1 /* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2022 Free Software Foundation, Inc.
3 Copyright The GNU Toolchain Authors.
4 This file is part of the GNU C Library.
5
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
10
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, see
18 <https://www.gnu.org/licenses/>. */
19
20 #include <elf.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <libintl.h>
24 #include <stdbool.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28 #include <ldsodefs.h>
29 #include <bits/wordsize.h>
30 #include <sys/mman.h>
31 #include <sys/param.h>
32 #include <sys/stat.h>
33 #include <sys/types.h>
34 #include <gnu/lib-names.h>
35
36 /* Type for the buffer we put the ELF header and hopefully the program
37 header. This buffer does not really have to be too large. In most
38 cases the program header follows the ELF header directly. If this
39 is not the case all bets are off and we can make the header
40 arbitrarily large and still won't get it read. This means the only
41 question is how large are the ELF and program header combined. The
42 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
43 bytes long. Each program header entry is again 32 and 56 bytes
44 long respectively. I.e., even with a file which has 10 program
45 header entries we only have to read 372B/624B respectively. Add to
46 this a bit of margin for program notes and reading 512B and 832B
47 for 32-bit and 64-bit files respecitvely is enough. If this
48 heuristic should really fail for some file the code in
49 `_dl_map_object_from_fd' knows how to recover. */
50 struct filebuf
51 {
52 ssize_t len;
53 #if __WORDSIZE == 32
54 # define FILEBUF_SIZE 512
55 #else
56 # define FILEBUF_SIZE 832
57 #endif
58 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
59 };
60
61 #include "dynamic-link.h"
62 #include "get-dynamic-info.h"
63 #include <abi-tag.h>
64 #include <stackinfo.h>
65 #include <sysdep.h>
66 #include <stap-probe.h>
67 #include <libc-pointer-arith.h>
68 #include <array_length.h>
69
70 #include <dl-dst.h>
71 #include <dl-load.h>
72 #include <dl-map-segments.h>
73 #include <dl-unmap-segments.h>
74 #include <dl-machine-reject-phdr.h>
75 #include <dl-sysdep-open.h>
76 #include <dl-prop.h>
77 #include <not-cancel.h>
78
79 #include <endian.h>
80 #if BYTE_ORDER == BIG_ENDIAN
81 # define byteorder ELFDATA2MSB
82 #elif BYTE_ORDER == LITTLE_ENDIAN
83 # define byteorder ELFDATA2LSB
84 #else
85 # error "Unknown BYTE_ORDER " BYTE_ORDER
86 # define byteorder ELFDATANONE
87 #endif
88
89 #define STRING(x) __STRING (x)
90
91
92 int __stack_prot attribute_hidden attribute_relro
93 #if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
94 = PROT_GROWSDOWN;
95 #elif _STACK_GROWS_UP && defined PROT_GROWSUP
96 = PROT_GROWSUP;
97 #else
98 = 0;
99 #endif
100
101
102 /* This is the decomposed LD_LIBRARY_PATH search path. */
103 struct r_search_path_struct __rtld_env_path_list attribute_relro;
104
105 /* List of the hardware capabilities we might end up using. */
106 #ifdef SHARED
107 static const struct r_strlenpair *capstr attribute_relro;
108 static size_t ncapstr attribute_relro;
109 static size_t max_capstrlen attribute_relro;
110 #else
111 enum { ncapstr = 1, max_capstrlen = 0 };
112 #endif
113
114
115 /* Get the generated information about the trusted directories. Use
116 an array of concatenated strings to avoid relocations. See
117 gen-trusted-dirs.awk. */
118 #include "trusted-dirs.h"
119
120 static const char system_dirs[] = SYSTEM_DIRS;
121 static const size_t system_dirs_len[] =
122 {
123 SYSTEM_DIRS_LEN
124 };
125 #define nsystem_dirs_len array_length (system_dirs_len)
126
127 static bool
is_trusted_path_normalize(const char * path,size_t len)128 is_trusted_path_normalize (const char *path, size_t len)
129 {
130 if (len == 0)
131 return false;
132
133 char *npath = (char *) alloca (len + 2);
134 char *wnp = npath;
135 while (*path != '\0')
136 {
137 if (path[0] == '/')
138 {
139 if (path[1] == '.')
140 {
141 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
142 {
143 while (wnp > npath && *--wnp != '/')
144 ;
145 path += 3;
146 continue;
147 }
148 else if (path[2] == '/' || path[2] == '\0')
149 {
150 path += 2;
151 continue;
152 }
153 }
154
155 if (wnp > npath && wnp[-1] == '/')
156 {
157 ++path;
158 continue;
159 }
160 }
161
162 *wnp++ = *path++;
163 }
164
165 if (wnp == npath || wnp[-1] != '/')
166 *wnp++ = '/';
167
168 const char *trun = system_dirs;
169
170 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
171 {
172 if (wnp - npath >= system_dirs_len[idx]
173 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
174 /* Found it. */
175 return true;
176
177 trun += system_dirs_len[idx] + 1;
178 }
179
180 return false;
181 }
182
183 /* Given a substring starting at INPUT, just after the DST '$' start
184 token, determine if INPUT contains DST token REF, following the
185 ELF gABI rules for DSTs:
186
187 * Longest possible sequence using the rules (greedy).
188
189 * Must start with a $ (enforced by caller).
190
191 * Must follow $ with one underscore or ASCII [A-Za-z] (caller
192 follows these rules for REF) or '{' (start curly quoted name).
193
194 * Must follow first two characters with zero or more [A-Za-z0-9_]
195 (enforced by caller) or '}' (end curly quoted name).
196
197 If the sequence is a DST matching REF then the length of the DST
198 (excluding the $ sign but including curly braces, if any) is
199 returned, otherwise 0. */
200 static size_t
is_dst(const char * input,const char * ref)201 is_dst (const char *input, const char *ref)
202 {
203 bool is_curly = false;
204
205 /* Is a ${...} input sequence? */
206 if (input[0] == '{')
207 {
208 is_curly = true;
209 ++input;
210 }
211
212 /* Check for matching name, following closing curly brace (if
213 required), or trailing characters which are part of an
214 identifier. */
215 size_t rlen = strlen (ref);
216 if (strncmp (input, ref, rlen) != 0
217 || (is_curly && input[rlen] != '}')
218 || ((input[rlen] >= 'A' && input[rlen] <= 'Z')
219 || (input[rlen] >= 'a' && input[rlen] <= 'z')
220 || (input[rlen] >= '0' && input[rlen] <= '9')
221 || (input[rlen] == '_')))
222 return 0;
223
224 if (is_curly)
225 /* Count the two curly braces. */
226 return rlen + 2;
227 else
228 return rlen;
229 }
230
231 /* INPUT should be the start of a path e.g DT_RPATH or name e.g.
232 DT_NEEDED. The return value is the number of known DSTs found. We
233 count all known DSTs regardless of __libc_enable_secure; the caller
234 is responsible for enforcing the security of the substitution rules
235 (usually _dl_dst_substitute). */
236 size_t
_dl_dst_count(const char * input)237 _dl_dst_count (const char *input)
238 {
239 size_t cnt = 0;
240
241 input = strchr (input, '$');
242
243 /* Most likely there is no DST. */
244 if (__glibc_likely (input == NULL))
245 return 0;
246
247 do
248 {
249 size_t len;
250
251 ++input;
252 /* All DSTs must follow ELF gABI rules, see is_dst (). */
253 if ((len = is_dst (input, "ORIGIN")) != 0
254 || (len = is_dst (input, "PLATFORM")) != 0
255 || (len = is_dst (input, "LIB")) != 0)
256 ++cnt;
257
258 /* There may be more than one DST in the input. */
259 input = strchr (input + len, '$');
260 }
261 while (input != NULL);
262
263 return cnt;
264 }
265
266 /* Process INPUT for DSTs and store in RESULT using the information
267 from link map L to resolve the DSTs. This function only handles one
268 path at a time and does not handle colon-separated path lists (see
269 fillin_rpath ()). Lastly the size of result in bytes should be at
270 least equal to the value returned by DL_DST_REQUIRED. Note that it
271 is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to
272 have colons, but we treat those as literal colons here, not as path
273 list delimeters. */
274 char *
_dl_dst_substitute(struct link_map * l,const char * input,char * result)275 _dl_dst_substitute (struct link_map *l, const char *input, char *result)
276 {
277 /* Copy character-by-character from input into the working pointer
278 looking for any DSTs. We track the start of input and if we are
279 going to check for trusted paths, all of which are part of $ORIGIN
280 handling in SUID/SGID cases (see below). In some cases, like when
281 a DST cannot be replaced, we may set result to an empty string and
282 return. */
283 char *wp = result;
284 const char *start = input;
285 bool check_for_trusted = false;
286
287 do
288 {
289 if (__glibc_unlikely (*input == '$'))
290 {
291 const char *repl = NULL;
292 size_t len;
293
294 ++input;
295 if ((len = is_dst (input, "ORIGIN")) != 0)
296 {
297 /* For SUID/GUID programs we normally ignore the path with
298 $ORIGIN in DT_RUNPATH, or DT_RPATH. However, there is
299 one exception to this rule, and it is:
300
301 * $ORIGIN appears as the first path element, and is
302 the only string in the path or is immediately
303 followed by a path separator and the rest of the
304 path,
305
306 and ...
307
308 * The path is rooted in a trusted directory.
309
310 This exception allows such programs to reference
311 shared libraries in subdirectories of trusted
312 directories. The use case is one of general
313 organization and deployment flexibility.
314 Trusted directories are usually such paths as "/lib64"
315 or "/usr/lib64", and the usual RPATHs take the form of
316 [$ORIGIN/../$LIB/somedir]. */
317 if (__glibc_unlikely (__libc_enable_secure)
318 && !(input == start + 1
319 && (input[len] == '\0' || input[len] == '/')))
320 repl = (const char *) -1;
321 else
322 repl = l->l_origin;
323
324 check_for_trusted = (__libc_enable_secure
325 && l->l_type == lt_executable);
326 }
327 else if ((len = is_dst (input, "PLATFORM")) != 0)
328 repl = GLRO(dl_platform);
329 else if ((len = is_dst (input, "LIB")) != 0)
330 repl = DL_DST_LIB;
331
332 if (repl != NULL && repl != (const char *) -1)
333 {
334 wp = __stpcpy (wp, repl);
335 input += len;
336 }
337 else if (len != 0)
338 {
339 /* We found a valid DST that we know about, but we could
340 not find a replacement value for it, therefore we
341 cannot use this path and discard it. */
342 *result = '\0';
343 return result;
344 }
345 else
346 /* No DST we recognize. */
347 *wp++ = '$';
348 }
349 else
350 {
351 *wp++ = *input++;
352 }
353 }
354 while (*input != '\0');
355
356 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
357 path must be rooted in one of the trusted directories. The $LIB
358 and $PLATFORM DST cannot in any way be manipulated by the caller
359 because they are fixed values that are set by the dynamic loader
360 and therefore any paths using just $LIB or $PLATFORM need not be
361 checked for trust, the authors of the binaries themselves are
362 trusted to have designed this correctly. Only $ORIGIN is tested in
363 this way because it may be manipulated in some ways with hard
364 links. */
365 if (__glibc_unlikely (check_for_trusted)
366 && !is_trusted_path_normalize (result, wp - result))
367 {
368 *result = '\0';
369 return result;
370 }
371
372 *wp = '\0';
373
374 return result;
375 }
376
377
378 /* Return a malloc allocated copy of INPUT with all recognized DSTs
379 replaced. On some platforms it might not be possible to determine the
380 path from which the object belonging to the map is loaded. In this
381 case the path containing the DST is left out. On error NULL
382 is returned. */
383 static char *
expand_dynamic_string_token(struct link_map * l,const char * input)384 expand_dynamic_string_token (struct link_map *l, const char *input)
385 {
386 /* We make two runs over the string. First we determine how large the
387 resulting string is and then we copy it over. Since this is no
388 frequently executed operation we are looking here not for performance
389 but rather for code size. */
390 size_t cnt;
391 size_t total;
392 char *result;
393
394 /* Determine the number of DSTs. */
395 cnt = _dl_dst_count (input);
396
397 /* If we do not have to replace anything simply copy the string. */
398 if (__glibc_likely (cnt == 0))
399 return __strdup (input);
400
401 /* Determine the length of the substituted string. */
402 total = DL_DST_REQUIRED (l, input, strlen (input), cnt);
403
404 /* Allocate the necessary memory. */
405 result = (char *) malloc (total + 1);
406 if (result == NULL)
407 return NULL;
408
409 return _dl_dst_substitute (l, input, result);
410 }
411
412
413 /* Add `name' to the list of names for a particular shared object.
414 `name' is expected to have been allocated with malloc and will
415 be freed if the shared object already has this name.
416 Returns false if the object already had this name. */
417 static void
add_name_to_object(struct link_map * l,const char * name)418 add_name_to_object (struct link_map *l, const char *name)
419 {
420 struct libname_list *lnp, *lastp;
421 struct libname_list *newname;
422 size_t name_len;
423
424 lastp = NULL;
425 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
426 if (strcmp (name, lnp->name) == 0)
427 return;
428
429 name_len = strlen (name) + 1;
430 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
431 if (newname == NULL)
432 {
433 /* No more memory. */
434 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
435 return;
436 }
437 /* The object should have a libname set from _dl_new_object. */
438 assert (lastp != NULL);
439
440 newname->name = memcpy (newname + 1, name, name_len);
441 newname->next = NULL;
442 newname->dont_free = 0;
443 /* CONCURRENCY NOTES:
444
445 Make sure the initialization of newname happens before its address is
446 read from the lastp->next store below.
447
448 GL(dl_load_lock) is held here (and by other writers, e.g. dlclose), so
449 readers of libname_list->next (e.g. _dl_check_caller or the reads above)
450 can use that for synchronization, however the read in _dl_name_match_p
451 may be executed without holding the lock during _dl_runtime_resolve
452 (i.e. lazy symbol resolution when a function of library l is called).
453
454 The release MO store below synchronizes with the acquire MO load in
455 _dl_name_match_p. Other writes need to synchronize with that load too,
456 however those happen either early when the process is single threaded
457 (dl_main) or when the library is unloaded (dlclose) and the user has to
458 synchronize library calls with unloading. */
459 atomic_store_release (&lastp->next, newname);
460 }
461
462 /* Standard search directories. */
463 struct r_search_path_struct __rtld_search_dirs attribute_relro;
464
465 static size_t max_dirnamelen;
466
467 static struct r_search_path_elem **
fillin_rpath(char * rpath,struct r_search_path_elem ** result,const char * sep,const char * what,const char * where,struct link_map * l)468 fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
469 const char *what, const char *where, struct link_map *l)
470 {
471 char *cp;
472 size_t nelems = 0;
473
474 while ((cp = __strsep (&rpath, sep)) != NULL)
475 {
476 struct r_search_path_elem *dirp;
477 char *to_free = NULL;
478 size_t len = 0;
479
480 /* `strsep' can pass an empty string. */
481 if (*cp != '\0')
482 {
483 to_free = cp = expand_dynamic_string_token (l, cp);
484
485 /* expand_dynamic_string_token can return NULL in case of empty
486 path or memory allocation failure. */
487 if (cp == NULL)
488 continue;
489
490 /* Compute the length after dynamic string token expansion and
491 ignore empty paths. */
492 len = strlen (cp);
493 if (len == 0)
494 {
495 free (to_free);
496 continue;
497 }
498
499 /* Remove trailing slashes (except for "/"). */
500 while (len > 1 && cp[len - 1] == '/')
501 --len;
502
503 /* Now add one if there is none so far. */
504 if (len > 0 && cp[len - 1] != '/')
505 cp[len++] = '/';
506 }
507
508 /* See if this directory is already known. */
509 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
510 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
511 break;
512
513 if (dirp != NULL)
514 {
515 /* It is available, see whether it's on our own list. */
516 size_t cnt;
517 for (cnt = 0; cnt < nelems; ++cnt)
518 if (result[cnt] == dirp)
519 break;
520
521 if (cnt == nelems)
522 result[nelems++] = dirp;
523 }
524 else
525 {
526 size_t cnt;
527 enum r_dir_status init_val;
528 size_t where_len = where ? strlen (where) + 1 : 0;
529
530 /* It's a new directory. Create an entry and add it. */
531 dirp = (struct r_search_path_elem *)
532 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
533 + where_len + len + 1);
534 if (dirp == NULL)
535 _dl_signal_error (ENOMEM, NULL, NULL,
536 N_("cannot create cache for search path"));
537
538 dirp->dirname = ((char *) dirp + sizeof (*dirp)
539 + ncapstr * sizeof (enum r_dir_status));
540 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
541 dirp->dirnamelen = len;
542
543 if (len > max_dirnamelen)
544 max_dirnamelen = len;
545
546 /* We have to make sure all the relative directories are
547 never ignored. The current directory might change and
548 all our saved information would be void. */
549 init_val = cp[0] != '/' ? existing : unknown;
550 for (cnt = 0; cnt < ncapstr; ++cnt)
551 dirp->status[cnt] = init_val;
552
553 dirp->what = what;
554 if (__glibc_likely (where != NULL))
555 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
556 + (ncapstr * sizeof (enum r_dir_status)),
557 where, where_len);
558 else
559 dirp->where = NULL;
560
561 dirp->next = GL(dl_all_dirs);
562 GL(dl_all_dirs) = dirp;
563
564 /* Put it in the result array. */
565 result[nelems++] = dirp;
566 }
567 free (to_free);
568 }
569
570 /* Terminate the array. */
571 result[nelems] = NULL;
572
573 return result;
574 }
575
576
577 static bool
decompose_rpath(struct r_search_path_struct * sps,const char * rpath,struct link_map * l,const char * what)578 decompose_rpath (struct r_search_path_struct *sps,
579 const char *rpath, struct link_map *l, const char *what)
580 {
581 /* Make a copy we can work with. */
582 const char *where = l->l_name;
583 char *cp;
584 struct r_search_path_elem **result;
585 size_t nelems;
586 /* Initialize to please the compiler. */
587 const char *errstring = NULL;
588
589 /* First see whether we must forget the RUNPATH and RPATH from this
590 object. */
591 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
592 && !__libc_enable_secure)
593 {
594 const char *inhp = GLRO(dl_inhibit_rpath);
595
596 do
597 {
598 const char *wp = where;
599
600 while (*inhp == *wp && *wp != '\0')
601 {
602 ++inhp;
603 ++wp;
604 }
605
606 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
607 {
608 /* This object is on the list of objects for which the
609 RUNPATH and RPATH must not be used. */
610 sps->dirs = (void *) -1;
611 return false;
612 }
613
614 while (*inhp != '\0')
615 if (*inhp++ == ':')
616 break;
617 }
618 while (*inhp != '\0');
619 }
620
621 /* Ignore empty rpaths. */
622 if (*rpath == '\0')
623 {
624 sps->dirs = (struct r_search_path_elem **) -1;
625 return false;
626 }
627
628 /* Make a writable copy. */
629 char *copy = __strdup (rpath);
630 if (copy == NULL)
631 {
632 errstring = N_("cannot create RUNPATH/RPATH copy");
633 goto signal_error;
634 }
635
636 /* Count the number of necessary elements in the result array. */
637 nelems = 0;
638 for (cp = copy; *cp != '\0'; ++cp)
639 if (*cp == ':')
640 ++nelems;
641
642 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
643 number of necessary entries. */
644 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
645 * sizeof (*result));
646 if (result == NULL)
647 {
648 free (copy);
649 errstring = N_("cannot create cache for search path");
650 signal_error:
651 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
652 }
653
654 fillin_rpath (copy, result, ":", what, where, l);
655
656 /* Free the copied RPATH string. `fillin_rpath' make own copies if
657 necessary. */
658 free (copy);
659
660 /* There is no path after expansion. */
661 if (result[0] == NULL)
662 {
663 free (result);
664 sps->dirs = (struct r_search_path_elem **) -1;
665 return false;
666 }
667
668 sps->dirs = result;
669 /* The caller will change this value if we haven't used a real malloc. */
670 sps->malloced = 1;
671 return true;
672 }
673
674 /* Make sure cached path information is stored in *SP
675 and return true if there are any paths to search there. */
676 static bool
cache_rpath(struct link_map * l,struct r_search_path_struct * sp,int tag,const char * what)677 cache_rpath (struct link_map *l,
678 struct r_search_path_struct *sp,
679 int tag,
680 const char *what)
681 {
682 if (sp->dirs == (void *) -1)
683 return false;
684
685 if (sp->dirs != NULL)
686 return true;
687
688 if (l->l_info[tag] == NULL)
689 {
690 /* There is no path. */
691 sp->dirs = (void *) -1;
692 return false;
693 }
694
695 /* Make sure the cache information is available. */
696 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
697 + l->l_info[tag]->d_un.d_val),
698 l, what);
699 }
700
701
702 void
_dl_init_paths(const char * llp,const char * source,const char * glibc_hwcaps_prepend,const char * glibc_hwcaps_mask)703 _dl_init_paths (const char *llp, const char *source,
704 const char *glibc_hwcaps_prepend,
705 const char *glibc_hwcaps_mask)
706 {
707 size_t idx;
708 const char *strp;
709 struct r_search_path_elem *pelem, **aelem;
710 size_t round_size;
711 struct link_map __attribute__ ((unused)) *l = NULL;
712 /* Initialize to please the compiler. */
713 const char *errstring = NULL;
714
715 /* Fill in the information about the application's RPATH and the
716 directories addressed by the LD_LIBRARY_PATH environment variable. */
717
718 #ifdef SHARED
719 /* Get the capabilities. */
720 capstr = _dl_important_hwcaps (glibc_hwcaps_prepend, glibc_hwcaps_mask,
721 &ncapstr, &max_capstrlen);
722 #endif
723
724 /* First set up the rest of the default search directory entries. */
725 aelem = __rtld_search_dirs.dirs = (struct r_search_path_elem **)
726 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
727 if (__rtld_search_dirs.dirs == NULL)
728 {
729 errstring = N_("cannot create search path array");
730 signal_error:
731 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
732 }
733
734 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
735 + ncapstr * sizeof (enum r_dir_status))
736 / sizeof (struct r_search_path_elem));
737
738 __rtld_search_dirs.dirs[0]
739 = malloc (nsystem_dirs_len * round_size
740 * sizeof (*__rtld_search_dirs.dirs[0]));
741 if (__rtld_search_dirs.dirs[0] == NULL)
742 {
743 errstring = N_("cannot create cache for search path");
744 goto signal_error;
745 }
746
747 __rtld_search_dirs.malloced = 0;
748 pelem = GL(dl_all_dirs) = __rtld_search_dirs.dirs[0];
749 strp = system_dirs;
750 idx = 0;
751
752 do
753 {
754 size_t cnt;
755
756 *aelem++ = pelem;
757
758 pelem->what = "system search path";
759 pelem->where = NULL;
760
761 pelem->dirname = strp;
762 pelem->dirnamelen = system_dirs_len[idx];
763 strp += system_dirs_len[idx] + 1;
764
765 /* System paths must be absolute. */
766 assert (pelem->dirname[0] == '/');
767 for (cnt = 0; cnt < ncapstr; ++cnt)
768 pelem->status[cnt] = unknown;
769
770 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
771
772 pelem += round_size;
773 }
774 while (idx < nsystem_dirs_len);
775
776 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
777 *aelem = NULL;
778
779 /* This points to the map of the main object. If there is no main
780 object (e.g., under --help, use the dynamic loader itself as a
781 stand-in. */
782 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
783 #ifdef SHARED
784 if (l == NULL)
785 l = &GL (dl_rtld_map);
786 #endif
787 assert (l->l_type != lt_loaded);
788
789 if (l->l_info[DT_RUNPATH])
790 {
791 /* Allocate room for the search path and fill in information
792 from RUNPATH. */
793 decompose_rpath (&l->l_runpath_dirs,
794 (const void *) (D_PTR (l, l_info[DT_STRTAB])
795 + l->l_info[DT_RUNPATH]->d_un.d_val),
796 l, "RUNPATH");
797 /* During rtld init the memory is allocated by the stub malloc,
798 prevent any attempt to free it by the normal malloc. */
799 l->l_runpath_dirs.malloced = 0;
800
801 /* The RPATH is ignored. */
802 l->l_rpath_dirs.dirs = (void *) -1;
803 }
804 else
805 {
806 l->l_runpath_dirs.dirs = (void *) -1;
807
808 if (l->l_info[DT_RPATH])
809 {
810 /* Allocate room for the search path and fill in information
811 from RPATH. */
812 decompose_rpath (&l->l_rpath_dirs,
813 (const void *) (D_PTR (l, l_info[DT_STRTAB])
814 + l->l_info[DT_RPATH]->d_un.d_val),
815 l, "RPATH");
816 /* During rtld init the memory is allocated by the stub
817 malloc, prevent any attempt to free it by the normal
818 malloc. */
819 l->l_rpath_dirs.malloced = 0;
820 }
821 else
822 l->l_rpath_dirs.dirs = (void *) -1;
823 }
824
825 if (llp != NULL && *llp != '\0')
826 {
827 char *llp_tmp = strdupa (llp);
828
829 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
830 elements it has. */
831 size_t nllp = 1;
832 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
833 if (*cp == ':' || *cp == ';')
834 ++nllp;
835
836 __rtld_env_path_list.dirs = (struct r_search_path_elem **)
837 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
838 if (__rtld_env_path_list.dirs == NULL)
839 {
840 errstring = N_("cannot create cache for search path");
841 goto signal_error;
842 }
843
844 (void) fillin_rpath (llp_tmp, __rtld_env_path_list.dirs, ":;",
845 source, NULL, l);
846
847 if (__rtld_env_path_list.dirs[0] == NULL)
848 {
849 free (__rtld_env_path_list.dirs);
850 __rtld_env_path_list.dirs = (void *) -1;
851 }
852
853 __rtld_env_path_list.malloced = 0;
854 }
855 else
856 __rtld_env_path_list.dirs = (void *) -1;
857 }
858
859
860 /* Process PT_GNU_PROPERTY program header PH in module L after
861 PT_LOAD segments are mapped. Only one NT_GNU_PROPERTY_TYPE_0
862 note is handled which contains processor specific properties.
863 FD is -1 for the kernel mapped main executable otherwise it is
864 the fd used for loading module L. */
865
866 void
_dl_process_pt_gnu_property(struct link_map * l,int fd,const ElfW (Phdr)* ph)867 _dl_process_pt_gnu_property (struct link_map *l, int fd, const ElfW(Phdr) *ph)
868 {
869 const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr);
870 const ElfW(Addr) size = ph->p_memsz;
871 const ElfW(Addr) align = ph->p_align;
872
873 /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes in
874 32-bit objects and to 8 bytes in 64-bit objects. Skip notes
875 with incorrect alignment. */
876 if (align != (__ELF_NATIVE_CLASS / 8))
877 return;
878
879 const ElfW(Addr) start = (ElfW(Addr)) note;
880 unsigned int last_type = 0;
881
882 while ((ElfW(Addr)) (note + 1) - start < size)
883 {
884 /* Find the NT_GNU_PROPERTY_TYPE_0 note. */
885 if (note->n_namesz == 4
886 && note->n_type == NT_GNU_PROPERTY_TYPE_0
887 && memcmp (note + 1, "GNU", 4) == 0)
888 {
889 /* Check for invalid property. */
890 if (note->n_descsz < 8
891 || (note->n_descsz % sizeof (ElfW(Addr))) != 0)
892 return;
893
894 /* Start and end of property array. */
895 unsigned char *ptr = (unsigned char *) (note + 1) + 4;
896 unsigned char *ptr_end = ptr + note->n_descsz;
897
898 do
899 {
900 unsigned int type = *(unsigned int *) ptr;
901 unsigned int datasz = *(unsigned int *) (ptr + 4);
902
903 /* Property type must be in ascending order. */
904 if (type < last_type)
905 return;
906
907 ptr += 8;
908 if ((ptr + datasz) > ptr_end)
909 return;
910
911 last_type = type;
912
913 /* Target specific property processing. */
914 if (_dl_process_gnu_property (l, fd, type, datasz, ptr) == 0)
915 return;
916
917 /* Check the next property item. */
918 ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr)));
919 }
920 while ((ptr_end - ptr) >= 8);
921
922 /* Only handle one NT_GNU_PROPERTY_TYPE_0. */
923 return;
924 }
925
926 note = ((const void *) note
927 + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz,
928 align));
929 }
930 }
931
932
933 /* Map in the shared object NAME, actually located in REALNAME, and already
934 opened on FD. */
935
936 #ifndef EXTERNAL_MAP_FROM_FD
937 static
938 #endif
939 struct link_map *
_dl_map_object_from_fd(const char * name,const char * origname,int fd,struct filebuf * fbp,char * realname,struct link_map * loader,int l_type,int mode,void ** stack_endp,Lmid_t nsid)940 _dl_map_object_from_fd (const char *name, const char *origname, int fd,
941 struct filebuf *fbp, char *realname,
942 struct link_map *loader, int l_type, int mode,
943 void **stack_endp, Lmid_t nsid)
944 {
945 struct link_map *l = NULL;
946 const ElfW(Ehdr) *header;
947 const ElfW(Phdr) *phdr;
948 const ElfW(Phdr) *ph;
949 size_t maplength;
950 int type;
951 /* Initialize to keep the compiler happy. */
952 const char *errstring = NULL;
953 int errval = 0;
954 struct r_debug *r = _dl_debug_update (nsid);
955 bool make_consistent = false;
956
957 /* Get file information. To match the kernel behavior, do not fill
958 in this information for the executable in case of an explicit
959 loader invocation. */
960 struct r_file_id id;
961 if (mode & __RTLD_OPENEXEC)
962 {
963 assert (nsid == LM_ID_BASE);
964 memset (&id, 0, sizeof (id));
965 }
966 else
967 {
968 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
969 {
970 errstring = N_("cannot stat shared object");
971 lose_errno:
972 errval = errno;
973 lose:
974 /* The file might already be closed. */
975 if (fd != -1)
976 __close_nocancel (fd);
977 if (l != NULL && l->l_map_start != 0)
978 _dl_unmap_segments (l);
979 if (l != NULL && l->l_origin != (char *) -1l)
980 free ((char *) l->l_origin);
981 if (l != NULL && !l->l_libname->dont_free)
982 free (l->l_libname);
983 if (l != NULL && l->l_phdr_allocated)
984 free ((void *) l->l_phdr);
985 free (l);
986 free (realname);
987
988 if (make_consistent && r != NULL)
989 {
990 r->r_state = RT_CONSISTENT;
991 _dl_debug_state ();
992 LIBC_PROBE (map_failed, 2, nsid, r);
993 }
994
995 _dl_signal_error (errval, name, NULL, errstring);
996 }
997
998 /* Look again to see if the real name matched another already loaded. */
999 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
1000 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
1001 {
1002 /* The object is already loaded.
1003 Just bump its reference count and return it. */
1004 __close_nocancel (fd);
1005
1006 /* If the name is not in the list of names for this object add
1007 it. */
1008 free (realname);
1009 add_name_to_object (l, name);
1010
1011 return l;
1012 }
1013 }
1014
1015 #ifdef SHARED
1016 /* When loading into a namespace other than the base one we must
1017 avoid loading ld.so since there can only be one copy. Ever. */
1018 if (__glibc_unlikely (nsid != LM_ID_BASE)
1019 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
1020 || _dl_name_match_p (name, &GL(dl_rtld_map))))
1021 {
1022 /* This is indeed ld.so. Create a new link_map which refers to
1023 the real one for almost everything. */
1024 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1025 if (l == NULL)
1026 goto fail_new;
1027
1028 /* Refer to the real descriptor. */
1029 l->l_real = &GL(dl_rtld_map);
1030
1031 /* Copy l_addr and l_ld to avoid a GDB warning with dlmopen(). */
1032 l->l_addr = l->l_real->l_addr;
1033 l->l_ld = l->l_real->l_ld;
1034
1035 /* No need to bump the refcount of the real object, ld.so will
1036 never be unloaded. */
1037 __close_nocancel (fd);
1038
1039 /* Add the map for the mirrored object to the object list. */
1040 _dl_add_to_namespace_list (l, nsid);
1041
1042 return l;
1043 }
1044 #endif
1045
1046 if (mode & RTLD_NOLOAD)
1047 {
1048 /* We are not supposed to load the object unless it is already
1049 loaded. So return now. */
1050 free (realname);
1051 __close_nocancel (fd);
1052 return NULL;
1053 }
1054
1055 /* Print debugging message. */
1056 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1057 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
1058
1059 /* This is the ELF header. We read it in `open_verify'. */
1060 header = (void *) fbp->buf;
1061
1062 /* Enter the new object in the list of loaded objects. */
1063 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1064 if (__glibc_unlikely (l == NULL))
1065 {
1066 #ifdef SHARED
1067 fail_new:
1068 #endif
1069 errstring = N_("cannot create shared object descriptor");
1070 goto lose_errno;
1071 }
1072
1073 /* Extract the remaining details we need from the ELF header
1074 and then read in the program header table. */
1075 l->l_entry = header->e_entry;
1076 type = header->e_type;
1077 l->l_phnum = header->e_phnum;
1078
1079 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1080 if (header->e_phoff + maplength <= (size_t) fbp->len)
1081 phdr = (void *) (fbp->buf + header->e_phoff);
1082 else
1083 {
1084 phdr = alloca (maplength);
1085 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1086 header->e_phoff) != maplength)
1087 {
1088 errstring = N_("cannot read file data");
1089 goto lose_errno;
1090 }
1091 }
1092
1093 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1094 * executable. Other platforms default to a nonexecutable stack and don't
1095 * need PT_GNU_STACK to do so. */
1096 unsigned int stack_flags = DEFAULT_STACK_PERMS;
1097
1098 {
1099 /* Scan the program header table, collecting its load commands. */
1100 struct loadcmd loadcmds[l->l_phnum];
1101 size_t nloadcmds = 0;
1102 bool has_holes = false;
1103 bool empty_dynamic = false;
1104 ElfW(Addr) p_align_max = 0;
1105
1106 /* The struct is initialized to zero so this is not necessary:
1107 l->l_ld = 0;
1108 l->l_phdr = 0;
1109 l->l_addr = 0; */
1110 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1111 switch (ph->p_type)
1112 {
1113 /* These entries tell us where to find things once the file's
1114 segments are mapped in. We record the addresses it says
1115 verbatim, and later correct for the run-time load address. */
1116 case PT_DYNAMIC:
1117 if (ph->p_filesz == 0)
1118 empty_dynamic = true; /* Usually separate debuginfo. */
1119 else
1120 {
1121 /* Debuginfo only files from "objcopy --only-keep-debug"
1122 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
1123 such a segment to avoid a crash later. */
1124 l->l_ld = (void *) ph->p_vaddr;
1125 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1126 l->l_ld_readonly = (ph->p_flags & PF_W) == 0;
1127 }
1128 break;
1129
1130 case PT_PHDR:
1131 l->l_phdr = (void *) ph->p_vaddr;
1132 break;
1133
1134 case PT_LOAD:
1135 /* A load command tells us to map in part of the file.
1136 We record the load commands and process them all later. */
1137 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1138 & (GLRO(dl_pagesize) - 1)) != 0))
1139 {
1140 errstring
1141 = N_("ELF load command address/offset not page-aligned");
1142 goto lose;
1143 }
1144
1145 struct loadcmd *c = &loadcmds[nloadcmds++];
1146 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1147 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1148 c->dataend = ph->p_vaddr + ph->p_filesz;
1149 c->allocend = ph->p_vaddr + ph->p_memsz;
1150 /* Remember the maximum p_align. */
1151 if (powerof2 (ph->p_align) && ph->p_align > p_align_max)
1152 p_align_max = ph->p_align;
1153 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1154
1155 DIAG_PUSH_NEEDS_COMMENT;
1156
1157 #if __GNUC_PREREQ (11, 0)
1158 /* Suppress invalid GCC warning:
1159 ‘(((char *)loadcmds.113_68 + _933 + 16))[329406144173384849].mapend’ may be used uninitialized [-Wmaybe-uninitialized]
1160 See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106008
1161 */
1162 DIAG_IGNORE_NEEDS_COMMENT (11, "-Wmaybe-uninitialized");
1163 #endif
1164 /* Determine whether there is a gap between the last segment
1165 and this one. */
1166 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1167 has_holes = true;
1168 DIAG_POP_NEEDS_COMMENT;
1169
1170 /* Optimize a common case. */
1171 #if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1172 c->prot = (PF_TO_PROT
1173 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1174 #else
1175 c->prot = 0;
1176 if (ph->p_flags & PF_R)
1177 c->prot |= PROT_READ;
1178 if (ph->p_flags & PF_W)
1179 c->prot |= PROT_WRITE;
1180 if (ph->p_flags & PF_X)
1181 c->prot |= PROT_EXEC;
1182 #endif
1183 break;
1184
1185 case PT_TLS:
1186 if (ph->p_memsz == 0)
1187 /* Nothing to do for an empty segment. */
1188 break;
1189
1190 l->l_tls_blocksize = ph->p_memsz;
1191 l->l_tls_align = ph->p_align;
1192 if (ph->p_align == 0)
1193 l->l_tls_firstbyte_offset = 0;
1194 else
1195 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1196 l->l_tls_initimage_size = ph->p_filesz;
1197 /* Since we don't know the load address yet only store the
1198 offset. We will adjust it later. */
1199 l->l_tls_initimage = (void *) ph->p_vaddr;
1200
1201 /* l->l_tls_modid is assigned below, once there is no
1202 possibility for failure. */
1203
1204 if (l->l_type != lt_library
1205 && GL(dl_tls_dtv_slotinfo_list) == NULL)
1206 {
1207 #ifdef SHARED
1208 /* We are loading the executable itself when the dynamic
1209 linker was executed directly. The setup will happen
1210 later. */
1211 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
1212 #else
1213 assert (false && "TLS not initialized in static application");
1214 #endif
1215 }
1216 break;
1217
1218 case PT_GNU_STACK:
1219 stack_flags = ph->p_flags;
1220 break;
1221
1222 case PT_GNU_RELRO:
1223 l->l_relro_addr = ph->p_vaddr;
1224 l->l_relro_size = ph->p_memsz;
1225 break;
1226 }
1227
1228 if (__glibc_unlikely (nloadcmds == 0))
1229 {
1230 /* This only happens for a bogus object that will be caught with
1231 another error below. But we don't want to go through the
1232 calculations below using NLOADCMDS - 1. */
1233 errstring = N_("object file has no loadable segments");
1234 goto lose;
1235 }
1236
1237 /* Align all PT_LOAD segments to the maximum p_align. */
1238 for (size_t i = 0; i < nloadcmds; i++)
1239 loadcmds[i].mapalign = p_align_max;
1240
1241 /* dlopen of an executable is not valid because it is not possible
1242 to perform proper relocations, handle static TLS, or run the
1243 ELF constructors. For PIE, the check needs the dynamic
1244 section, so there is another check below. */
1245 if (__glibc_unlikely (type != ET_DYN)
1246 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1247 {
1248 /* This object is loaded at a fixed address. This must never
1249 happen for objects loaded with dlopen. */
1250 errstring = N_("cannot dynamically load executable");
1251 goto lose;
1252 }
1253
1254 /* This check recognizes most separate debuginfo files. */
1255 if (__glibc_unlikely ((l->l_ld == 0 && type == ET_DYN) || empty_dynamic))
1256 {
1257 errstring = N_("object file has no dynamic section");
1258 goto lose;
1259 }
1260
1261 /* Length of the sections to be loaded. */
1262 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1263
1264 /* Now process the load commands and map segments into memory.
1265 This is responsible for filling in:
1266 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1267 */
1268 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1269 maplength, has_holes, loader);
1270 if (__glibc_unlikely (errstring != NULL))
1271 {
1272 /* Mappings can be in an inconsistent state: avoid unmap. */
1273 l->l_map_start = l->l_map_end = 0;
1274 goto lose;
1275 }
1276 }
1277
1278 if (l->l_ld != 0)
1279 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1280
1281 elf_get_dynamic_info (l, false, false);
1282
1283 /* Make sure we are not dlopen'ing an object that has the
1284 DF_1_NOOPEN flag set, or a PIE object. */
1285 if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1286 && (mode & __RTLD_DLOPEN))
1287 || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE)
1288 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)))
1289 {
1290 if (l->l_flags_1 & DF_1_PIE)
1291 errstring
1292 = N_("cannot dynamically load position-independent executable");
1293 else
1294 errstring = N_("shared object cannot be dlopen()ed");
1295 goto lose;
1296 }
1297
1298 if (l->l_phdr == NULL)
1299 {
1300 /* The program header is not contained in any of the segments.
1301 We have to allocate memory ourself and copy it over from out
1302 temporary place. */
1303 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1304 * sizeof (ElfW(Phdr)));
1305 if (newp == NULL)
1306 {
1307 errstring = N_("cannot allocate memory for program header");
1308 goto lose_errno;
1309 }
1310
1311 l->l_phdr = memcpy (newp, phdr,
1312 (header->e_phnum * sizeof (ElfW(Phdr))));
1313 l->l_phdr_allocated = 1;
1314 }
1315 else
1316 /* Adjust the PT_PHDR value by the runtime load address. */
1317 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1318
1319 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1320 {
1321 /* The stack is presently not executable, but this module
1322 requires that it be executable. We must change the
1323 protection of the variable which contains the flags used in
1324 the mprotect calls. */
1325 #ifdef SHARED
1326 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1327 {
1328 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1329 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1330
1331 struct link_map *const m = &GL(dl_rtld_map);
1332 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1333 + m->l_relro_size)
1334 & -GLRO(dl_pagesize));
1335 if (__glibc_likely (p + s <= relro_end))
1336 {
1337 /* The variable lies in the region protected by RELRO. */
1338 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1339 {
1340 errstring = N_("cannot change memory protections");
1341 goto lose_errno;
1342 }
1343 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1344 __mprotect ((void *) p, s, PROT_READ);
1345 }
1346 else
1347 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1348 }
1349 else
1350 #endif
1351 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1352
1353 #ifdef check_consistency
1354 check_consistency ();
1355 #endif
1356
1357 #if PTHREAD_IN_LIBC
1358 errval = _dl_make_stacks_executable (stack_endp);
1359 #else
1360 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1361 #endif
1362 if (errval)
1363 {
1364 errstring = N_("\
1365 cannot enable executable stack as shared object requires");
1366 goto lose;
1367 }
1368 }
1369
1370 /* Adjust the address of the TLS initialization image. */
1371 if (l->l_tls_initimage != NULL)
1372 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1373
1374 /* Process program headers again after load segments are mapped in
1375 case processing requires accessing those segments. Scan program
1376 headers backward so that PT_NOTE can be skipped if PT_GNU_PROPERTY
1377 exits. */
1378 for (ph = &l->l_phdr[l->l_phnum]; ph != l->l_phdr; --ph)
1379 switch (ph[-1].p_type)
1380 {
1381 case PT_NOTE:
1382 _dl_process_pt_note (l, fd, &ph[-1]);
1383 break;
1384 case PT_GNU_PROPERTY:
1385 _dl_process_pt_gnu_property (l, fd, &ph[-1]);
1386 break;
1387 }
1388
1389 /* We are done mapping in the file. We no longer need the descriptor. */
1390 if (__glibc_unlikely (__close_nocancel (fd) != 0))
1391 {
1392 errstring = N_("cannot close file descriptor");
1393 goto lose_errno;
1394 }
1395 /* Signal that we closed the file. */
1396 fd = -1;
1397
1398 /* Failures before this point are handled locally via lose.
1399 There are no more failures in this function until return,
1400 to change that the cleanup handling needs to be updated. */
1401
1402 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1403 assert (type != ET_EXEC || l->l_type == lt_executable);
1404
1405 l->l_entry += l->l_addr;
1406
1407 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1408 _dl_debug_printf ("\
1409 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1410 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1411 (int) sizeof (void *) * 2,
1412 (unsigned long int) l->l_ld,
1413 (int) sizeof (void *) * 2,
1414 (unsigned long int) l->l_addr,
1415 (int) sizeof (void *) * 2, maplength,
1416 (int) sizeof (void *) * 2,
1417 (unsigned long int) l->l_entry,
1418 (int) sizeof (void *) * 2,
1419 (unsigned long int) l->l_phdr,
1420 (int) sizeof (void *) * 2, l->l_phnum);
1421
1422 /* Set up the symbol hash table. */
1423 _dl_setup_hash (l);
1424
1425 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1426 have to do this for the main map. */
1427 if ((mode & RTLD_DEEPBIND) == 0
1428 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1429 && &l->l_searchlist != l->l_scope[0])
1430 {
1431 /* Create an appropriate searchlist. It contains only this map.
1432 This is the definition of DT_SYMBOLIC in SysVr4. */
1433 l->l_symbolic_searchlist.r_list[0] = l;
1434 l->l_symbolic_searchlist.r_nlist = 1;
1435
1436 /* Now move the existing entries one back. */
1437 memmove (&l->l_scope[1], &l->l_scope[0],
1438 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1439
1440 /* Now add the new entry. */
1441 l->l_scope[0] = &l->l_symbolic_searchlist;
1442 }
1443
1444 /* Remember whether this object must be initialized first. */
1445 if (l->l_flags_1 & DF_1_INITFIRST)
1446 GL(dl_initfirst) = l;
1447
1448 /* Finally the file information. */
1449 l->l_file_id = id;
1450
1451 #ifdef SHARED
1452 /* When auditing is used the recorded names might not include the
1453 name by which the DSO is actually known. Add that as well. */
1454 if (__glibc_unlikely (origname != NULL))
1455 add_name_to_object (l, origname);
1456 #else
1457 /* Audit modules only exist when linking is dynamic so ORIGNAME
1458 cannot be non-NULL. */
1459 assert (origname == NULL);
1460 #endif
1461
1462 /* When we profile the SONAME might be needed for something else but
1463 loading. Add it right away. */
1464 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1465 && l->l_info[DT_SONAME] != NULL)
1466 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1467 + l->l_info[DT_SONAME]->d_un.d_val));
1468
1469 /* If we have newly loaded libc.so, update the namespace
1470 description. */
1471 if (GL(dl_ns)[nsid].libc_map == NULL
1472 && l->l_info[DT_SONAME] != NULL
1473 && strcmp (((const char *) D_PTR (l, l_info[DT_STRTAB])
1474 + l->l_info[DT_SONAME]->d_un.d_val), LIBC_SO) == 0)
1475 GL(dl_ns)[nsid].libc_map = l;
1476
1477 /* _dl_close can only eventually undo the module ID assignment (via
1478 remove_slotinfo) if this function returns a pointer to a link
1479 map. Therefore, delay this step until all possibilities for
1480 failure have been excluded. */
1481 if (l->l_tls_blocksize > 0
1482 && (__glibc_likely (l->l_type == lt_library)
1483 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1484 not set up TLS data structures, so don't use them now. */
1485 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL)))
1486 /* Assign the next available module ID. */
1487 _dl_assign_tls_modid (l);
1488
1489 #ifdef DL_AFTER_LOAD
1490 DL_AFTER_LOAD (l);
1491 #endif
1492
1493 /* Now that the object is fully initialized add it to the object list. */
1494 _dl_add_to_namespace_list (l, nsid);
1495
1496 /* Signal that we are going to add new objects. */
1497 if (r->r_state == RT_CONSISTENT)
1498 {
1499 #ifdef SHARED
1500 /* Auditing checkpoint: we are going to add new objects. Since this
1501 is called after _dl_add_to_namespace_list the namespace is guaranteed
1502 to not be empty. */
1503 if ((mode & __RTLD_AUDIT) == 0)
1504 _dl_audit_activity_nsid (nsid, LA_ACT_ADD);
1505 #endif
1506
1507 /* Notify the debugger we have added some objects. We need to
1508 call _dl_debug_initialize in a static program in case dynamic
1509 linking has not been used before. */
1510 r->r_state = RT_ADD;
1511 _dl_debug_state ();
1512 LIBC_PROBE (map_start, 2, nsid, r);
1513 make_consistent = true;
1514 }
1515 else
1516 assert (r->r_state == RT_ADD);
1517
1518 #ifdef SHARED
1519 /* Auditing checkpoint: we have a new object. */
1520 if (!GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1521 _dl_audit_objopen (l, nsid);
1522 #endif
1523
1524 return l;
1525 }
1526
1527 /* Print search path. */
1528 static void
print_search_path(struct r_search_path_elem ** list,const char * what,const char * name)1529 print_search_path (struct r_search_path_elem **list,
1530 const char *what, const char *name)
1531 {
1532 char buf[max_dirnamelen + max_capstrlen];
1533 int first = 1;
1534
1535 _dl_debug_printf (" search path=");
1536
1537 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1538 {
1539 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1540 size_t cnt;
1541
1542 for (cnt = 0; cnt < ncapstr; ++cnt)
1543 if ((*list)->status[cnt] != nonexisting)
1544 {
1545 #ifdef SHARED
1546 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1547 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1548 cp[0] = '\0';
1549 else
1550 cp[-1] = '\0';
1551 #else
1552 *endp = '\0';
1553 #endif
1554
1555 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1556 first = 0;
1557 }
1558
1559 ++list;
1560 }
1561
1562 if (name != NULL)
1563 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1564 DSO_FILENAME (name));
1565 else
1566 _dl_debug_printf_c ("\t\t(%s)\n", what);
1567 }
1568
1569 /* Open a file and verify it is an ELF file for this architecture. We
1570 ignore only ELF files for other architectures. Non-ELF files and
1571 ELF files with different header information cause fatal errors since
1572 this could mean there is something wrong in the installation and the
1573 user might want to know about this.
1574
1575 If FD is not -1, then the file is already open and FD refers to it.
1576 In that case, FD is consumed for both successful and error returns. */
1577 static int
open_verify(const char * name,int fd,struct filebuf * fbp,struct link_map * loader,int whatcode,int mode,bool * found_other_class,bool free_name)1578 open_verify (const char *name, int fd,
1579 struct filebuf *fbp, struct link_map *loader,
1580 int whatcode, int mode, bool *found_other_class, bool free_name)
1581 {
1582 /* This is the expected ELF header. */
1583 #define ELF32_CLASS ELFCLASS32
1584 #define ELF64_CLASS ELFCLASS64
1585 #ifndef VALID_ELF_HEADER
1586 # define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1587 # define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1588 # define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1589 #elif defined MORE_ELF_HEADER_DATA
1590 MORE_ELF_HEADER_DATA;
1591 #endif
1592 static const unsigned char expected[EI_NIDENT] =
1593 {
1594 [EI_MAG0] = ELFMAG0,
1595 [EI_MAG1] = ELFMAG1,
1596 [EI_MAG2] = ELFMAG2,
1597 [EI_MAG3] = ELFMAG3,
1598 [EI_CLASS] = ELFW(CLASS),
1599 [EI_DATA] = byteorder,
1600 [EI_VERSION] = EV_CURRENT,
1601 [EI_OSABI] = ELFOSABI_SYSV,
1602 [EI_ABIVERSION] = 0
1603 };
1604 /* Initialize it to make the compiler happy. */
1605 const char *errstring = NULL;
1606 int errval = 0;
1607
1608 #ifdef SHARED
1609 /* Give the auditing libraries a chance. */
1610 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
1611 {
1612 const char *original_name = name;
1613 name = _dl_audit_objsearch (name, loader, whatcode);
1614 if (name == NULL)
1615 return -1;
1616
1617 if (fd != -1 && name != original_name && strcmp (name, original_name))
1618 {
1619 /* An audit library changed what we're supposed to open,
1620 so FD no longer matches it. */
1621 __close_nocancel (fd);
1622 fd = -1;
1623 }
1624 }
1625 #endif
1626
1627 if (fd == -1)
1628 /* Open the file. We always open files read-only. */
1629 fd = __open64_nocancel (name, O_RDONLY | O_CLOEXEC);
1630
1631 if (fd != -1)
1632 {
1633 ElfW(Ehdr) *ehdr;
1634 ElfW(Phdr) *phdr;
1635 size_t maplength;
1636
1637 /* We successfully opened the file. Now verify it is a file
1638 we can use. */
1639 __set_errno (0);
1640 fbp->len = 0;
1641 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1642 /* Read in the header. */
1643 do
1644 {
1645 ssize_t retlen = __read_nocancel (fd, fbp->buf + fbp->len,
1646 sizeof (fbp->buf) - fbp->len);
1647 if (retlen <= 0)
1648 break;
1649 fbp->len += retlen;
1650 }
1651 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1652
1653 /* This is where the ELF header is loaded. */
1654 ehdr = (ElfW(Ehdr) *) fbp->buf;
1655
1656 /* Now run the tests. */
1657 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1658 {
1659 errval = errno;
1660 errstring = (errval == 0
1661 ? N_("file too short") : N_("cannot read file data"));
1662 lose:
1663 if (free_name)
1664 {
1665 char *realname = (char *) name;
1666 name = strdupa (realname);
1667 free (realname);
1668 }
1669 __close_nocancel (fd);
1670 _dl_signal_error (errval, name, NULL, errstring);
1671 }
1672
1673 /* See whether the ELF header is what we expect. */
1674 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1675 EI_ABIVERSION)
1676 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1677 ehdr->e_ident[EI_ABIVERSION])
1678 || memcmp (&ehdr->e_ident[EI_PAD],
1679 &expected[EI_PAD],
1680 EI_NIDENT - EI_PAD) != 0))
1681 {
1682 /* Something is wrong. */
1683 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1684 if (*magp !=
1685 #if BYTE_ORDER == LITTLE_ENDIAN
1686 ((ELFMAG0 << (EI_MAG0 * 8))
1687 | (ELFMAG1 << (EI_MAG1 * 8))
1688 | (ELFMAG2 << (EI_MAG2 * 8))
1689 | (ELFMAG3 << (EI_MAG3 * 8)))
1690 #else
1691 ((ELFMAG0 << (EI_MAG3 * 8))
1692 | (ELFMAG1 << (EI_MAG2 * 8))
1693 | (ELFMAG2 << (EI_MAG1 * 8))
1694 | (ELFMAG3 << (EI_MAG0 * 8)))
1695 #endif
1696 )
1697 errstring = N_("invalid ELF header");
1698
1699 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1700 {
1701 /* This is not a fatal error. On architectures where
1702 32-bit and 64-bit binaries can be run this might
1703 happen. */
1704 *found_other_class = true;
1705 __close_nocancel (fd);
1706 __set_errno (ENOENT);
1707 return -1;
1708 }
1709 else if (ehdr->e_ident[EI_DATA] != byteorder)
1710 {
1711 if (BYTE_ORDER == BIG_ENDIAN)
1712 errstring = N_("ELF file data encoding not big-endian");
1713 else
1714 errstring = N_("ELF file data encoding not little-endian");
1715 }
1716 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1717 errstring
1718 = N_("ELF file version ident does not match current one");
1719 /* XXX We should be able so set system specific versions which are
1720 allowed here. */
1721 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1722 errstring = N_("ELF file OS ABI invalid");
1723 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1724 ehdr->e_ident[EI_ABIVERSION]))
1725 errstring = N_("ELF file ABI version invalid");
1726 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1727 EI_NIDENT - EI_PAD) != 0)
1728 errstring = N_("nonzero padding in e_ident");
1729 else
1730 /* Otherwise we don't know what went wrong. */
1731 errstring = N_("internal error");
1732
1733 goto lose;
1734 }
1735
1736 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1737 {
1738 errstring = N_("ELF file version does not match current one");
1739 goto lose;
1740 }
1741 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1742 {
1743 __close_nocancel (fd);
1744 __set_errno (ENOENT);
1745 return -1;
1746 }
1747 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1748 && ehdr->e_type != ET_EXEC))
1749 {
1750 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1751 goto lose;
1752 }
1753 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1754 {
1755 errstring = N_("ELF file's phentsize not the expected size");
1756 goto lose;
1757 }
1758
1759 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1760 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1761 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1762 else
1763 {
1764 phdr = alloca (maplength);
1765 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1766 ehdr->e_phoff) != maplength)
1767 {
1768 errval = errno;
1769 errstring = N_("cannot read file data");
1770 goto lose;
1771 }
1772 }
1773
1774 if (__glibc_unlikely (elf_machine_reject_phdr_p
1775 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1776 loader, fd)))
1777 {
1778 __close_nocancel (fd);
1779 __set_errno (ENOENT);
1780 return -1;
1781 }
1782
1783 }
1784
1785 return fd;
1786 }
1787
1788 /* Try to open NAME in one of the directories in *DIRSP.
1789 Return the fd, or -1. If successful, fill in *REALNAME
1790 with the malloc'd full directory name. If it turns out
1791 that none of the directories in *DIRSP exists, *DIRSP is
1792 replaced with (void *) -1, and the old value is free()d
1793 if MAY_FREE_DIRS is true. */
1794
1795 static int
open_path(const char * name,size_t namelen,int mode,struct r_search_path_struct * sps,char ** realname,struct filebuf * fbp,struct link_map * loader,int whatcode,bool * found_other_class)1796 open_path (const char *name, size_t namelen, int mode,
1797 struct r_search_path_struct *sps, char **realname,
1798 struct filebuf *fbp, struct link_map *loader, int whatcode,
1799 bool *found_other_class)
1800 {
1801 struct r_search_path_elem **dirs = sps->dirs;
1802 char *buf;
1803 int fd = -1;
1804 const char *current_what = NULL;
1805 int any = 0;
1806
1807 if (__glibc_unlikely (dirs == NULL))
1808 /* We're called before _dl_init_paths when loading the main executable
1809 given on the command line when rtld is run directly. */
1810 return -1;
1811
1812 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1813 do
1814 {
1815 struct r_search_path_elem *this_dir = *dirs;
1816 size_t buflen = 0;
1817 size_t cnt;
1818 char *edp;
1819 int here_any = 0;
1820 int err;
1821
1822 /* If we are debugging the search for libraries print the path
1823 now if it hasn't happened now. */
1824 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1825 && current_what != this_dir->what)
1826 {
1827 current_what = this_dir->what;
1828 print_search_path (dirs, current_what, this_dir->where);
1829 }
1830
1831 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1832 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1833 {
1834 /* Skip this directory if we know it does not exist. */
1835 if (this_dir->status[cnt] == nonexisting)
1836 continue;
1837
1838 #ifdef SHARED
1839 buflen =
1840 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1841 capstr[cnt].len),
1842 name, namelen)
1843 - buf);
1844 #else
1845 buflen = (char *) __mempcpy (edp, name, namelen) - buf;
1846 #endif
1847
1848 /* Print name we try if this is wanted. */
1849 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1850 _dl_debug_printf (" trying file=%s\n", buf);
1851
1852 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1853 found_other_class, false);
1854 if (this_dir->status[cnt] == unknown)
1855 {
1856 if (fd != -1)
1857 this_dir->status[cnt] = existing;
1858 /* Do not update the directory information when loading
1859 auditing code. We must try to disturb the program as
1860 little as possible. */
1861 else if (loader == NULL
1862 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1863 {
1864 /* We failed to open machine dependent library. Let's
1865 test whether there is any directory at all. */
1866 struct __stat64_t64 st;
1867
1868 buf[buflen - namelen - 1] = '\0';
1869
1870 if (__stat64_time64 (buf, &st) != 0
1871 || ! S_ISDIR (st.st_mode))
1872 /* The directory does not exist or it is no directory. */
1873 this_dir->status[cnt] = nonexisting;
1874 else
1875 this_dir->status[cnt] = existing;
1876 }
1877 }
1878
1879 /* Remember whether we found any existing directory. */
1880 here_any |= this_dir->status[cnt] != nonexisting;
1881
1882 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1883 && __libc_enable_secure)
1884 {
1885 /* This is an extra security effort to make sure nobody can
1886 preload broken shared objects which are in the trusted
1887 directories and so exploit the bugs. */
1888 struct __stat64_t64 st;
1889
1890 if (__fstat64_time64 (fd, &st) != 0
1891 || (st.st_mode & S_ISUID) == 0)
1892 {
1893 /* The shared object cannot be tested for being SUID
1894 or this bit is not set. In this case we must not
1895 use this object. */
1896 __close_nocancel (fd);
1897 fd = -1;
1898 /* We simply ignore the file, signal this by setting
1899 the error value which would have been set by `open'. */
1900 errno = ENOENT;
1901 }
1902 }
1903 }
1904
1905 if (fd != -1)
1906 {
1907 *realname = (char *) malloc (buflen);
1908 if (*realname != NULL)
1909 {
1910 memcpy (*realname, buf, buflen);
1911 return fd;
1912 }
1913 else
1914 {
1915 /* No memory for the name, we certainly won't be able
1916 to load and link it. */
1917 __close_nocancel (fd);
1918 return -1;
1919 }
1920 }
1921 if (here_any && (err = errno) != ENOENT && err != EACCES)
1922 /* The file exists and is readable, but something went wrong. */
1923 return -1;
1924
1925 /* Remember whether we found anything. */
1926 any |= here_any;
1927 }
1928 while (*++dirs != NULL);
1929
1930 /* Remove the whole path if none of the directories exists. */
1931 if (__glibc_unlikely (! any))
1932 {
1933 /* Paths which were allocated using the minimal malloc() in ld.so
1934 must not be freed using the general free() in libc. */
1935 if (sps->malloced)
1936 free (sps->dirs);
1937
1938 /* __rtld_search_dirs and __rtld_env_path_list are
1939 attribute_relro, therefore avoid writing to them. */
1940 if (sps != &__rtld_search_dirs && sps != &__rtld_env_path_list)
1941 sps->dirs = (void *) -1;
1942 }
1943
1944 return -1;
1945 }
1946
1947 /* Map in the shared object file NAME. */
1948
1949 struct link_map *
_dl_map_object(struct link_map * loader,const char * name,int type,int trace_mode,int mode,Lmid_t nsid)1950 _dl_map_object (struct link_map *loader, const char *name,
1951 int type, int trace_mode, int mode, Lmid_t nsid)
1952 {
1953 int fd;
1954 const char *origname = NULL;
1955 char *realname;
1956 char *name_copy;
1957 struct link_map *l;
1958 struct filebuf fb;
1959
1960 assert (nsid >= 0);
1961 assert (nsid < GL(dl_nns));
1962
1963 /* Look for this name among those already loaded. */
1964 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1965 {
1966 /* If the requested name matches the soname of a loaded object,
1967 use that object. Elide this check for names that have not
1968 yet been opened. */
1969 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1970 continue;
1971 if (!_dl_name_match_p (name, l))
1972 {
1973 const char *soname;
1974
1975 if (__glibc_likely (l->l_soname_added)
1976 || l->l_info[DT_SONAME] == NULL)
1977 continue;
1978
1979 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1980 + l->l_info[DT_SONAME]->d_un.d_val);
1981 if (strcmp (name, soname) != 0)
1982 continue;
1983
1984 /* We have a match on a new name -- cache it. */
1985 add_name_to_object (l, soname);
1986 l->l_soname_added = 1;
1987 }
1988
1989 /* We have a match. */
1990 return l;
1991 }
1992
1993 /* Display information if we are debugging. */
1994 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1995 && loader != NULL)
1996 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1997 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1998 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1999 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
2000
2001 #ifdef SHARED
2002 /* Give the auditing libraries a chance to change the name before we
2003 try anything. */
2004 if (__glibc_unlikely (GLRO(dl_naudit) > 0))
2005 {
2006 const char *before = name;
2007 name = _dl_audit_objsearch (name, loader, LA_SER_ORIG);
2008 if (name == NULL)
2009 {
2010 fd = -1;
2011 goto no_file;
2012 }
2013 if (before != name && strcmp (before, name) != 0)
2014 origname = before;
2015 }
2016 #endif
2017
2018 /* Will be true if we found a DSO which is of the other ELF class. */
2019 bool found_other_class = false;
2020
2021 if (strchr (name, '/') == NULL)
2022 {
2023 /* Search for NAME in several places. */
2024
2025 size_t namelen = strlen (name) + 1;
2026
2027 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2028 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
2029
2030 fd = -1;
2031
2032 /* When the object has the RUNPATH information we don't use any
2033 RPATHs. */
2034 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
2035 {
2036 /* This is the executable's map (if there is one). Make sure that
2037 we do not look at it twice. */
2038 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2039 bool did_main_map = false;
2040
2041 /* First try the DT_RPATH of the dependent object that caused NAME
2042 to be loaded. Then that object's dependent, and on up. */
2043 for (l = loader; l; l = l->l_loader)
2044 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2045 {
2046 fd = open_path (name, namelen, mode,
2047 &l->l_rpath_dirs,
2048 &realname, &fb, loader, LA_SER_RUNPATH,
2049 &found_other_class);
2050 if (fd != -1)
2051 break;
2052
2053 did_main_map |= l == main_map;
2054 }
2055
2056 /* If dynamically linked, try the DT_RPATH of the executable
2057 itself. NB: we do this for lookups in any namespace. */
2058 if (fd == -1 && !did_main_map
2059 && main_map != NULL && main_map->l_type != lt_loaded
2060 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2061 "RPATH"))
2062 fd = open_path (name, namelen, mode,
2063 &main_map->l_rpath_dirs,
2064 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2065 &found_other_class);
2066
2067 /* Also try DT_RUNPATH in the executable for LD_AUDIT dlopen
2068 call. */
2069 if (__glibc_unlikely (mode & __RTLD_AUDIT)
2070 && fd == -1 && !did_main_map
2071 && main_map != NULL && main_map->l_type != lt_loaded)
2072 {
2073 struct r_search_path_struct l_rpath_dirs;
2074 l_rpath_dirs.dirs = NULL;
2075 if (cache_rpath (main_map, &l_rpath_dirs,
2076 DT_RUNPATH, "RUNPATH"))
2077 fd = open_path (name, namelen, mode, &l_rpath_dirs,
2078 &realname, &fb, loader ?: main_map,
2079 LA_SER_RUNPATH, &found_other_class);
2080 }
2081 }
2082
2083 /* Try the LD_LIBRARY_PATH environment variable. */
2084 if (fd == -1 && __rtld_env_path_list.dirs != (void *) -1)
2085 fd = open_path (name, namelen, mode, &__rtld_env_path_list,
2086 &realname, &fb,
2087 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2088 LA_SER_LIBPATH, &found_other_class);
2089
2090 /* Look at the RUNPATH information for this binary. */
2091 if (fd == -1 && loader != NULL
2092 && cache_rpath (loader, &loader->l_runpath_dirs,
2093 DT_RUNPATH, "RUNPATH"))
2094 fd = open_path (name, namelen, mode,
2095 &loader->l_runpath_dirs, &realname, &fb, loader,
2096 LA_SER_RUNPATH, &found_other_class);
2097
2098 if (fd == -1)
2099 {
2100 realname = _dl_sysdep_open_object (name, namelen, &fd);
2101 if (realname != NULL)
2102 {
2103 fd = open_verify (realname, fd,
2104 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2105 LA_SER_CONFIG, mode, &found_other_class,
2106 false);
2107 if (fd == -1)
2108 free (realname);
2109 }
2110 }
2111
2112 #ifdef USE_LDCONFIG
2113 if (fd == -1
2114 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2115 || ! __libc_enable_secure)
2116 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2117 {
2118 /* Check the list of libraries in the file /etc/ld.so.cache,
2119 for compatibility with Linux's ldconfig program. */
2120 char *cached = _dl_load_cache_lookup (name);
2121
2122 if (cached != NULL)
2123 {
2124 // XXX Correct to unconditionally default to namespace 0?
2125 l = (loader
2126 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2127 # ifdef SHARED
2128 ?: &GL(dl_rtld_map)
2129 # endif
2130 );
2131
2132 /* If the loader has the DF_1_NODEFLIB flag set we must not
2133 use a cache entry from any of these directories. */
2134 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2135 {
2136 const char *dirp = system_dirs;
2137 unsigned int cnt = 0;
2138
2139 do
2140 {
2141 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2142 {
2143 /* The prefix matches. Don't use the entry. */
2144 free (cached);
2145 cached = NULL;
2146 break;
2147 }
2148
2149 dirp += system_dirs_len[cnt] + 1;
2150 ++cnt;
2151 }
2152 while (cnt < nsystem_dirs_len);
2153 }
2154
2155 if (cached != NULL)
2156 {
2157 fd = open_verify (cached, -1,
2158 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2159 LA_SER_CONFIG, mode, &found_other_class,
2160 false);
2161 if (__glibc_likely (fd != -1))
2162 realname = cached;
2163 else
2164 free (cached);
2165 }
2166 }
2167 }
2168 #endif
2169
2170 /* Finally, try the default path. */
2171 if (fd == -1
2172 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2173 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2174 && __rtld_search_dirs.dirs != (void *) -1)
2175 fd = open_path (name, namelen, mode, &__rtld_search_dirs,
2176 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2177
2178 /* Add another newline when we are tracing the library loading. */
2179 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2180 _dl_debug_printf ("\n");
2181 }
2182 else
2183 {
2184 /* The path may contain dynamic string tokens. */
2185 realname = (loader
2186 ? expand_dynamic_string_token (loader, name)
2187 : __strdup (name));
2188 if (realname == NULL)
2189 fd = -1;
2190 else
2191 {
2192 fd = open_verify (realname, -1, &fb,
2193 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2194 &found_other_class, true);
2195 if (__glibc_unlikely (fd == -1))
2196 free (realname);
2197 }
2198 }
2199
2200 #ifdef SHARED
2201 no_file:
2202 #endif
2203 /* In case the LOADER information has only been provided to get to
2204 the appropriate RUNPATH/RPATH information we do not need it
2205 anymore. */
2206 if (mode & __RTLD_CALLMAP)
2207 loader = NULL;
2208
2209 if (__glibc_unlikely (fd == -1))
2210 {
2211 if (trace_mode)
2212 {
2213 /* We haven't found an appropriate library. But since we
2214 are only interested in the list of libraries this isn't
2215 so severe. Fake an entry with all the information we
2216 have. */
2217 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2218
2219 /* Allocate a new object map. */
2220 if ((name_copy = __strdup (name)) == NULL
2221 || (l = _dl_new_object (name_copy, name, type, loader,
2222 mode, nsid)) == NULL)
2223 {
2224 free (name_copy);
2225 _dl_signal_error (ENOMEM, name, NULL,
2226 N_("cannot create shared object descriptor"));
2227 }
2228 /* Signal that this is a faked entry. */
2229 l->l_faked = 1;
2230 /* Since the descriptor is initialized with zero we do not
2231 have do this here.
2232 l->l_reserved = 0; */
2233 l->l_buckets = &dummy_bucket;
2234 l->l_nbuckets = 1;
2235 l->l_relocated = 1;
2236
2237 /* Enter the object in the object list. */
2238 _dl_add_to_namespace_list (l, nsid);
2239
2240 return l;
2241 }
2242 else if (found_other_class)
2243 _dl_signal_error (0, name, NULL,
2244 ELFW(CLASS) == ELFCLASS32
2245 ? N_("wrong ELF class: ELFCLASS64")
2246 : N_("wrong ELF class: ELFCLASS32"));
2247 else
2248 _dl_signal_error (errno, name, NULL,
2249 N_("cannot open shared object file"));
2250 }
2251
2252 void *stack_end = __libc_stack_end;
2253 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2254 type, mode, &stack_end, nsid);
2255 }
2256
2257 struct add_path_state
2258 {
2259 bool counting;
2260 unsigned int idx;
2261 Dl_serinfo *si;
2262 char *allocptr;
2263 };
2264
2265 static void
add_path(struct add_path_state * p,const struct r_search_path_struct * sps,unsigned int flags)2266 add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2267 unsigned int flags)
2268 {
2269 if (sps->dirs != (void *) -1)
2270 {
2271 struct r_search_path_elem **dirs = sps->dirs;
2272 do
2273 {
2274 const struct r_search_path_elem *const r = *dirs++;
2275 if (p->counting)
2276 {
2277 p->si->dls_cnt++;
2278 p->si->dls_size += MAX (2, r->dirnamelen);
2279 }
2280 else
2281 {
2282 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2283 sp->dls_name = p->allocptr;
2284 if (r->dirnamelen < 2)
2285 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2286 else
2287 p->allocptr = __mempcpy (p->allocptr,
2288 r->dirname, r->dirnamelen - 1);
2289 *p->allocptr++ = '\0';
2290 sp->dls_flags = flags;
2291 }
2292 }
2293 while (*dirs != NULL);
2294 }
2295 }
2296
2297 void
_dl_rtld_di_serinfo(struct link_map * loader,Dl_serinfo * si,bool counting)2298 _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2299 {
2300 if (counting)
2301 {
2302 si->dls_cnt = 0;
2303 si->dls_size = 0;
2304 }
2305
2306 struct add_path_state p =
2307 {
2308 .counting = counting,
2309 .idx = 0,
2310 .si = si,
2311 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2312 };
2313
2314 # define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2315
2316 /* When the object has the RUNPATH information we don't use any RPATHs. */
2317 if (loader->l_info[DT_RUNPATH] == NULL)
2318 {
2319 /* First try the DT_RPATH of the dependent object that caused NAME
2320 to be loaded. Then that object's dependent, and on up. */
2321
2322 struct link_map *l = loader;
2323 do
2324 {
2325 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2326 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2327 l = l->l_loader;
2328 }
2329 while (l != NULL);
2330
2331 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2332 if (loader->l_ns == LM_ID_BASE)
2333 {
2334 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2335 if (l != NULL && l->l_type != lt_loaded && l != loader)
2336 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2337 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2338 }
2339 }
2340
2341 /* Try the LD_LIBRARY_PATH environment variable. */
2342 add_path (&p, &__rtld_env_path_list, XXX_ENV);
2343
2344 /* Look at the RUNPATH information for this binary. */
2345 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2346 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2347
2348 /* XXX
2349 Here is where ld.so.cache gets checked, but we don't have
2350 a way to indicate that in the results for Dl_serinfo. */
2351
2352 /* Finally, try the default path. */
2353 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2354 add_path (&p, &__rtld_search_dirs, XXX_default);
2355
2356 if (counting)
2357 /* Count the struct size before the string area, which we didn't
2358 know before we completed dls_cnt. */
2359 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2360 }
2361