1/* Map in a shared object's segments from the file.
2 Copyright (C) 1995-2020 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
18
19#include <elf.h>
20#include <errno.h>
21#include <fcntl.h>
22#include <libintl.h>
23#include <stdbool.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27#include <ldsodefs.h>
28#include <bits/wordsize.h>
29#include <sys/mman.h>
30#include <sys/param.h>
31#include <sys/stat.h>
32#include <sys/types.h>
33#include <gnu/lib-names.h>
34
35/* Type for the buffer we put the ELF header and hopefully the program
36 header. This buffer does not really have to be too large. In most
37 cases the program header follows the ELF header directly. If this
38 is not the case all bets are off and we can make the header
39 arbitrarily large and still won't get it read. This means the only
40 question is how large are the ELF and program header combined. The
41 ELF header 32-bit files is 52 bytes long and in 64-bit files is 64
42 bytes long. Each program header entry is again 32 and 56 bytes
43 long respectively. I.e., even with a file which has 10 program
44 header entries we only have to read 372B/624B respectively. Add to
45 this a bit of margin for program notes and reading 512B and 832B
46 for 32-bit and 64-bit files respecitvely is enough. If this
47 heuristic should really fail for some file the code in
48 `_dl_map_object_from_fd' knows how to recover. */
49struct filebuf
50{
51 ssize_t len;
52#if __WORDSIZE == 32
53# define FILEBUF_SIZE 512
54#else
55# define FILEBUF_SIZE 832
56#endif
57 char buf[FILEBUF_SIZE] __attribute__ ((aligned (__alignof (ElfW(Ehdr)))));
58};
59
60#include "dynamic-link.h"
61#include <abi-tag.h>
62#include <stackinfo.h>
63#include <sysdep.h>
64#include <stap-probe.h>
65#include <libc-pointer-arith.h>
66#include <array_length.h>
67
68#include <dl-dst.h>
69#include <dl-load.h>
70#include <dl-map-segments.h>
71#include <dl-unmap-segments.h>
72#include <dl-machine-reject-phdr.h>
73#include <dl-sysdep-open.h>
74#include <dl-prop.h>
75#include <not-cancel.h>
76
77#include <endian.h>
78#if BYTE_ORDER == BIG_ENDIAN
79# define byteorder ELFDATA2MSB
80#elif BYTE_ORDER == LITTLE_ENDIAN
81# define byteorder ELFDATA2LSB
82#else
83# error "Unknown BYTE_ORDER " BYTE_ORDER
84# define byteorder ELFDATANONE
85#endif
86
87#define STRING(x) __STRING (x)
88
89
90int __stack_prot attribute_hidden attribute_relro
91#if _STACK_GROWS_DOWN && defined PROT_GROWSDOWN
92 = PROT_GROWSDOWN;
93#elif _STACK_GROWS_UP && defined PROT_GROWSUP
94 = PROT_GROWSUP;
95#else
96 = 0;
97#endif
98
99
100/* This is the decomposed LD_LIBRARY_PATH search path. */
101static struct r_search_path_struct env_path_list attribute_relro;
102
103/* List of the hardware capabilities we might end up using. */
104static const struct r_strlenpair *capstr attribute_relro;
105static size_t ncapstr attribute_relro;
106static size_t max_capstrlen attribute_relro;
107
108
109/* Get the generated information about the trusted directories. Use
110 an array of concatenated strings to avoid relocations. See
111 gen-trusted-dirs.awk. */
112#include "trusted-dirs.h"
113
114static const char system_dirs[] = SYSTEM_DIRS;
115static const size_t system_dirs_len[] =
116{
117 SYSTEM_DIRS_LEN
118};
119#define nsystem_dirs_len array_length (system_dirs_len)
120
121static bool
122is_trusted_path_normalize (const char *path, size_t len)
123{
124 if (len == 0)
125 return false;
126
127 char *npath = (char *) alloca (len + 2);
128 char *wnp = npath;
129 while (*path != '\0')
130 {
131 if (path[0] == '/')
132 {
133 if (path[1] == '.')
134 {
135 if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
136 {
137 while (wnp > npath && *--wnp != '/')
138 ;
139 path += 3;
140 continue;
141 }
142 else if (path[2] == '/' || path[2] == '\0')
143 {
144 path += 2;
145 continue;
146 }
147 }
148
149 if (wnp > npath && wnp[-1] == '/')
150 {
151 ++path;
152 continue;
153 }
154 }
155
156 *wnp++ = *path++;
157 }
158
159 if (wnp == npath || wnp[-1] != '/')
160 *wnp++ = '/';
161
162 const char *trun = system_dirs;
163
164 for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
165 {
166 if (wnp - npath >= system_dirs_len[idx]
167 && memcmp (trun, npath, system_dirs_len[idx]) == 0)
168 /* Found it. */
169 return true;
170
171 trun += system_dirs_len[idx] + 1;
172 }
173
174 return false;
175}
176
177/* Given a substring starting at INPUT, just after the DST '$' start
178 token, determine if INPUT contains DST token REF, following the
179 ELF gABI rules for DSTs:
180
181 * Longest possible sequence using the rules (greedy).
182
183 * Must start with a $ (enforced by caller).
184
185 * Must follow $ with one underscore or ASCII [A-Za-z] (caller
186 follows these rules for REF) or '{' (start curly quoted name).
187
188 * Must follow first two characters with zero or more [A-Za-z0-9_]
189 (enforced by caller) or '}' (end curly quoted name).
190
191 If the sequence is a DST matching REF then the length of the DST
192 (excluding the $ sign but including curly braces, if any) is
193 returned, otherwise 0. */
194static size_t
195is_dst (const char *input, const char *ref)
196{
197 bool is_curly = false;
198
199 /* Is a ${...} input sequence? */
200 if (input[0] == '{')
201 {
202 is_curly = true;
203 ++input;
204 }
205
206 /* Check for matching name, following closing curly brace (if
207 required), or trailing characters which are part of an
208 identifier. */
209 size_t rlen = strlen (ref);
210 if (strncmp (input, ref, rlen) != 0
211 || (is_curly && input[rlen] != '}')
212 || ((input[rlen] >= 'A' && input[rlen] <= 'Z')
213 || (input[rlen] >= 'a' && input[rlen] <= 'z')
214 || (input[rlen] >= '0' && input[rlen] <= '9')
215 || (input[rlen] == '_')))
216 return 0;
217
218 if (is_curly)
219 /* Count the two curly braces. */
220 return rlen + 2;
221 else
222 return rlen;
223}
224
225/* INPUT should be the start of a path e.g DT_RPATH or name e.g.
226 DT_NEEDED. The return value is the number of known DSTs found. We
227 count all known DSTs regardless of __libc_enable_secure; the caller
228 is responsible for enforcing the security of the substitution rules
229 (usually _dl_dst_substitute). */
230size_t
231_dl_dst_count (const char *input)
232{
233 size_t cnt = 0;
234
235 input = strchr (input, '$');
236
237 /* Most likely there is no DST. */
238 if (__glibc_likely (input == NULL))
239 return 0;
240
241 do
242 {
243 size_t len;
244
245 ++input;
246 /* All DSTs must follow ELF gABI rules, see is_dst (). */
247 if ((len = is_dst (input, "ORIGIN")) != 0
248 || (len = is_dst (input, "PLATFORM")) != 0
249 || (len = is_dst (input, "LIB")) != 0)
250 ++cnt;
251
252 /* There may be more than one DST in the input. */
253 input = strchr (input + len, '$');
254 }
255 while (input != NULL);
256
257 return cnt;
258}
259
260/* Process INPUT for DSTs and store in RESULT using the information
261 from link map L to resolve the DSTs. This function only handles one
262 path at a time and does not handle colon-separated path lists (see
263 fillin_rpath ()). Lastly the size of result in bytes should be at
264 least equal to the value returned by DL_DST_REQUIRED. Note that it
265 is possible for a DT_NEEDED, DT_AUXILIARY, and DT_FILTER entries to
266 have colons, but we treat those as literal colons here, not as path
267 list delimeters. */
268char *
269_dl_dst_substitute (struct link_map *l, const char *input, char *result)
270{
271 /* Copy character-by-character from input into the working pointer
272 looking for any DSTs. We track the start of input and if we are
273 going to check for trusted paths, all of which are part of $ORIGIN
274 handling in SUID/SGID cases (see below). In some cases, like when
275 a DST cannot be replaced, we may set result to an empty string and
276 return. */
277 char *wp = result;
278 const char *start = input;
279 bool check_for_trusted = false;
280
281 do
282 {
283 if (__glibc_unlikely (*input == '$'))
284 {
285 const char *repl = NULL;
286 size_t len;
287
288 ++input;
289 if ((len = is_dst (input, "ORIGIN")) != 0)
290 {
291 /* For SUID/GUID programs we normally ignore the path with
292 $ORIGIN in DT_RUNPATH, or DT_RPATH. However, there is
293 one exception to this rule, and it is:
294
295 * $ORIGIN appears as the first path element, and is
296 the only string in the path or is immediately
297 followed by a path separator and the rest of the
298 path,
299
300 and ...
301
302 * The path is rooted in a trusted directory.
303
304 This exception allows such programs to reference
305 shared libraries in subdirectories of trusted
306 directories. The use case is one of general
307 organization and deployment flexibility.
308 Trusted directories are usually such paths as "/lib64"
309 or "/usr/lib64", and the usual RPATHs take the form of
310 [$ORIGIN/../$LIB/somedir]. */
311 if (__glibc_unlikely (__libc_enable_secure)
312 && !(input == start + 1
313 && (input[len] == '\0' || input[len] == '/')))
314 repl = (const char *) -1;
315 else
316 repl = l->l_origin;
317
318 check_for_trusted = (__libc_enable_secure
319 && l->l_type == lt_executable);
320 }
321 else if ((len = is_dst (input, "PLATFORM")) != 0)
322 repl = GLRO(dl_platform);
323 else if ((len = is_dst (input, "LIB")) != 0)
324 repl = DL_DST_LIB;
325
326 if (repl != NULL && repl != (const char *) -1)
327 {
328 wp = __stpcpy (wp, repl);
329 input += len;
330 }
331 else if (len != 0)
332 {
333 /* We found a valid DST that we know about, but we could
334 not find a replacement value for it, therefore we
335 cannot use this path and discard it. */
336 *result = '\0';
337 return result;
338 }
339 else
340 /* No DST we recognize. */
341 *wp++ = '$';
342 }
343 else
344 {
345 *wp++ = *input++;
346 }
347 }
348 while (*input != '\0');
349
350 /* In SUID/SGID programs, after $ORIGIN expansion the normalized
351 path must be rooted in one of the trusted directories. The $LIB
352 and $PLATFORM DST cannot in any way be manipulated by the caller
353 because they are fixed values that are set by the dynamic loader
354 and therefore any paths using just $LIB or $PLATFORM need not be
355 checked for trust, the authors of the binaries themselves are
356 trusted to have designed this correctly. Only $ORIGIN is tested in
357 this way because it may be manipulated in some ways with hard
358 links. */
359 if (__glibc_unlikely (check_for_trusted)
360 && !is_trusted_path_normalize (result, wp - result))
361 {
362 *result = '\0';
363 return result;
364 }
365
366 *wp = '\0';
367
368 return result;
369}
370
371
372/* Return a malloc allocated copy of INPUT with all recognized DSTs
373 replaced. On some platforms it might not be possible to determine the
374 path from which the object belonging to the map is loaded. In this
375 case the path containing the DST is left out. On error NULL
376 is returned. */
377static char *
378expand_dynamic_string_token (struct link_map *l, const char *input)
379{
380 /* We make two runs over the string. First we determine how large the
381 resulting string is and then we copy it over. Since this is no
382 frequently executed operation we are looking here not for performance
383 but rather for code size. */
384 size_t cnt;
385 size_t total;
386 char *result;
387
388 /* Determine the number of DSTs. */
389 cnt = _dl_dst_count (input);
390
391 /* If we do not have to replace anything simply copy the string. */
392 if (__glibc_likely (cnt == 0))
393 return __strdup (input);
394
395 /* Determine the length of the substituted string. */
396 total = DL_DST_REQUIRED (l, input, strlen (input), cnt);
397
398 /* Allocate the necessary memory. */
399 result = (char *) malloc (total + 1);
400 if (result == NULL)
401 return NULL;
402
403 return _dl_dst_substitute (l, input, result);
404}
405
406
407/* Add `name' to the list of names for a particular shared object.
408 `name' is expected to have been allocated with malloc and will
409 be freed if the shared object already has this name.
410 Returns false if the object already had this name. */
411static void
412add_name_to_object (struct link_map *l, const char *name)
413{
414 struct libname_list *lnp, *lastp;
415 struct libname_list *newname;
416 size_t name_len;
417
418 lastp = NULL;
419 for (lnp = l->l_libname; lnp != NULL; lastp = lnp, lnp = lnp->next)
420 if (strcmp (name, lnp->name) == 0)
421 return;
422
423 name_len = strlen (name) + 1;
424 newname = (struct libname_list *) malloc (sizeof *newname + name_len);
425 if (newname == NULL)
426 {
427 /* No more memory. */
428 _dl_signal_error (ENOMEM, name, NULL, N_("cannot allocate name record"));
429 return;
430 }
431 /* The object should have a libname set from _dl_new_object. */
432 assert (lastp != NULL);
433
434 newname->name = memcpy (newname + 1, name, name_len);
435 newname->next = NULL;
436 newname->dont_free = 0;
437 lastp->next = newname;
438}
439
440/* Standard search directories. */
441static struct r_search_path_struct rtld_search_dirs attribute_relro;
442
443static size_t max_dirnamelen;
444
445static struct r_search_path_elem **
446fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
447 const char *what, const char *where, struct link_map *l)
448{
449 char *cp;
450 size_t nelems = 0;
451
452 while ((cp = __strsep (&rpath, sep)) != NULL)
453 {
454 struct r_search_path_elem *dirp;
455 char *to_free = NULL;
456 size_t len = 0;
457
458 /* `strsep' can pass an empty string. */
459 if (*cp != '\0')
460 {
461 to_free = cp = expand_dynamic_string_token (l, cp);
462
463 /* expand_dynamic_string_token can return NULL in case of empty
464 path or memory allocation failure. */
465 if (cp == NULL)
466 continue;
467
468 /* Compute the length after dynamic string token expansion and
469 ignore empty paths. */
470 len = strlen (cp);
471 if (len == 0)
472 {
473 free (to_free);
474 continue;
475 }
476
477 /* Remove trailing slashes (except for "/"). */
478 while (len > 1 && cp[len - 1] == '/')
479 --len;
480
481 /* Now add one if there is none so far. */
482 if (len > 0 && cp[len - 1] != '/')
483 cp[len++] = '/';
484 }
485
486 /* See if this directory is already known. */
487 for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
488 if (dirp->dirnamelen == len && memcmp (cp, dirp->dirname, len) == 0)
489 break;
490
491 if (dirp != NULL)
492 {
493 /* It is available, see whether it's on our own list. */
494 size_t cnt;
495 for (cnt = 0; cnt < nelems; ++cnt)
496 if (result[cnt] == dirp)
497 break;
498
499 if (cnt == nelems)
500 result[nelems++] = dirp;
501 }
502 else
503 {
504 size_t cnt;
505 enum r_dir_status init_val;
506 size_t where_len = where ? strlen (where) + 1 : 0;
507
508 /* It's a new directory. Create an entry and add it. */
509 dirp = (struct r_search_path_elem *)
510 malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status)
511 + where_len + len + 1);
512 if (dirp == NULL)
513 _dl_signal_error (ENOMEM, NULL, NULL,
514 N_("cannot create cache for search path"));
515
516 dirp->dirname = ((char *) dirp + sizeof (*dirp)
517 + ncapstr * sizeof (enum r_dir_status));
518 *((char *) __mempcpy ((char *) dirp->dirname, cp, len)) = '\0';
519 dirp->dirnamelen = len;
520
521 if (len > max_dirnamelen)
522 max_dirnamelen = len;
523
524 /* We have to make sure all the relative directories are
525 never ignored. The current directory might change and
526 all our saved information would be void. */
527 init_val = cp[0] != '/' ? existing : unknown;
528 for (cnt = 0; cnt < ncapstr; ++cnt)
529 dirp->status[cnt] = init_val;
530
531 dirp->what = what;
532 if (__glibc_likely (where != NULL))
533 dirp->where = memcpy ((char *) dirp + sizeof (*dirp) + len + 1
534 + (ncapstr * sizeof (enum r_dir_status)),
535 where, where_len);
536 else
537 dirp->where = NULL;
538
539 dirp->next = GL(dl_all_dirs);
540 GL(dl_all_dirs) = dirp;
541
542 /* Put it in the result array. */
543 result[nelems++] = dirp;
544 }
545 free (to_free);
546 }
547
548 /* Terminate the array. */
549 result[nelems] = NULL;
550
551 return result;
552}
553
554
555static bool
556decompose_rpath (struct r_search_path_struct *sps,
557 const char *rpath, struct link_map *l, const char *what)
558{
559 /* Make a copy we can work with. */
560 const char *where = l->l_name;
561 char *cp;
562 struct r_search_path_elem **result;
563 size_t nelems;
564 /* Initialize to please the compiler. */
565 const char *errstring = NULL;
566
567 /* First see whether we must forget the RUNPATH and RPATH from this
568 object. */
569 if (__glibc_unlikely (GLRO(dl_inhibit_rpath) != NULL)
570 && !__libc_enable_secure)
571 {
572 const char *inhp = GLRO(dl_inhibit_rpath);
573
574 do
575 {
576 const char *wp = where;
577
578 while (*inhp == *wp && *wp != '\0')
579 {
580 ++inhp;
581 ++wp;
582 }
583
584 if (*wp == '\0' && (*inhp == '\0' || *inhp == ':'))
585 {
586 /* This object is on the list of objects for which the
587 RUNPATH and RPATH must not be used. */
588 sps->dirs = (void *) -1;
589 return false;
590 }
591
592 while (*inhp != '\0')
593 if (*inhp++ == ':')
594 break;
595 }
596 while (*inhp != '\0');
597 }
598
599 /* Ignore empty rpaths. */
600 if (*rpath == '\0')
601 {
602 sps->dirs = (struct r_search_path_elem **) -1;
603 return false;
604 }
605
606 /* Make a writable copy. */
607 char *copy = __strdup (rpath);
608 if (copy == NULL)
609 {
610 errstring = N_("cannot create RUNPATH/RPATH copy");
611 goto signal_error;
612 }
613
614 /* Count the number of necessary elements in the result array. */
615 nelems = 0;
616 for (cp = copy; *cp != '\0'; ++cp)
617 if (*cp == ':')
618 ++nelems;
619
620 /* Allocate room for the result. NELEMS + 1 is an upper limit for the
621 number of necessary entries. */
622 result = (struct r_search_path_elem **) malloc ((nelems + 1 + 1)
623 * sizeof (*result));
624 if (result == NULL)
625 {
626 free (copy);
627 errstring = N_("cannot create cache for search path");
628 signal_error:
629 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
630 }
631
632 fillin_rpath (copy, result, ":", what, where, l);
633
634 /* Free the copied RPATH string. `fillin_rpath' make own copies if
635 necessary. */
636 free (copy);
637
638 /* There is no path after expansion. */
639 if (result[0] == NULL)
640 {
641 free (result);
642 sps->dirs = (struct r_search_path_elem **) -1;
643 return false;
644 }
645
646 sps->dirs = result;
647 /* The caller will change this value if we haven't used a real malloc. */
648 sps->malloced = 1;
649 return true;
650}
651
652/* Make sure cached path information is stored in *SP
653 and return true if there are any paths to search there. */
654static bool
655cache_rpath (struct link_map *l,
656 struct r_search_path_struct *sp,
657 int tag,
658 const char *what)
659{
660 if (sp->dirs == (void *) -1)
661 return false;
662
663 if (sp->dirs != NULL)
664 return true;
665
666 if (l->l_info[tag] == NULL)
667 {
668 /* There is no path. */
669 sp->dirs = (void *) -1;
670 return false;
671 }
672
673 /* Make sure the cache information is available. */
674 return decompose_rpath (sp, (const char *) (D_PTR (l, l_info[DT_STRTAB])
675 + l->l_info[tag]->d_un.d_val),
676 l, what);
677}
678
679
680void
681_dl_init_paths (const char *llp)
682{
683 size_t idx;
684 const char *strp;
685 struct r_search_path_elem *pelem, **aelem;
686 size_t round_size;
687 struct link_map __attribute__ ((unused)) *l = NULL;
688 /* Initialize to please the compiler. */
689 const char *errstring = NULL;
690
691 /* Fill in the information about the application's RPATH and the
692 directories addressed by the LD_LIBRARY_PATH environment variable. */
693
694 /* Get the capabilities. */
695 capstr = _dl_important_hwcaps (GLRO(dl_platform), GLRO(dl_platformlen),
696 &ncapstr, &max_capstrlen);
697
698 /* First set up the rest of the default search directory entries. */
699 aelem = rtld_search_dirs.dirs = (struct r_search_path_elem **)
700 malloc ((nsystem_dirs_len + 1) * sizeof (struct r_search_path_elem *));
701 if (rtld_search_dirs.dirs == NULL)
702 {
703 errstring = N_("cannot create search path array");
704 signal_error:
705 _dl_signal_error (ENOMEM, NULL, NULL, errstring);
706 }
707
708 round_size = ((2 * sizeof (struct r_search_path_elem) - 1
709 + ncapstr * sizeof (enum r_dir_status))
710 / sizeof (struct r_search_path_elem));
711
712 rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
713 * sizeof (*rtld_search_dirs.dirs[0]));
714 if (rtld_search_dirs.dirs[0] == NULL)
715 {
716 errstring = N_("cannot create cache for search path");
717 goto signal_error;
718 }
719
720 rtld_search_dirs.malloced = 0;
721 pelem = GL(dl_all_dirs) = rtld_search_dirs.dirs[0];
722 strp = system_dirs;
723 idx = 0;
724
725 do
726 {
727 size_t cnt;
728
729 *aelem++ = pelem;
730
731 pelem->what = "system search path";
732 pelem->where = NULL;
733
734 pelem->dirname = strp;
735 pelem->dirnamelen = system_dirs_len[idx];
736 strp += system_dirs_len[idx] + 1;
737
738 /* System paths must be absolute. */
739 assert (pelem->dirname[0] == '/');
740 for (cnt = 0; cnt < ncapstr; ++cnt)
741 pelem->status[cnt] = unknown;
742
743 pelem->next = (++idx == nsystem_dirs_len ? NULL : (pelem + round_size));
744
745 pelem += round_size;
746 }
747 while (idx < nsystem_dirs_len);
748
749 max_dirnamelen = SYSTEM_DIRS_MAX_LEN;
750 *aelem = NULL;
751
752#ifdef SHARED
753 /* This points to the map of the main object. */
754 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
755 if (l != NULL)
756 {
757 assert (l->l_type != lt_loaded);
758
759 if (l->l_info[DT_RUNPATH])
760 {
761 /* Allocate room for the search path and fill in information
762 from RUNPATH. */
763 decompose_rpath (&l->l_runpath_dirs,
764 (const void *) (D_PTR (l, l_info[DT_STRTAB])
765 + l->l_info[DT_RUNPATH]->d_un.d_val),
766 l, "RUNPATH");
767 /* During rtld init the memory is allocated by the stub malloc,
768 prevent any attempt to free it by the normal malloc. */
769 l->l_runpath_dirs.malloced = 0;
770
771 /* The RPATH is ignored. */
772 l->l_rpath_dirs.dirs = (void *) -1;
773 }
774 else
775 {
776 l->l_runpath_dirs.dirs = (void *) -1;
777
778 if (l->l_info[DT_RPATH])
779 {
780 /* Allocate room for the search path and fill in information
781 from RPATH. */
782 decompose_rpath (&l->l_rpath_dirs,
783 (const void *) (D_PTR (l, l_info[DT_STRTAB])
784 + l->l_info[DT_RPATH]->d_un.d_val),
785 l, "RPATH");
786 /* During rtld init the memory is allocated by the stub
787 malloc, prevent any attempt to free it by the normal
788 malloc. */
789 l->l_rpath_dirs.malloced = 0;
790 }
791 else
792 l->l_rpath_dirs.dirs = (void *) -1;
793 }
794 }
795#endif /* SHARED */
796
797 if (llp != NULL && *llp != '\0')
798 {
799 char *llp_tmp = strdupa (llp);
800
801 /* Decompose the LD_LIBRARY_PATH contents. First determine how many
802 elements it has. */
803 size_t nllp = 1;
804 for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
805 if (*cp == ':' || *cp == ';')
806 ++nllp;
807
808 env_path_list.dirs = (struct r_search_path_elem **)
809 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
810 if (env_path_list.dirs == NULL)
811 {
812 errstring = N_("cannot create cache for search path");
813 goto signal_error;
814 }
815
816 (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
817 "LD_LIBRARY_PATH", NULL, l);
818
819 if (env_path_list.dirs[0] == NULL)
820 {
821 free (env_path_list.dirs);
822 env_path_list.dirs = (void *) -1;
823 }
824
825 env_path_list.malloced = 0;
826 }
827 else
828 env_path_list.dirs = (void *) -1;
829}
830
831
832static void
833__attribute__ ((noreturn, noinline))
834lose (int code, int fd, const char *name, char *realname, struct link_map *l,
835 const char *msg, struct r_debug *r, Lmid_t nsid)
836{
837 /* The file might already be closed. */
838 if (fd != -1)
839 (void) __close_nocancel (fd);
840 if (l != NULL && l->l_origin != (char *) -1l)
841 free ((char *) l->l_origin);
842 free (l);
843 free (realname);
844
845 if (r != NULL)
846 {
847 r->r_state = RT_CONSISTENT;
848 _dl_debug_state ();
849 LIBC_PROBE (map_failed, 2, nsid, r);
850 }
851
852 _dl_signal_error (code, name, NULL, msg);
853}
854
855
856/* Process PT_GNU_PROPERTY program header PH in module L after
857 PT_LOAD segments are mapped. Only one NT_GNU_PROPERTY_TYPE_0
858 note is handled which contains processor specific properties. */
859
860void
861_dl_process_pt_gnu_property (struct link_map *l, const ElfW(Phdr) *ph)
862{
863 const ElfW(Nhdr) *note = (const void *) (ph->p_vaddr + l->l_addr);
864 const ElfW(Addr) size = ph->p_memsz;
865 const ElfW(Addr) align = ph->p_align;
866
867 /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes in
868 32-bit objects and to 8 bytes in 64-bit objects. Skip notes
869 with incorrect alignment. */
870 if (align != (__ELF_NATIVE_CLASS / 8))
871 return;
872
873 const ElfW(Addr) start = (ElfW(Addr)) note;
874 unsigned int last_type = 0;
875
876 while ((ElfW(Addr)) (note + 1) - start < size)
877 {
878 /* Find the NT_GNU_PROPERTY_TYPE_0 note. */
879 if (note->n_namesz == 4
880 && note->n_type == NT_GNU_PROPERTY_TYPE_0
881 && memcmp (note + 1, "GNU", 4) == 0)
882 {
883 /* Check for invalid property. */
884 if (note->n_descsz < 8
885 || (note->n_descsz % sizeof (ElfW(Addr))) != 0)
886 return;
887
888 /* Start and end of property array. */
889 unsigned char *ptr = (unsigned char *) (note + 1) + 4;
890 unsigned char *ptr_end = ptr + note->n_descsz;
891
892 do
893 {
894 unsigned int type = *(unsigned int *) ptr;
895 unsigned int datasz = *(unsigned int *) (ptr + 4);
896
897 /* Property type must be in ascending order. */
898 if (type < last_type)
899 return;
900
901 ptr += 8;
902 if ((ptr + datasz) > ptr_end)
903 return;
904
905 last_type = type;
906
907 /* Target specific property processing. */
908 if (_dl_process_gnu_property (l, type, datasz, ptr) == 0)
909 return;
910
911 /* Check the next property item. */
912 ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr)));
913 }
914 while ((ptr_end - ptr) >= 8);
915
916 /* Only handle one NT_GNU_PROPERTY_TYPE_0. */
917 return;
918 }
919
920 note = ((const void *) note
921 + ELF_NOTE_NEXT_OFFSET (note->n_namesz, note->n_descsz,
922 align));
923 }
924}
925
926
927/* Map in the shared object NAME, actually located in REALNAME, and already
928 opened on FD. */
929
930#ifndef EXTERNAL_MAP_FROM_FD
931static
932#endif
933struct link_map *
934_dl_map_object_from_fd (const char *name, const char *origname, int fd,
935 struct filebuf *fbp, char *realname,
936 struct link_map *loader, int l_type, int mode,
937 void **stack_endp, Lmid_t nsid)
938{
939 struct link_map *l = NULL;
940 const ElfW(Ehdr) *header;
941 const ElfW(Phdr) *phdr;
942 const ElfW(Phdr) *ph;
943 size_t maplength;
944 int type;
945 /* Initialize to keep the compiler happy. */
946 const char *errstring = NULL;
947 int errval = 0;
948 struct r_debug *r = _dl_debug_initialize (0, nsid);
949 bool make_consistent = false;
950
951 /* Get file information. To match the kernel behavior, do not fill
952 in this information for the executable in case of an explicit
953 loader invocation. */
954 struct r_file_id id;
955 if (mode & __RTLD_OPENEXEC)
956 {
957 assert (nsid == LM_ID_BASE);
958 memset (&id, 0, sizeof (id));
959 }
960 else
961 {
962 if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
963 {
964 errstring = N_("cannot stat shared object");
965 call_lose_errno:
966 errval = errno;
967 call_lose:
968 lose (errval, fd, name, realname, l, errstring,
969 make_consistent ? r : NULL, nsid);
970 }
971
972 /* Look again to see if the real name matched another already loaded. */
973 for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next)
974 if (!l->l_removed && _dl_file_id_match_p (&l->l_file_id, &id))
975 {
976 /* The object is already loaded.
977 Just bump its reference count and return it. */
978 __close_nocancel (fd);
979
980 /* If the name is not in the list of names for this object add
981 it. */
982 free (realname);
983 add_name_to_object (l, name);
984
985 return l;
986 }
987 }
988
989#ifdef SHARED
990 /* When loading into a namespace other than the base one we must
991 avoid loading ld.so since there can only be one copy. Ever. */
992 if (__glibc_unlikely (nsid != LM_ID_BASE)
993 && (_dl_file_id_match_p (&id, &GL(dl_rtld_map).l_file_id)
994 || _dl_name_match_p (name, &GL(dl_rtld_map))))
995 {
996 /* This is indeed ld.so. Create a new link_map which refers to
997 the real one for almost everything. */
998 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
999 if (l == NULL)
1000 goto fail_new;
1001
1002 /* Refer to the real descriptor. */
1003 l->l_real = &GL(dl_rtld_map);
1004
1005 /* No need to bump the refcount of the real object, ld.so will
1006 never be unloaded. */
1007 __close_nocancel (fd);
1008
1009 /* Add the map for the mirrored object to the object list. */
1010 _dl_add_to_namespace_list (l, nsid);
1011
1012 return l;
1013 }
1014#endif
1015
1016 if (mode & RTLD_NOLOAD)
1017 {
1018 /* We are not supposed to load the object unless it is already
1019 loaded. So return now. */
1020 free (realname);
1021 __close_nocancel (fd);
1022 return NULL;
1023 }
1024
1025 /* Print debugging message. */
1026 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1027 _dl_debug_printf ("file=%s [%lu]; generating link map\n", name, nsid);
1028
1029 /* This is the ELF header. We read it in `open_verify'. */
1030 header = (void *) fbp->buf;
1031
1032 /* Signal that we are going to add new objects. */
1033 if (r->r_state == RT_CONSISTENT)
1034 {
1035#ifdef SHARED
1036 /* Auditing checkpoint: we are going to add new objects. */
1037 if ((mode & __RTLD_AUDIT) == 0
1038 && __glibc_unlikely (GLRO(dl_naudit) > 0))
1039 {
1040 struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
1041 /* Do not call the functions for any auditing object. */
1042 if (head->l_auditing == 0)
1043 {
1044 struct audit_ifaces *afct = GLRO(dl_audit);
1045 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1046 {
1047 if (afct->activity != NULL)
1048 afct->activity (&link_map_audit_state (head, cnt)->cookie,
1049 LA_ACT_ADD);
1050
1051 afct = afct->next;
1052 }
1053 }
1054 }
1055#endif
1056
1057 /* Notify the debugger we have added some objects. We need to
1058 call _dl_debug_initialize in a static program in case dynamic
1059 linking has not been used before. */
1060 r->r_state = RT_ADD;
1061 _dl_debug_state ();
1062 LIBC_PROBE (map_start, 2, nsid, r);
1063 make_consistent = true;
1064 }
1065 else
1066 assert (r->r_state == RT_ADD);
1067
1068 /* Enter the new object in the list of loaded objects. */
1069 l = _dl_new_object (realname, name, l_type, loader, mode, nsid);
1070 if (__glibc_unlikely (l == NULL))
1071 {
1072#ifdef SHARED
1073 fail_new:
1074#endif
1075 errstring = N_("cannot create shared object descriptor");
1076 goto call_lose_errno;
1077 }
1078
1079 /* Extract the remaining details we need from the ELF header
1080 and then read in the program header table. */
1081 l->l_entry = header->e_entry;
1082 type = header->e_type;
1083 l->l_phnum = header->e_phnum;
1084
1085 maplength = header->e_phnum * sizeof (ElfW(Phdr));
1086 if (header->e_phoff + maplength <= (size_t) fbp->len)
1087 phdr = (void *) (fbp->buf + header->e_phoff);
1088 else
1089 {
1090 phdr = alloca (maplength);
1091 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1092 header->e_phoff) != maplength)
1093 {
1094 errstring = N_("cannot read file data");
1095 goto call_lose_errno;
1096 }
1097 }
1098
1099 /* On most platforms presume that PT_GNU_STACK is absent and the stack is
1100 * executable. Other platforms default to a nonexecutable stack and don't
1101 * need PT_GNU_STACK to do so. */
1102 uint_fast16_t stack_flags = DEFAULT_STACK_PERMS;
1103
1104 {
1105 /* Scan the program header table, collecting its load commands. */
1106 struct loadcmd loadcmds[l->l_phnum];
1107 size_t nloadcmds = 0;
1108 bool has_holes = false;
1109
1110 /* The struct is initialized to zero so this is not necessary:
1111 l->l_ld = 0;
1112 l->l_phdr = 0;
1113 l->l_addr = 0; */
1114 for (ph = phdr; ph < &phdr[l->l_phnum]; ++ph)
1115 switch (ph->p_type)
1116 {
1117 /* These entries tell us where to find things once the file's
1118 segments are mapped in. We record the addresses it says
1119 verbatim, and later correct for the run-time load address. */
1120 case PT_DYNAMIC:
1121 if (ph->p_filesz)
1122 {
1123 /* Debuginfo only files from "objcopy --only-keep-debug"
1124 contain a PT_DYNAMIC segment with p_filesz == 0. Skip
1125 such a segment to avoid a crash later. */
1126 l->l_ld = (void *) ph->p_vaddr;
1127 l->l_ldnum = ph->p_memsz / sizeof (ElfW(Dyn));
1128 }
1129 break;
1130
1131 case PT_PHDR:
1132 l->l_phdr = (void *) ph->p_vaddr;
1133 break;
1134
1135 case PT_LOAD:
1136 /* A load command tells us to map in part of the file.
1137 We record the load commands and process them all later. */
1138 if (__glibc_unlikely ((ph->p_align & (GLRO(dl_pagesize) - 1)) != 0))
1139 {
1140 errstring = N_("ELF load command alignment not page-aligned");
1141 goto call_lose;
1142 }
1143 if (__glibc_unlikely (((ph->p_vaddr - ph->p_offset)
1144 & (ph->p_align - 1)) != 0))
1145 {
1146 errstring
1147 = N_("ELF load command address/offset not properly aligned");
1148 goto call_lose;
1149 }
1150
1151 struct loadcmd *c = &loadcmds[nloadcmds++];
1152 c->mapstart = ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
1153 c->mapend = ALIGN_UP (ph->p_vaddr + ph->p_filesz, GLRO(dl_pagesize));
1154 c->dataend = ph->p_vaddr + ph->p_filesz;
1155 c->allocend = ph->p_vaddr + ph->p_memsz;
1156 c->mapoff = ALIGN_DOWN (ph->p_offset, GLRO(dl_pagesize));
1157
1158 /* Determine whether there is a gap between the last segment
1159 and this one. */
1160 if (nloadcmds > 1 && c[-1].mapend != c->mapstart)
1161 has_holes = true;
1162
1163 /* Optimize a common case. */
1164#if (PF_R | PF_W | PF_X) == 7 && (PROT_READ | PROT_WRITE | PROT_EXEC) == 7
1165 c->prot = (PF_TO_PROT
1166 >> ((ph->p_flags & (PF_R | PF_W | PF_X)) * 4)) & 0xf;
1167#else
1168 c->prot = 0;
1169 if (ph->p_flags & PF_R)
1170 c->prot |= PROT_READ;
1171 if (ph->p_flags & PF_W)
1172 c->prot |= PROT_WRITE;
1173 if (ph->p_flags & PF_X)
1174 c->prot |= PROT_EXEC;
1175#endif
1176 break;
1177
1178 case PT_TLS:
1179 if (ph->p_memsz == 0)
1180 /* Nothing to do for an empty segment. */
1181 break;
1182
1183 l->l_tls_blocksize = ph->p_memsz;
1184 l->l_tls_align = ph->p_align;
1185 if (ph->p_align == 0)
1186 l->l_tls_firstbyte_offset = 0;
1187 else
1188 l->l_tls_firstbyte_offset = ph->p_vaddr & (ph->p_align - 1);
1189 l->l_tls_initimage_size = ph->p_filesz;
1190 /* Since we don't know the load address yet only store the
1191 offset. We will adjust it later. */
1192 l->l_tls_initimage = (void *) ph->p_vaddr;
1193
1194 /* l->l_tls_modid is assigned below, once there is no
1195 possibility for failure. */
1196
1197 if (l->l_type != lt_library
1198 && GL(dl_tls_dtv_slotinfo_list) == NULL)
1199 {
1200#ifdef SHARED
1201 /* We are loading the executable itself when the dynamic
1202 linker was executed directly. The setup will happen
1203 later. */
1204 assert (l->l_prev == NULL || (mode & __RTLD_AUDIT) != 0);
1205#else
1206 assert (false && "TLS not initialized in static application");
1207#endif
1208 }
1209 break;
1210
1211 case PT_GNU_STACK:
1212 stack_flags = ph->p_flags;
1213 break;
1214
1215 case PT_GNU_RELRO:
1216 l->l_relro_addr = ph->p_vaddr;
1217 l->l_relro_size = ph->p_memsz;
1218 break;
1219 }
1220
1221 if (__glibc_unlikely (nloadcmds == 0))
1222 {
1223 /* This only happens for a bogus object that will be caught with
1224 another error below. But we don't want to go through the
1225 calculations below using NLOADCMDS - 1. */
1226 errstring = N_("object file has no loadable segments");
1227 goto call_lose;
1228 }
1229
1230 /* dlopen of an executable is not valid because it is not possible
1231 to perform proper relocations, handle static TLS, or run the
1232 ELF constructors. For PIE, the check needs the dynamic
1233 section, so there is another check below. */
1234 if (__glibc_unlikely (type != ET_DYN)
1235 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))
1236 {
1237 /* This object is loaded at a fixed address. This must never
1238 happen for objects loaded with dlopen. */
1239 errstring = N_("cannot dynamically load executable");
1240 goto call_lose;
1241 }
1242
1243 /* Length of the sections to be loaded. */
1244 maplength = loadcmds[nloadcmds - 1].allocend - loadcmds[0].mapstart;
1245
1246 /* Now process the load commands and map segments into memory.
1247 This is responsible for filling in:
1248 l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
1249 */
1250 errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
1251 maplength, has_holes, loader);
1252 if (__glibc_unlikely (errstring != NULL))
1253 goto call_lose;
1254
1255 /* Process program headers again after load segments are mapped in
1256 case processing requires accessing those segments. Scan program
1257 headers backward so that PT_NOTE can be skipped if PT_GNU_PROPERTY
1258 exits. */
1259 for (ph = &phdr[l->l_phnum]; ph != phdr; --ph)
1260 switch (ph[-1].p_type)
1261 {
1262 case PT_NOTE:
1263 _dl_process_pt_note (l, &ph[-1]);
1264 break;
1265 case PT_GNU_PROPERTY:
1266 _dl_process_pt_gnu_property (l, &ph[-1]);
1267 break;
1268 }
1269 }
1270
1271 if (l->l_ld == 0)
1272 {
1273 if (__glibc_unlikely (type == ET_DYN))
1274 {
1275 errstring = N_("object file has no dynamic section");
1276 goto call_lose;
1277 }
1278 }
1279 else
1280 l->l_ld = (ElfW(Dyn) *) ((ElfW(Addr)) l->l_ld + l->l_addr);
1281
1282 elf_get_dynamic_info (l, NULL);
1283
1284 /* Make sure we are not dlopen'ing an object that has the
1285 DF_1_NOOPEN flag set, or a PIE object. */
1286 if ((__glibc_unlikely (l->l_flags_1 & DF_1_NOOPEN)
1287 && (mode & __RTLD_DLOPEN))
1288 || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE)
1289 && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0)))
1290 {
1291 /* We are not supposed to load this object. Free all resources. */
1292 _dl_unmap_segments (l);
1293
1294 if (!l->l_libname->dont_free)
1295 free (l->l_libname);
1296
1297 if (l->l_phdr_allocated)
1298 free ((void *) l->l_phdr);
1299
1300 if (l->l_flags_1 & DF_1_PIE)
1301 errstring
1302 = N_("cannot dynamically load position-independent executable");
1303 else
1304 errstring = N_("shared object cannot be dlopen()ed");
1305 goto call_lose;
1306 }
1307
1308 if (l->l_phdr == NULL)
1309 {
1310 /* The program header is not contained in any of the segments.
1311 We have to allocate memory ourself and copy it over from out
1312 temporary place. */
1313 ElfW(Phdr) *newp = (ElfW(Phdr) *) malloc (header->e_phnum
1314 * sizeof (ElfW(Phdr)));
1315 if (newp == NULL)
1316 {
1317 errstring = N_("cannot allocate memory for program header");
1318 goto call_lose_errno;
1319 }
1320
1321 l->l_phdr = memcpy (newp, phdr,
1322 (header->e_phnum * sizeof (ElfW(Phdr))));
1323 l->l_phdr_allocated = 1;
1324 }
1325 else
1326 /* Adjust the PT_PHDR value by the runtime load address. */
1327 l->l_phdr = (ElfW(Phdr) *) ((ElfW(Addr)) l->l_phdr + l->l_addr);
1328
1329 if (__glibc_unlikely ((stack_flags &~ GL(dl_stack_flags)) & PF_X))
1330 {
1331 /* The stack is presently not executable, but this module
1332 requires that it be executable. We must change the
1333 protection of the variable which contains the flags used in
1334 the mprotect calls. */
1335#ifdef SHARED
1336 if ((mode & (__RTLD_DLOPEN | __RTLD_AUDIT)) == __RTLD_DLOPEN)
1337 {
1338 const uintptr_t p = (uintptr_t) &__stack_prot & -GLRO(dl_pagesize);
1339 const size_t s = (uintptr_t) (&__stack_prot + 1) - p;
1340
1341 struct link_map *const m = &GL(dl_rtld_map);
1342 const uintptr_t relro_end = ((m->l_addr + m->l_relro_addr
1343 + m->l_relro_size)
1344 & -GLRO(dl_pagesize));
1345 if (__glibc_likely (p + s <= relro_end))
1346 {
1347 /* The variable lies in the region protected by RELRO. */
1348 if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
1349 {
1350 errstring = N_("cannot change memory protections");
1351 goto call_lose_errno;
1352 }
1353 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1354 __mprotect ((void *) p, s, PROT_READ);
1355 }
1356 else
1357 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1358 }
1359 else
1360#endif
1361 __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
1362
1363#ifdef check_consistency
1364 check_consistency ();
1365#endif
1366
1367 errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
1368 if (errval)
1369 {
1370 errstring = N_("\
1371cannot enable executable stack as shared object requires");
1372 goto call_lose;
1373 }
1374 }
1375
1376 /* Adjust the address of the TLS initialization image. */
1377 if (l->l_tls_initimage != NULL)
1378 l->l_tls_initimage = (char *) l->l_tls_initimage + l->l_addr;
1379
1380 /* We are done mapping in the file. We no longer need the descriptor. */
1381 if (__glibc_unlikely (__close_nocancel (fd) != 0))
1382 {
1383 errstring = N_("cannot close file descriptor");
1384 goto call_lose_errno;
1385 }
1386 /* Signal that we closed the file. */
1387 fd = -1;
1388
1389 /* If this is ET_EXEC, we should have loaded it as lt_executable. */
1390 assert (type != ET_EXEC || l->l_type == lt_executable);
1391
1392 l->l_entry += l->l_addr;
1393
1394 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
1395 _dl_debug_printf ("\
1396 dynamic: 0x%0*lx base: 0x%0*lx size: 0x%0*Zx\n\
1397 entry: 0x%0*lx phdr: 0x%0*lx phnum: %*u\n\n",
1398 (int) sizeof (void *) * 2,
1399 (unsigned long int) l->l_ld,
1400 (int) sizeof (void *) * 2,
1401 (unsigned long int) l->l_addr,
1402 (int) sizeof (void *) * 2, maplength,
1403 (int) sizeof (void *) * 2,
1404 (unsigned long int) l->l_entry,
1405 (int) sizeof (void *) * 2,
1406 (unsigned long int) l->l_phdr,
1407 (int) sizeof (void *) * 2, l->l_phnum);
1408
1409 /* Set up the symbol hash table. */
1410 _dl_setup_hash (l);
1411
1412 /* If this object has DT_SYMBOLIC set modify now its scope. We don't
1413 have to do this for the main map. */
1414 if ((mode & RTLD_DEEPBIND) == 0
1415 && __glibc_unlikely (l->l_info[DT_SYMBOLIC] != NULL)
1416 && &l->l_searchlist != l->l_scope[0])
1417 {
1418 /* Create an appropriate searchlist. It contains only this map.
1419 This is the definition of DT_SYMBOLIC in SysVr4. */
1420 l->l_symbolic_searchlist.r_list[0] = l;
1421 l->l_symbolic_searchlist.r_nlist = 1;
1422
1423 /* Now move the existing entries one back. */
1424 memmove (&l->l_scope[1], &l->l_scope[0],
1425 (l->l_scope_max - 1) * sizeof (l->l_scope[0]));
1426
1427 /* Now add the new entry. */
1428 l->l_scope[0] = &l->l_symbolic_searchlist;
1429 }
1430
1431 /* Remember whether this object must be initialized first. */
1432 if (l->l_flags_1 & DF_1_INITFIRST)
1433 GL(dl_initfirst) = l;
1434
1435 /* Finally the file information. */
1436 l->l_file_id = id;
1437
1438#ifdef SHARED
1439 /* When auditing is used the recorded names might not include the
1440 name by which the DSO is actually known. Add that as well. */
1441 if (__glibc_unlikely (origname != NULL))
1442 add_name_to_object (l, origname);
1443#else
1444 /* Audit modules only exist when linking is dynamic so ORIGNAME
1445 cannot be non-NULL. */
1446 assert (origname == NULL);
1447#endif
1448
1449 /* When we profile the SONAME might be needed for something else but
1450 loading. Add it right away. */
1451 if (__glibc_unlikely (GLRO(dl_profile) != NULL)
1452 && l->l_info[DT_SONAME] != NULL)
1453 add_name_to_object (l, ((const char *) D_PTR (l, l_info[DT_STRTAB])
1454 + l->l_info[DT_SONAME]->d_un.d_val));
1455
1456 /* If we have newly loaded libc.so, update the namespace
1457 description. */
1458 if (GL(dl_ns)[nsid].libc_map == NULL
1459 && l->l_info[DT_SONAME] != NULL
1460 && strcmp (((const char *) D_PTR (l, l_info[DT_STRTAB])
1461 + l->l_info[DT_SONAME]->d_un.d_val), LIBC_SO) == 0)
1462 GL(dl_ns)[nsid].libc_map = l;
1463
1464 /* _dl_close can only eventually undo the module ID assignment (via
1465 remove_slotinfo) if this function returns a pointer to a link
1466 map. Therefore, delay this step until all possibilities for
1467 failure have been excluded. */
1468 if (l->l_tls_blocksize > 0
1469 && (__glibc_likely (l->l_type == lt_library)
1470 /* If GL(dl_tls_dtv_slotinfo_list) == NULL, then rtld.c did
1471 not set up TLS data structures, so don't use them now. */
1472 || __glibc_likely (GL(dl_tls_dtv_slotinfo_list) != NULL)))
1473 /* Assign the next available module ID. */
1474 l->l_tls_modid = _dl_next_tls_modid ();
1475
1476#ifdef DL_AFTER_LOAD
1477 DL_AFTER_LOAD (l);
1478#endif
1479
1480 /* Now that the object is fully initialized add it to the object list. */
1481 _dl_add_to_namespace_list (l, nsid);
1482
1483#ifdef SHARED
1484 /* Auditing checkpoint: we have a new object. */
1485 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
1486 && !GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing)
1487 {
1488 struct audit_ifaces *afct = GLRO(dl_audit);
1489 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1490 {
1491 if (afct->objopen != NULL)
1492 {
1493 struct auditstate *state = link_map_audit_state (l, cnt);
1494 state->bindflags = afct->objopen (l, nsid, &state->cookie);
1495 l->l_audit_any_plt |= state->bindflags != 0;
1496 }
1497
1498 afct = afct->next;
1499 }
1500 }
1501#endif
1502
1503 return l;
1504}
1505
1506/* Print search path. */
1507static void
1508print_search_path (struct r_search_path_elem **list,
1509 const char *what, const char *name)
1510{
1511 char buf[max_dirnamelen + max_capstrlen];
1512 int first = 1;
1513
1514 _dl_debug_printf (" search path=");
1515
1516 while (*list != NULL && (*list)->what == what) /* Yes, ==. */
1517 {
1518 char *endp = __mempcpy (buf, (*list)->dirname, (*list)->dirnamelen);
1519 size_t cnt;
1520
1521 for (cnt = 0; cnt < ncapstr; ++cnt)
1522 if ((*list)->status[cnt] != nonexisting)
1523 {
1524 char *cp = __mempcpy (endp, capstr[cnt].str, capstr[cnt].len);
1525 if (cp == buf || (cp == buf + 1 && buf[0] == '/'))
1526 cp[0] = '\0';
1527 else
1528 cp[-1] = '\0';
1529
1530 _dl_debug_printf_c (first ? "%s" : ":%s", buf);
1531 first = 0;
1532 }
1533
1534 ++list;
1535 }
1536
1537 if (name != NULL)
1538 _dl_debug_printf_c ("\t\t(%s from file %s)\n", what,
1539 DSO_FILENAME (name));
1540 else
1541 _dl_debug_printf_c ("\t\t(%s)\n", what);
1542}
1543
1544/* Open a file and verify it is an ELF file for this architecture. We
1545 ignore only ELF files for other architectures. Non-ELF files and
1546 ELF files with different header information cause fatal errors since
1547 this could mean there is something wrong in the installation and the
1548 user might want to know about this.
1549
1550 If FD is not -1, then the file is already open and FD refers to it.
1551 In that case, FD is consumed for both successful and error returns. */
1552static int
1553open_verify (const char *name, int fd,
1554 struct filebuf *fbp, struct link_map *loader,
1555 int whatcode, int mode, bool *found_other_class, bool free_name)
1556{
1557 /* This is the expected ELF header. */
1558#define ELF32_CLASS ELFCLASS32
1559#define ELF64_CLASS ELFCLASS64
1560#ifndef VALID_ELF_HEADER
1561# define VALID_ELF_HEADER(hdr,exp,size) (memcmp (hdr, exp, size) == 0)
1562# define VALID_ELF_OSABI(osabi) (osabi == ELFOSABI_SYSV)
1563# define VALID_ELF_ABIVERSION(osabi,ver) (ver == 0)
1564#elif defined MORE_ELF_HEADER_DATA
1565 MORE_ELF_HEADER_DATA;
1566#endif
1567 static const unsigned char expected[EI_NIDENT] =
1568 {
1569 [EI_MAG0] = ELFMAG0,
1570 [EI_MAG1] = ELFMAG1,
1571 [EI_MAG2] = ELFMAG2,
1572 [EI_MAG3] = ELFMAG3,
1573 [EI_CLASS] = ELFW(CLASS),
1574 [EI_DATA] = byteorder,
1575 [EI_VERSION] = EV_CURRENT,
1576 [EI_OSABI] = ELFOSABI_SYSV,
1577 [EI_ABIVERSION] = 0
1578 };
1579 static const struct
1580 {
1581 ElfW(Word) vendorlen;
1582 ElfW(Word) datalen;
1583 ElfW(Word) type;
1584 char vendor[4];
1585 } expected_note = { 4, 16, 1, "GNU" };
1586 /* Initialize it to make the compiler happy. */
1587 const char *errstring = NULL;
1588 int errval = 0;
1589
1590#ifdef SHARED
1591 /* Give the auditing libraries a chance. */
1592 if (__glibc_unlikely (GLRO(dl_naudit) > 0) && whatcode != 0
1593 && loader->l_auditing == 0)
1594 {
1595 const char *original_name = name;
1596 struct audit_ifaces *afct = GLRO(dl_audit);
1597 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
1598 {
1599 if (afct->objsearch != NULL)
1600 {
1601 struct auditstate *state = link_map_audit_state (loader, cnt);
1602 name = afct->objsearch (name, &state->cookie, whatcode);
1603 if (name == NULL)
1604 /* Ignore the path. */
1605 return -1;
1606 }
1607
1608 afct = afct->next;
1609 }
1610
1611 if (fd != -1 && name != original_name && strcmp (name, original_name))
1612 {
1613 /* An audit library changed what we're supposed to open,
1614 so FD no longer matches it. */
1615 __close_nocancel (fd);
1616 fd = -1;
1617 }
1618 }
1619#endif
1620
1621 if (fd == -1)
1622 /* Open the file. We always open files read-only. */
1623 fd = __open64_nocancel (name, O_RDONLY | O_CLOEXEC);
1624
1625 if (fd != -1)
1626 {
1627 ElfW(Ehdr) *ehdr;
1628 ElfW(Phdr) *phdr, *ph;
1629 ElfW(Word) *abi_note;
1630 ElfW(Word) *abi_note_malloced = NULL;
1631 unsigned int osversion;
1632 size_t maplength;
1633
1634 /* We successfully opened the file. Now verify it is a file
1635 we can use. */
1636 __set_errno (0);
1637 fbp->len = 0;
1638 assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1639 /* Read in the header. */
1640 do
1641 {
1642 ssize_t retlen = __read_nocancel (fd, fbp->buf + fbp->len,
1643 sizeof (fbp->buf) - fbp->len);
1644 if (retlen <= 0)
1645 break;
1646 fbp->len += retlen;
1647 }
1648 while (__glibc_unlikely (fbp->len < sizeof (ElfW(Ehdr))));
1649
1650 /* This is where the ELF header is loaded. */
1651 ehdr = (ElfW(Ehdr) *) fbp->buf;
1652
1653 /* Now run the tests. */
1654 if (__glibc_unlikely (fbp->len < (ssize_t) sizeof (ElfW(Ehdr))))
1655 {
1656 errval = errno;
1657 errstring = (errval == 0
1658 ? N_("file too short") : N_("cannot read file data"));
1659 call_lose:
1660 if (free_name)
1661 {
1662 char *realname = (char *) name;
1663 name = strdupa (realname);
1664 free (realname);
1665 }
1666 lose (errval, fd, name, NULL, NULL, errstring, NULL, 0);
1667 }
1668
1669 /* See whether the ELF header is what we expect. */
1670 if (__glibc_unlikely (! VALID_ELF_HEADER (ehdr->e_ident, expected,
1671 EI_ABIVERSION)
1672 || !VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1673 ehdr->e_ident[EI_ABIVERSION])
1674 || memcmp (&ehdr->e_ident[EI_PAD],
1675 &expected[EI_PAD],
1676 EI_NIDENT - EI_PAD) != 0))
1677 {
1678 /* Something is wrong. */
1679 const Elf32_Word *magp = (const void *) ehdr->e_ident;
1680 if (*magp !=
1681#if BYTE_ORDER == LITTLE_ENDIAN
1682 ((ELFMAG0 << (EI_MAG0 * 8))
1683 | (ELFMAG1 << (EI_MAG1 * 8))
1684 | (ELFMAG2 << (EI_MAG2 * 8))
1685 | (ELFMAG3 << (EI_MAG3 * 8)))
1686#else
1687 ((ELFMAG0 << (EI_MAG3 * 8))
1688 | (ELFMAG1 << (EI_MAG2 * 8))
1689 | (ELFMAG2 << (EI_MAG1 * 8))
1690 | (ELFMAG3 << (EI_MAG0 * 8)))
1691#endif
1692 )
1693 errstring = N_("invalid ELF header");
1694 else if (ehdr->e_ident[EI_CLASS] != ELFW(CLASS))
1695 {
1696 /* This is not a fatal error. On architectures where
1697 32-bit and 64-bit binaries can be run this might
1698 happen. */
1699 *found_other_class = true;
1700 goto close_and_out;
1701 }
1702 else if (ehdr->e_ident[EI_DATA] != byteorder)
1703 {
1704 if (BYTE_ORDER == BIG_ENDIAN)
1705 errstring = N_("ELF file data encoding not big-endian");
1706 else
1707 errstring = N_("ELF file data encoding not little-endian");
1708 }
1709 else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
1710 errstring
1711 = N_("ELF file version ident does not match current one");
1712 /* XXX We should be able so set system specific versions which are
1713 allowed here. */
1714 else if (!VALID_ELF_OSABI (ehdr->e_ident[EI_OSABI]))
1715 errstring = N_("ELF file OS ABI invalid");
1716 else if (!VALID_ELF_ABIVERSION (ehdr->e_ident[EI_OSABI],
1717 ehdr->e_ident[EI_ABIVERSION]))
1718 errstring = N_("ELF file ABI version invalid");
1719 else if (memcmp (&ehdr->e_ident[EI_PAD], &expected[EI_PAD],
1720 EI_NIDENT - EI_PAD) != 0)
1721 errstring = N_("nonzero padding in e_ident");
1722 else
1723 /* Otherwise we don't know what went wrong. */
1724 errstring = N_("internal error");
1725
1726 goto call_lose;
1727 }
1728
1729 if (__glibc_unlikely (ehdr->e_version != EV_CURRENT))
1730 {
1731 errstring = N_("ELF file version does not match current one");
1732 goto call_lose;
1733 }
1734 if (! __glibc_likely (elf_machine_matches_host (ehdr)))
1735 goto close_and_out;
1736 else if (__glibc_unlikely (ehdr->e_type != ET_DYN
1737 && ehdr->e_type != ET_EXEC))
1738 {
1739 errstring = N_("only ET_DYN and ET_EXEC can be loaded");
1740 goto call_lose;
1741 }
1742 else if (__glibc_unlikely (ehdr->e_phentsize != sizeof (ElfW(Phdr))))
1743 {
1744 errstring = N_("ELF file's phentsize not the expected size");
1745 goto call_lose;
1746 }
1747
1748 maplength = ehdr->e_phnum * sizeof (ElfW(Phdr));
1749 if (ehdr->e_phoff + maplength <= (size_t) fbp->len)
1750 phdr = (void *) (fbp->buf + ehdr->e_phoff);
1751 else
1752 {
1753 phdr = alloca (maplength);
1754 if ((size_t) __pread64_nocancel (fd, (void *) phdr, maplength,
1755 ehdr->e_phoff) != maplength)
1756 {
1757 read_error:
1758 errval = errno;
1759 errstring = N_("cannot read file data");
1760 goto call_lose;
1761 }
1762 }
1763
1764 if (__glibc_unlikely (elf_machine_reject_phdr_p
1765 (phdr, ehdr->e_phnum, fbp->buf, fbp->len,
1766 loader, fd)))
1767 goto close_and_out;
1768
1769 /* Check .note.ABI-tag if present. */
1770 for (ph = phdr; ph < &phdr[ehdr->e_phnum]; ++ph)
1771 if (ph->p_type == PT_NOTE && ph->p_filesz >= 32
1772 && (ph->p_align == 4 || ph->p_align == 8))
1773 {
1774 ElfW(Addr) size = ph->p_filesz;
1775
1776 if (ph->p_offset + size <= (size_t) fbp->len)
1777 abi_note = (void *) (fbp->buf + ph->p_offset);
1778 else
1779 {
1780 /* Note: __libc_use_alloca is not usable here, because
1781 thread info may not have been set up yet. */
1782 if (size < __MAX_ALLOCA_CUTOFF)
1783 abi_note = alloca (size);
1784 else
1785 {
1786 /* There could be multiple PT_NOTEs. */
1787 abi_note_malloced = realloc (abi_note_malloced, size);
1788 if (abi_note_malloced == NULL)
1789 goto read_error;
1790
1791 abi_note = abi_note_malloced;
1792 }
1793 if (__pread64_nocancel (fd, (void *) abi_note, size,
1794 ph->p_offset) != size)
1795 {
1796 free (abi_note_malloced);
1797 goto read_error;
1798 }
1799 }
1800
1801 while (memcmp (abi_note, &expected_note, sizeof (expected_note)))
1802 {
1803 ElfW(Addr) note_size
1804 = ELF_NOTE_NEXT_OFFSET (abi_note[0], abi_note[1],
1805 ph->p_align);
1806
1807 if (size - 32 < note_size)
1808 {
1809 size = 0;
1810 break;
1811 }
1812 size -= note_size;
1813 abi_note = (void *) abi_note + note_size;
1814 }
1815
1816 if (size == 0)
1817 continue;
1818
1819 osversion = (abi_note[5] & 0xff) * 65536
1820 + (abi_note[6] & 0xff) * 256
1821 + (abi_note[7] & 0xff);
1822 if (abi_note[4] != __ABI_TAG_OS
1823 || (GLRO(dl_osversion) && GLRO(dl_osversion) < osversion))
1824 {
1825 close_and_out:
1826 __close_nocancel (fd);
1827 __set_errno (ENOENT);
1828 fd = -1;
1829 }
1830
1831 break;
1832 }
1833 free (abi_note_malloced);
1834 }
1835
1836 return fd;
1837}
1838
1839/* Try to open NAME in one of the directories in *DIRSP.
1840 Return the fd, or -1. If successful, fill in *REALNAME
1841 with the malloc'd full directory name. If it turns out
1842 that none of the directories in *DIRSP exists, *DIRSP is
1843 replaced with (void *) -1, and the old value is free()d
1844 if MAY_FREE_DIRS is true. */
1845
1846static int
1847open_path (const char *name, size_t namelen, int mode,
1848 struct r_search_path_struct *sps, char **realname,
1849 struct filebuf *fbp, struct link_map *loader, int whatcode,
1850 bool *found_other_class)
1851{
1852 struct r_search_path_elem **dirs = sps->dirs;
1853 char *buf;
1854 int fd = -1;
1855 const char *current_what = NULL;
1856 int any = 0;
1857
1858 if (__glibc_unlikely (dirs == NULL))
1859 /* We're called before _dl_init_paths when loading the main executable
1860 given on the command line when rtld is run directly. */
1861 return -1;
1862
1863 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
1864 do
1865 {
1866 struct r_search_path_elem *this_dir = *dirs;
1867 size_t buflen = 0;
1868 size_t cnt;
1869 char *edp;
1870 int here_any = 0;
1871 int err;
1872
1873 /* If we are debugging the search for libraries print the path
1874 now if it hasn't happened now. */
1875 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)
1876 && current_what != this_dir->what)
1877 {
1878 current_what = this_dir->what;
1879 print_search_path (dirs, current_what, this_dir->where);
1880 }
1881
1882 edp = (char *) __mempcpy (buf, this_dir->dirname, this_dir->dirnamelen);
1883 for (cnt = 0; fd == -1 && cnt < ncapstr; ++cnt)
1884 {
1885 /* Skip this directory if we know it does not exist. */
1886 if (this_dir->status[cnt] == nonexisting)
1887 continue;
1888
1889 buflen =
1890 ((char *) __mempcpy (__mempcpy (edp, capstr[cnt].str,
1891 capstr[cnt].len),
1892 name, namelen)
1893 - buf);
1894
1895 /* Print name we try if this is wanted. */
1896 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
1897 _dl_debug_printf (" trying file=%s\n", buf);
1898
1899 fd = open_verify (buf, -1, fbp, loader, whatcode, mode,
1900 found_other_class, false);
1901 if (this_dir->status[cnt] == unknown)
1902 {
1903 if (fd != -1)
1904 this_dir->status[cnt] = existing;
1905 /* Do not update the directory information when loading
1906 auditing code. We must try to disturb the program as
1907 little as possible. */
1908 else if (loader == NULL
1909 || GL(dl_ns)[loader->l_ns]._ns_loaded->l_auditing == 0)
1910 {
1911 /* We failed to open machine dependent library. Let's
1912 test whether there is any directory at all. */
1913 struct stat64 st;
1914
1915 buf[buflen - namelen - 1] = '\0';
1916
1917 if (__xstat64 (_STAT_VER, buf, &st) != 0
1918 || ! S_ISDIR (st.st_mode))
1919 /* The directory does not exist or it is no directory. */
1920 this_dir->status[cnt] = nonexisting;
1921 else
1922 this_dir->status[cnt] = existing;
1923 }
1924 }
1925
1926 /* Remember whether we found any existing directory. */
1927 here_any |= this_dir->status[cnt] != nonexisting;
1928
1929 if (fd != -1 && __glibc_unlikely (mode & __RTLD_SECURE)
1930 && __libc_enable_secure)
1931 {
1932 /* This is an extra security effort to make sure nobody can
1933 preload broken shared objects which are in the trusted
1934 directories and so exploit the bugs. */
1935 struct stat64 st;
1936
1937 if (__fxstat64 (_STAT_VER, fd, &st) != 0
1938 || (st.st_mode & S_ISUID) == 0)
1939 {
1940 /* The shared object cannot be tested for being SUID
1941 or this bit is not set. In this case we must not
1942 use this object. */
1943 __close_nocancel (fd);
1944 fd = -1;
1945 /* We simply ignore the file, signal this by setting
1946 the error value which would have been set by `open'. */
1947 errno = ENOENT;
1948 }
1949 }
1950 }
1951
1952 if (fd != -1)
1953 {
1954 *realname = (char *) malloc (buflen);
1955 if (*realname != NULL)
1956 {
1957 memcpy (*realname, buf, buflen);
1958 return fd;
1959 }
1960 else
1961 {
1962 /* No memory for the name, we certainly won't be able
1963 to load and link it. */
1964 __close_nocancel (fd);
1965 return -1;
1966 }
1967 }
1968 if (here_any && (err = errno) != ENOENT && err != EACCES)
1969 /* The file exists and is readable, but something went wrong. */
1970 return -1;
1971
1972 /* Remember whether we found anything. */
1973 any |= here_any;
1974 }
1975 while (*++dirs != NULL);
1976
1977 /* Remove the whole path if none of the directories exists. */
1978 if (__glibc_unlikely (! any))
1979 {
1980 /* Paths which were allocated using the minimal malloc() in ld.so
1981 must not be freed using the general free() in libc. */
1982 if (sps->malloced)
1983 free (sps->dirs);
1984
1985 /* rtld_search_dirs and env_path_list are attribute_relro, therefore
1986 avoid writing into it. */
1987 if (sps != &rtld_search_dirs && sps != &env_path_list)
1988 sps->dirs = (void *) -1;
1989 }
1990
1991 return -1;
1992}
1993
1994/* Map in the shared object file NAME. */
1995
1996struct link_map *
1997_dl_map_object (struct link_map *loader, const char *name,
1998 int type, int trace_mode, int mode, Lmid_t nsid)
1999{
2000 int fd;
2001 const char *origname = NULL;
2002 char *realname;
2003 char *name_copy;
2004 struct link_map *l;
2005 struct filebuf fb;
2006
2007 assert (nsid >= 0);
2008 assert (nsid < GL(dl_nns));
2009
2010 /* Look for this name among those already loaded. */
2011 for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
2012 {
2013 /* If the requested name matches the soname of a loaded object,
2014 use that object. Elide this check for names that have not
2015 yet been opened. */
2016 if (__glibc_unlikely ((l->l_faked | l->l_removed) != 0))
2017 continue;
2018 if (!_dl_name_match_p (name, l))
2019 {
2020 const char *soname;
2021
2022 if (__glibc_likely (l->l_soname_added)
2023 || l->l_info[DT_SONAME] == NULL)
2024 continue;
2025
2026 soname = ((const char *) D_PTR (l, l_info[DT_STRTAB])
2027 + l->l_info[DT_SONAME]->d_un.d_val);
2028 if (strcmp (name, soname) != 0)
2029 continue;
2030
2031 /* We have a match on a new name -- cache it. */
2032 add_name_to_object (l, soname);
2033 l->l_soname_added = 1;
2034 }
2035
2036 /* We have a match. */
2037 return l;
2038 }
2039
2040 /* Display information if we are debugging. */
2041 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES)
2042 && loader != NULL)
2043 _dl_debug_printf ((mode & __RTLD_CALLMAP) == 0
2044 ? "\nfile=%s [%lu]; needed by %s [%lu]\n"
2045 : "\nfile=%s [%lu]; dynamically loaded by %s [%lu]\n",
2046 name, nsid, DSO_FILENAME (loader->l_name), loader->l_ns);
2047
2048#ifdef SHARED
2049 /* Give the auditing libraries a chance to change the name before we
2050 try anything. */
2051 if (__glibc_unlikely (GLRO(dl_naudit) > 0)
2052 && (loader == NULL || loader->l_auditing == 0))
2053 {
2054 struct audit_ifaces *afct = GLRO(dl_audit);
2055 for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
2056 {
2057 if (afct->objsearch != NULL)
2058 {
2059 const char *before = name;
2060 struct auditstate *state = link_map_audit_state (loader, cnt);
2061 name = afct->objsearch (name, &state->cookie, LA_SER_ORIG);
2062 if (name == NULL)
2063 {
2064 /* Do not try anything further. */
2065 fd = -1;
2066 goto no_file;
2067 }
2068 if (before != name && strcmp (before, name) != 0)
2069 {
2070 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_FILES))
2071 _dl_debug_printf ("audit changed filename %s -> %s\n",
2072 before, name);
2073
2074 if (origname == NULL)
2075 origname = before;
2076 }
2077 }
2078
2079 afct = afct->next;
2080 }
2081 }
2082#endif
2083
2084 /* Will be true if we found a DSO which is of the other ELF class. */
2085 bool found_other_class = false;
2086
2087 if (strchr (name, '/') == NULL)
2088 {
2089 /* Search for NAME in several places. */
2090
2091 size_t namelen = strlen (name) + 1;
2092
2093 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2094 _dl_debug_printf ("find library=%s [%lu]; searching\n", name, nsid);
2095
2096 fd = -1;
2097
2098 /* When the object has the RUNPATH information we don't use any
2099 RPATHs. */
2100 if (loader == NULL || loader->l_info[DT_RUNPATH] == NULL)
2101 {
2102 /* This is the executable's map (if there is one). Make sure that
2103 we do not look at it twice. */
2104 struct link_map *main_map = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2105 bool did_main_map = false;
2106
2107 /* First try the DT_RPATH of the dependent object that caused NAME
2108 to be loaded. Then that object's dependent, and on up. */
2109 for (l = loader; l; l = l->l_loader)
2110 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2111 {
2112 fd = open_path (name, namelen, mode,
2113 &l->l_rpath_dirs,
2114 &realname, &fb, loader, LA_SER_RUNPATH,
2115 &found_other_class);
2116 if (fd != -1)
2117 break;
2118
2119 did_main_map |= l == main_map;
2120 }
2121
2122 /* If dynamically linked, try the DT_RPATH of the executable
2123 itself. NB: we do this for lookups in any namespace. */
2124 if (fd == -1 && !did_main_map
2125 && main_map != NULL && main_map->l_type != lt_loaded
2126 && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
2127 "RPATH"))
2128 fd = open_path (name, namelen, mode,
2129 &main_map->l_rpath_dirs,
2130 &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
2131 &found_other_class);
2132 }
2133
2134 /* Try the LD_LIBRARY_PATH environment variable. */
2135 if (fd == -1 && env_path_list.dirs != (void *) -1)
2136 fd = open_path (name, namelen, mode, &env_path_list,
2137 &realname, &fb,
2138 loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
2139 LA_SER_LIBPATH, &found_other_class);
2140
2141 /* Look at the RUNPATH information for this binary. */
2142 if (fd == -1 && loader != NULL
2143 && cache_rpath (loader, &loader->l_runpath_dirs,
2144 DT_RUNPATH, "RUNPATH"))
2145 fd = open_path (name, namelen, mode,
2146 &loader->l_runpath_dirs, &realname, &fb, loader,
2147 LA_SER_RUNPATH, &found_other_class);
2148
2149 if (fd == -1)
2150 {
2151 realname = _dl_sysdep_open_object (name, namelen, &fd);
2152 if (realname != NULL)
2153 {
2154 fd = open_verify (realname, fd,
2155 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2156 LA_SER_CONFIG, mode, &found_other_class,
2157 false);
2158 if (fd == -1)
2159 free (realname);
2160 }
2161 }
2162
2163#ifdef USE_LDCONFIG
2164 if (fd == -1
2165 && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
2166 || ! __libc_enable_secure)
2167 && __glibc_likely (GLRO(dl_inhibit_cache) == 0))
2168 {
2169 /* Check the list of libraries in the file /etc/ld.so.cache,
2170 for compatibility with Linux's ldconfig program. */
2171 char *cached = _dl_load_cache_lookup (name);
2172
2173 if (cached != NULL)
2174 {
2175 // XXX Correct to unconditionally default to namespace 0?
2176 l = (loader
2177 ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
2178# ifdef SHARED
2179 ?: &GL(dl_rtld_map)
2180# endif
2181 );
2182
2183 /* If the loader has the DF_1_NODEFLIB flag set we must not
2184 use a cache entry from any of these directories. */
2185 if (__glibc_unlikely (l->l_flags_1 & DF_1_NODEFLIB))
2186 {
2187 const char *dirp = system_dirs;
2188 unsigned int cnt = 0;
2189
2190 do
2191 {
2192 if (memcmp (cached, dirp, system_dirs_len[cnt]) == 0)
2193 {
2194 /* The prefix matches. Don't use the entry. */
2195 free (cached);
2196 cached = NULL;
2197 break;
2198 }
2199
2200 dirp += system_dirs_len[cnt] + 1;
2201 ++cnt;
2202 }
2203 while (cnt < nsystem_dirs_len);
2204 }
2205
2206 if (cached != NULL)
2207 {
2208 fd = open_verify (cached, -1,
2209 &fb, loader ?: GL(dl_ns)[nsid]._ns_loaded,
2210 LA_SER_CONFIG, mode, &found_other_class,
2211 false);
2212 if (__glibc_likely (fd != -1))
2213 realname = cached;
2214 else
2215 free (cached);
2216 }
2217 }
2218 }
2219#endif
2220
2221 /* Finally, try the default path. */
2222 if (fd == -1
2223 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
2224 || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
2225 && rtld_search_dirs.dirs != (void *) -1)
2226 fd = open_path (name, namelen, mode, &rtld_search_dirs,
2227 &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
2228
2229 /* Add another newline when we are tracing the library loading. */
2230 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
2231 _dl_debug_printf ("\n");
2232 }
2233 else
2234 {
2235 /* The path may contain dynamic string tokens. */
2236 realname = (loader
2237 ? expand_dynamic_string_token (loader, name)
2238 : __strdup (name));
2239 if (realname == NULL)
2240 fd = -1;
2241 else
2242 {
2243 fd = open_verify (realname, -1, &fb,
2244 loader ?: GL(dl_ns)[nsid]._ns_loaded, 0, mode,
2245 &found_other_class, true);
2246 if (__glibc_unlikely (fd == -1))
2247 free (realname);
2248 }
2249 }
2250
2251#ifdef SHARED
2252 no_file:
2253#endif
2254 /* In case the LOADER information has only been provided to get to
2255 the appropriate RUNPATH/RPATH information we do not need it
2256 anymore. */
2257 if (mode & __RTLD_CALLMAP)
2258 loader = NULL;
2259
2260 if (__glibc_unlikely (fd == -1))
2261 {
2262 if (trace_mode
2263 && __glibc_likely ((GLRO(dl_debug_mask) & DL_DEBUG_PRELINK) == 0))
2264 {
2265 /* We haven't found an appropriate library. But since we
2266 are only interested in the list of libraries this isn't
2267 so severe. Fake an entry with all the information we
2268 have. */
2269 static const Elf_Symndx dummy_bucket = STN_UNDEF;
2270
2271 /* Allocate a new object map. */
2272 if ((name_copy = __strdup (name)) == NULL
2273 || (l = _dl_new_object (name_copy, name, type, loader,
2274 mode, nsid)) == NULL)
2275 {
2276 free (name_copy);
2277 _dl_signal_error (ENOMEM, name, NULL,
2278 N_("cannot create shared object descriptor"));
2279 }
2280 /* Signal that this is a faked entry. */
2281 l->l_faked = 1;
2282 /* Since the descriptor is initialized with zero we do not
2283 have do this here.
2284 l->l_reserved = 0; */
2285 l->l_buckets = &dummy_bucket;
2286 l->l_nbuckets = 1;
2287 l->l_relocated = 1;
2288
2289 /* Enter the object in the object list. */
2290 _dl_add_to_namespace_list (l, nsid);
2291
2292 return l;
2293 }
2294 else if (found_other_class)
2295 _dl_signal_error (0, name, NULL,
2296 ELFW(CLASS) == ELFCLASS32
2297 ? N_("wrong ELF class: ELFCLASS64")
2298 : N_("wrong ELF class: ELFCLASS32"));
2299 else
2300 _dl_signal_error (errno, name, NULL,
2301 N_("cannot open shared object file"));
2302 }
2303
2304 void *stack_end = __libc_stack_end;
2305 return _dl_map_object_from_fd (name, origname, fd, &fb, realname, loader,
2306 type, mode, &stack_end, nsid);
2307}
2308
2309struct add_path_state
2310{
2311 bool counting;
2312 unsigned int idx;
2313 Dl_serinfo *si;
2314 char *allocptr;
2315};
2316
2317static void
2318add_path (struct add_path_state *p, const struct r_search_path_struct *sps,
2319 unsigned int flags)
2320{
2321 if (sps->dirs != (void *) -1)
2322 {
2323 struct r_search_path_elem **dirs = sps->dirs;
2324 do
2325 {
2326 const struct r_search_path_elem *const r = *dirs++;
2327 if (p->counting)
2328 {
2329 p->si->dls_cnt++;
2330 p->si->dls_size += MAX (2, r->dirnamelen);
2331 }
2332 else
2333 {
2334 Dl_serpath *const sp = &p->si->dls_serpath[p->idx++];
2335 sp->dls_name = p->allocptr;
2336 if (r->dirnamelen < 2)
2337 *p->allocptr++ = r->dirnamelen ? '/' : '.';
2338 else
2339 p->allocptr = __mempcpy (p->allocptr,
2340 r->dirname, r->dirnamelen - 1);
2341 *p->allocptr++ = '\0';
2342 sp->dls_flags = flags;
2343 }
2344 }
2345 while (*dirs != NULL);
2346 }
2347}
2348
2349void
2350_dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
2351{
2352 if (counting)
2353 {
2354 si->dls_cnt = 0;
2355 si->dls_size = 0;
2356 }
2357
2358 struct add_path_state p =
2359 {
2360 .counting = counting,
2361 .idx = 0,
2362 .si = si,
2363 .allocptr = (char *) &si->dls_serpath[si->dls_cnt]
2364 };
2365
2366# define add_path(p, sps, flags) add_path(p, sps, 0) /* XXX */
2367
2368 /* When the object has the RUNPATH information we don't use any RPATHs. */
2369 if (loader->l_info[DT_RUNPATH] == NULL)
2370 {
2371 /* First try the DT_RPATH of the dependent object that caused NAME
2372 to be loaded. Then that object's dependent, and on up. */
2373
2374 struct link_map *l = loader;
2375 do
2376 {
2377 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2378 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2379 l = l->l_loader;
2380 }
2381 while (l != NULL);
2382
2383 /* If dynamically linked, try the DT_RPATH of the executable itself. */
2384 if (loader->l_ns == LM_ID_BASE)
2385 {
2386 l = GL(dl_ns)[LM_ID_BASE]._ns_loaded;
2387 if (l != NULL && l->l_type != lt_loaded && l != loader)
2388 if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
2389 add_path (&p, &l->l_rpath_dirs, XXX_RPATH);
2390 }
2391 }
2392
2393 /* Try the LD_LIBRARY_PATH environment variable. */
2394 add_path (&p, &env_path_list, XXX_ENV);
2395
2396 /* Look at the RUNPATH information for this binary. */
2397 if (cache_rpath (loader, &loader->l_runpath_dirs, DT_RUNPATH, "RUNPATH"))
2398 add_path (&p, &loader->l_runpath_dirs, XXX_RUNPATH);
2399
2400 /* XXX
2401 Here is where ld.so.cache gets checked, but we don't have
2402 a way to indicate that in the results for Dl_serinfo. */
2403
2404 /* Finally, try the default path. */
2405 if (!(loader->l_flags_1 & DF_1_NODEFLIB))
2406 add_path (&p, &rtld_search_dirs, XXX_default);
2407
2408 if (counting)
2409 /* Count the struct size before the string area, which we didn't
2410 know before we completed dls_cnt. */
2411 si->dls_size += (char *) &si->dls_serpath[si->dls_cnt] - (char *) si;
2412}
2413