| 1 | /* On-demand PLT fixup for shared objects. |
|---|---|
| 2 | Copyright (C) 1995-2023 Free Software Foundation, Inc. |
| 3 | This file is part of the GNU C Library. |
| 4 | |
| 5 | The GNU C Library is free software; you can redistribute it and/or |
| 6 | modify it under the terms of the GNU Lesser General Public |
| 7 | License as published by the Free Software Foundation; either |
| 8 | version 2.1 of the License, or (at your option) any later version. |
| 9 | |
| 10 | The GNU C Library is distributed in the hope that it will be useful, |
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | Lesser General Public License for more details. |
| 14 | |
| 15 | You should have received a copy of the GNU Lesser General Public |
| 16 | License along with the GNU C Library; if not, see |
| 17 | <https://www.gnu.org/licenses/>. */ |
| 18 | |
| 19 | #include <alloca.h> |
| 20 | #include <assert.h> |
| 21 | #include <stdlib.h> |
| 22 | #include <unistd.h> |
| 23 | #include <sys/param.h> |
| 24 | #include <ldsodefs.h> |
| 25 | #include <sysdep-cancel.h> |
| 26 | #include "dynamic-link.h" |
| 27 | #include <tls.h> |
| 28 | #include <dl-irel.h> |
| 29 | #include <dl-runtime.h> |
| 30 | |
| 31 | |
| 32 | /* This function is called through a special trampoline from the PLT the |
| 33 | first time each PLT entry is called. We must perform the relocation |
| 34 | specified in the PLT of the given shared object, and return the resolved |
| 35 | function address to the trampoline, which will restart the original call |
| 36 | to that address. Future calls will bounce directly from the PLT to the |
| 37 | function. */ |
| 38 | |
| 39 | DL_FIXUP_VALUE_TYPE |
| 40 | attribute_hidden __attribute ((noinline)) DL_ARCH_FIXUP_ATTRIBUTE |
| 41 | _dl_fixup ( |
| 42 | # ifdef ELF_MACHINE_RUNTIME_FIXUP_ARGS |
| 43 | ELF_MACHINE_RUNTIME_FIXUP_ARGS, |
| 44 | # endif |
| 45 | struct link_map *l, ElfW(Word) reloc_arg) |
| 46 | { |
| 47 | const ElfW(Sym) *const symtab |
| 48 | = (const void *) D_PTR (l, l_info[DT_SYMTAB]); |
| 49 | const char *strtab = (const void *) D_PTR (l, l_info[DT_STRTAB]); |
| 50 | |
| 51 | const uintptr_t pltgot = (uintptr_t) D_PTR (l, l_info[DT_PLTGOT]); |
| 52 | |
| 53 | const PLTREL *const reloc |
| 54 | = (const void *) (D_PTR (l, l_info[DT_JMPREL]) |
| 55 | + reloc_offset (pltgot, reloc_arg)); |
| 56 | const ElfW(Sym) *sym = &symtab[ELFW(R_SYM) (reloc->r_info)]; |
| 57 | const ElfW(Sym) *refsym = sym; |
| 58 | void *const rel_addr = (void *)(l->l_addr + reloc->r_offset); |
| 59 | lookup_t result; |
| 60 | DL_FIXUP_VALUE_TYPE value; |
| 61 | |
| 62 | /* Sanity check that we're really looking at a PLT relocation. */ |
| 63 | assert (ELFW(R_TYPE)(reloc->r_info) == ELF_MACHINE_JMP_SLOT); |
| 64 | |
| 65 | /* Look up the target symbol. If the normal lookup rules are not |
| 66 | used don't look in the global scope. */ |
| 67 | if (__builtin_expect (ELFW(ST_VISIBILITY) (sym->st_other), 0) == 0) |
| 68 | { |
| 69 | const struct r_found_version *version = NULL; |
| 70 | |
| 71 | if (l->l_info[VERSYMIDX (DT_VERSYM)] != NULL) |
| 72 | { |
| 73 | const ElfW(Half) *vernum = |
| 74 | (const void *) D_PTR (l, l_info[VERSYMIDX (DT_VERSYM)]); |
| 75 | ElfW(Half) ndx = vernum[ELFW(R_SYM) (reloc->r_info)] & 0x7fff; |
| 76 | version = &l->l_versions[ndx]; |
| 77 | if (version->hash == 0) |
| 78 | version = NULL; |
| 79 | } |
| 80 | |
| 81 | /* We need to keep the scope around so do some locking. This is |
| 82 | not necessary for objects which cannot be unloaded or when |
| 83 | we are not using any threads (yet). */ |
| 84 | int flags = DL_LOOKUP_ADD_DEPENDENCY; |
| 85 | if (!RTLD_SINGLE_THREAD_P) |
| 86 | { |
| 87 | THREAD_GSCOPE_SET_FLAG (); |
| 88 | flags |= DL_LOOKUP_GSCOPE_LOCK; |
| 89 | } |
| 90 | |
| 91 | #ifdef RTLD_ENABLE_FOREIGN_CALL |
| 92 | RTLD_ENABLE_FOREIGN_CALL; |
| 93 | #endif |
| 94 | |
| 95 | result = _dl_lookup_symbol_x (strtab + sym->st_name, l, &sym, l->l_scope, |
| 96 | version, ELF_RTYPE_CLASS_PLT, flags, NULL); |
| 97 | |
| 98 | /* We are done with the global scope. */ |
| 99 | if (!RTLD_SINGLE_THREAD_P) |
| 100 | THREAD_GSCOPE_RESET_FLAG (); |
| 101 | |
| 102 | #ifdef RTLD_FINALIZE_FOREIGN_CALL |
| 103 | RTLD_FINALIZE_FOREIGN_CALL; |
| 104 | #endif |
| 105 | |
| 106 | /* Currently result contains the base load address (or link map) |
| 107 | of the object that defines sym. Now add in the symbol |
| 108 | offset. */ |
| 109 | value = DL_FIXUP_MAKE_VALUE (result, |
| 110 | SYMBOL_ADDRESS (result, sym, false)); |
| 111 | } |
| 112 | else |
| 113 | { |
| 114 | /* We already found the symbol. The module (and therefore its load |
| 115 | address) is also known. */ |
| 116 | value = DL_FIXUP_MAKE_VALUE (l, SYMBOL_ADDRESS (l, sym, true)); |
| 117 | result = l; |
| 118 | } |
| 119 | |
| 120 | /* And now perhaps the relocation addend. */ |
| 121 | value = elf_machine_plt_value (l, reloc, value); |
| 122 | |
| 123 | if (sym != NULL |
| 124 | && __builtin_expect (ELFW(ST_TYPE) (sym->st_info) == STT_GNU_IFUNC, 0)) |
| 125 | value = elf_ifunc_invoke (DL_FIXUP_VALUE_ADDR (value)); |
| 126 | |
| 127 | #ifdef SHARED |
| 128 | /* Auditing checkpoint: we have a new binding. Provide the auditing |
| 129 | libraries the possibility to change the value and tell us whether further |
| 130 | auditing is wanted. |
| 131 | The l_reloc_result is only allocated if there is an audit module which |
| 132 | provides a la_symbind. */ |
| 133 | if (l->l_reloc_result != NULL) |
| 134 | { |
| 135 | /* This is the address in the array where we store the result of previous |
| 136 | relocations. */ |
| 137 | struct reloc_result *reloc_result |
| 138 | = &l->l_reloc_result[reloc_index (pltgot, reloc_arg, sizeof (PLTREL))]; |
| 139 | unsigned int init = atomic_load_acquire (&reloc_result->init); |
| 140 | if (init == 0) |
| 141 | { |
| 142 | _dl_audit_symbind (l, reloc_result, reloc, sym, &value, result, true); |
| 143 | |
| 144 | /* Store the result for later runs. */ |
| 145 | if (__glibc_likely (! GLRO(dl_bind_not))) |
| 146 | { |
| 147 | reloc_result->addr = value; |
| 148 | /* Guarantee all previous writes complete before init is |
| 149 | updated. See CONCURRENCY NOTES below. */ |
| 150 | atomic_store_release (&reloc_result->init, 1); |
| 151 | } |
| 152 | } |
| 153 | else |
| 154 | value = reloc_result->addr; |
| 155 | } |
| 156 | #endif |
| 157 | |
| 158 | /* Finally, fix up the plt itself. */ |
| 159 | if (__glibc_unlikely (GLRO(dl_bind_not))) |
| 160 | return value; |
| 161 | |
| 162 | return elf_machine_fixup_plt (l, result, refsym, sym, reloc, rel_addr, value); |
| 163 | } |
| 164 | |
| 165 | #ifndef PROF |
| 166 | DL_FIXUP_VALUE_TYPE |
| 167 | __attribute ((noinline)) |
| 168 | DL_ARCH_FIXUP_ATTRIBUTE |
| 169 | _dl_profile_fixup ( |
| 170 | #ifdef ELF_MACHINE_RUNTIME_FIXUP_ARGS |
| 171 | ELF_MACHINE_RUNTIME_FIXUP_ARGS, |
| 172 | #endif |
| 173 | struct link_map *l, ElfW(Word) reloc_arg, |
| 174 | ElfW(Addr) retaddr, void *regs, long int *framesizep) |
| 175 | { |
| 176 | void (*mcount_fct) (ElfW(Addr), ElfW(Addr)) = _dl_mcount; |
| 177 | |
| 178 | if (l->l_reloc_result == NULL) |
| 179 | { |
| 180 | /* BZ #14843: ELF_DYNAMIC_RELOCATE is called before l_reloc_result |
| 181 | is allocated. We will get here if ELF_DYNAMIC_RELOCATE calls a |
| 182 | resolver function to resolve an IRELATIVE relocation and that |
| 183 | resolver calls a function that is not yet resolved (lazy). For |
| 184 | example, the resolver in x86-64 libm.so calls __get_cpu_features |
| 185 | defined in libc.so. Skip audit and resolve the external function |
| 186 | in this case. */ |
| 187 | *framesizep = -1; |
| 188 | return _dl_fixup ( |
| 189 | # ifdef ELF_MACHINE_RUNTIME_FIXUP_ARGS |
| 190 | # ifndef ELF_MACHINE_RUNTIME_FIXUP_PARAMS |
| 191 | # error Please define ELF_MACHINE_RUNTIME_FIXUP_PARAMS. |
| 192 | # endif |
| 193 | ELF_MACHINE_RUNTIME_FIXUP_PARAMS, |
| 194 | # endif |
| 195 | l, reloc_arg); |
| 196 | } |
| 197 | |
| 198 | const uintptr_t pltgot = (uintptr_t) D_PTR (l, l_info[DT_PLTGOT]); |
| 199 | |
| 200 | /* This is the address in the array where we store the result of previous |
| 201 | relocations. */ |
| 202 | struct reloc_result *reloc_result |
| 203 | = &l->l_reloc_result[reloc_index (pltgot, reloc_arg, sizeof (PLTREL))]; |
| 204 | |
| 205 | /* CONCURRENCY NOTES: |
| 206 | |
| 207 | Multiple threads may be calling the same PLT sequence and with |
| 208 | LD_AUDIT enabled they will be calling into _dl_profile_fixup to |
| 209 | update the reloc_result with the result of the lazy resolution. |
| 210 | The reloc_result guard variable is reloc_init, and we use |
| 211 | acquire/release loads and store to it to ensure that the results of |
| 212 | the structure are consistent with the loaded value of the guard. |
| 213 | This does not fix all of the data races that occur when two or more |
| 214 | threads read reloc_result->reloc_init with a value of zero and read |
| 215 | and write to that reloc_result concurrently. The expectation is |
| 216 | generally that while this is a data race it works because the |
| 217 | threads write the same values. Until the data races are fixed |
| 218 | there is a potential for problems to arise from these data races. |
| 219 | The reloc result updates should happen in parallel but there should |
| 220 | be an atomic RMW which does the final update to the real result |
| 221 | entry (see bug 23790). |
| 222 | |
| 223 | The following code uses reloc_result->init set to 0 to indicate if it is |
| 224 | the first time this object is being relocated, otherwise 1 which |
| 225 | indicates the object has already been relocated. |
| 226 | |
| 227 | Reading/Writing from/to reloc_result->reloc_init must not happen |
| 228 | before previous writes to reloc_result complete as they could |
| 229 | end-up with an incomplete struct. */ |
| 230 | DL_FIXUP_VALUE_TYPE value; |
| 231 | unsigned int init = atomic_load_acquire (&reloc_result->init); |
| 232 | |
| 233 | if (init == 0) |
| 234 | { |
| 235 | /* This is the first time we have to relocate this object. */ |
| 236 | const ElfW(Sym) *const symtab |
| 237 | = (const void *) D_PTR (l, l_info[DT_SYMTAB]); |
| 238 | const char *strtab = (const char *) D_PTR (l, l_info[DT_STRTAB]); |
| 239 | |
| 240 | const uintptr_t pltgot = (uintptr_t) D_PTR (l, l_info[DT_PLTGOT]); |
| 241 | |
| 242 | const PLTREL *const reloc |
| 243 | = (const void *) (D_PTR (l, l_info[DT_JMPREL]) |
| 244 | + reloc_offset (pltgot, reloc_arg)); |
| 245 | const ElfW(Sym) *refsym = &symtab[ELFW(R_SYM) (reloc->r_info)]; |
| 246 | const ElfW(Sym) *defsym = refsym; |
| 247 | lookup_t result; |
| 248 | |
| 249 | /* Sanity check that we're really looking at a PLT relocation. */ |
| 250 | assert (ELFW(R_TYPE)(reloc->r_info) == ELF_MACHINE_JMP_SLOT); |
| 251 | |
| 252 | /* Look up the target symbol. If the symbol is marked STV_PROTECTED |
| 253 | don't look in the global scope. */ |
| 254 | if (__builtin_expect (ELFW(ST_VISIBILITY) (refsym->st_other), 0) == 0) |
| 255 | { |
| 256 | const struct r_found_version *version = NULL; |
| 257 | |
| 258 | if (l->l_info[VERSYMIDX (DT_VERSYM)] != NULL) |
| 259 | { |
| 260 | const ElfW(Half) *vernum = |
| 261 | (const void *) D_PTR (l, l_info[VERSYMIDX (DT_VERSYM)]); |
| 262 | ElfW(Half) ndx = vernum[ELFW(R_SYM) (reloc->r_info)] & 0x7fff; |
| 263 | version = &l->l_versions[ndx]; |
| 264 | if (version->hash == 0) |
| 265 | version = NULL; |
| 266 | } |
| 267 | |
| 268 | /* We need to keep the scope around so do some locking. This is |
| 269 | not necessary for objects which cannot be unloaded or when |
| 270 | we are not using any threads (yet). */ |
| 271 | int flags = DL_LOOKUP_ADD_DEPENDENCY; |
| 272 | if (!RTLD_SINGLE_THREAD_P) |
| 273 | { |
| 274 | THREAD_GSCOPE_SET_FLAG (); |
| 275 | flags |= DL_LOOKUP_GSCOPE_LOCK; |
| 276 | } |
| 277 | |
| 278 | result = _dl_lookup_symbol_x (strtab + refsym->st_name, l, |
| 279 | &defsym, l->l_scope, version, |
| 280 | ELF_RTYPE_CLASS_PLT, flags, NULL); |
| 281 | |
| 282 | /* We are done with the global scope. */ |
| 283 | if (!RTLD_SINGLE_THREAD_P) |
| 284 | THREAD_GSCOPE_RESET_FLAG (); |
| 285 | |
| 286 | /* Currently result contains the base load address (or link map) |
| 287 | of the object that defines sym. Now add in the symbol |
| 288 | offset. */ |
| 289 | value = DL_FIXUP_MAKE_VALUE (result, |
| 290 | SYMBOL_ADDRESS (result, defsym, false)); |
| 291 | |
| 292 | if (defsym != NULL |
| 293 | && __builtin_expect (ELFW(ST_TYPE) (defsym->st_info) |
| 294 | == STT_GNU_IFUNC, 0)) |
| 295 | value = elf_ifunc_invoke (DL_FIXUP_VALUE_ADDR (value)); |
| 296 | } |
| 297 | else |
| 298 | { |
| 299 | /* We already found the symbol. The module (and therefore its load |
| 300 | address) is also known. */ |
| 301 | value = DL_FIXUP_MAKE_VALUE (l, SYMBOL_ADDRESS (l, refsym, true)); |
| 302 | |
| 303 | if (__builtin_expect (ELFW(ST_TYPE) (refsym->st_info) |
| 304 | == STT_GNU_IFUNC, 0)) |
| 305 | value = elf_ifunc_invoke (DL_FIXUP_VALUE_ADDR (value)); |
| 306 | |
| 307 | result = l; |
| 308 | } |
| 309 | /* And now perhaps the relocation addend. */ |
| 310 | value = elf_machine_plt_value (l, reloc, value); |
| 311 | |
| 312 | #ifdef SHARED |
| 313 | /* Auditing checkpoint: we have a new binding. Provide the |
| 314 | auditing libraries the possibility to change the value and |
| 315 | tell us whether further auditing is wanted. */ |
| 316 | if (defsym != NULL && GLRO(dl_naudit) > 0) |
| 317 | _dl_audit_symbind (l, reloc_result, reloc, defsym, &value, result, |
| 318 | true); |
| 319 | #endif |
| 320 | |
| 321 | /* Store the result for later runs. */ |
| 322 | if (__glibc_likely (! GLRO(dl_bind_not))) |
| 323 | { |
| 324 | reloc_result->addr = value; |
| 325 | /* Guarantee all previous writes complete before |
| 326 | init is updated. See CONCURRENCY NOTES earlier */ |
| 327 | atomic_store_release (&reloc_result->init, 1); |
| 328 | } |
| 329 | init = 1; |
| 330 | } |
| 331 | else |
| 332 | value = reloc_result->addr; |
| 333 | |
| 334 | /* By default we do not call the pltexit function. */ |
| 335 | long int framesize = -1; |
| 336 | |
| 337 | |
| 338 | #ifdef SHARED |
| 339 | /* Auditing checkpoint: report the PLT entering and allow the |
| 340 | auditors to change the value. */ |
| 341 | _dl_audit_pltenter (l, reloc_result, &value, regs, &framesize); |
| 342 | #endif |
| 343 | |
| 344 | /* Store the frame size information. */ |
| 345 | *framesizep = framesize; |
| 346 | |
| 347 | (*mcount_fct) (retaddr, DL_FIXUP_VALUE_CODE_ADDR (value)); |
| 348 | |
| 349 | return value; |
| 350 | } |
| 351 | |
| 352 | #endif /* PROF */ |
| 353 |
Generated on 2023-Nov-30 from project glibc
Powered by 
Code Browser 2.1
Generator usage only permitted with license.