1 /* Run time dynamic linker.
2 Copyright (C) 1995-2022 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
18
19 #include <errno.h>
20 #include <dlfcn.h>
21 #include <fcntl.h>
22 #include <stdbool.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <sys/mman.h>
27 #include <sys/param.h>
28 #include <sys/stat.h>
29 #include <ldsodefs.h>
30 #include <_itoa.h>
31 #include <entry.h>
32 #include <fpu_control.h>
33 #include <hp-timing.h>
34 #include <libc-lock.h>
35 #include <unsecvars.h>
36 #include <dl-cache.h>
37 #include <dl-osinfo.h>
38 #include <dl-procinfo.h>
39 #include <dl-prop.h>
40 #include <dl-vdso.h>
41 #include <dl-vdso-setup.h>
42 #include <tls.h>
43 #include <stap-probe.h>
44 #include <stackinfo.h>
45 #include <not-cancel.h>
46 #include <array_length.h>
47 #include <libc-early-init.h>
48 #include <dl-main.h>
49 #include <gnu/lib-names.h>
50 #include <dl-tunables.h>
51 #include <get-dynamic-info.h>
52 #include <dl-execve.h>
53 #include <dl-find_object.h>
54 #include <dl-audit-check.h>
55
56 #include <assert.h>
57
58 /* This #define produces dynamic linking inline functions for
59 bootstrap relocation instead of general-purpose relocation.
60 Since ld.so must not have any undefined symbols the result
61 is trivial: always the map of ld.so itself. */
62 #define RTLD_BOOTSTRAP
63 #define RESOLVE_MAP(map, scope, sym, version, flags) map
64 #include "dynamic-link.h"
65
66 /* Must include after <dl-machine.h> for DT_MIPS definition. */
67 #include <dl-debug.h>
68
69 /* Only enables rtld profiling for architectures which provides non generic
70 hp-timing support. The generic support requires either syscall
71 (clock_gettime), which will incur in extra overhead on loading time.
72 Using vDSO is also an option, but it will require extra support on loader
73 to setup the vDSO pointer before its usage. */
74 #if HP_TIMING_INLINE
75 # define RLTD_TIMING_DECLARE(var, classifier,...) \
76 classifier hp_timing_t var __VA_ARGS__
77 # define RTLD_TIMING_VAR(var) RLTD_TIMING_DECLARE (var, )
78 # define RTLD_TIMING_SET(var, value) (var) = (value)
79 # define RTLD_TIMING_REF(var) &(var)
80
81 static inline void
rtld_timer_start(hp_timing_t * var)82 rtld_timer_start (hp_timing_t *var)
83 {
84 HP_TIMING_NOW (*var);
85 }
86
87 static inline void
rtld_timer_stop(hp_timing_t * var,hp_timing_t start)88 rtld_timer_stop (hp_timing_t *var, hp_timing_t start)
89 {
90 hp_timing_t stop;
91 HP_TIMING_NOW (stop);
92 HP_TIMING_DIFF (*var, start, stop);
93 }
94
95 static inline void
rtld_timer_accum(hp_timing_t * sum,hp_timing_t start)96 rtld_timer_accum (hp_timing_t *sum, hp_timing_t start)
97 {
98 hp_timing_t stop;
99 rtld_timer_stop (&stop, start);
100 HP_TIMING_ACCUM_NT(*sum, stop);
101 }
102 #else
103 # define RLTD_TIMING_DECLARE(var, classifier...)
104 # define RTLD_TIMING_SET(var, value)
105 # define RTLD_TIMING_VAR(var)
106 # define RTLD_TIMING_REF(var) 0
107 # define rtld_timer_start(var)
108 # define rtld_timer_stop(var, start)
109 # define rtld_timer_accum(sum, start)
110 #endif
111
112 /* Avoid PLT use for our local calls at startup. */
113 extern __typeof (__mempcpy) __mempcpy attribute_hidden;
114
115 /* GCC has mental blocks about _exit. */
116 extern __typeof (_exit) exit_internal asm ("_exit") attribute_hidden;
117 #define _exit exit_internal
118
119 /* Helper function to handle errors while resolving symbols. */
120 static void print_unresolved (int errcode, const char *objname,
121 const char *errsting);
122
123 /* Helper function to handle errors when a version is missing. */
124 static void print_missing_version (int errcode, const char *objname,
125 const char *errsting);
126
127 /* Print the various times we collected. */
128 static void print_statistics (const hp_timing_t *total_timep);
129
130 /* Creates an empty audit list. */
131 static void audit_list_init (struct audit_list *);
132
133 /* Add a string to the end of the audit list, for later parsing. Must
134 not be called after audit_list_next. */
135 static void audit_list_add_string (struct audit_list *, const char *);
136
137 /* Add the audit strings from the link map, found in the dynamic
138 segment at TG (either DT_AUDIT and DT_DEPAUDIT). Must be called
139 before audit_list_next. */
140 static void audit_list_add_dynamic_tag (struct audit_list *,
141 struct link_map *,
142 unsigned int tag);
143
144 /* Extract the next audit module from the audit list. Only modules
145 for which dso_name_valid_for_suid is true are returned. Must be
146 called after all the audit_list_add_string,
147 audit_list_add_dynamic_tags calls. */
148 static const char *audit_list_next (struct audit_list *);
149
150 /* Initialize *STATE with the defaults. */
151 static void dl_main_state_init (struct dl_main_state *state);
152
153 /* Process all environments variables the dynamic linker must recognize.
154 Since all of them start with `LD_' we are a bit smarter while finding
155 all the entries. */
156 extern char **_environ attribute_hidden;
157 static void process_envvars (struct dl_main_state *state);
158
159 int _dl_argc attribute_relro attribute_hidden;
160 char **_dl_argv attribute_relro = NULL;
161 rtld_hidden_data_def (_dl_argv)
162
163 #ifndef THREAD_SET_STACK_GUARD
164 /* Only exported for architectures that don't store the stack guard canary
165 in thread local area. */
166 uintptr_t __stack_chk_guard attribute_relro;
167 #endif
168
169 /* Only exported for architectures that don't store the pointer guard
170 value in thread local area. */
171 uintptr_t __pointer_chk_guard_local attribute_relro attribute_hidden;
172 #ifndef THREAD_SET_POINTER_GUARD
strong_alias(__pointer_chk_guard_local,__pointer_chk_guard)173 strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
174 #endif
175
176 /* Check that AT_SECURE=0, or that the passed name does not contain
177 directories and is not overly long. Reject empty names
178 unconditionally. */
179 static bool
180 dso_name_valid_for_suid (const char *p)
181 {
182 if (__glibc_unlikely (__libc_enable_secure))
183 {
184 /* Ignore pathnames with directories for AT_SECURE=1
185 programs, and also skip overlong names. */
186 size_t len = strlen (p);
187 if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
188 return false;
189 }
190 return *p != '\0';
191 }
192
193 static void
audit_list_init(struct audit_list * list)194 audit_list_init (struct audit_list *list)
195 {
196 list->length = 0;
197 list->current_index = 0;
198 list->current_tail = NULL;
199 }
200
201 static void
audit_list_add_string(struct audit_list * list,const char * string)202 audit_list_add_string (struct audit_list *list, const char *string)
203 {
204 /* Empty strings do not load anything. */
205 if (*string == '\0')
206 return;
207
208 if (list->length == array_length (list->audit_strings))
209 _dl_fatal_printf ("Fatal glibc error: Too many audit modules requested\n");
210
211 list->audit_strings[list->length++] = string;
212
213 /* Initialize processing of the first string for
214 audit_list_next. */
215 if (list->length == 1)
216 list->current_tail = string;
217 }
218
219 static void
audit_list_add_dynamic_tag(struct audit_list * list,struct link_map * main_map,unsigned int tag)220 audit_list_add_dynamic_tag (struct audit_list *list, struct link_map *main_map,
221 unsigned int tag)
222 {
223 ElfW(Dyn) *info = main_map->l_info[ADDRIDX (tag)];
224 const char *strtab = (const char *) D_PTR (main_map, l_info[DT_STRTAB]);
225 if (info != NULL)
226 audit_list_add_string (list, strtab + info->d_un.d_val);
227 }
228
229 static const char *
audit_list_next(struct audit_list * list)230 audit_list_next (struct audit_list *list)
231 {
232 if (list->current_tail == NULL)
233 return NULL;
234
235 while (true)
236 {
237 /* Advance to the next string in audit_strings if the current
238 string has been exhausted. */
239 while (*list->current_tail == '\0')
240 {
241 ++list->current_index;
242 if (list->current_index == list->length)
243 {
244 list->current_tail = NULL;
245 return NULL;
246 }
247 list->current_tail = list->audit_strings[list->current_index];
248 }
249
250 /* Split the in-string audit list at the next colon colon. */
251 size_t len = strcspn (list->current_tail, ":");
252 if (len > 0 && len < sizeof (list->fname))
253 {
254 memcpy (list->fname, list->current_tail, len);
255 list->fname[len] = '\0';
256 }
257 else
258 /* Mark the name as unusable for dso_name_valid_for_suid. */
259 list->fname[0] = '\0';
260
261 /* Skip over the substring and the following delimiter. */
262 list->current_tail += len;
263 if (*list->current_tail == ':')
264 ++list->current_tail;
265
266 /* If the name is valid, return it. */
267 if (dso_name_valid_for_suid (list->fname))
268 return list->fname;
269
270 /* Otherwise wrap around to find the next list element. . */
271 }
272 }
273
274 /* Count audit modules before they are loaded so GLRO(dl_naudit)
275 is not yet usable. */
276 static size_t
audit_list_count(struct audit_list * list)277 audit_list_count (struct audit_list *list)
278 {
279 /* Restore the audit_list iterator state at the end. */
280 const char *saved_tail = list->current_tail;
281 size_t naudit = 0;
282
283 assert (list->current_index == 0);
284 while (audit_list_next (list) != NULL)
285 naudit++;
286 list->current_tail = saved_tail;
287 list->current_index = 0;
288 return naudit;
289 }
290
291 static void
dl_main_state_init(struct dl_main_state * state)292 dl_main_state_init (struct dl_main_state *state)
293 {
294 audit_list_init (&state->audit_list);
295 state->library_path = NULL;
296 state->library_path_source = NULL;
297 state->preloadlist = NULL;
298 state->preloadarg = NULL;
299 state->glibc_hwcaps_prepend = NULL;
300 state->glibc_hwcaps_mask = NULL;
301 state->mode = rtld_mode_normal;
302 state->any_debug = false;
303 state->version_info = false;
304 }
305
306 #ifndef HAVE_INLINED_SYSCALLS
307 /* Set nonzero during loading and initialization of executable and
308 libraries, cleared before the executable's entry point runs. This
309 must not be initialized to nonzero, because the unused dynamic
310 linker loaded in for libc.so's "ld.so.1" dep will provide the
311 definition seen by libc.so's initializer; that value must be zero,
312 and will be since that dynamic linker's _dl_start and dl_main will
313 never be called. */
314 int _dl_starting_up = 0;
315 rtld_hidden_def (_dl_starting_up)
316 #endif
317
318 /* This is the structure which defines all variables global to ld.so
319 (except those which cannot be added for some reason). */
320 struct rtld_global _rtld_global =
321 {
322 /* Get architecture specific initializer. */
323 #include <dl-procruntime.c>
324 /* Generally the default presumption without further information is an
325 * executable stack but this is not true for all platforms. */
326 ._dl_stack_flags = DEFAULT_STACK_PERMS,
327 #ifdef _LIBC_REENTRANT
328 ._dl_load_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER,
329 ._dl_load_write_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER,
330 ._dl_load_tls_lock = _RTLD_LOCK_RECURSIVE_INITIALIZER,
331 #endif
332 ._dl_nns = 1,
333 ._dl_ns =
334 {
335 #ifdef _LIBC_REENTRANT
336 [LM_ID_BASE] = { ._ns_unique_sym_table
337 = { .lock = _RTLD_LOCK_RECURSIVE_INITIALIZER } }
338 #endif
339 }
340 };
341 /* If we would use strong_alias here the compiler would see a
342 non-hidden definition. This would undo the effect of the previous
343 declaration. So spell out what strong_alias does plus add the
344 visibility attribute. */
345 extern struct rtld_global _rtld_local
346 __attribute__ ((alias ("_rtld_global"), visibility ("hidden")));
347
348
349 /* This variable is similar to _rtld_local, but all values are
350 read-only after relocation. */
351 struct rtld_global_ro _rtld_global_ro attribute_relro =
352 {
353 /* Get architecture specific initializer. */
354 #include <dl-procinfo.c>
355 #ifdef NEED_DL_SYSINFO
356 ._dl_sysinfo = DL_SYSINFO_DEFAULT,
357 #endif
358 ._dl_debug_fd = STDERR_FILENO,
359 #if !HAVE_TUNABLES
360 ._dl_hwcap_mask = HWCAP_IMPORTANT,
361 #endif
362 ._dl_lazy = 1,
363 ._dl_fpu_control = _FPU_DEFAULT,
364 ._dl_pagesize = EXEC_PAGESIZE,
365 ._dl_inhibit_cache = 0,
366
367 /* Function pointers. */
368 ._dl_debug_printf = _dl_debug_printf,
369 ._dl_mcount = _dl_mcount,
370 ._dl_lookup_symbol_x = _dl_lookup_symbol_x,
371 ._dl_open = _dl_open,
372 ._dl_close = _dl_close,
373 ._dl_catch_error = _rtld_catch_error,
374 ._dl_error_free = _dl_error_free,
375 ._dl_tls_get_addr_soft = _dl_tls_get_addr_soft,
376 ._dl_libc_freeres = __rtld_libc_freeres,
377 };
378 /* If we would use strong_alias here the compiler would see a
379 non-hidden definition. This would undo the effect of the previous
380 declaration. So spell out was strong_alias does plus add the
381 visibility attribute. */
382 extern struct rtld_global_ro _rtld_local_ro
383 __attribute__ ((alias ("_rtld_global_ro"), visibility ("hidden")));
384
385
386 static void dl_main (const ElfW(Phdr) *phdr, ElfW(Word) phnum,
387 ElfW(Addr) *user_entry, ElfW(auxv_t) *auxv);
388
389 /* These two variables cannot be moved into .data.rel.ro. */
390 static struct libname_list _dl_rtld_libname;
391 static struct libname_list _dl_rtld_libname2;
392
393 /* Variable for statistics. */
394 RLTD_TIMING_DECLARE (relocate_time, static);
395 RLTD_TIMING_DECLARE (load_time, static, attribute_relro);
396 RLTD_TIMING_DECLARE (start_time, static, attribute_relro);
397
398 /* Additional definitions needed by TLS initialization. */
399 #ifdef TLS_INIT_HELPER
400 TLS_INIT_HELPER
401 #endif
402
403 /* Helper function for syscall implementation. */
404 #ifdef DL_SYSINFO_IMPLEMENTATION
405 DL_SYSINFO_IMPLEMENTATION
406 #endif
407
408 /* Before ld.so is relocated we must not access variables which need
409 relocations. This means variables which are exported. Variables
410 declared as static are fine. If we can mark a variable hidden this
411 is fine, too. The latter is important here. We can avoid setting
412 up a temporary link map for ld.so if we can mark _rtld_global as
413 hidden. */
414 #ifndef HIDDEN_VAR_NEEDS_DYNAMIC_RELOC
415 # define DONT_USE_BOOTSTRAP_MAP 1
416 #endif
417
418 #ifdef DONT_USE_BOOTSTRAP_MAP
419 static ElfW(Addr) _dl_start_final (void *arg);
420 #else
421 struct dl_start_final_info
422 {
423 struct link_map l;
424 RTLD_TIMING_VAR (start_time);
425 };
426 static ElfW(Addr) _dl_start_final (void *arg,
427 struct dl_start_final_info *info);
428 #endif
429
430 /* These are defined magically by the linker. */
431 extern const ElfW(Ehdr) __ehdr_start attribute_hidden;
432 extern char _etext[] attribute_hidden;
433 extern char _end[] attribute_hidden;
434
435
436 #ifdef RTLD_START
437 RTLD_START
438 #else
439 # error "sysdeps/MACHINE/dl-machine.h fails to define RTLD_START"
440 #endif
441
442 /* This is the second half of _dl_start (below). It can be inlined safely
443 under DONT_USE_BOOTSTRAP_MAP, where it is careful not to make any GOT
444 references. When the tools don't permit us to avoid using a GOT entry
445 for _dl_rtld_global (no attribute_hidden support), we must make sure
446 this function is not inlined (see below). */
447
448 #ifdef DONT_USE_BOOTSTRAP_MAP
ElfW(Addr)449 static inline ElfW(Addr) __attribute__ ((always_inline))
450 _dl_start_final (void *arg)
451 #else
452 static ElfW(Addr) __attribute__ ((noinline))
453 _dl_start_final (void *arg, struct dl_start_final_info *info)
454 #endif
455 {
456 ElfW(Addr) start_addr;
457
458 /* Do not use an initializer for these members because it would
459 intefere with __rtld_static_init. */
460 GLRO (dl_find_object) = &_dl_find_object;
461
462 /* If it hasn't happen yet record the startup time. */
463 rtld_timer_start (&start_time);
464 #if !defined DONT_USE_BOOTSTRAP_MAP
465 RTLD_TIMING_SET (start_time, info->start_time);
466 #endif
467
468 /* Transfer data about ourselves to the permanent link_map structure. */
469 #ifndef DONT_USE_BOOTSTRAP_MAP
470 GL(dl_rtld_map).l_addr = info->l.l_addr;
471 GL(dl_rtld_map).l_ld = info->l.l_ld;
472 GL(dl_rtld_map).l_ld_readonly = info->l.l_ld_readonly;
473 memcpy (GL(dl_rtld_map).l_info, info->l.l_info,
474 sizeof GL(dl_rtld_map).l_info);
475 GL(dl_rtld_map).l_mach = info->l.l_mach;
476 GL(dl_rtld_map).l_relocated = 1;
477 #endif
478 _dl_setup_hash (&GL(dl_rtld_map));
479 GL(dl_rtld_map).l_real = &GL(dl_rtld_map);
480 GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start;
481 GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end;
482 GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext;
483 /* Copy the TLS related data if necessary. */
484 #ifndef DONT_USE_BOOTSTRAP_MAP
485 # if NO_TLS_OFFSET != 0
486 GL(dl_rtld_map).l_tls_offset = NO_TLS_OFFSET;
487 # endif
488 #endif
489
490 /* Initialize the stack end variable. */
491 __libc_stack_end = __builtin_frame_address (0);
492
493 /* Call the OS-dependent function to set up life so we can do things like
494 file access. It will call `dl_main' (below) to do all the real work
495 of the dynamic linker, and then unwind our frame and run the user
496 entry point on the same stack we entered on. */
497 start_addr = _dl_sysdep_start (arg, &dl_main);
498
499 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS))
500 {
501 RTLD_TIMING_VAR (rtld_total_time);
502 rtld_timer_stop (&rtld_total_time, start_time);
503 print_statistics (RTLD_TIMING_REF(rtld_total_time));
504 }
505
506 #ifndef ELF_MACHINE_START_ADDRESS
507 # define ELF_MACHINE_START_ADDRESS(map, start) (start)
508 #endif
509 return ELF_MACHINE_START_ADDRESS (GL(dl_ns)[LM_ID_BASE]._ns_loaded, start_addr);
510 }
511
512 #ifdef DONT_USE_BOOTSTRAP_MAP
513 # define bootstrap_map GL(dl_rtld_map)
514 #else
515 # define bootstrap_map info.l
516 #endif
517
ElfW(Addr)518 static ElfW(Addr) __attribute_used__
519 _dl_start (void *arg)
520 {
521 #ifdef DONT_USE_BOOTSTRAP_MAP
522 rtld_timer_start (&start_time);
523 #else
524 struct dl_start_final_info info;
525 rtld_timer_start (&info.start_time);
526 #endif
527
528 /* Partly clean the `bootstrap_map' structure up. Don't use
529 `memset' since it might not be built in or inlined and we cannot
530 make function calls at this point. Use '__builtin_memset' if we
531 know it is available. We do not have to clear the memory if we
532 do not have to use the temporary bootstrap_map. Global variables
533 are initialized to zero by default. */
534 #ifndef DONT_USE_BOOTSTRAP_MAP
535 # ifdef HAVE_BUILTIN_MEMSET
536 __builtin_memset (bootstrap_map.l_info, '\0', sizeof (bootstrap_map.l_info));
537 # else
538 for (size_t cnt = 0;
539 cnt < sizeof (bootstrap_map.l_info) / sizeof (bootstrap_map.l_info[0]);
540 ++cnt)
541 bootstrap_map.l_info[cnt] = 0;
542 # endif
543 #endif
544
545 /* Figure out the run-time load address of the dynamic linker itself. */
546 bootstrap_map.l_addr = elf_machine_load_address ();
547
548 /* Read our own dynamic section and fill in the info array. */
549 bootstrap_map.l_ld = (void *) bootstrap_map.l_addr + elf_machine_dynamic ();
550 bootstrap_map.l_ld_readonly = DL_RO_DYN_SECTION;
551 elf_get_dynamic_info (&bootstrap_map, true, false);
552
553 #if NO_TLS_OFFSET != 0
554 bootstrap_map.l_tls_offset = NO_TLS_OFFSET;
555 #endif
556
557 #ifdef ELF_MACHINE_BEFORE_RTLD_RELOC
558 ELF_MACHINE_BEFORE_RTLD_RELOC (&bootstrap_map, bootstrap_map.l_info);
559 #endif
560
561 if (bootstrap_map.l_addr)
562 {
563 /* Relocate ourselves so we can do normal function calls and
564 data access using the global offset table. */
565
566 ELF_DYNAMIC_RELOCATE (&bootstrap_map, NULL, 0, 0, 0);
567 }
568 bootstrap_map.l_relocated = 1;
569
570 /* Please note that we don't allow profiling of this object and
571 therefore need not test whether we have to allocate the array
572 for the relocation results (as done in dl-reloc.c). */
573
574 /* Now life is sane; we can call functions and access global data.
575 Set up to use the operating system facilities, and find out from
576 the operating system's program loader where to find the program
577 header table in core. Put the rest of _dl_start into a separate
578 function, that way the compiler cannot put accesses to the GOT
579 before ELF_DYNAMIC_RELOCATE. */
580
581 __rtld_malloc_init_stubs ();
582
583 #ifdef DONT_USE_BOOTSTRAP_MAP
584 return _dl_start_final (arg);
585 #else
586 return _dl_start_final (arg, &info);
587 #endif
588 }
589
590
591
592 /* Now life is peachy; we can do all normal operations.
593 On to the real work. */
594
595 /* Some helper functions. */
596
597 /* Arguments to relocate_doit. */
598 struct relocate_args
599 {
600 struct link_map *l;
601 int reloc_mode;
602 };
603
604 struct map_args
605 {
606 /* Argument to map_doit. */
607 const char *str;
608 struct link_map *loader;
609 int mode;
610 /* Return value of map_doit. */
611 struct link_map *map;
612 };
613
614 struct dlmopen_args
615 {
616 const char *fname;
617 struct link_map *map;
618 };
619
620 struct lookup_args
621 {
622 const char *name;
623 struct link_map *map;
624 void *result;
625 };
626
627 /* Arguments to version_check_doit. */
628 struct version_check_args
629 {
630 int doexit;
631 int dotrace;
632 };
633
634 static void
relocate_doit(void * a)635 relocate_doit (void *a)
636 {
637 struct relocate_args *args = (struct relocate_args *) a;
638
639 _dl_relocate_object (args->l, args->l->l_scope, args->reloc_mode, 0);
640 }
641
642 static void
map_doit(void * a)643 map_doit (void *a)
644 {
645 struct map_args *args = (struct map_args *) a;
646 int type = (args->mode == __RTLD_OPENEXEC) ? lt_executable : lt_library;
647 args->map = _dl_map_object (args->loader, args->str, type, 0,
648 args->mode, LM_ID_BASE);
649 }
650
651 static void
dlmopen_doit(void * a)652 dlmopen_doit (void *a)
653 {
654 struct dlmopen_args *args = (struct dlmopen_args *) a;
655 args->map = _dl_open (args->fname,
656 (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
657 | __RTLD_SECURE),
658 dl_main, LM_ID_NEWLM, _dl_argc, _dl_argv,
659 __environ);
660 }
661
662 static void
lookup_doit(void * a)663 lookup_doit (void *a)
664 {
665 struct lookup_args *args = (struct lookup_args *) a;
666 const ElfW(Sym) *ref = NULL;
667 args->result = NULL;
668 lookup_t l = _dl_lookup_symbol_x (args->name, args->map, &ref,
669 args->map->l_local_scope, NULL, 0,
670 DL_LOOKUP_RETURN_NEWEST, NULL);
671 if (ref != NULL)
672 args->result = DL_SYMBOL_ADDRESS (l, ref);
673 }
674
675 static void
version_check_doit(void * a)676 version_check_doit (void *a)
677 {
678 struct version_check_args *args = (struct version_check_args *) a;
679 if (_dl_check_all_versions (GL(dl_ns)[LM_ID_BASE]._ns_loaded, 1,
680 args->dotrace) && args->doexit)
681 /* We cannot start the application. Abort now. */
682 _exit (1);
683 }
684
685
686 static inline struct link_map *
find_needed(const char * name)687 find_needed (const char *name)
688 {
689 struct r_scope_elem *scope = &GL(dl_ns)[LM_ID_BASE]._ns_loaded->l_searchlist;
690 unsigned int n = scope->r_nlist;
691
692 while (n-- > 0)
693 if (_dl_name_match_p (name, scope->r_list[n]))
694 return scope->r_list[n];
695
696 /* Should never happen. */
697 return NULL;
698 }
699
700 static int
match_version(const char * string,struct link_map * map)701 match_version (const char *string, struct link_map *map)
702 {
703 const char *strtab = (const void *) D_PTR (map, l_info[DT_STRTAB]);
704 ElfW(Verdef) *def;
705
706 #define VERDEFTAG (DT_NUM + DT_THISPROCNUM + DT_VERSIONTAGIDX (DT_VERDEF))
707 if (map->l_info[VERDEFTAG] == NULL)
708 /* The file has no symbol versioning. */
709 return 0;
710
711 def = (ElfW(Verdef) *) ((char *) map->l_addr
712 + map->l_info[VERDEFTAG]->d_un.d_ptr);
713 while (1)
714 {
715 ElfW(Verdaux) *aux = (ElfW(Verdaux) *) ((char *) def + def->vd_aux);
716
717 /* Compare the version strings. */
718 if (strcmp (string, strtab + aux->vda_name) == 0)
719 /* Bingo! */
720 return 1;
721
722 /* If no more definitions we failed to find what we want. */
723 if (def->vd_next == 0)
724 break;
725
726 /* Next definition. */
727 def = (ElfW(Verdef) *) ((char *) def + def->vd_next);
728 }
729
730 return 0;
731 }
732
733 static bool tls_init_tp_called;
734
735 static void *
init_tls(size_t naudit)736 init_tls (size_t naudit)
737 {
738 /* Number of elements in the static TLS block. */
739 GL(dl_tls_static_nelem) = GL(dl_tls_max_dtv_idx);
740
741 /* Do not do this twice. The audit interface might have required
742 the DTV interfaces to be set up early. */
743 if (GL(dl_initial_dtv) != NULL)
744 return NULL;
745
746 /* Allocate the array which contains the information about the
747 dtv slots. We allocate a few entries more than needed to
748 avoid the need for reallocation. */
749 size_t nelem = GL(dl_tls_max_dtv_idx) + 1 + TLS_SLOTINFO_SURPLUS;
750
751 /* Allocate. */
752 GL(dl_tls_dtv_slotinfo_list) = (struct dtv_slotinfo_list *)
753 calloc (sizeof (struct dtv_slotinfo_list)
754 + nelem * sizeof (struct dtv_slotinfo), 1);
755 /* No need to check the return value. If memory allocation failed
756 the program would have been terminated. */
757
758 struct dtv_slotinfo *slotinfo = GL(dl_tls_dtv_slotinfo_list)->slotinfo;
759 GL(dl_tls_dtv_slotinfo_list)->len = nelem;
760 GL(dl_tls_dtv_slotinfo_list)->next = NULL;
761
762 /* Fill in the information from the loaded modules. No namespace
763 but the base one can be filled at this time. */
764 assert (GL(dl_ns)[LM_ID_BASE + 1]._ns_loaded == NULL);
765 int i = 0;
766 for (struct link_map *l = GL(dl_ns)[LM_ID_BASE]._ns_loaded; l != NULL;
767 l = l->l_next)
768 if (l->l_tls_blocksize != 0)
769 {
770 /* This is a module with TLS data. Store the map reference.
771 The generation counter is zero. */
772 slotinfo[i].map = l;
773 /* slotinfo[i].gen = 0; */
774 ++i;
775 }
776 assert (i == GL(dl_tls_max_dtv_idx));
777
778 /* Calculate the size of the static TLS surplus. */
779 _dl_tls_static_surplus_init (naudit);
780
781 /* Compute the TLS offsets for the various blocks. */
782 _dl_determine_tlsoffset ();
783
784 /* Construct the static TLS block and the dtv for the initial
785 thread. For some platforms this will include allocating memory
786 for the thread descriptor. The memory for the TLS block will
787 never be freed. It should be allocated accordingly. The dtv
788 array can be changed if dynamic loading requires it. */
789 void *tcbp = _dl_allocate_tls_storage ();
790 if (tcbp == NULL)
791 _dl_fatal_printf ("\
792 cannot allocate TLS data structures for initial thread\n");
793
794 /* Store for detection of the special case by __tls_get_addr
795 so it knows not to pass this dtv to the normal realloc. */
796 GL(dl_initial_dtv) = GET_DTV (tcbp);
797
798 /* And finally install it for the main thread. */
799 const char *lossage = TLS_INIT_TP (tcbp);
800 if (__glibc_unlikely (lossage != NULL))
801 _dl_fatal_printf ("cannot set up thread-local storage: %s\n", lossage);
802 __tls_init_tp ();
803 tls_init_tp_called = true;
804
805 return tcbp;
806 }
807
808 static unsigned int
do_preload(const char * fname,struct link_map * main_map,const char * where)809 do_preload (const char *fname, struct link_map *main_map, const char *where)
810 {
811 const char *objname;
812 const char *err_str = NULL;
813 struct map_args args;
814 bool malloced;
815
816 args.str = fname;
817 args.loader = main_map;
818 args.mode = __RTLD_SECURE;
819
820 unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
821
822 (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit, &args);
823 if (__glibc_unlikely (err_str != NULL))
824 {
825 _dl_error_printf ("\
826 ERROR: ld.so: object '%s' from %s cannot be preloaded (%s): ignored.\n",
827 fname, where, err_str);
828 /* No need to call free, this is still before
829 the libc's malloc is used. */
830 }
831 else if (GL(dl_ns)[LM_ID_BASE]._ns_nloaded != old_nloaded)
832 /* It is no duplicate. */
833 return 1;
834
835 /* Nothing loaded. */
836 return 0;
837 }
838
839 static void
security_init(void)840 security_init (void)
841 {
842 /* Set up the stack checker's canary. */
843 uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
844 #ifdef THREAD_SET_STACK_GUARD
845 THREAD_SET_STACK_GUARD (stack_chk_guard);
846 #else
847 __stack_chk_guard = stack_chk_guard;
848 #endif
849
850 /* Set up the pointer guard as well, if necessary. */
851 uintptr_t pointer_chk_guard
852 = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
853 #ifdef THREAD_SET_POINTER_GUARD
854 THREAD_SET_POINTER_GUARD (pointer_chk_guard);
855 #endif
856 __pointer_chk_guard_local = pointer_chk_guard;
857
858 /* We do not need the _dl_random value anymore. The less
859 information we leave behind, the better, so clear the
860 variable. */
861 _dl_random = NULL;
862 }
863
864 #include <setup-vdso.h>
865
866 /* The LD_PRELOAD environment variable gives list of libraries
867 separated by white space or colons that are loaded before the
868 executable's dependencies and prepended to the global scope list.
869 (If the binary is running setuid all elements containing a '/' are
870 ignored since it is insecure.) Return the number of preloads
871 performed. Ditto for --preload command argument. */
872 unsigned int
handle_preload_list(const char * preloadlist,struct link_map * main_map,const char * where)873 handle_preload_list (const char *preloadlist, struct link_map *main_map,
874 const char *where)
875 {
876 unsigned int npreloads = 0;
877 const char *p = preloadlist;
878 char fname[SECURE_PATH_LIMIT];
879
880 while (*p != '\0')
881 {
882 /* Split preload list at space/colon. */
883 size_t len = strcspn (p, " :");
884 if (len > 0 && len < sizeof (fname))
885 {
886 memcpy (fname, p, len);
887 fname[len] = '\0';
888 }
889 else
890 fname[0] = '\0';
891
892 /* Skip over the substring and the following delimiter. */
893 p += len;
894 if (*p != '\0')
895 ++p;
896
897 if (dso_name_valid_for_suid (fname))
898 npreloads += do_preload (fname, main_map, where);
899 }
900 return npreloads;
901 }
902
903 /* Called if the audit DSO cannot be used: if it does not have the
904 appropriate interfaces, or it expects a more recent version library
905 version than what the dynamic linker provides. */
906 static void
unload_audit_module(struct link_map * map,int original_tls_idx)907 unload_audit_module (struct link_map *map, int original_tls_idx)
908 {
909 #ifndef NDEBUG
910 Lmid_t ns = map->l_ns;
911 #endif
912 _dl_close (map);
913
914 /* Make sure the namespace has been cleared entirely. */
915 assert (GL(dl_ns)[ns]._ns_loaded == NULL);
916 assert (GL(dl_ns)[ns]._ns_nloaded == 0);
917
918 GL(dl_tls_max_dtv_idx) = original_tls_idx;
919 }
920
921 /* Called to print an error message if loading of an audit module
922 failed. */
923 static void
report_audit_module_load_error(const char * name,const char * err_str,bool malloced)924 report_audit_module_load_error (const char *name, const char *err_str,
925 bool malloced)
926 {
927 _dl_error_printf ("\
928 ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
929 name, err_str);
930 if (malloced)
931 free ((char *) err_str);
932 }
933
934 /* Load one audit module. */
935 static void
load_audit_module(const char * name,struct audit_ifaces ** last_audit)936 load_audit_module (const char *name, struct audit_ifaces **last_audit)
937 {
938 int original_tls_idx = GL(dl_tls_max_dtv_idx);
939
940 struct dlmopen_args dlmargs;
941 dlmargs.fname = name;
942 dlmargs.map = NULL;
943
944 const char *objname;
945 const char *err_str = NULL;
946 bool malloced;
947 _dl_catch_error (&objname, &err_str, &malloced, dlmopen_doit, &dlmargs);
948 if (__glibc_unlikely (err_str != NULL))
949 {
950 report_audit_module_load_error (name, err_str, malloced);
951 return;
952 }
953
954 struct lookup_args largs;
955 largs.name = "la_version";
956 largs.map = dlmargs.map;
957 _dl_catch_error (&objname, &err_str, &malloced, lookup_doit, &largs);
958 if (__glibc_likely (err_str != NULL))
959 {
960 unload_audit_module (dlmargs.map, original_tls_idx);
961 report_audit_module_load_error (name, err_str, malloced);
962 return;
963 }
964
965 unsigned int (*laversion) (unsigned int) = largs.result;
966
967 /* A null symbol indicates that something is very wrong with the
968 loaded object because defined symbols are supposed to have a
969 valid, non-null address. */
970 assert (laversion != NULL);
971
972 unsigned int lav = laversion (LAV_CURRENT);
973 if (lav == 0)
974 {
975 /* Only print an error message if debugging because this can
976 happen deliberately. */
977 if (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
978 _dl_debug_printf ("\
979 file=%s [%lu]; audit interface function la_version returned zero; ignored.\n",
980 dlmargs.map->l_name, dlmargs.map->l_ns);
981 unload_audit_module (dlmargs.map, original_tls_idx);
982 return;
983 }
984
985 if (!_dl_audit_check_version (lav))
986 {
987 _dl_debug_printf ("\
988 ERROR: audit interface '%s' requires version %d (maximum supported version %d); ignored.\n",
989 name, lav, LAV_CURRENT);
990 unload_audit_module (dlmargs.map, original_tls_idx);
991 return;
992 }
993
994 enum { naudit_ifaces = 8 };
995 union
996 {
997 struct audit_ifaces ifaces;
998 void (*fptr[naudit_ifaces]) (void);
999 } *newp = malloc (sizeof (*newp));
1000 if (newp == NULL)
1001 _dl_fatal_printf ("Out of memory while loading audit modules\n");
1002
1003 /* Names of the auditing interfaces. All in one
1004 long string. */
1005 static const char audit_iface_names[] =
1006 "la_activity\0"
1007 "la_objsearch\0"
1008 "la_objopen\0"
1009 "la_preinit\0"
1010 LA_SYMBIND "\0"
1011 #define STRING(s) __STRING (s)
1012 "la_" STRING (ARCH_LA_PLTENTER) "\0"
1013 "la_" STRING (ARCH_LA_PLTEXIT) "\0"
1014 "la_objclose\0";
1015 unsigned int cnt = 0;
1016 const char *cp = audit_iface_names;
1017 do
1018 {
1019 largs.name = cp;
1020 _dl_catch_error (&objname, &err_str, &malloced, lookup_doit, &largs);
1021
1022 /* Store the pointer. */
1023 if (err_str == NULL && largs.result != NULL)
1024 newp->fptr[cnt] = largs.result;
1025 else
1026 newp->fptr[cnt] = NULL;
1027 ++cnt;
1028
1029 cp = rawmemchr (cp, '\0') + 1;
1030 }
1031 while (*cp != '\0');
1032 assert (cnt == naudit_ifaces);
1033
1034 /* Now append the new auditing interface to the list. */
1035 newp->ifaces.next = NULL;
1036 if (*last_audit == NULL)
1037 *last_audit = GLRO(dl_audit) = &newp->ifaces;
1038 else
1039 *last_audit = (*last_audit)->next = &newp->ifaces;
1040
1041 /* The dynamic linker link map is statically allocated, so the
1042 cookie in _dl_new_object has not happened. */
1043 link_map_audit_state (&GL (dl_rtld_map), GLRO (dl_naudit))->cookie
1044 = (intptr_t) &GL (dl_rtld_map);
1045
1046 ++GLRO(dl_naudit);
1047
1048 /* Mark the DSO as being used for auditing. */
1049 dlmargs.map->l_auditing = 1;
1050 }
1051
1052 /* Load all audit modules. */
1053 static void
load_audit_modules(struct link_map * main_map,struct audit_list * audit_list)1054 load_audit_modules (struct link_map *main_map, struct audit_list *audit_list)
1055 {
1056 struct audit_ifaces *last_audit = NULL;
1057
1058 while (true)
1059 {
1060 const char *name = audit_list_next (audit_list);
1061 if (name == NULL)
1062 break;
1063 load_audit_module (name, &last_audit);
1064 }
1065
1066 /* Notify audit modules of the initially loaded modules (the main
1067 program and the dynamic linker itself). */
1068 if (GLRO(dl_naudit) > 0)
1069 {
1070 _dl_audit_objopen (main_map, LM_ID_BASE);
1071 _dl_audit_objopen (&GL(dl_rtld_map), LM_ID_BASE);
1072 }
1073 }
1074
1075 /* Check if the executable is not actualy dynamically linked, and
1076 invoke it directly in that case. */
1077 static void
rtld_chain_load(struct link_map * main_map,char * argv0)1078 rtld_chain_load (struct link_map *main_map, char *argv0)
1079 {
1080 /* The dynamic loader run against itself. */
1081 const char *rtld_soname
1082 = ((const char *) D_PTR (&GL(dl_rtld_map), l_info[DT_STRTAB])
1083 + GL(dl_rtld_map).l_info[DT_SONAME]->d_un.d_val);
1084 if (main_map->l_info[DT_SONAME] != NULL
1085 && strcmp (rtld_soname,
1086 ((const char *) D_PTR (main_map, l_info[DT_STRTAB])
1087 + main_map->l_info[DT_SONAME]->d_un.d_val)) == 0)
1088 _dl_fatal_printf ("%s: loader cannot load itself\n", rtld_soname);
1089
1090 /* With DT_NEEDED dependencies, the executable is dynamically
1091 linked. */
1092 if (__glibc_unlikely (main_map->l_info[DT_NEEDED] != NULL))
1093 return;
1094
1095 /* If the executable has program interpreter, it is dynamically
1096 linked. */
1097 for (size_t i = 0; i < main_map->l_phnum; ++i)
1098 if (main_map->l_phdr[i].p_type == PT_INTERP)
1099 return;
1100
1101 const char *pathname = _dl_argv[0];
1102 if (argv0 != NULL)
1103 _dl_argv[0] = argv0;
1104 int errcode = __rtld_execve (pathname, _dl_argv, _environ);
1105 const char *errname = strerrorname_np (errcode);
1106 if (errname != NULL)
1107 _dl_fatal_printf("%s: cannot execute %s: %s\n",
1108 rtld_soname, pathname, errname);
1109 else
1110 _dl_fatal_printf("%s: cannot execute %s: %d\n",
1111 rtld_soname, pathname, errcode);
1112 }
1113
1114 /* Called to complete the initialization of the link map for the main
1115 executable. Returns true if there is a PT_INTERP segment. */
1116 static bool
rtld_setup_main_map(struct link_map * main_map)1117 rtld_setup_main_map (struct link_map *main_map)
1118 {
1119 /* This have already been filled in right after _dl_new_object, or
1120 as part of _dl_map_object. */
1121 const ElfW(Phdr) *phdr = main_map->l_phdr;
1122 ElfW(Word) phnum = main_map->l_phnum;
1123
1124 bool has_interp = false;
1125
1126 main_map->l_map_end = 0;
1127 main_map->l_text_end = 0;
1128 /* Perhaps the executable has no PT_LOAD header entries at all. */
1129 main_map->l_map_start = ~0;
1130 /* And it was opened directly. */
1131 ++main_map->l_direct_opencount;
1132 main_map->l_contiguous = 1;
1133
1134 /* A PT_LOAD segment at an unexpected address will clear the
1135 l_contiguous flag. The ELF specification says that PT_LOAD
1136 segments need to be sorted in in increasing order, but perhaps
1137 not all executables follow this requirement. Having l_contiguous
1138 equal to 1 is just an optimization, so the code below does not
1139 try to sort the segments in case they are unordered.
1140
1141 There is one corner case in which l_contiguous is not set to 1,
1142 but where it could be set: If a PIE (ET_DYN) binary is loaded by
1143 glibc itself (not the kernel), it is always contiguous due to the
1144 way the glibc loader works. However, the kernel loader may still
1145 create holes in this case, and the code here still uses 0
1146 conservatively for the glibc-loaded case, too. */
1147 ElfW(Addr) expected_load_address = 0;
1148
1149 /* Scan the program header table for the dynamic section. */
1150 for (const ElfW(Phdr) *ph = phdr; ph < &phdr[phnum]; ++ph)
1151 switch (ph->p_type)
1152 {
1153 case PT_PHDR:
1154 /* Find out the load address. */
1155 main_map->l_addr = (ElfW(Addr)) phdr - ph->p_vaddr;
1156 break;
1157 case PT_DYNAMIC:
1158 /* This tells us where to find the dynamic section,
1159 which tells us everything we need to do. */
1160 main_map->l_ld = (void *) main_map->l_addr + ph->p_vaddr;
1161 main_map->l_ld_readonly = (ph->p_flags & PF_W) == 0;
1162 break;
1163 case PT_INTERP:
1164 /* This "interpreter segment" was used by the program loader to
1165 find the program interpreter, which is this program itself, the
1166 dynamic linker. We note what name finds us, so that a future
1167 dlopen call or DT_NEEDED entry, for something that wants to link
1168 against the dynamic linker as a shared library, will know that
1169 the shared object is already loaded. */
1170 _dl_rtld_libname.name = ((const char *) main_map->l_addr
1171 + ph->p_vaddr);
1172 /* _dl_rtld_libname.next = NULL; Already zero. */
1173 GL(dl_rtld_map).l_libname = &_dl_rtld_libname;
1174
1175 /* Ordinarilly, we would get additional names for the loader from
1176 our DT_SONAME. This can't happen if we were actually linked as
1177 a static executable (detect this case when we have no DYNAMIC).
1178 If so, assume the filename component of the interpreter path to
1179 be our SONAME, and add it to our name list. */
1180 if (GL(dl_rtld_map).l_ld == NULL)
1181 {
1182 const char *p = NULL;
1183 const char *cp = _dl_rtld_libname.name;
1184
1185 /* Find the filename part of the path. */
1186 while (*cp != '\0')
1187 if (*cp++ == '/')
1188 p = cp;
1189
1190 if (p != NULL)
1191 {
1192 _dl_rtld_libname2.name = p;
1193 /* _dl_rtld_libname2.next = NULL; Already zero. */
1194 _dl_rtld_libname.next = &_dl_rtld_libname2;
1195 }
1196 }
1197
1198 has_interp = true;
1199 break;
1200 case PT_LOAD:
1201 {
1202 ElfW(Addr) mapstart;
1203 ElfW(Addr) allocend;
1204
1205 /* Remember where the main program starts in memory. */
1206 mapstart = (main_map->l_addr
1207 + (ph->p_vaddr & ~(GLRO(dl_pagesize) - 1)));
1208 if (main_map->l_map_start > mapstart)
1209 main_map->l_map_start = mapstart;
1210
1211 if (main_map->l_contiguous && expected_load_address != 0
1212 && expected_load_address != mapstart)
1213 main_map->l_contiguous = 0;
1214
1215 /* Also where it ends. */
1216 allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz;
1217 if (main_map->l_map_end < allocend)
1218 main_map->l_map_end = allocend;
1219 if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end)
1220 main_map->l_text_end = allocend;
1221
1222 /* The next expected address is the page following this load
1223 segment. */
1224 expected_load_address = ((allocend + GLRO(dl_pagesize) - 1)
1225 & ~(GLRO(dl_pagesize) - 1));
1226 }
1227 break;
1228
1229 case PT_TLS:
1230 if (ph->p_memsz > 0)
1231 {
1232 /* Note that in the case the dynamic linker we duplicate work
1233 here since we read the PT_TLS entry already in
1234 _dl_start_final. But the result is repeatable so do not
1235 check for this special but unimportant case. */
1236 main_map->l_tls_blocksize = ph->p_memsz;
1237 main_map->l_tls_align = ph->p_align;
1238 if (ph->p_align == 0)
1239 main_map->l_tls_firstbyte_offset = 0;
1240 else
1241 main_map->l_tls_firstbyte_offset = (ph->p_vaddr
1242 & (ph->p_align - 1));
1243 main_map->l_tls_initimage_size = ph->p_filesz;
1244 main_map->l_tls_initimage = (void *) ph->p_vaddr;
1245
1246 /* This image gets the ID one. */
1247 GL(dl_tls_max_dtv_idx) = main_map->l_tls_modid = 1;
1248 }
1249 break;
1250
1251 case PT_GNU_STACK:
1252 GL(dl_stack_flags) = ph->p_flags;
1253 break;
1254
1255 case PT_GNU_RELRO:
1256 main_map->l_relro_addr = ph->p_vaddr;
1257 main_map->l_relro_size = ph->p_memsz;
1258 break;
1259 }
1260 /* Process program headers again, but scan them backwards so
1261 that PT_NOTE can be skipped if PT_GNU_PROPERTY exits. */
1262 for (const ElfW(Phdr) *ph = &phdr[phnum]; ph != phdr; --ph)
1263 switch (ph[-1].p_type)
1264 {
1265 case PT_NOTE:
1266 _dl_process_pt_note (main_map, -1, &ph[-1]);
1267 break;
1268 case PT_GNU_PROPERTY:
1269 _dl_process_pt_gnu_property (main_map, -1, &ph[-1]);
1270 break;
1271 }
1272
1273 /* Adjust the address of the TLS initialization image in case
1274 the executable is actually an ET_DYN object. */
1275 if (main_map->l_tls_initimage != NULL)
1276 main_map->l_tls_initimage
1277 = (char *) main_map->l_tls_initimage + main_map->l_addr;
1278 if (! main_map->l_map_end)
1279 main_map->l_map_end = ~0;
1280 if (! main_map->l_text_end)
1281 main_map->l_text_end = ~0;
1282 if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name)
1283 {
1284 /* We were invoked directly, so the program might not have a
1285 PT_INTERP. */
1286 _dl_rtld_libname.name = GL(dl_rtld_map).l_name;
1287 /* _dl_rtld_libname.next = NULL; Already zero. */
1288 GL(dl_rtld_map).l_libname = &_dl_rtld_libname;
1289 }
1290 else
1291 assert (GL(dl_rtld_map).l_libname); /* How else did we get here? */
1292
1293 return has_interp;
1294 }
1295
1296 /* Adjusts the contents of the stack and related globals for the user
1297 entry point. The ld.so processed skip_args arguments and bumped
1298 _dl_argv and _dl_argc accordingly. Those arguments are removed from
1299 argv here. */
1300 static void
_dl_start_args_adjust(int skip_args)1301 _dl_start_args_adjust (int skip_args)
1302 {
1303 void **sp = (void **) (_dl_argv - skip_args - 1);
1304 void **p = sp + skip_args;
1305
1306 if (skip_args == 0)
1307 return;
1308
1309 /* Sanity check. */
1310 intptr_t argc __attribute__ ((unused)) = (intptr_t) sp[0] - skip_args;
1311 assert (argc == _dl_argc);
1312
1313 /* Adjust argc on stack. */
1314 sp[0] = (void *) (intptr_t) _dl_argc;
1315
1316 /* Update globals in rtld. */
1317 _dl_argv -= skip_args;
1318 _environ -= skip_args;
1319
1320 /* Shuffle argv down. */
1321 do
1322 *++sp = *++p;
1323 while (*p != NULL);
1324
1325 assert (_environ == (char **) (sp + 1));
1326
1327 /* Shuffle envp down. */
1328 do
1329 *++sp = *++p;
1330 while (*p != NULL);
1331
1332 #ifdef HAVE_AUX_VECTOR
1333 void **auxv = (void **) GLRO(dl_auxv) - skip_args;
1334 GLRO(dl_auxv) = (ElfW(auxv_t) *) auxv; /* Aliasing violation. */
1335 assert (auxv == sp + 1);
1336
1337 /* Shuffle auxv down. */
1338 ElfW(auxv_t) ax;
1339 char *oldp = (char *) (p + 1);
1340 char *newp = (char *) (sp + 1);
1341 do
1342 {
1343 memcpy (&ax, oldp, sizeof (ax));
1344 memcpy (newp, &ax, sizeof (ax));
1345 oldp += sizeof (ax);
1346 newp += sizeof (ax);
1347 }
1348 while (ax.a_type != AT_NULL);
1349 #endif
1350 }
1351
1352 static void
dl_main(const ElfW (Phdr)* phdr,ElfW (Word)phnum,ElfW (Addr)* user_entry,ElfW (auxv_t)* auxv)1353 dl_main (const ElfW(Phdr) *phdr,
1354 ElfW(Word) phnum,
1355 ElfW(Addr) *user_entry,
1356 ElfW(auxv_t) *auxv)
1357 {
1358 struct link_map *main_map;
1359 size_t file_size;
1360 char *file;
1361 unsigned int i;
1362 bool rtld_is_main = false;
1363 void *tcbp = NULL;
1364
1365 struct dl_main_state state;
1366 dl_main_state_init (&state);
1367
1368 __tls_pre_init_tp ();
1369
1370 #if !PTHREAD_IN_LIBC
1371 /* The explicit initialization here is cheaper than processing the reloc
1372 in the _rtld_local definition's initializer. */
1373 GL(dl_make_stack_executable_hook) = &_dl_make_stack_executable;
1374 #endif
1375
1376 /* Process the environment variable which control the behaviour. */
1377 process_envvars (&state);
1378
1379 #ifndef HAVE_INLINED_SYSCALLS
1380 /* Set up a flag which tells we are just starting. */
1381 _dl_starting_up = 1;
1382 #endif
1383
1384 const char *ld_so_name = _dl_argv[0];
1385 if (*user_entry == (ElfW(Addr)) ENTRY_POINT)
1386 {
1387 /* Ho ho. We are not the program interpreter! We are the program
1388 itself! This means someone ran ld.so as a command. Well, that
1389 might be convenient to do sometimes. We support it by
1390 interpreting the args like this:
1391
1392 ld.so PROGRAM ARGS...
1393
1394 The first argument is the name of a file containing an ELF
1395 executable we will load and run with the following arguments.
1396 To simplify life here, PROGRAM is searched for using the
1397 normal rules for shared objects, rather than $PATH or anything
1398 like that. We just load it and use its entry point; we don't
1399 pay attention to its PT_INTERP command (we are the interpreter
1400 ourselves). This is an easy way to test a new ld.so before
1401 installing it. */
1402 rtld_is_main = true;
1403
1404 char *argv0 = NULL;
1405 char **orig_argv = _dl_argv;
1406
1407 /* Note the place where the dynamic linker actually came from. */
1408 GL(dl_rtld_map).l_name = rtld_progname;
1409
1410 while (_dl_argc > 1)
1411 if (! strcmp (_dl_argv[1], "--list"))
1412 {
1413 if (state.mode != rtld_mode_help)
1414 {
1415 state.mode = rtld_mode_list;
1416 /* This means do no dependency analysis. */
1417 GLRO(dl_lazy) = -1;
1418 }
1419
1420 --_dl_argc;
1421 ++_dl_argv;
1422 }
1423 else if (! strcmp (_dl_argv[1], "--verify"))
1424 {
1425 if (state.mode != rtld_mode_help)
1426 state.mode = rtld_mode_verify;
1427
1428 --_dl_argc;
1429 ++_dl_argv;
1430 }
1431 else if (! strcmp (_dl_argv[1], "--inhibit-cache"))
1432 {
1433 GLRO(dl_inhibit_cache) = 1;
1434 --_dl_argc;
1435 ++_dl_argv;
1436 }
1437 else if (! strcmp (_dl_argv[1], "--library-path")
1438 && _dl_argc > 2)
1439 {
1440 state.library_path = _dl_argv[2];
1441 state.library_path_source = "--library-path";
1442
1443 _dl_argc -= 2;
1444 _dl_argv += 2;
1445 }
1446 else if (! strcmp (_dl_argv[1], "--inhibit-rpath")
1447 && _dl_argc > 2)
1448 {
1449 GLRO(dl_inhibit_rpath) = _dl_argv[2];
1450
1451 _dl_argc -= 2;
1452 _dl_argv += 2;
1453 }
1454 else if (! strcmp (_dl_argv[1], "--audit") && _dl_argc > 2)
1455 {
1456 audit_list_add_string (&state.audit_list, _dl_argv[2]);
1457
1458 _dl_argc -= 2;
1459 _dl_argv += 2;
1460 }
1461 else if (! strcmp (_dl_argv[1], "--preload") && _dl_argc > 2)
1462 {
1463 state.preloadarg = _dl_argv[2];
1464 _dl_argc -= 2;
1465 _dl_argv += 2;
1466 }
1467 else if (! strcmp (_dl_argv[1], "--argv0") && _dl_argc > 2)
1468 {
1469 argv0 = _dl_argv[2];
1470
1471 _dl_argc -= 2;
1472 _dl_argv += 2;
1473 }
1474 else if (strcmp (_dl_argv[1], "--glibc-hwcaps-prepend") == 0
1475 && _dl_argc > 2)
1476 {
1477 state.glibc_hwcaps_prepend = _dl_argv[2];
1478 _dl_argc -= 2;
1479 _dl_argv += 2;
1480 }
1481 else if (strcmp (_dl_argv[1], "--glibc-hwcaps-mask") == 0
1482 && _dl_argc > 2)
1483 {
1484 state.glibc_hwcaps_mask = _dl_argv[2];
1485 _dl_argc -= 2;
1486 _dl_argv += 2;
1487 }
1488 #if HAVE_TUNABLES
1489 else if (! strcmp (_dl_argv[1], "--list-tunables"))
1490 {
1491 state.mode = rtld_mode_list_tunables;
1492
1493 --_dl_argc;
1494 ++_dl_argv;
1495 }
1496 #endif
1497 else if (! strcmp (_dl_argv[1], "--list-diagnostics"))
1498 {
1499 state.mode = rtld_mode_list_diagnostics;
1500
1501 --_dl_argc;
1502 ++_dl_argv;
1503 }
1504 else if (strcmp (_dl_argv[1], "--help") == 0)
1505 {
1506 state.mode = rtld_mode_help;
1507 --_dl_argc;
1508 ++_dl_argv;
1509 }
1510 else if (strcmp (_dl_argv[1], "--version") == 0)
1511 _dl_version ();
1512 else if (_dl_argv[1][0] == '-' && _dl_argv[1][1] == '-')
1513 {
1514 if (_dl_argv[1][1] == '\0')
1515 /* End of option list. */
1516 break;
1517 else
1518 /* Unrecognized option. */
1519 _dl_usage (ld_so_name, _dl_argv[1]);
1520 }
1521 else
1522 break;
1523
1524 #if HAVE_TUNABLES
1525 if (__glibc_unlikely (state.mode == rtld_mode_list_tunables))
1526 {
1527 __tunables_print ();
1528 _exit (0);
1529 }
1530 #endif
1531
1532 if (state.mode == rtld_mode_list_diagnostics)
1533 _dl_print_diagnostics (_environ);
1534
1535 /* If we have no further argument the program was called incorrectly.
1536 Grant the user some education. */
1537 if (_dl_argc < 2)
1538 {
1539 if (state.mode == rtld_mode_help)
1540 /* --help without an executable is not an error. */
1541 _dl_help (ld_so_name, &state);
1542 else
1543 _dl_usage (ld_so_name, NULL);
1544 }
1545
1546 --_dl_argc;
1547 ++_dl_argv;
1548
1549 /* The initialization of _dl_stack_flags done below assumes the
1550 executable's PT_GNU_STACK may have been honored by the kernel, and
1551 so a PT_GNU_STACK with PF_X set means the stack started out with
1552 execute permission. However, this is not really true if the
1553 dynamic linker is the executable the kernel loaded. For this
1554 case, we must reinitialize _dl_stack_flags to match the dynamic
1555 linker itself. If the dynamic linker was built with a
1556 PT_GNU_STACK, then the kernel may have loaded us with a
1557 nonexecutable stack that we will have to make executable when we
1558 load the program below unless it has a PT_GNU_STACK indicating
1559 nonexecutable stack is ok. */
1560
1561 for (const ElfW(Phdr) *ph = phdr; ph < &phdr[phnum]; ++ph)
1562 if (ph->p_type == PT_GNU_STACK)
1563 {
1564 GL(dl_stack_flags) = ph->p_flags;
1565 break;
1566 }
1567
1568 if (__glibc_unlikely (state.mode == rtld_mode_verify
1569 || state.mode == rtld_mode_help))
1570 {
1571 const char *objname;
1572 const char *err_str = NULL;
1573 struct map_args args;
1574 bool malloced;
1575
1576 args.str = rtld_progname;
1577 args.loader = NULL;
1578 args.mode = __RTLD_OPENEXEC;
1579 (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
1580 &args);
1581 if (__glibc_unlikely (err_str != NULL))
1582 {
1583 /* We don't free the returned string, the programs stops
1584 anyway. */
1585 if (state.mode == rtld_mode_help)
1586 /* Mask the failure to load the main object. The help
1587 message contains less information in this case. */
1588 _dl_help (ld_so_name, &state);
1589 else
1590 _exit (EXIT_FAILURE);
1591 }
1592 }
1593 else
1594 {
1595 RTLD_TIMING_VAR (start);
1596 rtld_timer_start (&start);
1597 _dl_map_object (NULL, rtld_progname, lt_executable, 0,
1598 __RTLD_OPENEXEC, LM_ID_BASE);
1599 rtld_timer_stop (&load_time, start);
1600 }
1601
1602 /* Now the map for the main executable is available. */
1603 main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
1604
1605 if (__glibc_likely (state.mode == rtld_mode_normal))
1606 rtld_chain_load (main_map, argv0);
1607
1608 phdr = main_map->l_phdr;
1609 phnum = main_map->l_phnum;
1610 /* We overwrite here a pointer to a malloc()ed string. But since
1611 the malloc() implementation used at this point is the dummy
1612 implementations which has no real free() function it does not
1613 makes sense to free the old string first. */
1614 main_map->l_name = (char *) "";
1615 *user_entry = main_map->l_entry;
1616
1617 /* Set bit indicating this is the main program map. */
1618 main_map->l_main_map = 1;
1619
1620 #ifdef HAVE_AUX_VECTOR
1621 /* Adjust the on-stack auxiliary vector so that it looks like the
1622 binary was executed directly. */
1623 for (ElfW(auxv_t) *av = auxv; av->a_type != AT_NULL; av++)
1624 switch (av->a_type)
1625 {
1626 case AT_PHDR:
1627 av->a_un.a_val = (uintptr_t) phdr;
1628 break;
1629 case AT_PHNUM:
1630 av->a_un.a_val = phnum;
1631 break;
1632 case AT_ENTRY:
1633 av->a_un.a_val = *user_entry;
1634 break;
1635 case AT_EXECFN:
1636 av->a_un.a_val = (uintptr_t) _dl_argv[0];
1637 break;
1638 }
1639 #endif
1640
1641 /* Set the argv[0] string now that we've processed the executable. */
1642 if (argv0 != NULL)
1643 _dl_argv[0] = argv0;
1644
1645 /* Adjust arguments for the application entry point. */
1646 _dl_start_args_adjust (_dl_argv - orig_argv);
1647 }
1648 else
1649 {
1650 /* Create a link_map for the executable itself.
1651 This will be what dlopen on "" returns. */
1652 main_map = _dl_new_object ((char *) "", "", lt_executable, NULL,
1653 __RTLD_OPENEXEC, LM_ID_BASE);
1654 assert (main_map != NULL);
1655 main_map->l_phdr = phdr;
1656 main_map->l_phnum = phnum;
1657 main_map->l_entry = *user_entry;
1658
1659 /* Even though the link map is not yet fully initialized we can add
1660 it to the map list since there are no possible users running yet. */
1661 _dl_add_to_namespace_list (main_map, LM_ID_BASE);
1662 assert (main_map == GL(dl_ns)[LM_ID_BASE]._ns_loaded);
1663
1664 /* At this point we are in a bit of trouble. We would have to
1665 fill in the values for l_dev and l_ino. But in general we
1666 do not know where the file is. We also do not handle AT_EXECFD
1667 even if it would be passed up.
1668
1669 We leave the values here defined to 0. This is normally no
1670 problem as the program code itself is normally no shared
1671 object and therefore cannot be loaded dynamically. Nothing
1672 prevent the use of dynamic binaries and in these situations
1673 we might get problems. We might not be able to find out
1674 whether the object is already loaded. But since there is no
1675 easy way out and because the dynamic binary must also not
1676 have an SONAME we ignore this program for now. If it becomes
1677 a problem we can force people using SONAMEs. */
1678
1679 /* We delay initializing the path structure until we got the dynamic
1680 information for the program. */
1681 }
1682
1683 bool has_interp = rtld_setup_main_map (main_map);
1684
1685 /* If the current libname is different from the SONAME, add the
1686 latter as well. */
1687 if (GL(dl_rtld_map).l_info[DT_SONAME] != NULL
1688 && strcmp (GL(dl_rtld_map).l_libname->name,
1689 (const char *) D_PTR (&GL(dl_rtld_map), l_info[DT_STRTAB])
1690 + GL(dl_rtld_map).l_info[DT_SONAME]->d_un.d_val) != 0)
1691 {
1692 static struct libname_list newname;
1693 newname.name = ((char *) D_PTR (&GL(dl_rtld_map), l_info[DT_STRTAB])
1694 + GL(dl_rtld_map).l_info[DT_SONAME]->d_un.d_ptr);
1695 newname.next = NULL;
1696 newname.dont_free = 1;
1697
1698 assert (GL(dl_rtld_map).l_libname->next == NULL);
1699 GL(dl_rtld_map).l_libname->next = &newname;
1700 }
1701 /* The ld.so must be relocated since otherwise loading audit modules
1702 will fail since they reuse the very same ld.so. */
1703 assert (GL(dl_rtld_map).l_relocated);
1704
1705 if (! rtld_is_main)
1706 {
1707 /* Extract the contents of the dynamic section for easy access. */
1708 elf_get_dynamic_info (main_map, false, false);
1709
1710 /* If the main map is libc.so, update the base namespace to
1711 refer to this map. If libc.so is loaded later, this happens
1712 in _dl_map_object_from_fd. */
1713 if (main_map->l_info[DT_SONAME] != NULL
1714 && (strcmp (((const char *) D_PTR (main_map, l_info[DT_STRTAB])
1715 + main_map->l_info[DT_SONAME]->d_un.d_val), LIBC_SO)
1716 == 0))
1717 GL(dl_ns)[LM_ID_BASE].libc_map = main_map;
1718
1719 /* Set up our cache of pointers into the hash table. */
1720 _dl_setup_hash (main_map);
1721 }
1722
1723 if (__glibc_unlikely (state.mode == rtld_mode_verify))
1724 {
1725 /* We were called just to verify that this is a dynamic
1726 executable using us as the program interpreter. Exit with an
1727 error if we were not able to load the binary or no interpreter
1728 is specified (i.e., this is no dynamically linked binary. */
1729 if (main_map->l_ld == NULL)
1730 _exit (1);
1731
1732 _exit (has_interp ? 0 : 2);
1733 }
1734
1735 struct link_map **first_preload = &GL(dl_rtld_map).l_next;
1736 /* Set up the data structures for the system-supplied DSO early,
1737 so they can influence _dl_init_paths. */
1738 setup_vdso (main_map, &first_preload);
1739
1740 /* With vDSO setup we can initialize the function pointers. */
1741 setup_vdso_pointers ();
1742
1743 /* Initialize the data structures for the search paths for shared
1744 objects. */
1745 call_init_paths (&state);
1746
1747 /* Initialize _r_debug_extended. */
1748 struct r_debug *r = _dl_debug_initialize (GL(dl_rtld_map).l_addr,
1749 LM_ID_BASE);
1750 r->r_state = RT_CONSISTENT;
1751
1752 /* Put the link_map for ourselves on the chain so it can be found by
1753 name. Note that at this point the global chain of link maps contains
1754 exactly one element, which is pointed to by dl_loaded. */
1755 if (! GL(dl_rtld_map).l_name)
1756 /* If not invoked directly, the dynamic linker shared object file was
1757 found by the PT_INTERP name. */
1758 GL(dl_rtld_map).l_name = (char *) GL(dl_rtld_map).l_libname->name;
1759 GL(dl_rtld_map).l_type = lt_library;
1760 main_map->l_next = &GL(dl_rtld_map);
1761 GL(dl_rtld_map).l_prev = main_map;
1762 ++GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
1763 ++GL(dl_load_adds);
1764
1765 /* Starting from binutils-2.23, the linker will define the magic symbol
1766 __ehdr_start to point to our own ELF header if it is visible in a
1767 segment that also includes the phdrs. If that's not available, we use
1768 the old method that assumes the beginning of the file is part of the
1769 lowest-addressed PT_LOAD segment. */
1770
1771 /* Set up the program header information for the dynamic linker
1772 itself. It is needed in the dl_iterate_phdr callbacks. */
1773 const ElfW(Ehdr) *rtld_ehdr = &__ehdr_start;
1774 assert (rtld_ehdr->e_ehsize == sizeof *rtld_ehdr);
1775 assert (rtld_ehdr->e_phentsize == sizeof (ElfW(Phdr)));
1776
1777 const ElfW(Phdr) *rtld_phdr = (const void *) rtld_ehdr + rtld_ehdr->e_phoff;
1778
1779 GL(dl_rtld_map).l_phdr = rtld_phdr;
1780 GL(dl_rtld_map).l_phnum = rtld_ehdr->e_phnum;
1781
1782
1783 /* PT_GNU_RELRO is usually the last phdr. */
1784 size_t cnt = rtld_ehdr->e_phnum;
1785 while (cnt-- > 0)
1786 if (rtld_phdr[cnt].p_type == PT_GNU_RELRO)
1787 {
1788 GL(dl_rtld_map).l_relro_addr = rtld_phdr[cnt].p_vaddr;
1789 GL(dl_rtld_map).l_relro_size = rtld_phdr[cnt].p_memsz;
1790 break;
1791 }
1792
1793 /* Add the dynamic linker to the TLS list if it also uses TLS. */
1794 if (GL(dl_rtld_map).l_tls_blocksize != 0)
1795 /* Assign a module ID. Do this before loading any audit modules. */
1796 _dl_assign_tls_modid (&GL(dl_rtld_map));
1797
1798 audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_AUDIT);
1799 audit_list_add_dynamic_tag (&state.audit_list, main_map, DT_DEPAUDIT);
1800
1801 /* At this point, all data has been obtained that is included in the
1802 --help output. */
1803 if (__glibc_unlikely (state.mode == rtld_mode_help))
1804 _dl_help (ld_so_name, &state);
1805
1806 /* If we have auditing DSOs to load, do it now. */
1807 bool need_security_init = true;
1808 if (state.audit_list.length > 0)
1809 {
1810 size_t naudit = audit_list_count (&state.audit_list);
1811
1812 /* Since we start using the auditing DSOs right away we need to
1813 initialize the data structures now. */
1814 tcbp = init_tls (naudit);
1815
1816 /* Initialize security features. We need to do it this early
1817 since otherwise the constructors of the audit libraries will
1818 use different values (especially the pointer guard) and will
1819 fail later on. */
1820 security_init ();
1821 need_security_init = false;
1822
1823 load_audit_modules (main_map, &state.audit_list);
1824
1825 /* The count based on audit strings may overestimate the number
1826 of audit modules that got loaded, but not underestimate. */
1827 assert (GLRO(dl_naudit) <= naudit);
1828 }
1829
1830 /* Keep track of the currently loaded modules to count how many
1831 non-audit modules which use TLS are loaded. */
1832 size_t count_modids = _dl_count_modids ();
1833
1834 /* Set up debugging before the debugger is notified for the first time. */
1835 elf_setup_debug_entry (main_map, r);
1836
1837 /* We start adding objects. */
1838 r->r_state = RT_ADD;
1839 _dl_debug_state ();
1840 LIBC_PROBE (init_start, 2, LM_ID_BASE, r);
1841
1842 /* Auditing checkpoint: we are ready to signal that the initial map
1843 is being constructed. */
1844 _dl_audit_activity_map (main_map, LA_ACT_ADD);
1845
1846 /* We have two ways to specify objects to preload: via environment
1847 variable and via the file /etc/ld.so.preload. The latter can also
1848 be used when security is enabled. */
1849 assert (*first_preload == NULL);
1850 struct link_map **preloads = NULL;
1851 unsigned int npreloads = 0;
1852
1853 if (__glibc_unlikely (state.preloadlist != NULL))
1854 {
1855 RTLD_TIMING_VAR (start);
1856 rtld_timer_start (&start);
1857 npreloads += handle_preload_list (state.preloadlist, main_map,
1858 "LD_PRELOAD");
1859 rtld_timer_accum (&load_time, start);
1860 }
1861
1862 if (__glibc_unlikely (state.preloadarg != NULL))
1863 {
1864 RTLD_TIMING_VAR (start);
1865 rtld_timer_start (&start);
1866 npreloads += handle_preload_list (state.preloadarg, main_map,
1867 "--preload");
1868 rtld_timer_accum (&load_time, start);
1869 }
1870
1871 /* There usually is no ld.so.preload file, it should only be used
1872 for emergencies and testing. So the open call etc should usually
1873 fail. Using access() on a non-existing file is faster than using
1874 open(). So we do this first. If it succeeds we do almost twice
1875 the work but this does not matter, since it is not for production
1876 use. */
1877 static const char preload_file[] = "/etc/ld.so.preload";
1878 if (__glibc_unlikely (__access (preload_file, R_OK) == 0))
1879 {
1880 /* Read the contents of the file. */
1881 file = _dl_sysdep_read_whole_file (preload_file, &file_size,
1882 PROT_READ | PROT_WRITE);
1883 if (__glibc_unlikely (file != MAP_FAILED))
1884 {
1885 /* Parse the file. It contains names of libraries to be loaded,
1886 separated by white spaces or `:'. It may also contain
1887 comments introduced by `#'. */
1888 char *problem;
1889 char *runp;
1890 size_t rest;
1891
1892 /* Eliminate comments. */
1893 runp = file;
1894 rest = file_size;
1895 while (rest > 0)
1896 {
1897 char *comment = memchr (runp, '#', rest);
1898 if (comment == NULL)
1899 break;
1900
1901 rest -= comment - runp;
1902 do
1903 *comment = ' ';
1904 while (--rest > 0 && *++comment != '\n');
1905 }
1906
1907 /* We have one problematic case: if we have a name at the end of
1908 the file without a trailing terminating characters, we cannot
1909 place the \0. Handle the case separately. */
1910 if (file[file_size - 1] != ' ' && file[file_size - 1] != '\t'
1911 && file[file_size - 1] != '\n' && file[file_size - 1] != ':')
1912 {
1913 problem = &file[file_size];
1914 while (problem > file && problem[-1] != ' '
1915 && problem[-1] != '\t'
1916 && problem[-1] != '\n' && problem[-1] != ':')
1917 --problem;
1918
1919 if (problem > file)
1920 problem[-1] = '\0';
1921 }
1922 else
1923 {
1924 problem = NULL;
1925 file[file_size - 1] = '\0';
1926 }
1927
1928 RTLD_TIMING_VAR (start);
1929 rtld_timer_start (&start);
1930
1931 if (file != problem)
1932 {
1933 char *p;
1934 runp = file;
1935 while ((p = strsep (&runp, ": \t\n")) != NULL)
1936 if (p[0] != '\0')
1937 npreloads += do_preload (p, main_map, preload_file);
1938 }
1939
1940 if (problem != NULL)
1941 {
1942 char *p = strndupa (problem, file_size - (problem - file));
1943
1944 npreloads += do_preload (p, main_map, preload_file);
1945 }
1946
1947 rtld_timer_accum (&load_time, start);
1948
1949 /* We don't need the file anymore. */
1950 __munmap (file, file_size);
1951 }
1952 }
1953
1954 if (__glibc_unlikely (*first_preload != NULL))
1955 {
1956 /* Set up PRELOADS with a vector of the preloaded libraries. */
1957 struct link_map *l = *first_preload;
1958 preloads = __alloca (npreloads * sizeof preloads[0]);
1959 i = 0;
1960 do
1961 {
1962 preloads[i++] = l;
1963 l = l->l_next;
1964 } while (l);
1965 assert (i == npreloads);
1966 }
1967
1968 #ifdef NEED_DL_SYSINFO_DSO
1969 /* Now that the audit modules are opened, call la_objopen for the vDSO. */
1970 if (GLRO(dl_sysinfo_map) != NULL)
1971 _dl_audit_objopen (GLRO(dl_sysinfo_map), LM_ID_BASE);
1972 #endif
1973
1974 /* Load all the libraries specified by DT_NEEDED entries. If LD_PRELOAD
1975 specified some libraries to load, these are inserted before the actual
1976 dependencies in the executable's searchlist for symbol resolution. */
1977 {
1978 RTLD_TIMING_VAR (start);
1979 rtld_timer_start (&start);
1980 _dl_map_object_deps (main_map, preloads, npreloads,
1981 state.mode == rtld_mode_trace, 0);
1982 rtld_timer_accum (&load_time, start);
1983 }
1984
1985 /* Mark all objects as being in the global scope. */
1986 for (i = main_map->l_searchlist.r_nlist; i > 0; )
1987 main_map->l_searchlist.r_list[--i]->l_global = 1;
1988
1989 /* Remove _dl_rtld_map from the chain. */
1990 GL(dl_rtld_map).l_prev->l_next = GL(dl_rtld_map).l_next;
1991 if (GL(dl_rtld_map).l_next != NULL)
1992 GL(dl_rtld_map).l_next->l_prev = GL(dl_rtld_map).l_prev;
1993
1994 for (i = 1; i < main_map->l_searchlist.r_nlist; ++i)
1995 if (main_map->l_searchlist.r_list[i] == &GL(dl_rtld_map))
1996 break;
1997
1998 bool rtld_multiple_ref = false;
1999 if (__glibc_likely (i < main_map->l_searchlist.r_nlist))
2000 {
2001 /* Some DT_NEEDED entry referred to the interpreter object itself, so
2002 put it back in the list of visible objects. We insert it into the
2003 chain in symbol search order because gdb uses the chain's order as
2004 its symbol search order. */
2005 rtld_multiple_ref = true;
2006
2007 GL(dl_rtld_map).l_prev = main_map->l_searchlist.r_list[i - 1];
2008 if (__glibc_likely (state.mode == rtld_mode_normal))
2009 {
2010 GL(dl_rtld_map).l_next = (i + 1 < main_map->l_searchlist.r_nlist
2011 ? main_map->l_searchlist.r_list[i + 1]
2012 : NULL);
2013 #ifdef NEED_DL_SYSINFO_DSO
2014 if (GLRO(dl_sysinfo_map) != NULL
2015 && GL(dl_rtld_map).l_prev->l_next == GLRO(dl_sysinfo_map)
2016 && GL(dl_rtld_map).l_next != GLRO(dl_sysinfo_map))
2017 GL(dl_rtld_map).l_prev = GLRO(dl_sysinfo_map);
2018 #endif
2019 }
2020 else
2021 /* In trace mode there might be an invisible object (which we
2022 could not find) after the previous one in the search list.
2023 In this case it doesn't matter much where we put the
2024 interpreter object, so we just initialize the list pointer so
2025 that the assertion below holds. */
2026 GL(dl_rtld_map).l_next = GL(dl_rtld_map).l_prev->l_next;
2027
2028 assert (GL(dl_rtld_map).l_prev->l_next == GL(dl_rtld_map).l_next);
2029 GL(dl_rtld_map).l_prev->l_next = &GL(dl_rtld_map);
2030 if (GL(dl_rtld_map).l_next != NULL)
2031 {
2032 assert (GL(dl_rtld_map).l_next->l_prev == GL(dl_rtld_map).l_prev);
2033 GL(dl_rtld_map).l_next->l_prev = &GL(dl_rtld_map);
2034 }
2035 }
2036
2037 /* Now let us see whether all libraries are available in the
2038 versions we need. */
2039 {
2040 struct version_check_args args;
2041 args.doexit = state.mode == rtld_mode_normal;
2042 args.dotrace = state.mode == rtld_mode_trace;
2043 _dl_receive_error (print_missing_version, version_check_doit, &args);
2044 }
2045
2046 /* We do not initialize any of the TLS functionality unless any of the
2047 initial modules uses TLS. This makes dynamic loading of modules with
2048 TLS impossible, but to support it requires either eagerly doing setup
2049 now or lazily doing it later. Doing it now makes us incompatible with
2050 an old kernel that can't perform TLS_INIT_TP, even if no TLS is ever
2051 used. Trying to do it lazily is too hairy to try when there could be
2052 multiple threads (from a non-TLS-using libpthread). */
2053 bool was_tls_init_tp_called = tls_init_tp_called;
2054 if (tcbp == NULL)
2055 tcbp = init_tls (0);
2056
2057 if (__glibc_likely (need_security_init))
2058 /* Initialize security features. But only if we have not done it
2059 earlier. */
2060 security_init ();
2061
2062 if (__glibc_unlikely (state.mode != rtld_mode_normal))
2063 {
2064 /* We were run just to list the shared libraries. It is
2065 important that we do this before real relocation, because the
2066 functions we call below for output may no longer work properly
2067 after relocation. */
2068 struct link_map *l;
2069
2070 if (GLRO(dl_debug_mask) & DL_DEBUG_UNUSED)
2071 {
2072 /* Look through the dependencies of the main executable
2073 and determine which of them is not actually
2074 required. */
2075 struct link_map *l = main_map;
2076
2077 /* Relocate the main executable. */
2078 struct relocate_args args = { .l = l,
2079 .reloc_mode = ((GLRO(dl_lazy)
2080 ? RTLD_LAZY : 0)
2081 | __RTLD_NOIFUNC) };
2082 _dl_receive_error (print_unresolved, relocate_doit, &args);
2083
2084 /* This loop depends on the dependencies of the executable to
2085 correspond in number and order to the DT_NEEDED entries. */
2086 ElfW(Dyn) *dyn = main_map->l_ld;
2087 bool first = true;
2088 while (dyn->d_tag != DT_NULL)
2089 {
2090 if (dyn->d_tag == DT_NEEDED)
2091 {
2092 l = l->l_next;
2093 #ifdef NEED_DL_SYSINFO_DSO
2094 /* Skip the VDSO since it's not part of the list
2095 of objects we brought in via DT_NEEDED entries. */
2096 if (l == GLRO(dl_sysinfo_map))
2097 l = l->l_next;
2098 #endif
2099 if (!l->l_used)
2100 {
2101 if (first)
2102 {
2103 _dl_printf ("Unused direct dependencies:\n");
2104 first = false;
2105 }
2106
2107 _dl_printf ("\t%s\n", l->l_name);
2108 }
2109 }
2110
2111 ++dyn;
2112 }
2113
2114 _exit (first != true);
2115 }
2116 else if (! main_map->l_info[DT_NEEDED])
2117 _dl_printf ("\tstatically linked\n");
2118 else
2119 {
2120 for (l = state.mode_trace_program ? main_map : main_map->l_next;
2121 l; l = l->l_next) {
2122 if (l->l_faked)
2123 /* The library was not found. */
2124 _dl_printf ("\t%s => not found\n", l->l_libname->name);
2125 else
2126 _dl_printf ("\t%s => %s (0x%0*Zx)\n",
2127 DSO_FILENAME (l->l_libname->name),
2128 DSO_FILENAME (l->l_name),
2129 (int) sizeof l->l_map_start * 2,
2130 (size_t) l->l_map_start);
2131 }
2132 }
2133
2134 if (__glibc_unlikely (state.mode != rtld_mode_trace))
2135 for (i = 1; i < (unsigned int) _dl_argc; ++i)
2136 {
2137 const ElfW(Sym) *ref = NULL;
2138 ElfW(Addr) loadbase;
2139 lookup_t result;
2140
2141 result = _dl_lookup_symbol_x (_dl_argv[i], main_map,
2142 &ref, main_map->l_scope,
2143 NULL, ELF_RTYPE_CLASS_PLT,
2144 DL_LOOKUP_ADD_DEPENDENCY, NULL);
2145
2146 loadbase = LOOKUP_VALUE_ADDRESS (result, false);
2147
2148 _dl_printf ("%s found at 0x%0*Zd in object at 0x%0*Zd\n",
2149 _dl_argv[i],
2150 (int) sizeof ref->st_value * 2,
2151 (size_t) ref->st_value,
2152 (int) sizeof loadbase * 2, (size_t) loadbase);
2153 }
2154 else
2155 {
2156 /* If LD_WARN is set, warn about undefined symbols. */
2157 if (GLRO(dl_lazy) >= 0 && GLRO(dl_verbose))
2158 {
2159 /* We have to do symbol dependency testing. */
2160 struct relocate_args args;
2161 unsigned int i;
2162
2163 args.reloc_mode = ((GLRO(dl_lazy) ? RTLD_LAZY : 0)
2164 | __RTLD_NOIFUNC);
2165
2166 i = main_map->l_searchlist.r_nlist;
2167 while (i-- > 0)
2168 {
2169 struct link_map *l = main_map->l_initfini[i];
2170 if (l != &GL(dl_rtld_map) && ! l->l_faked)
2171 {
2172 args.l = l;
2173 _dl_receive_error (print_unresolved, relocate_doit,
2174 &args);
2175 }
2176 }
2177
2178 }
2179 #define VERNEEDTAG (DT_NUM + DT_THISPROCNUM + DT_VERSIONTAGIDX (DT_VERNEED))
2180 if (state.version_info)
2181 {
2182 /* Print more information. This means here, print information
2183 about the versions needed. */
2184 int first = 1;
2185 struct link_map *map;
2186
2187 for (map = main_map; map != NULL; map = map->l_next)
2188 {
2189 const char *strtab;
2190 ElfW(Dyn) *dyn = map->l_info[VERNEEDTAG];
2191 ElfW(Verneed) *ent;
2192
2193 if (dyn == NULL)
2194 continue;
2195
2196 strtab = (const void *) D_PTR (map, l_info[DT_STRTAB]);
2197 ent = (ElfW(Verneed) *) (map->l_addr + dyn->d_un.d_ptr);
2198
2199 if (first)
2200 {
2201 _dl_printf ("\n\tVersion information:\n");
2202 first = 0;
2203 }
2204
2205 _dl_printf ("\t%s:\n", DSO_FILENAME (map->l_name));
2206
2207 while (1)
2208 {
2209 ElfW(Vernaux) *aux;
2210 struct link_map *needed;
2211
2212 needed = find_needed (strtab + ent->vn_file);
2213 aux = (ElfW(Vernaux) *) ((char *) ent + ent->vn_aux);
2214
2215 while (1)
2216 {
2217 const char *fname = NULL;
2218
2219 if (needed != NULL
2220 && match_version (strtab + aux->vna_name,
2221 needed))
2222 fname = needed->l_name;
2223
2224 _dl_printf ("\t\t%s (%s) %s=> %s\n",
2225 strtab + ent->vn_file,
2226 strtab + aux->vna_name,
2227 aux->vna_flags & VER_FLG_WEAK
2228 ? "[WEAK] " : "",
2229 fname ?: "not found");
2230
2231 if (aux->vna_next == 0)
2232 /* No more symbols. */
2233 break;
2234
2235 /* Next symbol. */
2236 aux = (ElfW(Vernaux) *) ((char *) aux
2237 + aux->vna_next);
2238 }
2239
2240 if (ent->vn_next == 0)
2241 /* No more dependencies. */
2242 break;
2243
2244 /* Next dependency. */
2245 ent = (ElfW(Verneed) *) ((char *) ent + ent->vn_next);
2246 }
2247 }
2248 }
2249 }
2250
2251 _exit (0);
2252 }
2253
2254 /* Now set up the variable which helps the assembler startup code. */
2255 GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist = &main_map->l_searchlist;
2256
2257 /* Save the information about the original global scope list since
2258 we need it in the memory handling later. */
2259 GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist;
2260
2261 /* Remember the last search directory added at startup, now that
2262 malloc will no longer be the one from dl-minimal.c. As a side
2263 effect, this marks ld.so as initialized, so that the rtld_active
2264 function returns true from now on. */
2265 GLRO(dl_init_all_dirs) = GL(dl_all_dirs);
2266
2267 /* Print scope information. */
2268 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_SCOPES))
2269 {
2270 _dl_debug_printf ("\nInitial object scopes\n");
2271
2272 for (struct link_map *l = main_map; l != NULL; l = l->l_next)
2273 _dl_show_scope (l, 0);
2274 }
2275
2276 _rtld_main_check (main_map, _dl_argv[0]);
2277
2278 /* Now we have all the objects loaded. Relocate them all except for
2279 the dynamic linker itself. We do this in reverse order so that copy
2280 relocs of earlier objects overwrite the data written by later
2281 objects. We do not re-relocate the dynamic linker itself in this
2282 loop because that could result in the GOT entries for functions we
2283 call being changed, and that would break us. It is safe to relocate
2284 the dynamic linker out of order because it has no copy relocs (we
2285 know that because it is self-contained). */
2286
2287 int consider_profiling = GLRO(dl_profile) != NULL;
2288
2289 /* If we are profiling we also must do lazy reloaction. */
2290 GLRO(dl_lazy) |= consider_profiling;
2291
2292 RTLD_TIMING_VAR (start);
2293 rtld_timer_start (&start);
2294 {
2295 unsigned i = main_map->l_searchlist.r_nlist;
2296 while (i-- > 0)
2297 {
2298 struct link_map *l = main_map->l_initfini[i];
2299
2300 /* While we are at it, help the memory handling a bit. We have to
2301 mark some data structures as allocated with the fake malloc()
2302 implementation in ld.so. */
2303 struct libname_list *lnp = l->l_libname->next;
2304
2305 while (__builtin_expect (lnp != NULL, 0))
2306 {
2307 lnp->dont_free = 1;
2308 lnp = lnp->next;
2309 }
2310 /* Also allocated with the fake malloc(). */
2311 l->l_free_initfini = 0;
2312
2313 if (l != &GL(dl_rtld_map))
2314 _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,
2315 consider_profiling);
2316
2317 /* Add object to slot information data if necessasy. */
2318 if (l->l_tls_blocksize != 0 && tls_init_tp_called)
2319 _dl_add_to_slotinfo (l, true);
2320 }
2321 }
2322 rtld_timer_stop (&relocate_time, start);
2323
2324 /* Now enable profiling if needed. Like the previous call,
2325 this has to go here because the calls it makes should use the
2326 rtld versions of the functions (particularly calloc()), but it
2327 needs to have _dl_profile_map set up by the relocator. */
2328 if (__glibc_unlikely (GL(dl_profile_map) != NULL))
2329 /* We must prepare the profiling. */
2330 _dl_start_profile ();
2331
2332 if ((!was_tls_init_tp_called && GL(dl_tls_max_dtv_idx) > 0)
2333 || count_modids != _dl_count_modids ())
2334 ++GL(dl_tls_generation);
2335
2336 /* Now that we have completed relocation, the initializer data
2337 for the TLS blocks has its final values and we can copy them
2338 into the main thread's TLS area, which we allocated above.
2339 Note: thread-local variables must only be accessed after completing
2340 the next step. */
2341 _dl_allocate_tls_init (tcbp, false);
2342
2343 /* And finally install it for the main thread. */
2344 if (! tls_init_tp_called)
2345 {
2346 const char *lossage = TLS_INIT_TP (tcbp);
2347 if (__glibc_unlikely (lossage != NULL))
2348 _dl_fatal_printf ("cannot set up thread-local storage: %s\n",
2349 lossage);
2350 __tls_init_tp ();
2351 }
2352
2353 /* Make sure no new search directories have been added. */
2354 assert (GLRO(dl_init_all_dirs) == GL(dl_all_dirs));
2355
2356 if (rtld_multiple_ref)
2357 {
2358 /* There was an explicit ref to the dynamic linker as a shared lib.
2359 Re-relocate ourselves with user-controlled symbol definitions.
2360
2361 We must do this after TLS initialization in case after this
2362 re-relocation, we might call a user-supplied function
2363 (e.g. calloc from _dl_relocate_object) that uses TLS data. */
2364
2365 /* Set up the object lookup structures. */
2366 _dl_find_object_init ();
2367
2368 /* The malloc implementation has been relocated, so resolving
2369 its symbols (and potentially calling IFUNC resolvers) is safe
2370 at this point. */
2371 __rtld_malloc_init_real (main_map);
2372
2373 /* Likewise for the locking implementation. */
2374 __rtld_mutex_init ();
2375
2376 RTLD_TIMING_VAR (start);
2377 rtld_timer_start (&start);
2378
2379 /* Mark the link map as not yet relocated again. */
2380 GL(dl_rtld_map).l_relocated = 0;
2381 _dl_relocate_object (&GL(dl_rtld_map), main_map->l_scope, 0, 0);
2382
2383 rtld_timer_accum (&relocate_time, start);
2384 }
2385
2386 /* Relocation is complete. Perform early libc initialization. This
2387 is the initial libc, even if audit modules have been loaded with
2388 other libcs. */
2389 _dl_call_libc_early_init (GL(dl_ns)[LM_ID_BASE].libc_map, true);
2390
2391 /* Do any necessary cleanups for the startup OS interface code.
2392 We do these now so that no calls are made after rtld re-relocation
2393 which might be resolved to different functions than we expect.
2394 We cannot do this before relocating the other objects because
2395 _dl_relocate_object might need to call `mprotect' for DT_TEXTREL. */
2396 _dl_sysdep_start_cleanup ();
2397
2398 #ifdef SHARED
2399 /* Auditing checkpoint: we have added all objects. */
2400 _dl_audit_activity_nsid (LM_ID_BASE, LA_ACT_CONSISTENT);
2401 #endif
2402
2403 /* Notify the debugger all new objects are now ready to go. We must re-get
2404 the address since by now the variable might be in another object. */
2405 r = _dl_debug_update (LM_ID_BASE);
2406 r->r_state = RT_CONSISTENT;
2407 _dl_debug_state ();
2408 LIBC_PROBE (init_complete, 2, LM_ID_BASE, r);
2409
2410 #if defined USE_LDCONFIG && !defined MAP_COPY
2411 /* We must munmap() the cache file. */
2412 _dl_unload_cache ();
2413 #endif
2414
2415 /* Once we return, _dl_sysdep_start will invoke
2416 the DT_INIT functions and then *USER_ENTRY. */
2417 }
2418
2419 /* This is a little helper function for resolving symbols while
2420 tracing the binary. */
2421 static void
print_unresolved(int errcode,const char * objname,const char * errstring)2422 print_unresolved (int errcode __attribute__ ((unused)), const char *objname,
2423 const char *errstring)
2424 {
2425 if (objname[0] == '\0')
2426 objname = RTLD_PROGNAME;
2427 _dl_error_printf ("%s (%s)\n", errstring, objname);
2428 }
2429
2430 /* This is a little helper function for resolving symbols while
2431 tracing the binary. */
2432 static void
print_missing_version(int errcode,const char * objname,const char * errstring)2433 print_missing_version (int errcode __attribute__ ((unused)),
2434 const char *objname, const char *errstring)
2435 {
2436 _dl_error_printf ("%s: %s: %s\n", RTLD_PROGNAME,
2437 objname, errstring);
2438 }
2439
2440 /* Process the string given as the parameter which explains which debugging
2441 options are enabled. */
2442 static void
process_dl_debug(struct dl_main_state * state,const char * dl_debug)2443 process_dl_debug (struct dl_main_state *state, const char *dl_debug)
2444 {
2445 /* When adding new entries make sure that the maximal length of a name
2446 is correctly handled in the LD_DEBUG_HELP code below. */
2447 static const struct
2448 {
2449 unsigned char len;
2450 const char name[10];
2451 const char helptext[41];
2452 unsigned short int mask;
2453 } debopts[] =
2454 {
2455 #define LEN_AND_STR(str) sizeof (str) - 1, str
2456 { LEN_AND_STR ("libs"), "display library search paths",
2457 DL_DEBUG_LIBS | DL_DEBUG_IMPCALLS },
2458 { LEN_AND_STR ("reloc"), "display relocation processing",
2459 DL_DEBUG_RELOC | DL_DEBUG_IMPCALLS },
2460 { LEN_AND_STR ("files"), "display progress for input file",
2461 DL_DEBUG_FILES | DL_DEBUG_IMPCALLS },
2462 { LEN_AND_STR ("symbols"), "display symbol table processing",
2463 DL_DEBUG_SYMBOLS | DL_DEBUG_IMPCALLS },
2464 { LEN_AND_STR ("bindings"), "display information about symbol binding",
2465 DL_DEBUG_BINDINGS | DL_DEBUG_IMPCALLS },
2466 { LEN_AND_STR ("versions"), "display version dependencies",
2467 DL_DEBUG_VERSIONS | DL_DEBUG_IMPCALLS },
2468 { LEN_AND_STR ("scopes"), "display scope information",
2469 DL_DEBUG_SCOPES },
2470 { LEN_AND_STR ("all"), "all previous options combined",
2471 DL_DEBUG_LIBS | DL_DEBUG_RELOC | DL_DEBUG_FILES | DL_DEBUG_SYMBOLS
2472 | DL_DEBUG_BINDINGS | DL_DEBUG_VERSIONS | DL_DEBUG_IMPCALLS
2473 | DL_DEBUG_SCOPES },
2474 { LEN_AND_STR ("statistics"), "display relocation statistics",
2475 DL_DEBUG_STATISTICS },
2476 { LEN_AND_STR ("unused"), "determined unused DSOs",
2477 DL_DEBUG_UNUSED },
2478 { LEN_AND_STR ("help"), "display this help message and exit",
2479 DL_DEBUG_HELP },
2480 };
2481 #define ndebopts (sizeof (debopts) / sizeof (debopts[0]))
2482
2483 /* Skip separating white spaces and commas. */
2484 while (*dl_debug != '\0')
2485 {
2486 if (*dl_debug != ' ' && *dl_debug != ',' && *dl_debug != ':')
2487 {
2488 size_t cnt;
2489 size_t len = 1;
2490
2491 while (dl_debug[len] != '\0' && dl_debug[len] != ' '
2492 && dl_debug[len] != ',' && dl_debug[len] != ':')
2493 ++len;
2494
2495 for (cnt = 0; cnt < ndebopts; ++cnt)
2496 if (debopts[cnt].len == len
2497 && memcmp (dl_debug, debopts[cnt].name, len) == 0)
2498 {
2499 GLRO(dl_debug_mask) |= debopts[cnt].mask;
2500 state->any_debug = true;
2501 break;
2502 }
2503
2504 if (cnt == ndebopts)
2505 {
2506 /* Display a warning and skip everything until next
2507 separator. */
2508 char *copy = strndupa (dl_debug, len);
2509 _dl_error_printf ("\
2510 warning: debug option `%s' unknown; try LD_DEBUG=help\n", copy);
2511 }
2512
2513 dl_debug += len;
2514 continue;
2515 }
2516
2517 ++dl_debug;
2518 }
2519
2520 if (GLRO(dl_debug_mask) & DL_DEBUG_UNUSED)
2521 {
2522 /* In order to get an accurate picture of whether a particular
2523 DT_NEEDED entry is actually used we have to process both
2524 the PLT and non-PLT relocation entries. */
2525 GLRO(dl_lazy) = 0;
2526 }
2527
2528 if (GLRO(dl_debug_mask) & DL_DEBUG_HELP)
2529 {
2530 size_t cnt;
2531
2532 _dl_printf ("\
2533 Valid options for the LD_DEBUG environment variable are:\n\n");
2534
2535 for (cnt = 0; cnt < ndebopts; ++cnt)
2536 _dl_printf (" %.*s%s%s\n", debopts[cnt].len, debopts[cnt].name,
2537 " " + debopts[cnt].len - 3,
2538 debopts[cnt].helptext);
2539
2540 _dl_printf ("\n\
2541 To direct the debugging output into a file instead of standard output\n\
2542 a filename can be specified using the LD_DEBUG_OUTPUT environment variable.\n");
2543 _exit (0);
2544 }
2545 }
2546
2547 static void
process_envvars(struct dl_main_state * state)2548 process_envvars (struct dl_main_state *state)
2549 {
2550 char **runp = _environ;
2551 char *envline;
2552 char *debug_output = NULL;
2553
2554 /* This is the default place for profiling data file. */
2555 GLRO(dl_profile_output)
2556 = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
2557
2558 while ((envline = _dl_next_ld_env_entry (&runp)) != NULL)
2559 {
2560 size_t len = 0;
2561
2562 while (envline[len] != '\0' && envline[len] != '=')
2563 ++len;
2564
2565 if (envline[len] != '=')
2566 /* This is a "LD_" variable at the end of the string without
2567 a '=' character. Ignore it since otherwise we will access
2568 invalid memory below. */
2569 continue;
2570
2571 switch (len)
2572 {
2573 case 4:
2574 /* Warning level, verbose or not. */
2575 if (memcmp (envline, "WARN", 4) == 0)
2576 GLRO(dl_verbose) = envline[5] != '\0';
2577 break;
2578
2579 case 5:
2580 /* Debugging of the dynamic linker? */
2581 if (memcmp (envline, "DEBUG", 5) == 0)
2582 {
2583 process_dl_debug (state, &envline[6]);
2584 break;
2585 }
2586 if (memcmp (envline, "AUDIT", 5) == 0)
2587 audit_list_add_string (&state->audit_list, &envline[6]);
2588 break;
2589
2590 case 7:
2591 /* Print information about versions. */
2592 if (memcmp (envline, "VERBOSE", 7) == 0)
2593 {
2594 state->version_info = envline[8] != '\0';
2595 break;
2596 }
2597
2598 /* List of objects to be preloaded. */
2599 if (memcmp (envline, "PRELOAD", 7) == 0)
2600 {
2601 state->preloadlist = &envline[8];
2602 break;
2603 }
2604
2605 /* Which shared object shall be profiled. */
2606 if (memcmp (envline, "PROFILE", 7) == 0 && envline[8] != '\0')
2607 GLRO(dl_profile) = &envline[8];
2608 break;
2609
2610 case 8:
2611 /* Do we bind early? */
2612 if (memcmp (envline, "BIND_NOW", 8) == 0)
2613 {
2614 GLRO(dl_lazy) = envline[9] == '\0';
2615 break;
2616 }
2617 if (memcmp (envline, "BIND_NOT", 8) == 0)
2618 GLRO(dl_bind_not) = envline[9] != '\0';
2619 break;
2620
2621 case 9:
2622 /* Test whether we want to see the content of the auxiliary
2623 array passed up from the kernel. */
2624 if (!__libc_enable_secure
2625 && memcmp (envline, "SHOW_AUXV", 9) == 0)
2626 _dl_show_auxv ();
2627 break;
2628
2629 #if !HAVE_TUNABLES
2630 case 10:
2631 /* Mask for the important hardware capabilities. */
2632 if (!__libc_enable_secure
2633 && memcmp (envline, "HWCAP_MASK", 10) == 0)
2634 GLRO(dl_hwcap_mask) = _dl_strtoul (&envline[11], NULL);
2635 break;
2636 #endif
2637
2638 case 11:
2639 /* Path where the binary is found. */
2640 if (!__libc_enable_secure
2641 && memcmp (envline, "ORIGIN_PATH", 11) == 0)
2642 GLRO(dl_origin_path) = &envline[12];
2643 break;
2644
2645 case 12:
2646 /* The library search path. */
2647 if (!__libc_enable_secure
2648 && memcmp (envline, "LIBRARY_PATH", 12) == 0)
2649 {
2650 state->library_path = &envline[13];
2651 state->library_path_source = "LD_LIBRARY_PATH";
2652 break;
2653 }
2654
2655 /* Where to place the profiling data file. */
2656 if (memcmp (envline, "DEBUG_OUTPUT", 12) == 0)
2657 {
2658 debug_output = &envline[13];
2659 break;
2660 }
2661
2662 if (!__libc_enable_secure
2663 && memcmp (envline, "DYNAMIC_WEAK", 12) == 0)
2664 GLRO(dl_dynamic_weak) = 1;
2665 break;
2666
2667 case 14:
2668 /* Where to place the profiling data file. */
2669 if (!__libc_enable_secure
2670 && memcmp (envline, "PROFILE_OUTPUT", 14) == 0
2671 && envline[15] != '\0')
2672 GLRO(dl_profile_output) = &envline[15];
2673 break;
2674
2675 case 20:
2676 /* The mode of the dynamic linker can be set. */
2677 if (memcmp (envline, "TRACE_LOADED_OBJECTS", 20) == 0)
2678 {
2679 state->mode = rtld_mode_trace;
2680 state->mode_trace_program
2681 = _dl_strtoul (&envline[21], NULL) > 1;
2682 }
2683 break;
2684 }
2685 }
2686
2687 /* Extra security for SUID binaries. Remove all dangerous environment
2688 variables. */
2689 if (__glibc_unlikely (__libc_enable_secure))
2690 {
2691 const char *nextp = UNSECURE_ENVVARS;
2692 do
2693 {
2694 unsetenv (nextp);
2695 /* We could use rawmemchr but this need not be fast. */
2696 nextp = (char *) (strchr) (nextp, '\0') + 1;
2697 }
2698 while (*nextp != '\0');
2699
2700 if (__access ("/etc/suid-debug", F_OK) != 0)
2701 {
2702 #if !HAVE_TUNABLES
2703 unsetenv ("MALLOC_CHECK_");
2704 #endif
2705 GLRO(dl_debug_mask) = 0;
2706 }
2707
2708 if (state->mode != rtld_mode_normal)
2709 _exit (5);
2710 }
2711 /* If we have to run the dynamic linker in debugging mode and the
2712 LD_DEBUG_OUTPUT environment variable is given, we write the debug
2713 messages to this file. */
2714 else if (state->any_debug && debug_output != NULL)
2715 {
2716 const int flags = O_WRONLY | O_APPEND | O_CREAT | O_NOFOLLOW;
2717 size_t name_len = strlen (debug_output);
2718 char buf[name_len + 12];
2719 char *startp;
2720
2721 buf[name_len + 11] = '\0';
2722 startp = _itoa (__getpid (), &buf[name_len + 11], 10, 0);
2723 *--startp = '.';
2724 startp = memcpy (startp - name_len, debug_output, name_len);
2725
2726 GLRO(dl_debug_fd) = __open64_nocancel (startp, flags, DEFFILEMODE);
2727 if (GLRO(dl_debug_fd) == -1)
2728 /* We use standard output if opening the file failed. */
2729 GLRO(dl_debug_fd) = STDOUT_FILENO;
2730 }
2731 }
2732
2733 #if HP_TIMING_INLINE
2734 static void
print_statistics_item(const char * title,hp_timing_t time,hp_timing_t total)2735 print_statistics_item (const char *title, hp_timing_t time,
2736 hp_timing_t total)
2737 {
2738 char cycles[HP_TIMING_PRINT_SIZE];
2739 HP_TIMING_PRINT (cycles, sizeof (cycles), time);
2740
2741 char relative[3 * sizeof (hp_timing_t) + 2];
2742 char *cp = _itoa ((1000ULL * time) / total, relative + sizeof (relative),
2743 10, 0);
2744 /* Sets the decimal point. */
2745 char *wp = relative;
2746 switch (relative + sizeof (relative) - cp)
2747 {
2748 case 3:
2749 *wp++ = *cp++;
2750 /* Fall through. */
2751 case 2:
2752 *wp++ = *cp++;
2753 /* Fall through. */
2754 case 1:
2755 *wp++ = '.';
2756 *wp++ = *cp++;
2757 }
2758 *wp = '\0';
2759 _dl_debug_printf ("%s: %s cycles (%s%%)\n", title, cycles, relative);
2760 }
2761 #endif
2762
2763 /* Print the various times we collected. */
2764 static void
2765 __attribute ((noinline))
print_statistics(const hp_timing_t * rtld_total_timep)2766 print_statistics (const hp_timing_t *rtld_total_timep)
2767 {
2768 #if HP_TIMING_INLINE
2769 {
2770 char cycles[HP_TIMING_PRINT_SIZE];
2771 HP_TIMING_PRINT (cycles, sizeof (cycles), *rtld_total_timep);
2772 _dl_debug_printf ("\nruntime linker statistics:\n"
2773 " total startup time in dynamic loader: %s cycles\n",
2774 cycles);
2775 print_statistics_item (" time needed for relocation",
2776 relocate_time, *rtld_total_timep);
2777 }
2778 #endif
2779
2780 unsigned long int num_relative_relocations = 0;
2781 for (Lmid_t ns = 0; ns < GL(dl_nns); ++ns)
2782 {
2783 if (GL(dl_ns)[ns]._ns_loaded == NULL)
2784 continue;
2785
2786 struct r_scope_elem *scope = &GL(dl_ns)[ns]._ns_loaded->l_searchlist;
2787
2788 for (unsigned int i = 0; i < scope->r_nlist; i++)
2789 {
2790 struct link_map *l = scope->r_list [i];
2791
2792 if (l->l_addr != 0 && l->l_info[VERSYMIDX (DT_RELCOUNT)])
2793 num_relative_relocations
2794 += l->l_info[VERSYMIDX (DT_RELCOUNT)]->d_un.d_val;
2795 #ifndef ELF_MACHINE_REL_RELATIVE
2796 /* Relative relocations are processed on these architectures if
2797 library is loaded to different address than p_vaddr. */
2798 if ((l->l_addr != 0)
2799 && l->l_info[VERSYMIDX (DT_RELACOUNT)])
2800 #else
2801 /* On e.g. IA-64 or Alpha, relative relocations are processed
2802 only if library is loaded to different address than p_vaddr. */
2803 if (l->l_addr != 0 && l->l_info[VERSYMIDX (DT_RELACOUNT)])
2804 #endif
2805 num_relative_relocations
2806 += l->l_info[VERSYMIDX (DT_RELACOUNT)]->d_un.d_val;
2807 }
2808 }
2809
2810 _dl_debug_printf (" number of relocations: %lu\n"
2811 " number of relocations from cache: %lu\n"
2812 " number of relative relocations: %lu\n",
2813 GL(dl_num_relocations),
2814 GL(dl_num_cache_relocations),
2815 num_relative_relocations);
2816
2817 #if HP_TIMING_INLINE
2818 print_statistics_item (" time needed to load objects",
2819 load_time, *rtld_total_timep);
2820 #endif
2821 }
2822