // When debug malloc is enabled, this call returns 0. This in turn causes 1070 // snprintf to do nothing, which causes libraries to fail to load. 1071 // See b/17302493 for further details. 1072 // Once the above bug is fixed, this code can be modified to use 1073 // snprintf again. 1074 size_t required_len = strlen(kDefaultLdPaths[0]) + strlen(kDefaultLdPaths[1]) + 2; 1075 if (buffer_size < required_len) { 1076 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: buffer len %zu, required len %zu", 1077 buffer_size, required_len); 1078 } 1079 char* end = stpcpy(buffer, kDefaultLdPaths[0]); 1080 *end = ':'; 1081 strcpy(end + 1, kDefaultLdPaths[1]); 1082} 1083 1084void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 1085 if (!get_AT_SECURE()) { 1086 parse_LD_LIBRARY_PATH(ld_library_path); 1087 } 1088} 1089 1090soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 1091 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 1092 DL_ERR("invalid flags to dlopen: %x", flags); 1093 return nullptr; 1094 } 1095 if (extinfo != nullptr) { 1096 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 1097 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 1098 return nullptr; 1099 } 1100 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 1101 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1102 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 1103 return nullptr; 1104 } 1105 } 1106 protect_data(PROT_READ | PROT_WRITE); 1107 soinfo* si = find_library(name, flags, extinfo); 1108 if (si != nullptr) { 1109 si->CallConstructors(); 1110 } 1111 protect_data(PROT_READ); 1112 return si; 1113} 1114 1115void do_dlclose(soinfo* si) { 1116 protect_data(PROT_READ | PROT_WRITE); 1117 soinfo_unload(si); 1118 protect_data(PROT_READ); 1119} 1120 1121static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 1122 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 1123 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 1124 ElfW(Addr) ifunc_addr = ifunc_resolver(); 1125 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 1126 1127 return ifunc_addr; 1128} 1129 1130#if defined(USE_RELA) 1131int soinfo::Relocate(ElfW(Rela)* rela, unsigned count, const soinfo_list_t& local_group) { 1132 for (size_t idx = 0; idx < count; ++idx, ++rela) { 1133 unsigned type = ELFW(R_TYPE)(rela->r_info); 1134 unsigned sym = ELFW(R_SYM)(rela->r_info); 1135 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rela->r_offset + load_bias); 1136 ElfW(Addr) sym_addr = 0; 1137 const char* sym_name = nullptr; 1138 1139 DEBUG("Processing '%s' relocation at index %zd", name, idx); 1140 if (type == 0) { // R_*_NONE 1141 continue; 1142 } 1143 1144 ElfW(Sym)* s = nullptr; 1145 soinfo* lsi = nullptr; 1146 1147 if (sym != 0) { 1148 sym_name = get_string(symtab[sym].st_name); 1149 s = soinfo_do_lookup(this, sym_name, &lsi, local_group); 1150 if (s == nullptr) { 1151 // We only allow an undefined symbol if this is a weak reference... 1152 s = &symtab[sym]; 1153 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1154 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, name); 1155 return -1; 1156 } 1157 1158 /* IHI0044C AAELF 4.5.1.1: 1159 1160 Libraries are not searched to resolve weak references. 1161 It is not an error for a weak reference to remain unsatisfied. 1162 1163 During linking, the value of an undefined weak reference is: 1164 - Zero if the relocation type is absolute 1165 - The address of the place if the relocation is pc-relative 1166 - The address of nominal base address if the relocation 1167 type is base-relative. 1168 */ 1169 1170 switch (type) { 1171#if defined(__aarch64__) 1172 case R_AARCH64_JUMP_SLOT: 1173 case R_AARCH64_GLOB_DAT: 1174 case R_AARCH64_ABS64: 1175 case R_AARCH64_ABS32: 1176 case R_AARCH64_ABS16: 1177 case R_AARCH64_RELATIVE: 1178 case R_AARCH64_IRELATIVE: 1179 /* 1180 * The sym_addr was initialized to be zero above, or the relocation 1181 * code below does not care about value of sym_addr. 1182 * No need to do anything. 1183 */ 1184 break; 1185#elif defined(__x86_64__) 1186 case R_X86_64_JUMP_SLOT: 1187 case R_X86_64_GLOB_DAT: 1188 case R_X86_64_32: 1189 case R_X86_64_64: 1190 case R_X86_64_RELATIVE: 1191 case R_X86_64_IRELATIVE: 1192 // No need to do anything. 1193 break; 1194 case R_X86_64_PC32: 1195 sym_addr = reloc; 1196 break; 1197#endif 1198 default: 1199 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rela, idx); 1200 return -1; 1201 } 1202 } else { 1203 // We got a definition. 1204 sym_addr = lsi->resolve_symbol_address(s); 1205 } 1206 count_relocation(kRelocSymbol); 1207 } 1208 1209 switch (type) { 1210#if defined(__aarch64__) 1211 case R_AARCH64_JUMP_SLOT: 1212 count_relocation(kRelocAbsolute); 1213 MARK(rela->r_offset); 1214 TRACE_TYPE(RELO, "RELO JMP_SLOT %16llx <- %16llx %s\n", 1215 reloc, (sym_addr + rela->r_addend), sym_name); 1216 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 1217 break; 1218 case R_AARCH64_GLOB_DAT: 1219 count_relocation(kRelocAbsolute); 1220 MARK(rela->r_offset); 1221 TRACE_TYPE(RELO, "RELO GLOB_DAT %16llx <- %16llx %s\n", 1222 reloc, (sym_addr + rela->r_addend), sym_name); 1223 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + rela->r_addend); 1224 break; 1225 case R_AARCH64_ABS64: 1226 count_relocation(kRelocAbsolute); 1227 MARK(rela->r_offset); 1228 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 1229 reloc, (sym_addr + rela->r_addend), sym_name); 1230 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 1231 break; 1232 case R_AARCH64_ABS32: 1233 count_relocation(kRelocAbsolute); 1234 MARK(rela->r_offset); 1235 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 1236 reloc, (sym_addr + rela->r_addend), sym_name); 1237 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 1238 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 1239 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 1240 } else { 1241 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1242 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 1243 static_cast<ElfW(Addr)>(INT32_MIN), 1244 static_cast<ElfW(Addr)>(UINT32_MAX)); 1245 return -1; 1246 } 1247 break; 1248 case R_AARCH64_ABS16: 1249 count_relocation(kRelocAbsolute); 1250 MARK(rela->r_offset); 1251 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 1252 reloc, (sym_addr + rela->r_addend), sym_name); 1253 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend))) && 1254 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1255 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend); 1256 } else { 1257 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1258 (*reinterpret_cast<ElfW(Addr)*>(reloc) + (sym_addr + rela->r_addend)), 1259 static_cast<ElfW(Addr)>(INT16_MIN), 1260 static_cast<ElfW(Addr)>(UINT16_MAX)); 1261 return -1; 1262 } 1263 break; 1264 case R_AARCH64_PREL64: 1265 count_relocation(kRelocRelative); 1266 MARK(rela->r_offset); 1267 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 1268 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1269 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + rela->r_addend) - rela->r_offset; 1270 break; 1271 case R_AARCH64_PREL32: 1272 count_relocation(kRelocRelative); 1273 MARK(rela->r_offset); 1274 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 1275 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1276 if ((static_cast<ElfW(Addr)>(INT32_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1277 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT32_MAX))) { 1278 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1279 } else { 1280 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1281 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1282 static_cast<ElfW(Addr)>(INT32_MIN), 1283 static_cast<ElfW(Addr)>(UINT32_MAX)); 1284 return -1; 1285 } 1286 break; 1287 case R_AARCH64_PREL16: 1288 count_relocation(kRelocRelative); 1289 MARK(rela->r_offset); 1290 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 1291 reloc, (sym_addr + rela->r_addend), rela->r_offset, sym_name); 1292 if ((static_cast<ElfW(Addr)>(INT16_MIN) <= (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset))) && 1293 ((*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)) <= static_cast<ElfW(Addr)>(UINT16_MAX))) { 1294 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + rela->r_addend) - rela->r_offset); 1295 } else { 1296 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 1297 (*reinterpret_cast<ElfW(Addr)*>(reloc) + ((sym_addr + rela->r_addend) - rela->r_offset)), 1298 static_cast<ElfW(Addr)>(INT16_MIN), 1299 static_cast<ElfW(Addr)>(UINT16_MAX)); 1300 return -1; 1301 } 1302 break; 1303 1304 case R_AARCH64_RELATIVE: 1305 count_relocation(kRelocRelative); 1306 MARK(rela->r_offset); 1307 if (sym) { 1308 DL_ERR("odd RELATIVE form..."); 1309 return -1; 1310 } 1311 TRACE_TYPE(RELO, "RELO RELATIVE %16llx <- %16llx\n", 1312 reloc, (base + rela->r_addend)); 1313 *reinterpret_cast<ElfW(Addr)*>(reloc) = (base + rela->r_addend); 1314 break; 1315 1316 case R_AARCH64_IRELATIVE: 1317 count_relocation(kRelocRelative); 1318 MARK(rela->r_offset); 1319 TRACE_TYPE(RELO, "RELO IRELATIVE %16llx <- %16llx\n", reloc, (base + rela->r_addend)); 1320 *reinterpret_cast<ElfW(Addr)*>(reloc) = call_ifunc_resolver(base + rela->r_addend); 1321 break; 1322 1323 case R_AARCH64_COPY: 1324 /* 1325 * ET_EXEC is not supported so this should not happen. 1326 * 1327 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1328 * 1329 * Section 4.7.1.10 "Dynamic relocations" 1330 * R_AARCH64_COPY may only appear in executable objects where e_type is 1331 * set to ET_EXEC. 1332 */ 1333 DL_ERR("%s R_AARCH64_COPY relocations are not supported", name); 1334 return -1; 1335 case R_AARCH64_TLS_TPREL64: 1336 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 1337 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1338 break; 1339 case R_AARCH64_TLS_DTPREL32: 1340 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 1341 reloc, (sym_addr + rela->r_addend), rela->r_offset); 1342 break; 1343#elif defined(__x86_64__) 1344 case R_X86_64_JUMP_SLOT: 1345 count_relocation(kRelocAbsolute); 1346 MARK(rela->r_offset); 1347 TRACE_TYPE(RELO, "RELO JMP_SLOT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1348 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1349 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1350 break; 1351 case R_X86_64_GLOB_DAT: 1352 count_relocation(kRelocAbsolute); 1353 MARK(rela->r_offset); 1354 TRACE_TYPE(RELO, "RELO GLOB_DAT %08zx <- %08zx %s", static_cast<size_t>(reloc), 1355 static_cast<size_t>(sym_addr + rela->r_addend), sym_name); 1356 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1357 break; 1358 case R_X86_64_RELATIVE: 1359 count_relocation(kRelocRelative); 1360 MARK(rela->r_offset); 1361 if (sym) { 1362 DL_ERR("odd RELATIVE form..."); 1363 return -1; 1364 } 1365 TRACE_TYPE(RELO, "RELO RELATIVE %08zx <- +%08zx", static_cast<size_t>(reloc), 1366 static_cast<size_t>(base)); 1367 *reinterpret_cast<ElfW(Addr)*>(reloc) = base + rela->r_addend; 1368 break; 1369 case R_X86_64_IRELATIVE: 1370 count_relocation(kRelocRelative); 1371 MARK(rela->r_offset); 1372 TRACE_TYPE(RELO, "RELO IRELATIVE %16llx <- %16llx\n", reloc, (base + rela->r_addend)); 1373 *reinterpret_cast<ElfW(Addr)*>(reloc) = call_ifunc_resolver(base + rela->r_addend); 1374 break; 1375 case R_X86_64_32: 1376 count_relocation(kRelocRelative); 1377 MARK(rela->r_offset); 1378 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1379 static_cast<size_t>(sym_addr), sym_name); 1380 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1381 break; 1382 case R_X86_64_64: 1383 count_relocation(kRelocRelative); 1384 MARK(rela->r_offset); 1385 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 1386 static_cast<size_t>(sym_addr), sym_name); 1387 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend; 1388 break; 1389 case R_X86_64_PC32: 1390 count_relocation(kRelocRelative); 1391 MARK(rela->r_offset); 1392 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 1393 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 1394 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 1395 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + rela->r_addend - reloc; 1396 break; 1397#endif 1398 1399 default: 1400 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rela, idx); 1401 return -1; 1402 } 1403 } 1404 return 0; 1405} 1406 1407#else // REL, not RELA. 1408int soinfo::Relocate(ElfW(Rel)* rel, unsigned count, const soinfo_list_t& local_group) { 1409 for (size_t idx = 0; idx < count; ++idx, ++rel) { 1410 unsigned type = ELFW(R_TYPE)(rel->r_info); 1411 // TODO: don't use unsigned for 'sym'. Use uint32_t or ElfW(Addr) instead. 1412 unsigned sym = ELFW(R_SYM)(rel->r_info); 1413 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 1414 ElfW(Addr) sym_addr = 0; 1415 const char* sym_name = nullptr; 1416 1417 DEBUG("Processing '%s' relocation at index %zd", name, idx); 1418 if (type == 0) { // R_*_NONE 1419 continue; 1420 } 1421 1422 ElfW(Sym)* s = nullptr; 1423 soinfo* lsi = nullptr; 1424 1425 if (sym != 0) { 1426 sym_name = get_string(symtab[sym].st_name); 1427 s = soinfo_do_lookup(this, sym_name, &lsi, local_group); 1428 if (s == nullptr) { 1429 // We only allow an undefined symbol if this is a weak reference... 1430 s = &symtab[sym]; 1431 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1432 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, name); 1433 return -1; 1434 } 1435 1436 /* IHI0044C AAELF 4.5.1.1: 1437 1438 Libraries are not searched to resolve weak references. 1439 It is not an error for a weak reference to remain 1440 unsatisfied. 1441 1442 During linking, the value of an undefined weak reference is: 1443 - Zero if the relocation type is absolute 1444 - The address of the place if the relocation is pc-relative 1445 - The address of nominal base address if the relocation 1446 type is base-relative. 1447 */ 1448 1449 switch (type) { 1450#if defined(__arm__) 1451 case R_ARM_JUMP_SLOT: 1452 case R_ARM_GLOB_DAT: 1453 case R_ARM_ABS32: 1454 case R_ARM_RELATIVE: /* Don't care. */ 1455 // sym_addr was initialized to be zero above or relocation 1456 // code below does not care about value of sym_addr. 1457 // No need to do anything. 1458 break; 1459#elif defined(__i386__) 1460 case R_386_JMP_SLOT: 1461 case R_386_GLOB_DAT: 1462 case R_386_32: 1463 case R_386_RELATIVE: /* Don't care. */ 1464 case R_386_IRELATIVE: 1465 // sym_addr was initialized to be zero above or relocation 1466 // code below does not care about value of sym_addr. 1467 // No need to do anything. 1468 break; 1469 case R_386_PC32: 1470 sym_addr = reloc; 1471 break; 1472#endif 1473 1474#if defined(__arm__) 1475 case R_ARM_COPY: 1476 // Fall through. Can't really copy if weak symbol is not found at run-time. 1477#endif 1478 default: 1479 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1480 return -1; 1481 } 1482 } else { 1483 // We got a definition. 1484 sym_addr = lsi->resolve_symbol_address(s); 1485 } 1486 count_relocation(kRelocSymbol); 1487 } 1488 1489 switch (type) { 1490#if defined(__arm__) 1491 case R_ARM_JUMP_SLOT: 1492 count_relocation(kRelocAbsolute); 1493 MARK(rel->r_offset); 1494 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1495 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1496 break; 1497 case R_ARM_GLOB_DAT: 1498 count_relocation(kRelocAbsolute); 1499 MARK(rel->r_offset); 1500 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1501 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1502 break; 1503 case R_ARM_ABS32: 1504 count_relocation(kRelocAbsolute); 1505 MARK(rel->r_offset); 1506 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 1507 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1508 break; 1509 case R_ARM_REL32: 1510 count_relocation(kRelocRelative); 1511 MARK(rel->r_offset); 1512 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 1513 reloc, sym_addr, rel->r_offset, sym_name); 1514 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 1515 break; 1516 case R_ARM_COPY: 1517 /* 1518 * ET_EXEC is not supported so this should not happen. 1519 * 1520 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 1521 * 1522 * Section 4.7.1.10 "Dynamic relocations" 1523 * R_ARM_COPY may only appear in executable objects where e_type is 1524 * set to ET_EXEC. 1525 */ 1526 DL_ERR("%s R_ARM_COPY relocations are not supported", name); 1527 return -1; 1528#elif defined(__i386__) 1529 case R_386_JMP_SLOT: 1530 count_relocation(kRelocAbsolute); 1531 MARK(rel->r_offset); 1532 TRACE_TYPE(RELO, "RELO JMP_SLOT %08x <- %08x %s", reloc, sym_addr, sym_name); 1533 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1534 break; 1535 case R_386_GLOB_DAT: 1536 count_relocation(kRelocAbsolute); 1537 MARK(rel->r_offset); 1538 TRACE_TYPE(RELO, "RELO GLOB_DAT %08x <- %08x %s", reloc, sym_addr, sym_name); 1539 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr; 1540 break; 1541 case R_386_32: 1542 count_relocation(kRelocRelative); 1543 MARK(rel->r_offset); 1544 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 1545 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1546 break; 1547 case R_386_PC32: 1548 count_relocation(kRelocRelative); 1549 MARK(rel->r_offset); 1550 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 1551 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 1552 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 1553 break; 1554#elif defined(__mips__) 1555 case R_MIPS_REL32: 1556#if defined(__LP64__) 1557 // MIPS Elf64_Rel entries contain compound relocations 1558 // We only handle the R_MIPS_NONE|R_MIPS_64|R_MIPS_REL32 case 1559 if (ELF64_R_TYPE2(rel->r_info) != R_MIPS_64 || 1560 ELF64_R_TYPE3(rel->r_info) != R_MIPS_NONE) { 1561 DL_ERR("Unexpected compound relocation type:%d type2:%d type3:%d @ %p (%zu)", 1562 type, (unsigned)ELF64_R_TYPE2(rel->r_info), 1563 (unsigned)ELF64_R_TYPE3(rel->r_info), rel, idx); 1564 return -1; 1565 } 1566#endif 1567 count_relocation(kRelocAbsolute); 1568 MARK(rel->r_offset); 1569 TRACE_TYPE(RELO, "RELO REL32 %08zx <- %08zx %s", static_cast<size_t>(reloc), 1570 static_cast<size_t>(sym_addr), sym_name ? sym_name : "*SECTIONHDR*"); 1571 if (s) { 1572 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 1573 } else { 1574 *reinterpret_cast<ElfW(Addr)*>(reloc) += base; 1575 } 1576 break; 1577#endif 1578 1579#if defined(__arm__) 1580 case R_ARM_RELATIVE: 1581#elif defined(__i386__) 1582 case R_386_RELATIVE: 1583#endif 1584 count_relocation(kRelocRelative); 1585 MARK(rel->r_offset); 1586 if (sym) { 1587 DL_ERR("odd RELATIVE form..."); 1588 return -1; 1589 } 1590 TRACE_TYPE(RELO, "RELO RELATIVE %p <- +%p", 1591 reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(base)); 1592 *reinterpret_cast<ElfW(Addr)*>(reloc) += base; 1593 break; 1594#if defined(__i386__) 1595 case R_386_IRELATIVE: 1596 count_relocation(kRelocRelative); 1597 MARK(rel->r_offset); 1598 TRACE_TYPE(RELO, "RELO IRELATIVE %p <- %p", reinterpret_cast<void*>(reloc), reinterpret_cast<void*>(base)); 1599 *reinterpret_cast<ElfW(Addr)*>(reloc) = call_ifunc_resolver(base + *reinterpret_cast<ElfW(Addr)*>(reloc)); 1600 break; 1601#endif 1602 1603 default: 1604 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 1605 return -1; 1606 } 1607 } 1608 return 0; 1609} 1610#endif 1611 1612#if defined(__mips__) 1613static bool mips_relocate_got(soinfo* si, const soinfo::soinfo_list_t& local_group) { 1614 ElfW(Addr)** got = si->plt_got; 1615 if (got == nullptr) { 1616 return true; 1617 } 1618 unsigned local_gotno = si->mips_local_gotno; 1619 unsigned gotsym = si->mips_gotsym; 1620 unsigned symtabno = si->mips_symtabno; 1621 ElfW(Sym)* symtab = si->symtab; 1622 1623 // got[0] is the address of the lazy resolver function. 1624 // got[1] may be used for a GNU extension. 1625 // Set it to a recognizable address in case someone calls it (should be _rtld_bind_start). 1626 // FIXME: maybe this should be in a separate routine? 1627 if ((si->flags & FLAG_LINKER) == 0) { 1628 size_t g = 0; 1629 got[g++] = reinterpret_cast<ElfW(Addr)*>(0xdeadbeef); 1630 if (reinterpret_cast<intptr_t>(got[g]) < 0) { 1631 got[g++] = reinterpret_cast<ElfW(Addr)*>(0xdeadfeed); 1632 } 1633 // Relocate the local GOT entries. 1634 for (; g < local_gotno; g++) { 1635 got[g] = reinterpret_cast<ElfW(Addr)*>(reinterpret_cast<uintptr_t>(got[g]) + si->load_bias); 1636 } 1637 } 1638 1639 // Now for the global GOT entries... 1640 ElfW(Sym)* sym = symtab + gotsym; 1641 got = si->plt_got + local_gotno; 1642 for (size_t g = gotsym; g < symtabno; g++, sym++, got++) { 1643 // This is an undefined reference... try to locate it. 1644 const char* sym_name = si->get_string(sym->st_name); 1645 soinfo* lsi = nullptr; 1646 ElfW(Sym)* s = soinfo_do_lookup(si, sym_name, &lsi, local_group); 1647 if (s == nullptr) { 1648 // We only allow an undefined symbol if this is a weak reference. 1649 s = &symtab[g]; 1650 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1651 DL_ERR("cannot locate \"%s\"...", sym_name); 1652 return false; 1653 } 1654 *got = 0; 1655 } else { 1656 // FIXME: is this sufficient? 1657 // For reference see NetBSD link loader 1658 // http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/mips/mips_reloc.c?rev=1.53&content-type=text/x-cvsweb-markup 1659 *got = reinterpret_cast<ElfW(Addr)*>(lsi->resolve_symbol_address(s)); 1660 } 1661 } 1662 return true; 1663} 1664#endif 1665 1666void soinfo::CallArray(const char* array_name __unused, linker_function_t* functions, size_t count, bool reverse) { 1667 if (functions == nullptr) { 1668 return; 1669 } 1670 1671 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, name); 1672 1673 int begin = reverse ? (count - 1) : 0; 1674 int end = reverse ? -1 : count; 1675 int step = reverse ? -1 : 1; 1676 1677 for (int i = begin; i != end; i += step) { 1678 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 1679 CallFunction("function", functions[i]); 1680 } 1681 1682 TRACE("[ Done calling %s for '%s' ]", array_name, name); 1683} 1684 1685void soinfo::CallFunction(const char* function_name __unused, linker_function_t function) { 1686 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 1687 return; 1688 } 1689 1690 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, name); 1691 function(); 1692 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, name); 1693 1694 // The function may have called dlopen(3) or dlclose(3), so we need to ensure our data structures 1695 // are still writable. This happens with our debug malloc (see http://b/7941716). 1696 protect_data(PROT_READ | PROT_WRITE); 1697} 1698 1699void soinfo::CallPreInitConstructors() { 1700 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 1701 // but ignored in a shared library. 1702 CallArray("DT_PREINIT_ARRAY", preinit_array, preinit_array_count, false); 1703} 1704 1705void soinfo::CallConstructors() { 1706 if (constructors_called) { 1707 return; 1708 } 1709 1710 // We set constructors_called before actually calling the constructors, otherwise it doesn't 1711 // protect against recursive constructor calls. One simple example of constructor recursion 1712 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 1713 // 1. The program depends on libc, so libc's constructor is called here. 1714 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 1715 // 3. dlopen() calls the constructors on the newly created 1716 // soinfo for libc_malloc_debug_leak.so. 1717 // 4. The debug .so depends on libc, so CallConstructors is 1718 // called again with the libc soinfo. If it doesn't trigger the early- 1719 // out above, the libc constructor will be called again (recursively!). 1720 constructors_called = true; 1721 1722 if ((flags & FLAG_EXE) == 0 && preinit_array != nullptr) { 1723 // The GNU dynamic linker silently ignores these, but we warn the developer. 1724 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 1725 name, preinit_array_count); 1726 } 1727 1728 get_children().for_each([] (soinfo* si) { 1729 si->CallConstructors(); 1730 }); 1731 1732 TRACE("\"%s\": calling constructors", name); 1733 1734 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 1735 CallFunction("DT_INIT", init_func); 1736 CallArray("DT_INIT_ARRAY", init_array, init_array_count, false); 1737} 1738 1739void soinfo::CallDestructors() { 1740 if (!constructors_called) { 1741 return; 1742 } 1743 TRACE("\"%s\": calling destructors", name); 1744 1745 // DT_FINI_ARRAY must be parsed in reverse order. 1746 CallArray("DT_FINI_ARRAY", fini_array, fini_array_count, true); 1747 1748 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 1749 CallFunction("DT_FINI", fini_func); 1750 1751 // This is needed on second call to dlopen 1752 // after library has been unloaded with RTLD_NODELETE 1753 constructors_called = false; 1754} 1755 1756void soinfo::add_child(soinfo* child) { 1757 if (has_min_version(0)) { 1758 child->parents.push_back(this); 1759 this->children.push_back(child); 1760 } 1761} 1762 1763void soinfo::remove_all_links() { 1764 if (!has_min_version(0)) { 1765 return; 1766 } 1767 1768 // 1. Untie connected soinfos from 'this'. 1769 children.for_each([&] (soinfo* child) { 1770 child->parents.remove_if([&] (const soinfo* parent) { 1771 return parent == this; 1772 }); 1773 }); 1774 1775 parents.for_each([&] (soinfo* parent) { 1776 parent->children.remove_if([&] (const soinfo* child) { 1777 return child == this; 1778 }); 1779 }); 1780 1781 // 2. Once everything untied - clear local lists. 1782 parents.clear(); 1783 children.clear(); 1784} 1785 1786dev_t soinfo::get_st_dev() { 1787 if (has_min_version(0)) { 1788 return st_dev; 1789 } 1790 1791 return 0; 1792}; 1793 1794ino_t soinfo::get_st_ino() { 1795 if (has_min_version(0)) { 1796 return st_ino; 1797 } 1798 1799 return 0; 1800} 1801 1802off64_t soinfo::get_file_offset() { 1803 if (has_min_version(1)) { 1804 return file_offset; 1805 } 1806 1807 return 0; 1808} 1809 1810int soinfo::get_rtld_flags() { 1811 if (has_min_version(1)) { 1812 return rtld_flags; 1813 } 1814 1815 return 0; 1816} 1817 1818// This is a return on get_children()/get_parents() if 1819// 'this->flags' does not have FLAG_NEW_SOINFO set. 1820static soinfo::soinfo_list_t g_empty_list; 1821 1822soinfo::soinfo_list_t& soinfo::get_children() { 1823 if (has_min_version(0)) { 1824 return this->children; 1825 } 1826 1827 return g_empty_list; 1828} 1829 1830soinfo::soinfo_list_t& soinfo::get_parents() { 1831 if ((this->flags & FLAG_NEW_SOINFO) == 0) { 1832 return g_empty_list; 1833 } 1834 1835 return this->parents; 1836} 1837 1838ElfW(Addr) soinfo::resolve_symbol_address(ElfW(Sym)* s) { 1839 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 1840 return call_ifunc_resolver(s->st_value + load_bias); 1841 } 1842 1843 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 1844} 1845 1846const char* soinfo::get_string(ElfW(Word) index) const { 1847 if (has_min_version(1) && (index >= strtab_size)) { 1848 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", name, strtab_size, index); 1849 } 1850 1851 return strtab + index; 1852} 1853 1854bool soinfo::can_unload() const { 1855 return (rtld_flags & (RTLD_NODELETE | RTLD_GLOBAL)) == 0; 1856} 1857/* Force any of the closed stdin, stdout and stderr to be associated with 1858 /dev/null. */ 1859static int nullify_closed_stdio() { 1860 int dev_null, i, status; 1861 int return_value = 0; 1862 1863 dev_null = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); 1864 if (dev_null < 0) { 1865 DL_ERR("cannot open /dev/null: %s", strerror(errno)); 1866 return -1; 1867 } 1868 TRACE("[ Opened /dev/null file-descriptor=%d]", dev_null); 1869 1870 /* If any of the stdio file descriptors is valid and not associated 1871 with /dev/null, dup /dev/null to it. */ 1872 for (i = 0; i < 3; i++) { 1873 /* If it is /dev/null already, we are done. */ 1874 if (i == dev_null) { 1875 continue; 1876 } 1877 1878 TRACE("[ Nullifying stdio file descriptor %d]", i); 1879 status = TEMP_FAILURE_RETRY(fcntl(i, F_GETFL)); 1880 1881 /* If file is opened, we are good. */ 1882 if (status != -1) { 1883 continue; 1884 } 1885 1886 /* The only error we allow is that the file descriptor does not 1887 exist, in which case we dup /dev/null to it. */ 1888 if (errno != EBADF) { 1889 DL_ERR("fcntl failed: %s", strerror(errno)); 1890 return_value = -1; 1891 continue; 1892 } 1893 1894 /* Try dupping /dev/null to this stdio file descriptor and 1895 repeat if there is a signal. Note that any errors in closing 1896 the stdio descriptor are lost. */ 1897 status = TEMP_FAILURE_RETRY(dup2(dev_null, i)); 1898 if (status < 0) { 1899 DL_ERR("dup2 failed: %s", strerror(errno)); 1900 return_value = -1; 1901 continue; 1902 } 1903 } 1904 1905 /* If /dev/null is not one of the stdio file descriptors, close it. */ 1906 if (dev_null > 2) { 1907 TRACE("[ Closing /dev/null file-descriptor=%d]", dev_null); 1908 status = TEMP_FAILURE_RETRY(close(dev_null)); 1909 if (status == -1) { 1910 DL_ERR("close failed: %s", strerror(errno)); 1911 return_value = -1; 1912 } 1913 } 1914 1915 return return_value; 1916} 1917 1918bool soinfo::PrelinkImage() { 1919 /* Extract dynamic section */ 1920 ElfW(Word) dynamic_flags = 0; 1921 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 1922 1923 /* We can't log anything until the linker is relocated */ 1924 bool relocating_linker = (flags & FLAG_LINKER) != 0; 1925 if (!relocating_linker) { 1926 INFO("[ linking %s ]", name); 1927 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags); 1928 } 1929 1930 if (dynamic == nullptr) { 1931 if (!relocating_linker) { 1932 DL_ERR("missing PT_DYNAMIC in \"%s\"", name); 1933 } 1934 return false; 1935 } else { 1936 if (!relocating_linker) { 1937 DEBUG("dynamic = %p", dynamic); 1938 } 1939 } 1940 1941#if defined(__arm__) 1942 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 1943 &ARM_exidx, &ARM_exidx_count); 1944#endif 1945 1946 // Extract useful information from dynamic section. 1947 uint32_t needed_count = 0; 1948 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 1949 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 1950 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 1951 switch (d->d_tag) { 1952 case DT_SONAME: 1953 // TODO: glibc dynamic linker uses this name for 1954 // initial library lookup; consider doing the same here. 1955 break; 1956 1957 case DT_HASH: 1958 nbucket = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 1959 nchain = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 1960 bucket = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 1961 chain = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket * 4); 1962 break; 1963 1964 case DT_STRTAB: 1965 strtab = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 1966 break; 1967 1968 case DT_STRSZ: 1969 strtab_size = d->d_un.d_val; 1970 break; 1971 1972 case DT_SYMTAB: 1973 symtab = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 1974 break; 1975 1976 case DT_SYMENT: 1977 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 1978 DL_ERR("invalid DT_SYMENT: %zd", static_cast<size_t>(d->d_un.d_val)); 1979 return false; 1980 } 1981 break; 1982 1983 case DT_PLTREL: 1984#if defined(USE_RELA) 1985 if (d->d_un.d_val != DT_RELA) { 1986 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", name); 1987 return false; 1988 } 1989#else 1990 if (d->d_un.d_val != DT_REL) { 1991 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", name); 1992 return false; 1993 } 1994#endif 1995 break; 1996 1997 case DT_JMPREL: 1998#if defined(USE_RELA) 1999 plt_rela = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2000#else 2001 plt_rel = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2002#endif 2003 break; 2004 2005 case DT_PLTRELSZ: 2006#if defined(USE_RELA) 2007 plt_rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 2008#else 2009 plt_rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 2010#endif 2011 break; 2012 2013 case DT_PLTGOT: 2014#if defined(__mips__) 2015 // Used by mips and mips64. 2016 plt_got = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 2017#endif 2018 // Ignore for other platforms... (because RTLD_LAZY is not supported) 2019 break; 2020 2021 case DT_DEBUG: 2022 // Set the DT_DEBUG entry to the address of _r_debug for GDB 2023 // if the dynamic table is writable 2024// FIXME: not working currently for N64 2025// The flags for the LOAD and DYNAMIC program headers do not agree. 2026// The LOAD section containing the dynamic table has been mapped as 2027// read-only, but the DYNAMIC header claims it is writable. 2028#if !(defined(__mips__) && defined(__LP64__)) 2029 if ((dynamic_flags & PF_W) != 0) { 2030 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 2031 } 2032 break; 2033#endif 2034#if defined(USE_RELA) 2035 case DT_RELA: 2036 rela = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2037 break; 2038 2039 case DT_RELASZ: 2040 rela_count = d->d_un.d_val / sizeof(ElfW(Rela)); 2041 break; 2042 2043 case DT_RELAENT: 2044 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 2045 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2046 return false; 2047 } 2048 break; 2049 2050 // ignored (see DT_RELCOUNT comments for details) 2051 case DT_RELACOUNT: 2052 break; 2053 2054 case DT_REL: 2055 DL_ERR("unsupported DT_REL in \"%s\"", name); 2056 return false; 2057 2058 case DT_RELSZ: 2059 DL_ERR("unsupported DT_RELSZ in \"%s\"", name); 2060 return false; 2061#else 2062 case DT_REL: 2063 rel = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2064 break; 2065 2066 case DT_RELSZ: 2067 rel_count = d->d_un.d_val / sizeof(ElfW(Rel)); 2068 break; 2069 2070 case DT_RELENT: 2071 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 2072 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2073 return false; 2074 } 2075 break; 2076 2077 // "Indicates that all RELATIVE relocations have been concatenated together, 2078 // and specifies the RELATIVE relocation count." 2079 // 2080 // TODO: Spec also mentions that this can be used to optimize relocation process; 2081 // Not currently used by bionic linker - ignored. 2082 case DT_RELCOUNT: 2083 break; 2084 case DT_RELA: 2085 DL_ERR("unsupported DT_RELA in \"%s\"", name); 2086 return false; 2087#endif 2088 case DT_INIT: 2089 init_func = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2090 DEBUG("%s constructors (DT_INIT) found at %p", name, init_func); 2091 break; 2092 2093 case DT_FINI: 2094 fini_func = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2095 DEBUG("%s destructors (DT_FINI) found at %p", name, fini_func); 2096 break; 2097 2098 case DT_INIT_ARRAY: 2099 init_array = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2100 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", name, init_array); 2101 break; 2102 2103 case DT_INIT_ARRAYSZ: 2104 init_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 2105 break; 2106 2107 case DT_FINI_ARRAY: 2108 fini_array = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2109 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", name, fini_array); 2110 break; 2111 2112 case DT_FINI_ARRAYSZ: 2113 fini_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 2114 break; 2115 2116 case DT_PREINIT_ARRAY: 2117 preinit_array = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2118 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", name, preinit_array); 2119 break; 2120 2121 case DT_PREINIT_ARRAYSZ: 2122 preinit_array_count = ((unsigned)d->d_un.d_val) / sizeof(ElfW(Addr)); 2123 break; 2124 2125 case DT_TEXTREL: 2126#if defined(__LP64__) 2127 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", name); 2128 return false; 2129#else 2130 has_text_relocations = true; 2131 break; 2132#endif 2133 2134 case DT_SYMBOLIC: 2135 has_DT_SYMBOLIC = true; 2136 break; 2137 2138 case DT_NEEDED: 2139 ++needed_count; 2140 break; 2141 2142 case DT_FLAGS: 2143 if (d->d_un.d_val & DF_TEXTREL) { 2144#if defined(__LP64__) 2145 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", name); 2146 return false; 2147#else 2148 has_text_relocations = true; 2149#endif 2150 } 2151 if (d->d_un.d_val & DF_SYMBOLIC) { 2152 has_DT_SYMBOLIC = true; 2153 } 2154 break; 2155 2156 case DT_FLAGS_1: 2157 if ((d->d_un.d_val & DF_1_GLOBAL) != 0) { 2158 rtld_flags |= RTLD_GLOBAL; 2159 } 2160 2161 if ((d->d_un.d_val & DF_1_NODELETE) != 0) { 2162 rtld_flags |= RTLD_NODELETE; 2163 } 2164 // TODO: Implement other flags 2165 2166 if ((d->d_un.d_val & ~(DF_1_NOW | DF_1_GLOBAL | DF_1_NODELETE)) != 0) { 2167 DL_WARN("Unsupported flags DT_FLAGS_1=%p", reinterpret_cast<void*>(d->d_un.d_val)); 2168 } 2169 break; 2170#if defined(__mips__) 2171 case DT_MIPS_RLD_MAP: 2172 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 2173 { 2174 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 2175 *dp = &_r_debug; 2176 } 2177 break; 2178 2179 case DT_MIPS_RLD_VERSION: 2180 case DT_MIPS_FLAGS: 2181 case DT_MIPS_BASE_ADDRESS: 2182 case DT_MIPS_UNREFEXTNO: 2183 break; 2184 2185 case DT_MIPS_SYMTABNO: 2186 mips_symtabno = d->d_un.d_val; 2187 break; 2188 2189 case DT_MIPS_LOCAL_GOTNO: 2190 mips_local_gotno = d->d_un.d_val; 2191 break; 2192 2193 case DT_MIPS_GOTSYM: 2194 mips_gotsym = d->d_un.d_val; 2195 break; 2196#endif 2197 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 2198 case DT_BIND_NOW: 2199 break; 2200 2201 // Ignore: bionic does not support symbol versioning... 2202 case DT_VERSYM: 2203 case DT_VERDEF: 2204 case DT_VERDEFNUM: 2205 break; 2206 2207 default: 2208 if (!relocating_linker) { 2209 DL_WARN("%s: unused DT entry: type %p arg %p", name, 2210 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2211 } 2212 break; 2213 } 2214 } 2215 2216 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 2217 reinterpret_cast<void*>(base), strtab, symtab); 2218 2219 // Sanity checks. 2220 if (relocating_linker && needed_count != 0) { 2221 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 2222 return false; 2223 } 2224 if (nbucket == 0) { 2225 DL_ERR("empty/missing DT_HASH in \"%s\" (built with --hash-style=gnu?)", name); 2226 return false; 2227 } 2228 if (strtab == 0) { 2229 DL_ERR("empty/missing DT_STRTAB in \"%s\"", name); 2230 return false; 2231 } 2232 if (symtab == 0) { 2233 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", name); 2234 return false; 2235 } 2236 return true; 2237} 2238 2239bool soinfo::LinkImage(const soinfo_list_t& local_group, const android_dlextinfo* extinfo) { 2240 2241#if !defined(__LP64__) 2242 if (has_text_relocations) { 2243 // Make segments writable to allow text relocations to work properly. We will later call 2244 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 2245 DL_WARN("%s has text relocations. This is wasting memory and prevents " 2246 "security hardening. Please fix.", name); 2247 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2248 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2249 name, strerror(errno)); 2250 return false; 2251 } 2252 } 2253#endif 2254 2255#if defined(USE_RELA) 2256 if (rela != nullptr) { 2257 DEBUG("[ relocating %s ]", name); 2258 if (Relocate(rela, rela_count, local_group)) { 2259 return false; 2260 } 2261 } 2262 if (plt_rela != nullptr) { 2263 DEBUG("[ relocating %s plt ]", name); 2264 if (Relocate(plt_rela, plt_rela_count, local_group)) { 2265 return false; 2266 } 2267 } 2268#else 2269 if (rel != nullptr) { 2270 DEBUG("[ relocating %s ]", name); 2271 if (Relocate(rel, rel_count, local_group)) { 2272 return false; 2273 } 2274 } 2275 if (plt_rel != nullptr) { 2276 DEBUG("[ relocating %s plt ]", name); 2277 if (Relocate(plt_rel, plt_rel_count, local_group)) { 2278 return false; 2279 } 2280 } 2281#endif 2282 2283#if defined(__mips__) 2284 if (!mips_relocate_got(this)) { 2285 return false; 2286 } 2287#endif 2288 2289 DEBUG("[ finished linking %s ]", name); 2290 2291#if !defined(__LP64__) 2292 if (has_text_relocations) { 2293 // All relocations are done, we can protect our segments back to read-only. 2294 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2295 DL_ERR("can't protect segments for \"%s\": %s", 2296 name, strerror(errno)); 2297 return false; 2298 } 2299 } 2300#endif 2301 2302 /* We can also turn on GNU RELRO protection */ 2303 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 2304 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 2305 name, strerror(errno)); 2306 return false; 2307 } 2308 2309 /* Handle serializing/sharing the RELRO segment */ 2310 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 2311 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 2312 extinfo->relro_fd) < 0) { 2313 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 2314 name, strerror(errno)); 2315 return false; 2316 } 2317 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 2318 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 2319 extinfo->relro_fd) < 0) { 2320 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 2321 name, strerror(errno)); 2322 return false; 2323 } 2324 } 2325 2326 notify_gdb_of_load(this); 2327 return true; 2328} 2329 2330/* 2331 * This function add vdso to internal dso list. 2332 * It helps to stack unwinding through signal handlers. 2333 * Also, it makes bionic more like glibc. 2334 */ 2335static void add_vdso(KernelArgumentBlock& args __unused) { 2336#if defined(AT_SYSINFO_EHDR) 2337 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 2338 if (ehdr_vdso == nullptr) { 2339 return; 2340 } 2341 2342 soinfo* si = soinfo_alloc("[vdso]", nullptr, 0, 0); 2343 2344 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 2345 si->phnum = ehdr_vdso->e_phnum; 2346 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 2347 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2348 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 2349 2350 si->PrelinkImage(); 2351 si->LinkImage(g_empty_list, nullptr); 2352#endif 2353} 2354 2355/* 2356 * This is linker soinfo for GDB. See details below. 2357 */ 2358#if defined(__LP64__) 2359#define LINKER_PATH "/system/bin/linker64" 2360#else 2361#define LINKER_PATH "/system/bin/linker" 2362#endif 2363static soinfo linker_soinfo_for_gdb(LINKER_PATH, nullptr, 0, 0); 2364 2365/* gdb expects the linker to be in the debug shared object list. 2366 * Without this, gdb has trouble locating the linker's ".text" 2367 * and ".plt" sections. Gdb could also potentially use this to 2368 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 2369 * Don't use soinfo_alloc(), because the linker shouldn't 2370 * be on the soinfo list. 2371 */ 2372static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 2373 linker_soinfo_for_gdb.base = linker_base; 2374 2375 /* 2376 * Set the dynamic field in the link map otherwise gdb will complain with 2377 * the following: 2378 * warning: .dynamic section for "/system/bin/linker" is not at the 2379 * expected address (wrong library or version mismatch?) 2380 */ 2381 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 2382 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 2383 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 2384 &linker_soinfo_for_gdb.dynamic, nullptr); 2385 insert_soinfo_into_debug_map(&linker_soinfo_for_gdb); 2386} 2387 2388/* 2389 * This code is called after the linker has linked itself and 2390 * fixed it's own GOT. It is safe to make references to externs 2391 * and other non-local data at this point. 2392 */ 2393static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 2394#if TIMING 2395 struct timeval t0, t1; 2396 gettimeofday(&t0, 0); 2397#endif 2398 2399 // Initialize environment functions, and get to the ELF aux vectors table. 2400 linker_env_init(args); 2401 2402 // If this is a setuid/setgid program, close the security hole described in 2403 // ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc 2404 if (get_AT_SECURE()) { 2405 nullify_closed_stdio(); 2406 } 2407 2408 debuggerd_init(); 2409 2410 // Get a few environment variables. 2411 const char* LD_DEBUG = linker_env_get("LD_DEBUG"); 2412 if (LD_DEBUG != nullptr) { 2413 g_ld_debug_verbosity = atoi(LD_DEBUG); 2414 } 2415 2416 // Normally, these are cleaned by linker_env_init, but the test 2417 // doesn't cost us anything. 2418 const char* ldpath_env = nullptr; 2419 const char* ldpreload_env = nullptr; 2420 if (!get_AT_SECURE()) { 2421 ldpath_env = linker_env_get("LD_LIBRARY_PATH"); 2422 ldpreload_env = linker_env_get("LD_PRELOAD"); 2423 } 2424 2425 INFO("[ android linker & debugger ]"); 2426 2427 soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); 2428 if (si == nullptr) { 2429 exit(EXIT_FAILURE); 2430 } 2431 2432 /* bootstrap the link map, the main exe always needs to be first */ 2433 si->flags |= FLAG_EXE; 2434 link_map* map = &(si->link_map_head); 2435 2436 map->l_addr = 0; 2437 map->l_name = args.argv[0]; 2438 map->l_prev = nullptr; 2439 map->l_next = nullptr; 2440 2441 _r_debug.r_map = map; 2442 r_debug_tail = map; 2443 2444 init_linker_info_for_gdb(linker_base); 2445 2446 // Extract information passed from the kernel. 2447 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 2448 si->phnum = args.getauxval(AT_PHNUM); 2449 si->entry = args.getauxval(AT_ENTRY); 2450 2451 /* Compute the value of si->base. We can't rely on the fact that 2452 * the first entry is the PHDR because this will not be true 2453 * for certain executables (e.g. some in the NDK unit test suite) 2454 */ 2455 si->base = 0; 2456 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 2457 si->load_bias = 0; 2458 for (size_t i = 0; i < si->phnum; ++i) { 2459 if (si->phdr[i].p_type == PT_PHDR) { 2460 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 2461 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 2462 break; 2463 } 2464 } 2465 si->dynamic = nullptr; 2466 si->ref_count = 1; 2467 2468 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 2469 if (elf_hdr->e_type != ET_DYN) { 2470 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 2471 exit(EXIT_FAILURE); 2472 } 2473 2474 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 2475 parse_LD_LIBRARY_PATH(ldpath_env); 2476 parse_LD_PRELOAD(ldpreload_env); 2477 2478 somain = si; 2479 2480 si->PrelinkImage(); 2481 2482 // Load ld_preloads and dependencies. 2483 StringLinkedList needed_library_name_list; 2484 size_t needed_libraries_count = 0; 2485 size_t ld_preloads_count = 0; 2486 while (g_ld_preload_names[ld_preloads_count] != nullptr) { 2487 needed_library_name_list.push_back(g_ld_preload_names[ld_preloads_count++]); 2488 ++needed_libraries_count; 2489 } 2490 2491 for_each_dt_needed(si, [&](const char* name) { 2492 needed_library_name_list.push_back(name); 2493 ++needed_libraries_count; 2494 }); 2495 2496 const char* needed_library_names[needed_libraries_count]; 2497 2498 memset(needed_library_names, 0, sizeof(needed_library_names)); 2499 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 2500 2501 if (needed_libraries_count > 0 && !find_libraries(si, needed_library_names, needed_libraries_count, nullptr, g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr)) { 2502 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 2503 exit(EXIT_FAILURE); 2504 } 2505 2506 add_vdso(args); 2507 2508 si->CallPreInitConstructors(); 2509 2510 /* After the PrelinkImage, the si->load_bias is initialized. 2511 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 2512 * We need to update this value for so exe here. So Unwind_Backtrace 2513 * for some arch like x86 could work correctly within so exe. 2514 */ 2515 map->l_addr = si->load_bias; 2516 si->CallConstructors(); 2517 2518#if TIMING 2519 gettimeofday(&t1, nullptr); 2520 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 2521 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 2522 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 2523#endif 2524#if STATS 2525 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 2526 linker_stats.count[kRelocAbsolute], 2527 linker_stats.count[kRelocRelative], 2528 linker_stats.count[kRelocCopy], 2529 linker_stats.count[kRelocSymbol]); 2530#endif 2531#if COUNT_PAGES 2532 { 2533 unsigned n; 2534 unsigned i; 2535 unsigned count = 0; 2536 for (n = 0; n < 4096; n++) { 2537 if (bitmask[n]) { 2538 unsigned x = bitmask[n]; 2539#if defined(__LP64__) 2540 for (i = 0; i < 32; i++) { 2541#else 2542 for (i = 0; i < 8; i++) { 2543#endif 2544 if (x & 1) { 2545 count++; 2546 } 2547 x >>= 1; 2548 } 2549 } 2550 } 2551 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 2552 } 2553#endif 2554 2555#if TIMING || STATS || COUNT_PAGES 2556 fflush(stdout); 2557#endif 2558 2559 TRACE("[ Ready to execute '%s' @ %p ]", si->name, reinterpret_cast<void*>(si->entry)); 2560 return si->entry; 2561} 2562 2563/* Compute the load-bias of an existing executable. This shall only 2564 * be used to compute the load bias of an executable or shared library 2565 * that was loaded by the kernel itself. 2566 * 2567 * Input: 2568 * elf -> address of ELF header, assumed to be at the start of the file. 2569 * Return: 2570 * load bias, i.e. add the value of any p_vaddr in the file to get 2571 * the corresponding address in memory. 2572 */ 2573static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 2574 ElfW(Addr) offset = elf->e_phoff; 2575 const ElfW(Phdr)* phdr_table = reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 2576 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 2577 2578 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 2579 if (phdr->p_type == PT_LOAD) { 2580 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 2581 } 2582 } 2583 return 0; 2584} 2585 2586extern "C" void _start(); 2587 2588/* 2589 * This is the entry point for the linker, called from begin.S. This 2590 * method is responsible for fixing the linker's own relocations, and 2591 * then calling __linker_init_post_relocation(). 2592 * 2593 * Because this method is called before the linker has fixed it's own 2594 * relocations, any attempt to reference an extern variable, extern 2595 * function, or other GOT reference will generate a segfault. 2596 */ 2597extern "C" ElfW(Addr) __linker_init(void* raw_args) { 2598 KernelArgumentBlock args(raw_args); 2599 2600 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 2601 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 2602 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 2603 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 2604 2605 soinfo linker_so("[dynamic linker]", nullptr, 0, 0); 2606 2607 // If the linker is not acting as PT_INTERP entry_point is equal to 2608 // _start. Which means that the linker is running as an executable and 2609 // already linked by PT_INTERP. 2610 // 2611 // This happens when user tries to run 'adb shell /system/bin/linker' 2612 // see also https://code.google.com/p/android/issues/detail?id=63174 2613 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 2614 __libc_fatal("This is %s, the helper program for shared library executables.\n", args.argv[0]); 2615 } 2616 2617 linker_so.base = linker_addr; 2618 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 2619 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 2620 linker_so.dynamic = nullptr; 2621 linker_so.phdr = phdr; 2622 linker_so.phnum = elf_hdr->e_phnum; 2623 linker_so.flags |= FLAG_LINKER; 2624 2625 if (!(linker_so.PrelinkImage() && linker_so.LinkImage(g_empty_list, nullptr))) { 2626 // It would be nice to print an error message, but if the linker 2627 // can't link itself, there's no guarantee that we'll be able to 2628 // call write() (because it involves a GOT reference). We may as 2629 // well try though... 2630 const char* msg = "CANNOT LINK EXECUTABLE: "; 2631 write(2, msg, strlen(msg)); 2632 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 2633 write(2, "\n", 1); 2634 _exit(EXIT_FAILURE); 2635 } 2636 2637 __libc_init_tls(args); 2638 2639 // Initialize the linker's own global variables 2640 linker_so.CallConstructors(); 2641 2642 // Initialize static variables. Note that in order to 2643 // get correct libdl_info we need to call constructors 2644 // before get_libdl_info(). 2645 solist = get_libdl_info(); 2646 sonext = get_libdl_info(); 2647 2648 // We have successfully fixed our own relocations. It's safe to run 2649 // the main part of the linker now. 2650 args.abort_message_ptr = &g_abort_message; 2651 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 2652 2653 protect_data(PROT_READ); 2654 2655 // Return the address that the calling assembly stub should jump to. 2656 return start_address; 2657} 2658