1/* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2018 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19#include <elf.h>
20#include <errno.h>
21#include <fcntl.h>
22#include <libintl.h>
23#include <stdbool.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27#include <ldsodefs.h>
28#include <bits/wordsize.h>
29#include <sys/mman.h>
30#include <sys/param.h>
31#include <sys/stat.h>
32#include <sys/types.h>
33#include "dynamic-link.h"
34#include <abi-tag.h>
35#include <stackinfo.h>
36#include <caller.h>
37#include <sysdep.h>
38#include <stap-probe.h>
39#include <libc-pointer-arith.h>
40#include <array_length.h>
41
42#include <dl-dst.h>
43#include <dl-load.h>
44#include <dl-map-segments.h>
45#include <dl-unmap-segments.h>
46#include <dl-machine-reject-phdr.h>
47#include <dl-sysdep-open.h>
48
49
50#include <endian.h>
51#if BYTE_ORDER == BIG_ENDIAN
52# define byteorder ELFDATA2MSB
53#elif BYTE_ORDER == LITTLE_ENDIAN
54# define byteorder ELFDATA2LSB
55#else
56# error "Unknown BYTE_ORDER " BYTE_ORDER
57# define byteorder ELFDATANONE
58#endif
59
60#define STRING(x) __STRING (x)
61
62
63int __stack_prot attribute_hidden attribute_relro
64#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
65 = PROT_GROWSDOWN;
66#elif _STACK_GROWS_UP && defined PROT_GROWSUP
67 = PROT_GROWSUP;
68#else
69 = 0;
70#endif
71
72
73/* Type for the buffer we put the ELF header and hopefully the program
74 header. This buffer does not really have to be too large. In most
75 cases the program header follows the ELF header directly. If this
76 is not the case all bets are off and we can make the header
77 arbitrarily large and still won't get it read. This means the only
78 question is how large are the ELF and program header combined. The
79 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
80 bytes long. Each program header entry is again 32 and 56 bytes
81 long respectively. I.e., even with a file which has 10 program
82 header entries we only have to read 372B/624B respectively. Add to
83 this a bit of margin for program notes and reading 512B and 832B
84 for 32-bit and 64-bit files respecitvely is enough. If this
85 heuristic should really fail for some file the code in
86 `_dl_map_object_from_fd' knows how to recover. */
87struct filebuf
88{
89 ssize_t len;
90#if __WORDSIZE == 32
91# define FILEBUF_SIZE 512
92#else
93# define FILEBUF_SIZE 832
94#endif
95 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
96};
97
98/* This is the decomposed LD_LIBRARY_PATH search path. */
99static struct r_search_path_struct env_path_list attribute_relro;
100
101/* List of the hardware capabilities we might end up using. */
102static const struct r_strlenpair *capstr attribute_relro;
103static size_t ncapstr attribute_relro;
104static size_t max_capstrlen attribute_relro;
105
106
107/* Get the generated information about the trusted directories. Use
108 an array of concatenated strings to avoid relocations. See
109 gen-trusted-dirs.awk. */
110#include "trusted-dirs.h"
111
112static const char system_dirs[] = SYSTEM_DIRS;
113static const size_t system_dirs_len[] =
114{
115 SYSTEM_DIRS_LEN
116};
117#define nsystem_dirs_len array_length (system_dirs_len)
118
119static bool
120is_trusted_path_normalize (const char *path, size_t len)
121{
122 if (len == 0)
123 return false;
124
125 if (*path == ':')
126 {
127 ++path;
128 --len;
129 }
130
131 char *npath = (char *) alloca (len + 2);
132 char *wnp = npath;
133 while (*path != '\0')
134 {
135 if (path[0] == '/')
136 {
137 if (path[1] == '.')
138 {
139 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
140 {
141 while (wnp > npath && *--wnp != '/')
142 ;
143 path += 3;
144 continue;
145 }
146 else if (path[2] == '/' || path[2] == '\0')
147 {
148 path += 2;
149 continue;
150 }
151 }
152
153 if (wnp > npath && wnp[-1] == '/')
154 {
155 ++path;
156 continue;
157 }
158 }
159
160 *wnp++ = *path++;
161 }
162
163 if (wnp == npath || wnp[-1] != '/')
164 *wnp++ = '/';
165
166 const char *trun = system_dirs;
167
168 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
169 {
170 if (wnp - npath >= system_dirs_len[idx]
171 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
172 /* Found it. */
173 return true;
174
175 trun += system_dirs_len[idx] + 1;
176 }
177
178 return false;
179}
180
181
182static size_t
183is_dst (const char *start, const char *name, const char *str, int secure)
184{
185 size_t len;
186 bool is_curly = false;
187
188 if (name[0] == '{')
189 {
190 is_curly = true;
191 ++name;
192 }
193
194 len = 0;
195 while (name[len] == str[len] && name[len] != '\0')
196 ++len;
197
198 if (is_curly)
199 {
200 if (name[len] != '}')
201 return 0;
202
203 /* Point again at the beginning of the name. */
204 --name;
205 /* Skip over closing curly brace and adjust for the --name. */
206 len += 2;
207 }
208 else if (name[len] != '\0' && name[len] != '/')
209 return 0;
210
211 if (__glibc_unlikely (secure)
212 && ((name[len] != '\0' && name[len] != '/')
213 || (name != start + 1)))
214 return 0;
215
216 return len;
217}
218
219
220size_t
221_dl_dst_count (const char *name)
222{
223 const char *const start = name;
224 size_t cnt = 0;
225
226 do
227 {
228 size_t len;
229
230 /* $ORIGIN is not expanded for SUID/GUID programs (except if it
231 is $ORIGIN alone) and it must always appear first in path. */
232 ++name;
233 if ((len = is_dst (start, name, "ORIGIN", __libc_enable_secure)) != 0
234 || (len = is_dst (start, name, "PLATFORM", 0)) != 0
235 || (len = is_dst (start, name, "LIB", 0)) != 0)
236 ++cnt;
237
238 name = strchr (name + len, '$');
239 }
240 while (name != NULL);
241
242 return cnt;
243}
244
245
246char *
247_dl_dst_substitute (struct link_map *l, const char *name, char *result)
248{
249 const char *const start = name;
250
251 /* Now fill the result path. While copying over the string we keep
252 track of the start of the last path element. When we come across
253 a DST we copy over the value or (if the value is not available)
254 leave the entire path element out. */
255 char *wp = result;
256 char *last_elem = result;
257 bool check_for_trusted = false;
258
259 do
260 {
261 if (__glibc_unlikely (*name == '$'))
262 {
263 const char *repl = NULL;
264 size_t len;
265
266 ++name;
267 if ((len = is_dst (start, name, "ORIGIN", __libc_enable_secure)) != 0)
268 {
269 repl = l->l_origin;
270 check_for_trusted = (__libc_enable_secure
271 && l->l_type == lt_executable);
272 }
273 else if ((len = is_dst (start, name, "PLATFORM", 0)) != 0)
274 repl = GLRO(dl_platform);
275 else if ((len = is_dst (start, name, "LIB", 0)) != 0)
276 repl = DL_DST_LIB;
277
278 if (repl != NULL && repl != (const char *) -1)
279 {
280 wp = __stpcpy (wp, repl);
281 name += len;
282 }
283 else if (len > 1)
284 {
285 /* We cannot use this path element, the value of the
286 replacement is unknown. */
287 wp = last_elem;
288 break;
289 }
290 else
291 /* No DST we recognize. */
292 *wp++ = '$';
293 }
294 else
295 {
296 *wp++ = *name++;
297 }
298 }
299 while (*name != '\0');
300
301 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
302 path must be rooted in one of the trusted directories. */
303 if (__glibc_unlikely (check_for_trusted)
304 && !is_trusted_path_normalize (last_elem, wp - last_elem))
305 wp = last_elem;
306
307 *wp = '\0';
308
309 return result;
310}
311
312
313/* Return copy of argument with all recognized dynamic string tokens
314 ($ORIGIN and $PLATFORM for now) replaced. On some platforms it
315 might not be possible to determine the path from which the object
316 belonging to the map is loaded. In this case the path element
317 containing $ORIGIN is left out. */
318static char *
319expand_dynamic_string_token (struct link_map *l, const char *s)
320{
321 /* We make two runs over the string. First we determine how large the
322 resulting string is and then we copy it over. Since this is no
323 frequently executed operation we are looking here not for performance
324 but rather for code size. */
325 size_t cnt;
326 size_t total;
327 char *result;
328
329 /* Determine the number of DST elements. */
330 cnt = DL_DST_COUNT (s);
331
332 /* If we do not have to replace anything simply copy the string. */
333 if (__glibc_likely (cnt == 0))
334 return __strdup (s);
335
336 /* Determine the length of the substituted string. */
337 total = DL_DST_REQUIRED (l, s, strlen (s), cnt);
338
339 /* Allocate the necessary memory. */
340 result = (char *) malloc (total + 1);
341 if (result == NULL)
342 return NULL;
343
344 return _dl_dst_substitute (l, s, result);
345}
346
347
348/* Add `name' to the list of names for a particular shared object.
349 `name' is expected to have been allocated with malloc and will
350 be freed if the shared object already has this name.
351 Returns false if the object already had this name. */
352static void
353add_name_to_object (struct link_map *l, const char *name)
354{
355 struct libname_list *lnp, *lastp;
356 struct libname_list *newname;
357 size_t name_len;
358
359 lastp = NULL;
360 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
361 if (strcmp (name, lnp->name) == 0)
362 return;
363
364 name_len = strlen (name) + 1;
365 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
366 if (newname == NULL)
367 {
368 /* No more memory. */
369 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
370 return;
371 }
372 /* The object should have a libname set from _dl_new_object. */
373 assert (lastp != NULL);
374
375 newname->name = memcpy (newname + 1, name, name_len);
376 newname->next = NULL;
377 newname->dont_free = 0;
378 lastp->next = newname;
379}
380
381/* Standard search directories. */
382static struct r_search_path_struct rtld_search_dirs attribute_relro;
383
384static size_t max_dirnamelen;
385
386static struct r_search_path_elem **
387fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
388 const char *what, const char *where, struct link_map *l)
389{
390 char *cp;
391 size_t nelems = 0;
392
393 while ((cp = __strsep (&rpath, sep)) != NULL)
394 {
395 struct r_search_path_elem *dirp;
396 char *to_free = NULL;
397 size_t len = 0;
398
399 /* `strsep' can pass an empty string. */
400 if (*cp != '\0')
401 {
402 to_free = cp = expand_dynamic_string_token (l, cp);
403
404 /* expand_dynamic_string_token can return NULL in case of empty
405 path or memory allocation failure. */
406 if (cp == NULL)
407 continue;
408
409 /* Compute the length after dynamic string token expansion and
410 ignore empty paths. */
411 len = strlen (cp);
412 if (len == 0)
413 {
414 free (to_free);
415 continue;
416 }
417
418 /* Remove trailing slashes (except for "/"). */
419 while (len > 1 && cp[len - 1] == '/')
420 --len;
421
422 /* Now add one if there is none so far. */
423 if (len > 0 && cp[len - 1] != '/')
424 cp[len++] = '/';
425 }
426
427 /* See if this directory is already known. */
428 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
429 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
430 break;
431
432 if (dirp != NULL)
433 {
434 /* It is available, see whether it's on our own list. */
435 size_t cnt;
436 for (cnt = 0; cnt < nelems; ++cnt)
437 if (result[cnt] == dirp)
438 break;
439
440 if (cnt == nelems)
441 result[nelems++] = dirp;
442 }
443 else
444 {
445 size_t cnt;
446 enum r_dir_status init_val;
447 size_t where_len = where ? strlen (where) + 1 : 0;
448
449 /* It's a new directory. Create an entry and add it. */
450 dirp = (struct r_search_path_elem *)
451 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
452 + where_len + len + 1);
453 if (dirp == NULL)
454 _dl_signal_error (ENOMEM, NULL, NULL,
455 N_("cannot create cache for search path"));
456
457 dirp->dirname = ((char *) dirp + sizeof (*dirp)
458 + ncapstr * sizeof (enum r_dir_status));
459 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
460 dirp->dirnamelen = len;
461
462 if (len > max_dirnamelen)
463 max_dirnamelen = len;
464
465 /* We have to make sure all the relative directories are
466 never ignored. The current directory might change and
467 all our saved information would be void. */
468 init_val = cp[0] != '/' ? existing : unknown;
469 for (cnt = 0; cnt < ncapstr; ++cnt)
470 dirp->status[cnt] = init_val;
471
472 dirp->what = what;
473 if (__glibc_likely (where != NULL))
474 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
475 + (ncapstr * sizeof (enum r_dir_status)),
476 where, where_len);
477 else
478 dirp->where = NULL;
479
480 dirp->next = GL(dl_all_dirs);
481 GL(dl_all_dirs) = dirp;
482
483 /* Put it in the result array. */
484 result[nelems++] = dirp;
485 }
486 free (to_free);
487 }
488
489 /* Terminate the array. */
490 result[nelems] = NULL;
491
492 return result;
493}
494
495
496static bool
497decompose_rpath (struct r_search_path_struct *sps,
498 const char *rpath, struct link_map *l, const char *what)
499{
500 /* Make a copy we can work with. */
501 const char *where = l->l_name;
502 char *cp;
503 struct r_search_path_elem **result;
504 size_t nelems;
505 /* Initialize to please the compiler. */
506 const char *errstring = NULL;
507
508 /* First see whether we must forget the RUNPATH and RPATH from this
509 object. */
510 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
511 && !__libc_enable_secure)
512 {
513 const char *inhp = GLRO(dl_inhibit_rpath);
514
515 do
516 {
517 const char *wp = where;
518
519 while (*inhp == *wp && *wp != '\0')
520 {
521 ++inhp;
522 ++wp;
523 }
524
525 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
526 {
527 /* This object is on the list of objects for which the
528 RUNPATH and RPATH must not be used. */
529 sps->dirs = (void *) -1;
530 return false;
531 }
532
533 while (*inhp != '\0')
534 if (*inhp++ == ':')
535 break;
536 }
537 while (*inhp != '\0');
538 }
539
540 /* Ignore empty rpaths. */
541 if (*rpath == '\0')
542 {
543 sps->dirs = (struct r_search_path_elem **) -1;
544 return false;
545 }
546
547 /* Make a writable copy. */
548 char *copy = __strdup (rpath);
549 if (copy == NULL)
550 {
551 errstring = N_("cannot create RUNPATH/RPATH copy");
552 goto signal_error;
553 }
554
555 /* Count the number of necessary elements in the result array. */
556 nelems = 0;
557 for (cp = copy; *cp != '\0'; ++cp)
558 if (*cp == ':')
559 ++nelems;
560
561 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
562 number of necessary entries. */
563 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
564 * sizeof (*result));
565 if (result == NULL)
566 {
567 free (copy);
568 errstring = N_("cannot create cache for search path");
569 signal_error:
570 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
571 }
572
573 fillin_rpath (copy, result, ":", what, where, l);
574
575 /* Free the copied RPATH string. `fillin_rpath' make own copies if
576 necessary. */
577 free (copy);
578
579 /* There is no path after expansion. */
580 if (result[0] == NULL)
581 {
582 free (result);
583 sps->dirs = (struct r_search_path_elem **) -1;
584 return false;
585 }
586
587 sps->dirs = result;
588 /* The caller will change this value if we haven't used a real malloc. */
589 sps->malloced = 1;
590 return true;
591}
592
593/* Make sure cached path information is stored in *SP
594 and return true if there are any paths to search there. */
595static bool
596cache_rpath (struct link_map *l,
597 struct r_search_path_struct *sp,
598 int tag,
599 const char *what)
600{
601 if (sp->dirs == (void *) -1)
602 return false;
603
604 if (sp->dirs != NULL)
605 return true;
606
607 if (l->l_info[tag] == NULL)
608 {
609 /* There is no path. */
610 sp->dirs = (void *) -1;
611 return false;
612 }
613
614 /* Make sure the cache information is available. */
615 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
616 + l->l_info[tag]->d_un.d_val),
617 l, what);
618}
619
620
621void
622_dl_init_paths (const char *llp)
623{
624 size_t idx;
625 const char *strp;
626 struct r_search_path_elem *pelem, **aelem;
627 size_t round_size;
628 struct link_map __attribute__ ((unused)) *l = NULL;
629 /* Initialize to please the compiler. */
630 const char *errstring = NULL;
631
632 /* Fill in the information about the application's RPATH and the
633 directories addressed by the LD_LIBRARY_PATH environment variable. */
634
635 /* Get the capabilities. */
636 capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
637 &ncapstr, &max_capstrlen);
638
639 /* First set up the rest of the default search directory entries. */
640 aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
641 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
642 if (rtld_search_dirs.dirs == NULL)
643 {
644 errstring = N_("cannot create search path array");
645 signal_error:
646 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
647 }
648
649 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
650 + ncapstr * sizeof (enum r_dir_status))
651 / sizeof (struct r_search_path_elem));
652
653 rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
654 * sizeof (*rtld_search_dirs.dirs[0]));
655 if (rtld_search_dirs.dirs[0] == NULL)
656 {
657 errstring = N_("cannot create cache for search path");
658 goto signal_error;
659 }
660
661 rtld_search_dirs.malloced = 0;
662 pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
663 strp = system_dirs;
664 idx = 0;
665
666 do
667 {
668 size_t cnt;
669
670 *aelem++ = pelem;
671
672 pelem->what = "system search path";
673 pelem->where = NULL;
674
675 pelem->dirname = strp;
676 pelem->dirnamelen = system_dirs_len[idx];
677 strp += system_dirs_len[idx] + 1;
678
679 /* System paths must be absolute. */
680 assert (pelem->dirname[0] == '/');
681 for (cnt = 0; cnt < ncapstr; ++cnt)
682 pelem->status[cnt] = unknown;
683
684 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
685
686 pelem += round_size;
687 }
688 while (idx < nsystem_dirs_len);
689
690 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
691 *aelem = NULL;
692
693#ifdef SHARED
694 /* This points to the map of the main object. */
695 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
696 if (l != NULL)
697 {
698 assert (l->l_type != lt_loaded);
699
700 if (l->l_info[DT_RUNPATH])
701 {
702 /* Allocate room for the search path and fill in information
703 from RUNPATH. */
704 decompose_rpath (&l->l_runpath_dirs,
705 (const void *) (D_PTR (l, l_info[DT_STRTAB])
706 + l->l_info[DT_RUNPATH]->d_un.d_val),
707 l, "RUNPATH");
708 /* During rtld init the memory is allocated by the stub malloc,
709 prevent any attempt to free it by the normal malloc. */
710 l->l_runpath_dirs.malloced = 0;
711
712 /* The RPATH is ignored. */
713 l->l_rpath_dirs.dirs = (void *) -1;
714 }
715 else
716 {
717 l->l_runpath_dirs.dirs = (void *) -1;
718
719 if (l->l_info[DT_RPATH])
720 {
721 /* Allocate room for the search path and fill in information
722 from RPATH. */
723 decompose_rpath (&l->l_rpath_dirs,
724 (const void *) (D_PTR (l, l_info[DT_STRTAB])
725 + l->l_info[DT_RPATH]->d_un.d_val),
726 l, "RPATH");
727 /* During rtld init the memory is allocated by the stub
728 malloc, prevent any attempt to free it by the normal
729 malloc. */
730 l->l_rpath_dirs.malloced = 0;
731 }
732 else
733 l->l_rpath_dirs.dirs = (void *) -1;
734 }
735 }
736#endif /* SHARED */
737
738 if (llp != NULL && *llp != '\0')
739 {
740 char *llp_tmp = strdupa (llp);
741
742 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
743 elements it has. */
744 size_t nllp = 1;
745 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
746 if (*cp == ':' || *cp == ';')
747 ++nllp;
748
749 env_path_list.dirs = (struct r_search_path_elem **)
750 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
751 if (env_path_list.dirs == NULL)
752 {
753 errstring = N_("cannot create cache for search path");
754 goto signal_error;
755 }
756
757 (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
758 "LD_LIBRARY_PATH", NULL, l);
759
760 if (env_path_list.dirs[0] == NULL)
761 {
762 free (env_path_list.dirs);
763 env_path_list.dirs = (void *) -1;
764 }
765
766 env_path_list.malloced = 0;
767 }
768 else
769 env_path_list.dirs = (void *) -1;
770}
771
772
773static void
774__attribute__ ((noreturn, noinline))
775lose (int code, int fd, const char *name, char *realname, struct link_map *l,
776 const char *msg, struct r_debug *r, Lmid_t nsid)
777{
778 /* The file might already be closed. */
779 if (fd != -1)
780 (void) __close (fd);
781 if (l != NULL && l->l_origin != (char *) -1l)
782 free ((char *) l->l_origin);
783 free (l);
784 free (realname);
785
786 if (r != NULL)
787 {
788 r->r_state = RT_CONSISTENT;
789 _dl_debug_state ();
790 LIBC_PROBE (map_failed, 2, nsid, r);
791 }
792
793 _dl_signal_error (code, name, NULL, msg);
794}
795
796
797/* Map in the shared object NAME, actually located in REALNAME, and already
798 opened on FD. */
799
800#ifndef EXTERNAL_MAP_FROM_FD
801static
802#endif
803struct link_map *
804_dl_map_object_from_fd (const char *name, const char *origname, int fd,
805 struct filebuf *fbp, char *realname,
806 struct link_map *loader, int l_type, int mode,
807 void **stack_endp, Lmid_t nsid)
808{
809 struct link_map *l = NULL;
810 const ElfW(Ehdr) *header;
811 const ElfW(Phdr) *phdr;
812 const ElfW(Phdr) *ph;
813 size_t maplength;
814 int type;
815 /* Initialize to keep the compiler happy. */
816 const char *errstring = NULL;
817 int errval = 0;
818 struct r_debug *r = _dl_debug_initialize (0, nsid);
819 bool make_consistent = false;
820
821 /* Get file information. */
822 struct r_file_id id;
823 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
824 {
825 errstring = N_("cannot stat shared object");
826 call_lose_errno:
827 errval = errno;
828 call_lose:
829 lose (errval, fd, name, realname, l, errstring,
830 make_consistent ? r : NULL, nsid);
831 }
832
833 /* Look again to see if the real name matched another already loaded. */
834 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
835 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
836 {
837 /* The object is already loaded.
838 Just bump its reference count and return it. */
839 __close (fd);
840
841 /* If the name is not in the list of names for this object add
842 it. */
843 free (realname);
844 add_name_to_object (l, name);
845
846 return l;
847 }
848
849#ifdef SHARED
850 /* When loading into a namespace other than the base one we must
851 avoid loading ld.so since there can only be one copy. Ever. */
852 if (__glibc_unlikely (nsid != LM_ID_BASE)
853 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
854 || _dl_name_match_p (name, &GL(dl_rtld_map))))
855 {
856 /* This is indeed ld.so. Create a new link_map which refers to
857 the real one for almost everything. */
858 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
859 if (l == NULL)
860 goto fail_new;
861
862 /* Refer to the real descriptor. */
863 l->l_real = &GL(dl_rtld_map);
864
865 /* No need to bump the refcount of the real object, ld.so will
866 never be unloaded. */
867 __close (fd);
868
869 /* Add the map for the mirrored object to the object list. */
870 _dl_add_to_namespace_list (l, nsid);
871
872 return l;
873 }
874#endif
875
876 if (mode & RTLD_NOLOAD)
877 {
878 /* We are not supposed to load the object unless it is already
879 loaded. So return now. */
880 free (realname);
881 __close (fd);
882 return NULL;
883 }
884
885 /* Print debugging message. */
886 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
887 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
888
889 /* This is the ELF header. We read it in `open_verify'. */
890 header = (void *) fbp->buf;
891
892#ifndef MAP_ANON
893# define MAP_ANON 0
894 if (_dl_zerofd == -1)
895 {
896 _dl_zerofd = _dl_sysdep_open_zero_fill ();
897 if (_dl_zerofd == -1)
898 {
899 free (realname);
900 __close (fd);
901 _dl_signal_error (errno, NULL, NULL,
902 N_("cannot open zero fill device"));
903 }
904 }
905#endif
906
907 /* Signal that we are going to add new objects. */
908 if (r->r_state == RT_CONSISTENT)
909 {
910#ifdef SHARED
911 /* Auditing checkpoint: we are going to add new objects. */
912 if ((mode & __RTLD_AUDIT) == 0
913 && __glibc_unlikely (GLRO(dl_naudit) > 0))
914 {
915 struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
916 /* Do not call the functions for any auditing object. */
917 if (head->l_auditing == 0)
918 {
919 struct audit_ifaces *afct = GLRO(dl_audit);
920 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
921 {
922 if (afct->activity != NULL)
923 afct->activity (&head->l_audit[cnt].cookie, LA_ACT_ADD);
924
925 afct = afct->next;
926 }
927 }
928 }
929#endif
930
931 /* Notify the debugger we have added some objects. We need to
932 call _dl_debug_initialize in a static program in case dynamic
933 linking has not been used before. */
934 r->r_state = RT_ADD;
935 _dl_debug_state ();
936 LIBC_PROBE (map_start, 2, nsid, r);
937 make_consistent = true;
938 }
939 else
940 assert (r->r_state == RT_ADD);
941
942 /* Enter the new object in the list of loaded objects. */
943 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
944 if (__glibc_unlikely (l == NULL))
945 {
946#ifdef SHARED
947 fail_new:
948#endif
949 errstring = N_("cannot create shared object descriptor");
950 goto call_lose_errno;
951 }
952
953 /* Extract the remaining details we need from the ELF header
954 and then read in the program header table. */
955 l->l_entry = header->e_entry;
956 type = header->e_type;
957 l->l_phnum = header->e_phnum;
958
959 maplength = header->e_phnum * sizeof (ElfW(Phdr));
960 if (header->e_phoff + maplength <= (size_t) fbp->len)
961 phdr = (void *) (fbp->buf + header->e_phoff);
962 else
963 {
964 phdr = alloca (maplength);
965 __lseek (fd, header->e_phoff, SEEK_SET);
966 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
967 {
968 errstring = N_("cannot read file data");
969 goto call_lose_errno;
970 }
971 }
972
973 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
974 * executable. Other platforms default to a nonexecutable stack and don't
975 * need PT_GNU_STACK to do so. */
976 uint_fast16_t stack_flags = DEFAULT_STACK_PERMS;
977
978 {
979 /* Scan the program header table, collecting its load commands. */
980 struct loadcmd loadcmds[l->l_phnum];
981 size_t nloadcmds = 0;
982 bool has_holes = false;
983
984 /* The struct is initialized to zero so this is not necessary:
985 l->l_ld = 0;
986 l->l_phdr = 0;
987 l->l_addr = 0; */
988 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
989 switch (ph->p_type)
990 {
991 /* These entries tell us where to find things once the file's
992 segments are mapped in. We record the addresses it says
993 verbatim, and later correct for the run-time load address. */
994 case PT_DYNAMIC:
995 if (ph->p_filesz)
996 {
997 /* Debuginfo only files from "objcopy --only-keep-debug"
998 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
999 such a segment to avoid a crash later. */
1000 l->l_ld = (void *) ph->p_vaddr;
1001 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1002 }
1003 break;
1004
1005 case PT_PHDR:
1006 l->l_phdr = (void *) ph->p_vaddr;
1007 break;
1008
1009 case PT_LOAD:
1010 /* A load command tells us to map in part of the file.
1011 We record the load commands and process them all later. */
1012 if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0))
1013 {
1014 errstring = N_("ELF load command alignment not page-aligned");
1015 goto call_lose;
1016 }
1017 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1018 & (ph->p_align - 1)) != 0))
1019 {
1020 errstring
1021 = N_("ELF load command address/offset not properly aligned");
1022 goto call_lose;
1023 }
1024
1025 struct loadcmd *c = &loadcmds[nloadcmds++];
1026 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1027 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1028 c->dataend = ph->p_vaddr + ph->p_filesz;
1029 c->allocend = ph->p_vaddr + ph->p_memsz;
1030 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1031
1032 /* Determine whether there is a gap between the last segment
1033 and this one. */
1034 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1035 has_holes = true;
1036
1037 /* Optimize a common case. */
1038#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1039 c->prot = (PF_TO_PROT
1040 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1041#else
1042 c->prot = 0;
1043 if (ph->p_flags & PF_R)
1044 c->prot |= PROT_READ;
1045 if (ph->p_flags & PF_W)
1046 c->prot |= PROT_WRITE;
1047 if (ph->p_flags & PF_X)
1048 c->prot |= PROT_EXEC;
1049#endif
1050 break;
1051
1052 case PT_TLS:
1053 if (ph->p_memsz == 0)
1054 /* Nothing to do for an empty segment. */
1055 break;
1056
1057 l->l_tls_blocksize = ph->p_memsz;
1058 l->l_tls_align = ph->p_align;
1059 if (ph->p_align == 0)
1060 l->l_tls_firstbyte_offset = 0;
1061 else
1062 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1063 l->l_tls_initimage_size = ph->p_filesz;
1064 /* Since we don't know the load address yet only store the
1065 offset. We will adjust it later. */
1066 l->l_tls_initimage = (void *) ph->p_vaddr;
1067
1068 /* If not loading the initial set of shared libraries,
1069 check whether we should permit loading a TLS segment. */
1070 if (__glibc_likely (l->l_type == lt_library)
1071 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1072 not set up TLS data structures, so don't use them now. */
1073 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL))
1074 {
1075 /* Assign the next available module ID. */
1076 l->l_tls_modid = _dl_next_tls_modid ();
1077 break;
1078 }
1079
1080#ifdef SHARED
1081 /* We are loading the executable itself when the dynamic
1082 linker was executed directly. The setup will happen
1083 later. Otherwise, the TLS data structures are already
1084 initialized, and we assigned a TLS modid above. */
1085 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
1086#else
1087 assert (false && "TLS not initialized in static application");
1088#endif
1089 break;
1090
1091 case PT_GNU_STACK:
1092 stack_flags = ph->p_flags;
1093 break;
1094
1095 case PT_GNU_RELRO:
1096 l->l_relro_addr = ph->p_vaddr;
1097 l->l_relro_size = ph->p_memsz;
1098 break;
1099 }
1100
1101 if (__glibc_unlikely (nloadcmds == 0))
1102 {
1103 /* This only happens for a bogus object that will be caught with
1104 another error below. But we don't want to go through the
1105 calculations below using NLOADCMDS - 1. */
1106 errstring = N_("object file has no loadable segments");
1107 goto call_lose;
1108 }
1109
1110 if (__glibc_unlikely (type != ET_DYN)
1111 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1112 {
1113 /* This object is loaded at a fixed address. This must never
1114 happen for objects loaded with dlopen. */
1115 errstring = N_("cannot dynamically load executable");
1116 goto call_lose;
1117 }
1118
1119 /* Length of the sections to be loaded. */
1120 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1121
1122 /* Now process the load commands and map segments into memory.
1123 This is responsible for filling in:
1124 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1125 */
1126 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1127 maplength, has_holes, loader);
1128 if (__glibc_unlikely (errstring != NULL))
1129 goto call_lose;
1130 }
1131
1132 if (l->l_ld == 0)
1133 {
1134 if (__glibc_unlikely (type == ET_DYN))
1135 {
1136 errstring = N_("object file has no dynamic section");
1137 goto call_lose;
1138 }
1139 }
1140 else
1141 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1142
1143 elf_get_dynamic_info (l, NULL);
1144
1145 /* Make sure we are not dlopen'ing an object that has the
1146 DF_1_NOOPEN flag set. */
1147 if (__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1148 && (mode & __RTLD_DLOPEN))
1149 {
1150 /* We are not supposed to load this object. Free all resources. */
1151 _dl_unmap_segments (l);
1152
1153 if (!l->l_libname->dont_free)
1154 free (l->l_libname);
1155
1156 if (l->l_phdr_allocated)
1157 free ((void *) l->l_phdr);
1158
1159 errstring = N_("shared object cannot be dlopen()ed");
1160 goto call_lose;
1161 }
1162
1163 if (l->l_phdr == NULL)
1164 {
1165 /* The program header is not contained in any of the segments.
1166 We have to allocate memory ourself and copy it over from out
1167 temporary place. */
1168 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1169 * sizeof (ElfW(Phdr)));
1170 if (newp == NULL)
1171 {
1172 errstring = N_("cannot allocate memory for program header");
1173 goto call_lose_errno;
1174 }
1175
1176 l->l_phdr = memcpy (newp, phdr,
1177 (header->e_phnum * sizeof (ElfW(Phdr))));
1178 l->l_phdr_allocated = 1;
1179 }
1180 else
1181 /* Adjust the PT_PHDR value by the runtime load address. */
1182 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1183
1184 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1185 {
1186 if (__glibc_unlikely (__check_caller (RETURN_ADDRESS (0), allow_ldso) != 0))
1187 {
1188 errstring = N_("invalid caller");
1189 goto call_lose;
1190 }
1191
1192 /* The stack is presently not executable, but this module
1193 requires that it be executable. We must change the
1194 protection of the variable which contains the flags used in
1195 the mprotect calls. */
1196#ifdef SHARED
1197 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1198 {
1199 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1200 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1201
1202 struct link_map *const m = &GL(dl_rtld_map);
1203 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1204 + m->l_relro_size)
1205 & -GLRO(dl_pagesize));
1206 if (__glibc_likely (p + s <= relro_end))
1207 {
1208 /* The variable lies in the region protected by RELRO. */
1209 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1210 {
1211 errstring = N_("cannot change memory protections");
1212 goto call_lose_errno;
1213 }
1214 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1215 __mprotect ((void *) p, s, PROT_READ);
1216 }
1217 else
1218 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1219 }
1220 else
1221#endif
1222 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1223
1224#ifdef check_consistency
1225 check_consistency ();
1226#endif
1227
1228 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1229 if (errval)
1230 {
1231 errstring = N_("\
1232cannot enable executable stack as shared object requires");
1233 goto call_lose;
1234 }
1235 }
1236
1237 /* Adjust the address of the TLS initialization image. */
1238 if (l->l_tls_initimage != NULL)
1239 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1240
1241 /* We are done mapping in the file. We no longer need the descriptor. */
1242 if (__glibc_unlikely (__close (fd) != 0))
1243 {
1244 errstring = N_("cannot close file descriptor");
1245 goto call_lose_errno;
1246 }
1247 /* Signal that we closed the file. */
1248 fd = -1;
1249
1250 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1251 assert (type != ET_EXEC || l->l_type == lt_executable);
1252
1253 l->l_entry += l->l_addr;
1254
1255 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1256 _dl_debug_printf ("\
1257 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1258 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1259 (int) sizeof (void *) * 2,
1260 (unsigned long int) l->l_ld,
1261 (int) sizeof (void *) * 2,
1262 (unsigned long int) l->l_addr,
1263 (int) sizeof (void *) * 2, maplength,
1264 (int) sizeof (void *) * 2,
1265 (unsigned long int) l->l_entry,
1266 (int) sizeof (void *) * 2,
1267 (unsigned long int) l->l_phdr,
1268 (int) sizeof (void *) * 2, l->l_phnum);
1269
1270 /* Set up the symbol hash table. */
1271 _dl_setup_hash (l);
1272
1273 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1274 have to do this for the main map. */
1275 if ((mode & RTLD_DEEPBIND) == 0
1276 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1277 && &l->l_searchlist != l->l_scope[0])
1278 {
1279 /* Create an appropriate searchlist. It contains only this map.
1280 This is the definition of DT_SYMBOLIC in SysVr4. */
1281 l->l_symbolic_searchlist.r_list[0] = l;
1282 l->l_symbolic_searchlist.r_nlist = 1;
1283
1284 /* Now move the existing entries one back. */
1285 memmove (&l->l_scope[1], &l->l_scope[0],
1286 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1287
1288 /* Now add the new entry. */
1289 l->l_scope[0] = &l->l_symbolic_searchlist;
1290 }
1291
1292 /* Remember whether this object must be initialized first. */
1293 if (l->l_flags_1 & DF_1_INITFIRST)
1294 GL(dl_initfirst) = l;
1295
1296 /* Finally the file information. */
1297 l->l_file_id = id;
1298
1299#ifdef SHARED
1300 /* When auditing is used the recorded names might not include the
1301 name by which the DSO is actually known. Add that as well. */
1302 if (__glibc_unlikely (origname != NULL))
1303 add_name_to_object (l, origname);
1304#else
1305 /* Audit modules only exist when linking is dynamic so ORIGNAME
1306 cannot be non-NULL. */
1307 assert (origname == NULL);
1308#endif
1309
1310 /* When we profile the SONAME might be needed for something else but
1311 loading. Add it right away. */
1312 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1313 && l->l_info[DT_SONAME] != NULL)
1314 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1315 + l->l_info[DT_SONAME]->d_un.d_val));
1316
1317#ifdef DL_AFTER_LOAD
1318 DL_AFTER_LOAD (l);
1319#endif
1320
1321 /* Now that the object is fully initialized add it to the object list. */
1322 _dl_add_to_namespace_list (l, nsid);
1323
1324#ifdef SHARED
1325 /* Auditing checkpoint: we have a new object. */
1326 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1327 && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1328 {
1329 struct audit_ifaces *afct = GLRO(dl_audit);
1330 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1331 {
1332 if (afct->objopen != NULL)
1333 {
1334 l->l_audit[cnt].bindflags
1335 = afct->objopen (l, nsid, &l->l_audit[cnt].cookie);
1336
1337 l->l_audit_any_plt |= l->l_audit[cnt].bindflags != 0;
1338 }
1339
1340 afct = afct->next;
1341 }
1342 }
1343#endif
1344
1345 return l;
1346}
1347
1348/* Print search path. */
1349static void
1350print_search_path (struct r_search_path_elem **list,
1351 const char *what, const char *name)
1352{
1353 char buf[max_dirnamelen + max_capstrlen];
1354 int first = 1;
1355
1356 _dl_debug_printf (" search path=");
1357
1358 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1359 {
1360 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1361 size_t cnt;
1362
1363 for (cnt = 0; cnt < ncapstr; ++cnt)
1364 if ((*list)->status[cnt] != nonexisting)
1365 {
1366 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1367 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1368 cp[0] = '\0';
1369 else
1370 cp[-1] = '\0';
1371
1372 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1373 first = 0;
1374 }
1375
1376 ++list;
1377 }
1378
1379 if (name != NULL)
1380 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1381 DSO_FILENAME (name));
1382 else
1383 _dl_debug_printf_c ("\t\t(%s)\n", what);
1384}
1385
1386/* Open a file and verify it is an ELF file for this architecture. We
1387 ignore only ELF files for other architectures. Non-ELF files and
1388 ELF files with different header information cause fatal errors since
1389 this could mean there is something wrong in the installation and the
1390 user might want to know about this.
1391
1392 If FD is not -1, then the file is already open and FD refers to it.
1393 In that case, FD is consumed for both successful and error returns. */
1394static int
1395open_verify (const char *name, int fd,
1396 struct filebuf *fbp, struct link_map *loader,
1397 int whatcode, int mode, bool *found_other_class, bool free_name)
1398{
1399 /* This is the expected ELF header. */
1400#define ELF32_CLASS ELFCLASS32
1401#define ELF64_CLASS ELFCLASS64
1402#ifndef VALID_ELF_HEADER
1403# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1404# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1405# define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1406#elif defined MORE_ELF_HEADER_DATA
1407 MORE_ELF_HEADER_DATA;
1408#endif
1409 static const unsigned char expected[EI_NIDENT] =
1410 {
1411 [EI_MAG0] = ELFMAG0,
1412 [EI_MAG1] = ELFMAG1,
1413 [EI_MAG2] = ELFMAG2,
1414 [EI_MAG3] = ELFMAG3,
1415 [EI_CLASS] = ELFW(CLASS),
1416 [EI_DATA] = byteorder,
1417 [EI_VERSION] = EV_CURRENT,
1418 [EI_OSABI] = ELFOSABI_SYSV,
1419 [EI_ABIVERSION] = 0
1420 };
1421 static const struct
1422 {
1423 ElfW(Word) vendorlen;
1424 ElfW(Word) datalen;
1425 ElfW(Word) type;
1426 char vendor[4];
1427 } expected_note = { 4, 16, 1, "GNU" };
1428 /* Initialize it to make the compiler happy. */
1429 const char *errstring = NULL;
1430 int errval = 0;
1431
1432#ifdef SHARED
1433 /* Give the auditing libraries a chance. */
1434 if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0
1435 && loader->l_auditing == 0)
1436 {
1437 const char *original_name = name;
1438 struct audit_ifaces *afct = GLRO(dl_audit);
1439 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1440 {
1441 if (afct->objsearch != NULL)
1442 {
1443 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1444 whatcode);
1445 if (name == NULL)
1446 /* Ignore the path. */
1447 return -1;
1448 }
1449
1450 afct = afct->next;
1451 }
1452
1453 if (fd != -1 && name != original_name && strcmp (name, original_name))
1454 {
1455 /* An audit library changed what we're supposed to open,
1456 so FD no longer matches it. */
1457 __close (fd);
1458 fd = -1;
1459 }
1460 }
1461#endif
1462
1463 if (fd == -1)
1464 /* Open the file. We always open files read-only. */
1465 fd = __open (name, O_RDONLY | O_CLOEXEC);
1466
1467 if (fd != -1)
1468 {
1469 ElfW(Ehdr) *ehdr;
1470 ElfW(Phdr) *phdr, *ph;
1471 ElfW(Word) *abi_note;
1472 unsigned int osversion;
1473 size_t maplength;
1474
1475 /* We successfully opened the file. Now verify it is a file
1476 we can use. */
1477 __set_errno (0);
1478 fbp->len = 0;
1479 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1480 /* Read in the header. */
1481 do
1482 {
1483 ssize_t retlen = __libc_read (fd, fbp->buf + fbp->len,
1484 sizeof (fbp->buf) - fbp->len);
1485 if (retlen <= 0)
1486 break;
1487 fbp->len += retlen;
1488 }
1489 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1490
1491 /* This is where the ELF header is loaded. */
1492 ehdr = (ElfW(Ehdr) *) fbp->buf;
1493
1494 /* Now run the tests. */
1495 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1496 {
1497 errval = errno;
1498 errstring = (errval == 0
1499 ? N_("file too short") : N_("cannot read file data"));
1500 call_lose:
1501 if (free_name)
1502 {
1503 char *realname = (char *) name;
1504 name = strdupa (realname);
1505 free (realname);
1506 }
1507 lose (errval, fd, name, NULL, NULL, errstring, NULL, 0);
1508 }
1509
1510 /* See whether the ELF header is what we expect. */
1511 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1512 EI_ABIVERSION)
1513 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1514 ehdr->e_ident[EI_ABIVERSION])
1515 || memcmp (&ehdr->e_ident[EI_PAD],
1516 &expected[EI_PAD],
1517 EI_NIDENT - EI_PAD) != 0))
1518 {
1519 /* Something is wrong. */
1520 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1521 if (*magp !=
1522#if BYTE_ORDER == LITTLE_ENDIAN
1523 ((ELFMAG0 << (EI_MAG0 * 8)) |
1524 (ELFMAG1 << (EI_MAG1 * 8)) |
1525 (ELFMAG2 << (EI_MAG2 * 8)) |
1526 (ELFMAG3 << (EI_MAG3 * 8)))
1527#else
1528 ((ELFMAG0 << (EI_MAG3 * 8)) |
1529 (ELFMAG1 << (EI_MAG2 * 8)) |
1530 (ELFMAG2 << (EI_MAG1 * 8)) |
1531 (ELFMAG3 << (EI_MAG0 * 8)))
1532#endif
1533 )
1534 errstring = N_("invalid ELF header");
1535 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1536 {
1537 /* This is not a fatal error. On architectures where
1538 32-bit and 64-bit binaries can be run this might
1539 happen. */
1540 *found_other_class = true;
1541 goto close_and_out;
1542 }
1543 else if (ehdr->e_ident[EI_DATA] != byteorder)
1544 {
1545 if (BYTE_ORDER == BIG_ENDIAN)
1546 errstring = N_("ELF file data encoding not big-endian");
1547 else
1548 errstring = N_("ELF file data encoding not little-endian");
1549 }
1550 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1551 errstring
1552 = N_("ELF file version ident does not match current one");
1553 /* XXX We should be able so set system specific versions which are
1554 allowed here. */
1555 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1556 errstring = N_("ELF file OS ABI invalid");
1557 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1558 ehdr->e_ident[EI_ABIVERSION]))
1559 errstring = N_("ELF file ABI version invalid");
1560 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1561 EI_NIDENT - EI_PAD) != 0)
1562 errstring = N_("nonzero padding in e_ident");
1563 else
1564 /* Otherwise we don't know what went wrong. */
1565 errstring = N_("internal error");
1566
1567 goto call_lose;
1568 }
1569
1570 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1571 {
1572 errstring = N_("ELF file version does not match current one");
1573 goto call_lose;
1574 }
1575 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1576 goto close_and_out;
1577 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1578 && ehdr->e_type != ET_EXEC))
1579 {
1580 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1581 goto call_lose;
1582 }
1583 else if (__glibc_unlikely (ehdr->e_type == ET_EXEC
1584 && (mode & __RTLD_OPENEXEC) == 0))
1585 {
1586 /* BZ #16634. It is an error to dlopen ET_EXEC (unless
1587 __RTLD_OPENEXEC is explicitly set). We return error here
1588 so that code in _dl_map_object_from_fd does not try to set
1589 l_tls_modid for this module. */
1590
1591 errstring = N_("cannot dynamically load executable");
1592 goto call_lose;
1593 }
1594 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1595 {
1596 errstring = N_("ELF file's phentsize not the expected size");
1597 goto call_lose;
1598 }
1599
1600 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1601 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1602 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1603 else
1604 {
1605 phdr = alloca (maplength);
1606 __lseek (fd, ehdr->e_phoff, SEEK_SET);
1607 if ((size_t) __libc_read (fd, (void *) phdr, maplength) != maplength)
1608 {
1609 read_error:
1610 errval = errno;
1611 errstring = N_("cannot read file data");
1612 goto call_lose;
1613 }
1614 }
1615
1616 if (__glibc_unlikely (elf_machine_reject_phdr_p
1617 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1618 loader, fd)))
1619 goto close_and_out;
1620
1621 /* Check .note.ABI-tag if present. */
1622 for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
1623 if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
1624 {
1625 ElfW(Addr) size = ph->p_filesz;
1626 /* NB: Some PT_NOTE segment may have alignment value of 0
1627 or 1. gABI specifies that PT_NOTE segments should be
1628 aligned to 4 bytes in 32-bit objects and to 8 bytes in
1629 64-bit objects. As a Linux extension, we also support
1630 4 byte alignment in 64-bit objects. If p_align is less
1631 than 4, we treate alignment as 4 bytes since some note
1632 segments have 0 or 1 byte alignment. */
1633 ElfW(Addr) align = ph->p_align;
1634 if (align < 4)
1635 align = 4;
1636 else if (align != 4 && align != 8)
1637 continue;
1638
1639 if (ph->p_offset + size <= (size_t) fbp->len)
1640 abi_note = (void *) (fbp->buf + ph->p_offset);
1641 else
1642 {
1643 abi_note = alloca (size);
1644 __lseek (fd, ph->p_offset, SEEK_SET);
1645 if (__libc_read (fd, (void *) abi_note, size) != size)
1646 goto read_error;
1647 }
1648
1649 while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
1650 {
1651 ElfW(Addr) note_size
1652 = ELF_NOTE_NEXT_OFFSET (abi_note[0], abi_note[1],
1653 align);
1654
1655 if (size - 32 < note_size)
1656 {
1657 size = 0;
1658 break;
1659 }
1660 size -= note_size;
1661 abi_note = (void *) abi_note + note_size;
1662 }
1663
1664 if (size == 0)
1665 continue;
1666
1667 osversion = (abi_note[5] & 0xff) * 65536
1668 + (abi_note[6] & 0xff) * 256
1669 + (abi_note[7] & 0xff);
1670 if (abi_note[4] != __ABI_TAG_OS
1671 || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
1672 {
1673 close_and_out:
1674 __close (fd);
1675 __set_errno (ENOENT);
1676 fd = -1;
1677 }
1678
1679 break;
1680 }
1681 }
1682
1683 return fd;
1684}
1685
1686/* Try to open NAME in one of the directories in *DIRSP.
1687 Return the fd, or -1. If successful, fill in *REALNAME
1688 with the malloc'd full directory name. If it turns out
1689 that none of the directories in *DIRSP exists, *DIRSP is
1690 replaced with (void *) -1, and the old value is free()d
1691 if MAY_FREE_DIRS is true. */
1692
1693static int
1694open_path (const char *name, size_t namelen, int mode,
1695 struct r_search_path_struct *sps, char **realname,
1696 struct filebuf *fbp, struct link_map *loader, int whatcode,
1697 bool *found_other_class)
1698{
1699 struct r_search_path_elem **dirs = sps->dirs;
1700 char *buf;
1701 int fd = -1;
1702 const char *current_what = NULL;
1703 int any = 0;
1704
1705 if (__glibc_unlikely (dirs == NULL))
1706 /* We're called before _dl_init_paths when loading the main executable
1707 given on the command line when rtld is run directly. */
1708 return -1;
1709
1710 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1711 do
1712 {
1713 struct r_search_path_elem *this_dir = *dirs;
1714 size_t buflen = 0;
1715 size_t cnt;
1716 char *edp;
1717 int here_any = 0;
1718 int err;
1719
1720 /* If we are debugging the search for libraries print the path
1721 now if it hasn't happened now. */
1722 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1723 && current_what != this_dir->what)
1724 {
1725 current_what = this_dir->what;
1726 print_search_path (dirs, current_what, this_dir->where);
1727 }
1728
1729 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1730 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1731 {
1732 /* Skip this directory if we know it does not exist. */
1733 if (this_dir->status[cnt] == nonexisting)
1734 continue;
1735
1736 buflen =
1737 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1738 capstr[cnt].len),
1739 name, namelen)
1740 - buf);
1741
1742 /* Print name we try if this is wanted. */
1743 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1744 _dl_debug_printf (" trying file=%s\n", buf);
1745
1746 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1747 found_other_class, false);
1748 if (this_dir->status[cnt] == unknown)
1749 {
1750 if (fd != -1)
1751 this_dir->status[cnt] = existing;
1752 /* Do not update the directory information when loading
1753 auditing code. We must try to disturb the program as
1754 little as possible. */
1755 else if (loader == NULL
1756 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1757 {
1758 /* We failed to open machine dependent library. Let's
1759 test whether there is any directory at all. */
1760 struct stat64 st;
1761
1762 buf[buflen - namelen - 1] = '\0';
1763
1764 if (__xstat64 (_STAT_VER, buf, &st) != 0
1765 || ! S_ISDIR (st.st_mode))
1766 /* The directory does not exist or it is no directory. */
1767 this_dir->status[cnt] = nonexisting;
1768 else
1769 this_dir->status[cnt] = existing;
1770 }
1771 }
1772
1773 /* Remember whether we found any existing directory. */
1774 here_any |= this_dir->status[cnt] != nonexisting;
1775
1776 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1777 && __libc_enable_secure)
1778 {
1779 /* This is an extra security effort to make sure nobody can
1780 preload broken shared objects which are in the trusted
1781 directories and so exploit the bugs. */
1782 struct stat64 st;
1783
1784 if (__fxstat64 (_STAT_VER, fd, &st) != 0
1785 || (st.st_mode & S_ISUID) == 0)
1786 {
1787 /* The shared object cannot be tested for being SUID
1788 or this bit is not set. In this case we must not
1789 use this object. */
1790 __close (fd);
1791 fd = -1;
1792 /* We simply ignore the file, signal this by setting
1793 the error value which would have been set by `open'. */
1794 errno = ENOENT;
1795 }
1796 }
1797 }
1798
1799 if (fd != -1)
1800 {
1801 *realname = (char *) malloc (buflen);
1802 if (*realname != NULL)
1803 {
1804 memcpy (*realname, buf, buflen);
1805 return fd;
1806 }
1807 else
1808 {
1809 /* No memory for the name, we certainly won't be able
1810 to load and link it. */
1811 __close (fd);
1812 return -1;
1813 }
1814 }
1815 if (here_any && (err = errno) != ENOENT && err != EACCES)
1816 /* The file exists and is readable, but something went wrong. */
1817 return -1;
1818
1819 /* Remember whether we found anything. */
1820 any |= here_any;
1821 }
1822 while (*++dirs != NULL);
1823
1824 /* Remove the whole path if none of the directories exists. */
1825 if (__glibc_unlikely (! any))
1826 {
1827 /* Paths which were allocated using the minimal malloc() in ld.so
1828 must not be freed using the general free() in libc. */
1829 if (sps->malloced)
1830 free (sps->dirs);
1831
1832 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1833 avoid writing into it. */
1834 if (sps != &rtld_search_dirs && sps != &env_path_list)
1835 sps->dirs = (void *) -1;
1836 }
1837
1838 return -1;
1839}
1840
1841/* Map in the shared object file NAME. */
1842
1843struct link_map *
1844_dl_map_object (struct link_map *loader, const char *name,
1845 int type, int trace_mode, int mode, Lmid_t nsid)
1846{
1847 int fd;
1848 const char *origname = NULL;
1849 char *realname;
1850 char *name_copy;
1851 struct link_map *l;
1852 struct filebuf fb;
1853
1854 assert (nsid >= 0);
1855 assert (nsid < GL(dl_nns));
1856
1857 /* Look for this name among those already loaded. */
1858 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
1859 {
1860 /* If the requested name matches the soname of a loaded object,
1861 use that object. Elide this check for names that have not
1862 yet been opened. */
1863 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
1864 continue;
1865 if (!_dl_name_match_p (name, l))
1866 {
1867 const char *soname;
1868
1869 if (__glibc_likely (l->l_soname_added)
1870 || l->l_info[DT_SONAME] == NULL)
1871 continue;
1872
1873 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
1874 + l->l_info[DT_SONAME]->d_un.d_val);
1875 if (strcmp (name, soname) != 0)
1876 continue;
1877
1878 /* We have a match on a new name -- cache it. */
1879 add_name_to_object (l, soname);
1880 l->l_soname_added = 1;
1881 }
1882
1883 /* We have a match. */
1884 return l;
1885 }
1886
1887 /* Display information if we are debugging. */
1888 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
1889 && loader != NULL)
1890 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
1891 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
1892 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
1893 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
1894
1895#ifdef SHARED
1896 /* Give the auditing libraries a chance to change the name before we
1897 try anything. */
1898 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1899 && (loader == NULL || loader->l_auditing == 0))
1900 {
1901 struct audit_ifaces *afct = GLRO(dl_audit);
1902 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1903 {
1904 if (afct->objsearch != NULL)
1905 {
1906 const char *before = name;
1907 name = afct->objsearch (name, &loader->l_audit[cnt].cookie,
1908 LA_SER_ORIG);
1909 if (name == NULL)
1910 {
1911 /* Do not try anything further. */
1912 fd = -1;
1913 goto no_file;
1914 }
1915 if (before != name && strcmp (before, name) != 0)
1916 {
1917 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1918 _dl_debug_printf ("audit changed filename %s -> %s\n",
1919 before, name);
1920
1921 if (origname == NULL)
1922 origname = before;
1923 }
1924 }
1925
1926 afct = afct->next;
1927 }
1928 }
1929#endif
1930
1931 /* Will be true if we found a DSO which is of the other ELF class. */
1932 bool found_other_class = false;
1933
1934 if (strchr (name, '/') == NULL)
1935 {
1936 /* Search for NAME in several places. */
1937
1938 size_t namelen = strlen (name) + 1;
1939
1940 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1941 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
1942
1943 fd = -1;
1944
1945 /* When the object has the RUNPATH information we don't use any
1946 RPATHs. */
1947 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
1948 {
1949 /* This is the executable's map (if there is one). Make sure that
1950 we do not look at it twice. */
1951 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
1952 bool did_main_map = false;
1953
1954 /* First try the DT_RPATH of the dependent object that caused NAME
1955 to be loaded. Then that object's dependent, and on up. */
1956 for (l = loader; l; l = l->l_loader)
1957 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
1958 {
1959 fd = open_path (name, namelen, mode,
1960 &l->l_rpath_dirs,
1961 &realname, &fb, loader, LA_SER_RUNPATH,
1962 &found_other_class);
1963 if (fd != -1)
1964 break;
1965
1966 did_main_map |= l == main_map;
1967 }
1968
1969 /* If dynamically linked, try the DT_RPATH of the executable
1970 itself. NB: we do this for lookups in any namespace. */
1971 if (fd == -1 && !did_main_map
1972 && main_map != NULL && main_map->l_type != lt_loaded
1973 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
1974 "RPATH"))
1975 fd = open_path (name, namelen, mode,
1976 &main_map->l_rpath_dirs,
1977 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
1978 &found_other_class);
1979 }
1980
1981 /* Try the LD_LIBRARY_PATH environment variable. */
1982 if (fd == -1 && env_path_list.dirs != (void *) -1)
1983 fd = open_path (name, namelen, mode, &env_path_list,
1984 &realname, &fb,
1985 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
1986 LA_SER_LIBPATH, &found_other_class);
1987
1988 /* Look at the RUNPATH information for this binary. */
1989 if (fd == -1 && loader != NULL
1990 && cache_rpath (loader, &loader->l_runpath_dirs,
1991 DT_RUNPATH, "RUNPATH"))
1992 fd = open_path (name, namelen, mode,
1993 &loader->l_runpath_dirs, &realname, &fb, loader,
1994 LA_SER_RUNPATH, &found_other_class);
1995
1996 if (fd == -1)
1997 {
1998 realname = _dl_sysdep_open_object (name, namelen, &fd);
1999 if (realname != NULL)
2000 {
2001 fd = open_verify (realname, fd,
2002 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2003 LA_SER_CONFIG, mode, &found_other_class,
2004 false);
2005 if (fd == -1)
2006 free (realname);
2007 }
2008 }
2009
2010#ifdef USE_LDCONFIG
2011 if (fd == -1
2012 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2013 || ! __libc_enable_secure)
2014 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2015 {
2016 /* Check the list of libraries in the file /etc/ld.so.cache,
2017 for compatibility with Linux's ldconfig program. */
2018 char *cached = _dl_load_cache_lookup (name);
2019
2020 if (cached != NULL)
2021 {
2022 // XXX Correct to unconditionally default to namespace 0?
2023 l = (loader
2024 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2025# ifdef SHARED
2026 ?: &GL(dl_rtld_map)
2027# endif
2028 );
2029
2030 /* If the loader has the DF_1_NODEFLIB flag set we must not
2031 use a cache entry from any of these directories. */
2032 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2033 {
2034 const char *dirp = system_dirs;
2035 unsigned int cnt = 0;
2036
2037 do
2038 {
2039 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2040 {
2041 /* The prefix matches. Don't use the entry. */
2042 free (cached);
2043 cached = NULL;
2044 break;
2045 }
2046
2047 dirp += system_dirs_len[cnt] + 1;
2048 ++cnt;
2049 }
2050 while (cnt < nsystem_dirs_len);
2051 }
2052
2053 if (cached != NULL)
2054 {
2055 fd = open_verify (cached, -1,
2056 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2057 LA_SER_CONFIG, mode, &found_other_class,
2058 false);
2059 if (__glibc_likely (fd != -1))
2060 realname = cached;
2061 else
2062 free (cached);
2063 }
2064 }
2065 }
2066#endif
2067
2068 /* Finally, try the default path. */
2069 if (fd == -1
2070 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2071 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2072 && rtld_search_dirs.dirs != (void *) -1)
2073 fd = open_path (name, namelen, mode, &rtld_search_dirs,
2074 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2075
2076 /* Add another newline when we are tracing the library loading. */
2077 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2078 _dl_debug_printf ("\n");
2079 }
2080 else
2081 {
2082 /* The path may contain dynamic string tokens. */
2083 realname = (loader
2084 ? expand_dynamic_string_token (loader, name)
2085 : __strdup (name));
2086 if (realname == NULL)
2087 fd = -1;
2088 else
2089 {
2090 fd = open_verify (realname, -1, &fb,
2091 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2092 &found_other_class, true);
2093 if (__glibc_unlikely (fd == -1))
2094 free (realname);
2095 }
2096 }
2097
2098#ifdef SHARED
2099 no_file:
2100#endif
2101 /* In case the LOADER information has only been provided to get to
2102 the appropriate RUNPATH/RPATH information we do not need it
2103 anymore. */
2104 if (mode & __RTLD_CALLMAP)
2105 loader = NULL;
2106
2107 if (__glibc_unlikely (fd == -1))
2108 {
2109 if (trace_mode
2110 && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0))
2111 {
2112 /* We haven't found an appropriate library. But since we
2113 are only interested in the list of libraries this isn't
2114 so severe. Fake an entry with all the information we
2115 have. */
2116 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2117
2118 /* Allocate a new object map. */
2119 if ((name_copy = __strdup (name)) == NULL
2120 || (l = _dl_new_object (name_copy, name, type, loader,
2121 mode, nsid)) == NULL)
2122 {
2123 free (name_copy);
2124 _dl_signal_error (ENOMEM, name, NULL,
2125 N_("cannot create shared object descriptor"));
2126 }
2127 /* Signal that this is a faked entry. */
2128 l->l_faked = 1;
2129 /* Since the descriptor is initialized with zero we do not
2130 have do this here.
2131 l->l_reserved = 0; */
2132 l->l_buckets = &dummy_bucket;
2133 l->l_nbuckets = 1;
2134 l->l_relocated = 1;
2135
2136 /* Enter the object in the object list. */
2137 _dl_add_to_namespace_list (l, nsid);
2138
2139 return l;
2140 }
2141 else if (found_other_class)
2142 _dl_signal_error (0, name, NULL,
2143 ELFW(CLASS) == ELFCLASS32
2144 ? N_("wrong ELF class: ELFCLASS64")
2145 : N_("wrong ELF class: ELFCLASS32"));
2146 else
2147 _dl_signal_error (errno, name, NULL,
2148 N_("cannot open shared object file"));
2149 }
2150
2151 void *stack_end = __libc_stack_end;
2152 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2153 type, mode, &stack_end, nsid);
2154}
2155
2156struct add_path_state
2157{
2158 bool counting;
2159 unsigned int idx;
2160 Dl_serinfo *si;
2161 char *allocptr;
2162};
2163
2164static void
2165add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2166 unsigned int flags)
2167{
2168 if (sps->dirs != (void *) -1)
2169 {
2170 struct r_search_path_elem **dirs = sps->dirs;
2171 do
2172 {
2173 const struct r_search_path_elem *const r = *dirs++;
2174 if (p->counting)
2175 {
2176 p->si->dls_cnt++;
2177 p->si->dls_size += MAX (2, r->dirnamelen);
2178 }
2179 else
2180 {
2181 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2182 sp->dls_name = p->allocptr;
2183 if (r->dirnamelen < 2)
2184 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2185 else
2186 p->allocptr = __mempcpy (p->allocptr,
2187 r->dirname, r->dirnamelen - 1);
2188 *p->allocptr++ = '\0';
2189 sp->dls_flags = flags;
2190 }
2191 }
2192 while (*dirs != NULL);
2193 }
2194}
2195
2196void
2197_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2198{
2199 if (counting)
2200 {
2201 si->dls_cnt = 0;
2202 si->dls_size = 0;
2203 }
2204
2205 struct add_path_state p =
2206 {
2207 .counting = counting,
2208 .idx = 0,
2209 .si = si,
2210 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2211 };
2212
2213# define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2214
2215 /* When the object has the RUNPATH information we don't use any RPATHs. */
2216 if (loader->l_info[DT_RUNPATH] == NULL)
2217 {
2218 /* First try the DT_RPATH of the dependent object that caused NAME
2219 to be loaded. Then that object's dependent, and on up. */
2220
2221 struct link_map *l = loader;
2222 do
2223 {
2224 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2225 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2226 l = l->l_loader;
2227 }
2228 while (l != NULL);
2229
2230 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2231 if (loader->l_ns == LM_ID_BASE)
2232 {
2233 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2234 if (l != NULL && l->l_type != lt_loaded && l != loader)
2235 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2236 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2237 }
2238 }
2239
2240 /* Try the LD_LIBRARY_PATH environment variable. */
2241 add_path (&p, &env_path_list, XXX_ENV);
2242
2243 /* Look at the RUNPATH information for this binary. */
2244 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2245 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2246
2247 /* XXX
2248 Here is where ld.so.cache gets checked, but we don't have
2249 a way to indicate that in the results for Dl_serinfo. */
2250
2251 /* Finally, try the default path. */
2252 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2253 add_path (&p, &rtld_search_dirs, XXX_default);
2254
2255 if (counting)
2256 /* Count the struct size before the string area, which we didn't
2257 know before we completed dls_cnt. */
2258 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2259}
2260