2 * Copyright (c) 1993 Paul Kranenburg
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Paul Kranenburg.
16 * 4. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 * $FreeBSD: src/libexec/rtld-aout/rtld.c,v 1.58.2.2 2002/03/04 12:00:31 dwmalone Exp $
33 #include <sys/param.h>
34 #include <sys/types.h>
38 #include <sys/resource.h>
39 #include <sys/errno.h>
42 #define MAP_COPY MAP_PRIVATE
69 #define anon_open() do { \
70 if ((anon_fd = open(_PATH_DEVZERO, O_RDWR, 0)) == -1) \
71 err("open: %s", _PATH_DEVZERO); \
73 #define anon_close() do { \
74 (void)close(anon_fd); \
83 * Structure for building a list of shared objects.
86 struct so_map *sol_map; /* Link map for shared object */
87 struct so_list *sol_next; /* Next entry in the list */
91 * Loader private data, hung off <so_map>->som_spd
93 struct somap_private {
95 struct so_map *spd_parent;
96 struct so_list *spd_children;
97 struct so_map *spd_prev;
102 #define RTLD_MAIN 0x01
103 #define RTLD_RTLD 0x02
105 #define RTLD_INIT 0x08
106 unsigned long a_text; /* text size, if known */
107 unsigned long a_data; /* initialized data size */
108 unsigned long a_bss; /* uninitialized data size */
111 long spd_offset; /* Correction for Sun main programs */
115 #define LM_PRIVATE(smp) ((struct somap_private *)(smp)->som_spd)
118 #define LM_OFFSET(smp) (LM_PRIVATE(smp)->spd_offset)
120 #define LM_OFFSET(smp) (0)
123 /* Base address for section_dispatch_table entries */
124 #define LM_LDBASE(smp) (smp->som_addr + LM_OFFSET(smp))
126 /* Start of text segment */
127 #define LM_TXTADDR(smp) (smp->som_addr == (caddr_t)0 ? PAGSIZ : 0)
129 /* Start of run-time relocation_info */
130 #define LM_REL(smp) ((struct relocation_info *) \
131 (smp->som_addr + LM_OFFSET(smp) + LD_REL((smp)->som_dynamic)))
133 /* Start of symbols */
134 #define LM_SYMBOL(smp, i) ((struct nzlist *) \
135 (smp->som_addr + LM_OFFSET(smp) + LD_SYMBOL((smp)->som_dynamic) + \
136 i * (LD_VERSION_NZLIST_P(smp->som_dynamic->d_version) ? \
137 sizeof(struct nzlist) : sizeof(struct nlist))))
139 /* Start of hash table */
140 #define LM_HASH(smp) ((struct rrs_hash *) \
141 ((smp)->som_addr + LM_OFFSET(smp) + LD_HASH((smp)->som_dynamic)))
143 /* Start of strings */
144 #define LM_STRINGS(smp) ((char *) \
145 ((smp)->som_addr + LM_OFFSET(smp) + LD_STRINGS((smp)->som_dynamic)))
147 /* Start of search paths */
148 #define LM_PATHS(smp) ((char *) \
149 ((smp)->som_addr + LM_OFFSET(smp) + LD_PATHS((smp)->som_dynamic)))
152 #define LM_ETEXT(smp) ((char *) \
153 ((smp)->som_addr + LM_TXTADDR(smp) + LD_TEXTSZ((smp)->som_dynamic)))
155 /* Needed shared objects */
156 #define LM_NEED(smp) ((struct sod *) \
157 ((smp)->som_addr + LM_TXTADDR(smp) + LD_NEED((smp)->som_dynamic)))
159 /* PLT is in data segment, so don't use LM_OFFSET here */
160 #define LM_PLT(smp) ((jmpslot_t *) \
161 ((smp)->som_addr + LD_PLT((smp)->som_dynamic)))
163 /* Parent of link map */
164 #define LM_PARENT(smp) (LM_PRIVATE(smp)->spd_parent)
166 #ifndef RELOC_EXTERN_P
167 #define RELOC_EXTERN_P(s) ((s)->r_extern)
171 #define RELOC_SYMBOL(s) ((s)->r_symbolnum)
174 #ifndef RELOC_PCREL_P
175 #define RELOC_PCREL_P(s) ((s)->r_pcrel)
178 #define END_SYM "_end"
180 static char __main_progname[] = "main";
181 static char *main_progname = __main_progname;
182 static char us[] = "/usr/libexec/ld.so";
188 static uid_t uid, euid;
189 static gid_t gid, egid;
191 static int anon_fd = -1;
193 static char *ld_bind_now;
194 static char *ld_ignore_missing_objects;
195 static char *ld_library_path;
196 static char *ld_preload;
197 static char *ld_tracing;
198 static char *ld_suppress_warnings;
199 static char *ld_warn_non_pure_code;
201 struct so_map *link_map_head;
202 struct so_map *link_map_tail;
203 struct rt_symbol *rt_symbol_head;
205 static void *__dlopen __P((const char *, int));
206 static int __dlclose __P((void *));
207 static void *__dlsym __P((void *, const char *));
208 static const char *__dlerror __P((void));
209 static void __dlexit __P((void));
210 static void *__dlsym3 __P((void *, const char *, void *));
211 static int __dladdr __P((const void *, Dl_info *));
213 static struct ld_entry ld_entry = {
214 __dlopen, __dlclose, __dlsym, __dlerror, __dlexit, __dlsym3, __dladdr
217 void xprintf __P((char *, ...));
218 static struct so_map *map_object __P(( const char *,
221 static int map_preload __P((void));
222 static int map_sods __P((struct so_map *));
223 static int reloc_dag __P((struct so_map *, int));
224 static void unmap_object __P((struct so_map *, int));
225 static struct so_map *alloc_link_map __P(( const char *, struct sod *,
226 struct so_map *, caddr_t,
228 static void init_link_map __P(( struct so_map *,
229 struct somap_private *,
230 const char *, struct sod *,
231 struct so_map *, caddr_t,
233 static void free_link_map __P((struct so_map *));
234 static inline int check_text_reloc __P(( struct relocation_info *,
237 static int reloc_map __P((struct so_map *, int));
238 static void reloc_copy __P((struct so_map *));
239 static void init_dag __P((struct so_map *));
240 static void init_sods __P((struct so_list *));
241 static void init_internal_malloc __P((void));
242 static void init_external_malloc __P((void));
243 static int call_map __P((struct so_map *, char *));
244 static char *findhint __P((char *, int, int *));
245 static char *rtfindlib __P((char *, int, int, int));
246 static char *rtfindfile __P((const char *));
247 void binder_entry __P((void));
248 long binder __P((jmpslot_t *));
249 static struct nzlist *lookup __P((char *, struct so_map **, int));
250 static inline struct rt_symbol *lookup_rts __P((char *, unsigned long));
251 static struct nzlist *lookup_in_obj __P((char *, unsigned long,
252 struct so_map *, int));
253 static struct rt_symbol *enter_rts __P((char *, unsigned long, long, int,
254 caddr_t, long, struct so_map *));
255 static void *sym_addr __P((char *));
256 static struct nzlist * lookup_errno_hack(char *, struct so_map **, int);
257 static void die __P((void));
258 static void generror __P((char *, ...));
259 static int maphints __P((void));
260 static void unmaphints __P((void));
261 static void ld_trace __P((struct so_map *));
262 static void rt_readenv __P((void));
263 static int hinthash __P((char *, int));
264 int rtld __P((int, struct crt_ldso *, struct _dynamic *));
267 * Compute a hash value for symbol tables. Don't change this -- the
268 * algorithm is dictated by the way the linker builds the symbol
269 * tables in the shared objects.
271 static inline unsigned long
280 return h & 0x7fffffffUL;
284 strcmp (register const char *s1, register const char *s2)
289 return (*(unsigned char *)s1 - *(unsigned char *)--s2);
292 #include "md-static-funcs.c"
295 * Called from assembler stub that has set up crtp (passed from crt0)
296 * and dp (our __DYNAMIC).
299 rtld(version, crtp, dp)
301 struct crt_ldso *crtp;
304 struct relocation_info *reloc;
305 struct relocation_info *reloc_limit; /* End+1 of relocation */
306 struct so_debug *ddp;
307 struct so_map *main_map;
313 if (version != CRT_VERSION_BSD_2 &&
314 version != CRT_VERSION_BSD_3 &&
315 version != CRT_VERSION_BSD_4 &&
316 version != CRT_VERSION_BSD_5 &&
317 version != CRT_VERSION_SUN)
320 /* Fixup __DYNAMIC structure */
321 (long)dp->d_un.d_sdt += crtp->crt_ba;
323 /* Relocate ourselves */
324 reloc = (struct relocation_info *) (LD_REL(dp) + crtp->crt_ba);
326 (struct relocation_info *) ((char *) reloc + LD_RELSZ(dp));
327 while(reloc < reloc_limit) {
329 * Objects linked with "-Bsymbolic" (in particular, ld.so
330 * itself) can end up having unused relocation entries at
331 * the end. These can be detected by the fact that they
332 * have an address of 0.
334 if(reloc->r_address == 0) /* We're done */
336 md_relocate_simple(reloc, crtp->crt_ba,
337 reloc->r_address + crtp->crt_ba);
341 if (version >= CRT_VERSION_BSD_4)
342 __progname = crtp->crt_ldso;
343 if (version >= CRT_VERSION_BSD_3)
344 main_progname = crtp->crt_prog;
345 main_path = version >= CRT_VERSION_BSD_5 ? crtp->crt_argv[0] :
348 /* Some buggy versions of crt0.o have crt_ldso filled in as NULL. */
349 if (__progname == NULL)
352 /* Fill in some fields in _DYNAMIC or crt structure */
353 if (version >= CRT_VERSION_BSD_4)
354 crtp->crt_ldentry = &ld_entry; /* crt */
356 crtp->crt_dp->d_entry = &ld_entry; /* _DYNAMIC */
358 /* Initialize our internal malloc package. */
359 init_internal_malloc();
361 /* Setup out (private) environ variable */
362 environ = crtp->crt_ep;
364 /* Get user and group identifiers */
365 uid = getuid(); euid = geteuid();
366 gid = getgid(); egid = getegid();
368 careful = (uid != euid) || (gid != egid);
374 /* Make a link map entry for the main program */
375 main_map = alloc_link_map(main_path,
376 (struct sod *) NULL, (struct so_map *) NULL,
377 (caddr_t) 0, crtp->crt_dp);
378 LM_PRIVATE(main_map)->spd_refcount++;
379 LM_PRIVATE(main_map)->spd_flags |= RTLD_MAIN;
381 /* Make a link map entry for ourselves */
382 smp = alloc_link_map(us,
383 (struct sod *) NULL, (struct so_map *) NULL,
384 (caddr_t) crtp->crt_ba, dp);
385 LM_PRIVATE(smp)->spd_refcount++;
386 LM_PRIVATE(smp)->spd_flags |= RTLD_RTLD;
389 * Setup the executable's run path
391 if (version >= CRT_VERSION_BSD_4) {
392 add_paths = LM_PATHS(main_map);
394 add_search_path(add_paths);
398 * Setup the directory search list for findshlib. We use only
399 * the standard search path. Any extra directories from
400 * LD_LIBRARY_PATH are searched explicitly, in rtfindlib.
404 /* Map in LD_PRELOADs before the main program's shared objects so we
405 can intercept those calls */
406 if (ld_preload != NULL) {
407 if(map_preload() == -1) /* Failed */
411 /* Map all the shared objects that the main program depends upon */
412 if(map_sods(main_map) == -1)
415 if(ld_tracing) { /* We're done */
416 ld_trace(link_map_head);
420 crtp->crt_dp->d_un.d_sdt->sdt_loaded = link_map_head->som_next;
422 /* Relocate all mapped objects. */
423 if(reloc_dag(main_map, ld_bind_now != NULL) == -1) /* Failed */
427 * Switch to the same malloc that the program uses. We do
428 * this before initializing the loaded objects, because their
429 * initialization functions may well call malloc, and it won't
430 * work right until we have set it up.
432 init_external_malloc();
434 /* Initialize all mapped objects. */
437 ddp = crtp->crt_dp->d_debug;
438 ddp->dd_cc = rt_symbol_head;
439 if (ddp->dd_in_debugger) {
440 caddr_t addr = (caddr_t)((long)crtp->crt_bp & (~(PAGSIZ - 1)));
442 /* Set breakpoint for the benefit of debuggers */
443 if (mprotect(addr, PAGSIZ,
444 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
445 err(1, "Cannot set breakpoint (%s)", main_progname);
447 md_set_breakpoint((long)crtp->crt_bp, (long *)&ddp->dd_bpt_shadow);
448 if (mprotect(addr, PAGSIZ, PROT_READ|PROT_EXEC) == -1) {
449 err(1, "Cannot re-protect breakpoint (%s)",
453 ddp->dd_bpt_addr = crtp->crt_bp;
455 ddp->dd_sym_loaded = 1;
458 /* Close the hints file */
461 /* Close our file descriptor */
462 (void)close(crtp->crt_ldfd);
465 return LDSO_VERSION_HAS_DLADDR;
472 char *fmt1, *fmt2, *fmt, *main_local;
475 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL)
478 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL)
479 fmt1 = "\t-l%o.%m => %p (%x)\n";
481 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL)
482 fmt2 = "\t%o (%x)\n";
484 for (; smp; smp = smp->som_next) {
488 if ((sodp = smp->som_sod) == NULL)
491 name = (char *)sodp->sod_name;
493 name += (long)LM_LDBASE(LM_PARENT(smp));
495 if ((path = smp->som_path) == NULL)
498 fmt = sodp->sod_library ? fmt1 : fmt2;
499 while ((c = *fmt++) != '\0') {
525 printf("%s", main_local);
528 printf("%s", main_progname);
534 printf("%d", sodp->sod_major);
537 printf("%d", sodp->sod_minor);
543 printf("%p", smp->som_addr);
554 * Allocate a new link map and return a pointer to it.
556 * PATH is the pathname of the shared object.
558 * SODP is a pointer to the shared object dependency structure responsible
559 * for causing the new object to be loaded. PARENT is the shared object
560 * into which SODP points. Both can be NULL if the new object is not
561 * being loaded as a result of a shared object dependency.
563 * ADDR is the address at which the object has been mapped. DP is a pointer
564 * to its _dynamic structure.
566 static struct so_map *
567 alloc_link_map(path, sodp, parent, addr, dp)
570 struct so_map *parent;
575 struct somap_private *smpp;
578 xprintf("alloc_link_map: \"%s\" at %p\n", path, addr);
581 smp = (struct so_map *)xmalloc(sizeof(struct so_map));
582 smpp = (struct somap_private *)xmalloc(sizeof(struct somap_private));
583 init_link_map(smp, smpp, path, sodp, parent, addr, dp);
585 /* Link the new entry into the list of link maps */
586 smpp->spd_prev = link_map_tail;
587 if(link_map_tail == NULL) /* First link map entered into list */
588 link_map_head = link_map_tail = smp;
589 else { /* Append to end of list */
590 link_map_tail->som_next = smp;
598 * Initialize a link map entry that has already been allocated.
601 init_link_map(smp, smpp, path, sodp, parent, addr, dp)
603 struct somap_private *smpp;
606 struct so_map *parent;
610 memset(smp, 0, sizeof *smp);
611 memset(smpp, 0, sizeof *smpp);
612 smp->som_spd = (caddr_t)smpp;
613 smp->som_addr = addr;
614 smp->som_path = path ? strdup(path) : NULL;
616 smp->som_dynamic = dp;
617 smpp->spd_parent = parent;
620 (addr==0 && dp && dp->d_version==LD_VERSION_SUN) ? PAGSIZ : 0;
625 * Remove the specified link map entry from the list of link maps, and free
626 * the associated storage.
632 struct somap_private *smpp = LM_PRIVATE(smp);
635 xprintf("free_link_map: \"%s\"\n", smp->som_path);
638 if(smpp->spd_prev == NULL) /* Removing first entry in list */
639 link_map_head = smp->som_next;
640 else /* Update link of previous entry */
641 smpp->spd_prev->som_next = smp->som_next;
643 if(smp->som_next == NULL) /* Removing last entry in list */
644 link_map_tail = smpp->spd_prev;
645 else /* Update back link of next entry */
646 LM_PRIVATE(smp->som_next)->spd_prev = smpp->spd_prev;
648 if (smp->som_path != NULL)
655 * Map the shared object specified by PATH into memory, if it is not
656 * already mapped. Increment the object's reference count, and return a
657 * pointer to its link map.
659 * As a special case, if PATH is NULL, it is taken to refer to the main
662 * SODP is a pointer to the shared object dependency structure that caused
663 * this object to be requested. PARENT is a pointer to the link map of
664 * the shared object containing that structure. For a shared object not
665 * being mapped as a result of a shared object dependency, these pointers
666 * should be NULL. An example of this is a shared object that is explicitly
667 * loaded via dlopen().
669 * The return value is a pointer to the link map for the requested object.
670 * If the operation failed, the return value is NULL. In that case, an
671 * error message can be retrieved by calling dlerror().
673 static struct so_map *
674 map_object(path, sodp, parent)
677 struct so_map *parent;
682 if(path == NULL) /* Special case for the main program itself */
686 * Check whether the shared object is already mapped.
687 * We check first for an exact match by pathname. That
688 * will detect the usual case. If no match is found by
689 * pathname, then stat the file, and check for a match by
690 * device and inode. That will detect the less common case
691 * involving multiple links to the same library.
693 for(smp = link_map_head; smp != NULL; smp = smp->som_next) {
694 if(!(LM_PRIVATE(smp)->spd_flags & (RTLD_MAIN|RTLD_RTLD))
695 && smp->som_path != NULL
696 && strcmp(smp->som_path, path) == 0)
699 if(smp == NULL) { /* Check for a match by device and inode */
700 if (stat(path, &statbuf) == -1) {
701 generror ("cannot stat \"%s\" : %s",
702 path, strerror(errno));
705 for (smp = link_map_head; smp != NULL;
706 smp = smp->som_next) {
707 struct somap_private *smpp = LM_PRIVATE(smp);
709 if (!(smpp->spd_flags & (RTLD_MAIN | RTLD_RTLD))
710 && smpp->spd_ino == statbuf.st_ino
711 && smpp->spd_dev == statbuf.st_dev)
717 if (smp == NULL) { /* We must map the object */
722 struct somap_private *smpp;
724 if ((fd = open(path, O_RDONLY, 0)) == -1) {
725 generror ("open failed for \"%s\" : %s",
726 path, strerror (errno));
730 if (read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
731 generror ("header read failed for \"%s\"", path);
737 generror ("bad magic number in \"%s\"", path);
743 * Map the entire address space of the object. It is
744 * tempting to map just the text segment at first, in
745 * order to avoid having to use mprotect to change the
746 * protections of the data segment. But that would not
747 * be correct. Mmap might find a group of free pages
748 * large enough to hold the text segment, but not large
749 * enough for the entire object. When we then mapped
750 * in the data and BSS segments, they would either be
751 * non-contiguous with the text segment (if we didn't
752 * specify MAP_FIXED), or they would map over some
753 * previously mapped region (if we did use MAP_FIXED).
754 * The only way we can be sure of getting a contigous
755 * region that is large enough is to map the entire
758 if ((addr = mmap(0, hdr.a_text + hdr.a_data + hdr.a_bss,
760 MAP_COPY, fd, 0)) == (caddr_t)-1) {
761 generror ("mmap failed for \"%s\" : %s",
762 path, strerror (errno));
769 /* Change the data segment to writable */
770 if (mprotect(addr + hdr.a_text, hdr.a_data,
771 PROT_READ|PROT_WRITE|PROT_EXEC) != 0) {
772 generror ("mprotect failed for \"%s\" : %s",
773 path, strerror (errno));
774 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
778 /* Map in pages of zeros for the BSS segment */
779 if (mmap(addr + hdr.a_text + hdr.a_data, hdr.a_bss,
780 PROT_READ|PROT_WRITE|PROT_EXEC,
781 MAP_ANON|MAP_COPY|MAP_FIXED,
782 anon_fd, 0) == (caddr_t)-1) {
783 generror ("mmap failed for \"%s\" : %s",
784 path, strerror (errno));
785 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
789 /* Assume _DYNAMIC is the first data item */
790 dp = (struct _dynamic *)(addr+hdr.a_text);
792 /* Fixup __DYNAMIC structure */
793 (long)dp->d_un.d_sdt += (long)addr;
795 smp = alloc_link_map(path, sodp, parent, addr, dp);
797 /* save segment sizes for unmap. */
798 smpp = LM_PRIVATE(smp);
799 smpp->a_text = hdr.a_text;
800 smpp->a_data = hdr.a_data;
801 smpp->a_bss = hdr.a_bss;
804 * Save the device and inode, so we can detect multiple links
805 * to the same library. Note, if we reach this point, then
806 * statbuf is guaranteed to have been filled in.
808 smpp->spd_dev = statbuf.st_dev;
809 smpp->spd_ino = statbuf.st_ino;
812 LM_PRIVATE(smp)->spd_refcount++;
813 if(LM_PRIVATE(smp)->spd_refcount == 1) { /* First use of object */
815 * Recursively map all of the shared objects that this
818 if(map_sods(smp) == -1) { /* Failed */
819 unmap_object(smp, 0); /* Clean up */
828 * Map all the shared libraries named in the LD_PRELOAD environment
831 * Returns 0 on success, -1 on failure. On failure, an error message can
832 * be gotten via dlerror().
835 map_preload __P((void)) {
836 char *ld_name = ld_preload;
839 while ((name = strsep(&ld_name, ":")) != NULL) {
841 struct so_map *smp = NULL;
844 path = (strchr(name, '/') != NULL) ? strdup(name) :
848 generror("Can't find LD_PRELOAD shared"
849 " library \"%s\"", name);
851 smp = map_object(path, (struct sod *) NULL,
852 (struct so_map *) NULL);
856 *(ld_name - 1) = ':';
859 * We don't bother to unmap already-loaded libraries
860 * on failure, because in that case the program is
861 * about to die anyway.
870 * Map all of the shared objects that a given object depends upon. PARENT is
871 * a pointer to the link map for the shared object whose dependencies are
874 * Returns 0 on success. Returns -1 on failure. In that case, an error
875 * message can be retrieved by calling dlerror().
879 struct so_map *parent;
881 struct somap_private *parpp = LM_PRIVATE(parent);
882 struct so_list **soltail = &parpp->spd_children;
883 long next = LD_NEED(parent->som_dynamic);
887 (struct sod *) (LM_LDBASE(parent) + next);
889 (char *) (LM_LDBASE(parent) + sodp->sod_name);
891 struct so_map *smp = NULL;
893 if(sodp->sod_library) {
895 * First try for a match with an adequate minor
898 path = rtfindlib(name, sodp->sod_major,
901 * If none was found, try for just a major version
902 * match. A warning is issued by rtfindlib in
903 * this case, since the minor version number isn't
904 * really high enough.
907 path = rtfindlib(name, sodp->sod_major,
909 if(path == NULL && !ld_tracing) {
910 generror ("Can't find shared library"
911 " \"lib%s.so.%d.%d\"", name,
912 sodp->sod_major, sodp->sod_minor);
915 if(careful && name[0] != '/') {
916 generror("Shared library path must start"
917 " with \"/\" for \"%s\"", name);
923 smp = map_object(path, sodp, parent);
928 struct so_list *solp = (struct so_list *)
929 xmalloc(sizeof(struct so_list));
931 solp->sol_next = NULL;
933 soltail = &solp->sol_next;
934 } else if(ld_tracing) {
936 * Allocate a dummy map entry so that we will get the
937 * "not found" message.
939 (void)alloc_link_map(NULL, sodp, parent, 0, 0);
940 } else if (ld_ignore_missing_objects) {
943 * Call __dlerror() even it we're not going to use
944 * the message, in order to clear the saved message.
946 msg = __dlerror(); /* Should never be NULL */
947 if (!ld_suppress_warnings)
948 warnx("warning: %s", msg);
952 next = sodp->sod_next;
957 * Oh drat, we have to clean up a mess.
959 * We failed to load a shared object that we depend upon.
960 * So now we have to unload any dependencies that we had
961 * already successfully loaded prior to the error.
963 * Cleaning up doesn't matter so much for the initial
964 * loading of the program, since any failure is going to
965 * terminate the program anyway. But it is very important
966 * to clean up properly when something is being loaded
969 struct so_list *solp;
971 while((solp = parpp->spd_children) != NULL) {
972 unmap_object(solp->sol_map, 0);
973 parpp->spd_children = solp->sol_next;
984 * Relocate the DAG of shared objects rooted at the given link map
985 * entry. Returns 0 on success, or -1 on failure. On failure, an
986 * error message can be retrieved via dlerror().
989 reloc_dag(root, bind_now)
996 * Relocate all newly-loaded objects. We avoid recursion for this
997 * step by taking advantage of a few facts. This function is called
998 * only when there are in fact some newly-loaded objects to process.
999 * Furthermore, all newly-loaded objects will have their link map
1000 * entries at the end of the link map list. And, the root of the
1001 * tree of objects just loaded will have been the first to be loaded
1002 * and therefore the first new object in the link map list. Finally,
1003 * we take advantage of the fact that we can relocate the newly-loaded
1004 * objects in any order.
1006 * All these facts conspire to let us simply loop over the tail
1007 * portion of the link map list, relocating each object so
1010 for(smp = root; smp != NULL; smp = smp->som_next) {
1011 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)) {
1012 if(reloc_map(smp, bind_now) < 0)
1018 * Copy any relocated initialized data. Again, we can just loop
1019 * over the appropriate portion of the link map list.
1021 for(smp = root; smp != NULL; smp = smp->som_next) {
1022 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD))
1030 * Remove a reference to the shared object specified by SMP. If no
1031 * references remain, unmap the object and, recursively, its descendents.
1032 * This function also takes care of calling the finalization routines for
1033 * objects that are removed.
1035 * If KEEP is true, then the actual calls to munmap() are skipped,
1036 * and the object is kept in memory. That is used only for finalization,
1037 * from dlexit(), when the program is exiting. There are two reasons
1038 * for it. First, the program is exiting and there is no point in
1039 * spending the time to explicitly unmap its shared objects. Second,
1040 * even after dlexit() has been called, there are still a couple of
1041 * calls that are made to functions in libc. (This is really a bug
1042 * in crt0.) So libc and the main program, at least, must remain
1043 * mapped in that situation.
1045 * Under no reasonable circumstances should this function fail. If
1046 * anything goes wrong, we consider it an internal error, and report
1050 unmap_object(smp, keep)
1054 struct somap_private *smpp = LM_PRIVATE(smp);
1056 smpp->spd_refcount--;
1057 if(smpp->spd_refcount == 0) { /* Finished with this object */
1058 struct so_list *solp;
1060 if(smpp->spd_flags & RTLD_INIT) { /* Was initialized */
1062 * Call the object's finalization routine. For
1063 * backward compatibility, we first try to call
1064 * ".fini". If that does not exist, we call
1067 if(call_map(smp, ".fini") == -1)
1068 call_map(smp, "__fini");
1071 /* Recursively unreference the object's descendents */
1072 while((solp = smpp->spd_children) != NULL) {
1073 unmap_object(solp->sol_map, keep);
1074 smpp->spd_children = solp->sol_next;
1078 if(!keep) { /* Unmap the object from memory */
1079 if(munmap(smp->som_addr,
1080 smpp->a_text + smpp->a_data + smpp->a_bss) < 0)
1081 err(1, "internal error 1: munmap failed");
1083 /* Unlink and free the object's link map entry */
1090 check_text_reloc(r, smp, addr)
1091 struct relocation_info *r;
1097 if (addr >= LM_ETEXT(smp))
1100 if (RELOC_EXTERN_P(r))
1101 sym = LM_STRINGS(smp) +
1102 LM_SYMBOL(smp, RELOC_SYMBOL(r))->nz_strx;
1106 if (!ld_suppress_warnings && ld_warn_non_pure_code)
1107 warnx("warning: non pure code in %s at %x (%s)",
1108 smp->som_path, r->r_address, sym);
1110 if (smp->som_write == 0 &&
1111 mprotect(smp->som_addr + LM_TXTADDR(smp),
1112 LD_TEXTSZ(smp->som_dynamic),
1113 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
1114 generror ("mprotect failed for \"%s\" : %s",
1115 smp->som_path, strerror (errno));
1124 reloc_map(smp, bind_now)
1129 * Caching structure for reducing the number of calls to
1130 * lookup() during relocation.
1132 * While relocating a given shared object, the dynamic linker
1133 * maintains a caching vector that is directly indexed by
1134 * the symbol number in the relocation entry. The first time
1135 * a given symbol is looked up, the caching vector is
1136 * filled in with a pointer to the symbol table entry, and
1137 * a pointer to the so_map of the shared object in which the
1138 * symbol was defined. On subsequent uses of the same symbol,
1139 * that information is retrieved directly from the caching
1140 * vector, without calling lookup() again.
1142 * A symbol that is referenced in a relocation entry is
1143 * typically referenced in many relocation entries, so this
1144 * caching reduces the number of calls to lookup()
1145 * dramatically. The overall improvement in the speed of
1146 * dynamic linking is also dramatic -- as much as a factor
1147 * of three for programs that use many shared libaries.
1150 struct nzlist *np; /* Pointer to symbol entry */
1151 struct so_map *src_map; /* Shared object that defined symbol */
1154 struct _dynamic *dp = smp->som_dynamic;
1155 struct relocation_info *r = LM_REL(smp);
1156 struct relocation_info *rend = r + LD_RELSZ(dp)/sizeof(*r);
1157 long symbolbase = (long)LM_SYMBOL(smp, 0);
1158 char *stringbase = LM_STRINGS(smp);
1159 int symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
1160 sizeof(struct nzlist) :
1161 sizeof(struct nlist);
1162 long numsyms = LD_STABSZ(dp) / symsize;
1163 size_t cachebytes = numsyms * sizeof(struct cacheent);
1164 struct cacheent *symcache =
1165 (struct cacheent *) alloca(cachebytes);
1167 if(symcache == NULL) {
1168 generror("Cannot allocate symbol caching vector for %s",
1172 bzero(symcache, cachebytes);
1175 md_fix_jmpslot(LM_PLT(smp),
1176 (long)LM_PLT(smp), (long)binder_entry);
1178 for (; r < rend; r++) {
1183 * Objects linked with "-Bsymbolic" can end up having unused
1184 * relocation entries at the end. These can be detected by
1185 * the fact that they have an address of 0.
1187 if(r->r_address == 0) /* Finished relocating this object */
1190 addr = smp->som_addr + r->r_address;
1191 if (check_text_reloc(r, smp, addr) < 0)
1194 if (RELOC_EXTERN_P(r)) {
1195 struct so_map *src_map = NULL;
1196 struct nzlist *p, *np;
1199 if (RELOC_JMPTAB_P(r) && !bind_now)
1202 p = (struct nzlist *)
1203 (symbolbase + symsize * RELOC_SYMBOL(r));
1205 if (p->nz_type == (N_SETV + N_EXT))
1208 sym = stringbase + p->nz_strx;
1211 * Look up the symbol, checking the caching
1214 np = symcache[RELOC_SYMBOL(r)].np;
1215 if(np != NULL) /* Symbol already cached */
1216 src_map = symcache[RELOC_SYMBOL(r)].src_map;
1217 else { /* Symbol not cached yet */
1218 np = lookup(sym, &src_map, RELOC_JMPTAB_P(r));
1220 * Record the needed information about
1221 * the symbol in the caching vector,
1222 * so that we won't have to call
1223 * lookup the next time we encounter
1226 symcache[RELOC_SYMBOL(r)].np = np;
1227 symcache[RELOC_SYMBOL(r)].src_map = src_map;
1231 generror ("Undefined symbol \"%s\" in %s:%s",
1232 sym, main_progname, smp->som_path);
1237 * Found symbol definition.
1238 * If it's in a link map, adjust value
1239 * according to the load address of that map.
1240 * Otherwise it's a run-time allocated common
1241 * whose value is already up-to-date.
1243 relocation = np->nz_value;
1245 relocation += (long)src_map->som_addr;
1247 if (RELOC_JMPTAB_P(r)) {
1248 md_bind_jmpslot(relocation, addr);
1252 relocation += md_get_addend(r, addr);
1254 if (RELOC_PCREL_P(r))
1255 relocation -= (long)smp->som_addr;
1257 if (RELOC_COPY_P(r) && src_map) {
1258 (void)enter_rts(sym, sym_hash(sym),
1261 src_map->som_addr + np->nz_value,
1262 np->nz_size, src_map);
1266 md_relocate(r, relocation, addr, 0);
1270 md_get_rt_segment_addend(r, addr)
1272 md_get_addend(r, addr)
1274 + (long)smp->som_addr, addr, 0);
1279 if (smp->som_write) {
1280 if (mprotect(smp->som_addr + LM_TXTADDR(smp),
1281 LD_TEXTSZ(smp->som_dynamic),
1282 PROT_READ|PROT_EXEC) == -1) {
1283 generror ("mprotect failed for \"%s\" : %s",
1284 smp->som_path, strerror (errno));
1296 struct rt_symbol *rtsp;
1298 for (rtsp = rt_symbol_head; rtsp; rtsp = rtsp->rt_next)
1299 if ((rtsp->rt_smp == NULL || rtsp->rt_smp == smp) &&
1300 rtsp->rt_sp->nz_type == N_DATA + N_EXT) {
1301 bcopy(rtsp->rt_srcaddr, (caddr_t)rtsp->rt_sp->nz_value,
1302 rtsp->rt_sp->nz_size);
1307 * Initialize the DAG of shared objects rooted at the given object.
1313 struct somap_private *smpp = LM_PRIVATE(smp);
1315 if(!(smpp->spd_flags & RTLD_INIT)) { /* Not initialized yet */
1316 smpp->spd_flags |= RTLD_INIT;
1318 /* Make sure all the children are initialized */
1319 if(smpp->spd_children != NULL)
1320 init_sods(smpp->spd_children);
1322 if(call_map(smp, ".init") == -1)
1323 call_map(smp, "__init");
1329 struct so_list *solp;
1331 /* Recursively initialize the rest of the list */
1332 if(solp->sol_next != NULL)
1333 init_sods(solp->sol_next);
1335 /* Initialize the first element of the list */
1336 init_dag(solp->sol_map);
1341 * Call a function in a given shared object. SMP is the shared object, and
1342 * SYM is the name of the function.
1344 * Returns 0 on success, or -1 if the symbol was not found. Failure is not
1345 * necessarily an error condition, so no error message is generated.
1352 struct so_map *src_map = smp;
1355 np = lookup(sym, &src_map, 1);
1357 (*(void (*)())(src_map->som_addr + np->nz_value))();
1365 * Run-time common symbol table.
1368 #define RTC_TABSIZE 57
1369 static struct rt_symbol *rt_symtab[RTC_TABSIZE];
1372 * Look up a symbol in the run-time common symbol table. For efficiency,
1373 * the symbol's hash value must be passed in too.
1375 static inline struct rt_symbol *
1376 lookup_rts(name, hash)
1380 register struct rt_symbol *rtsp;
1382 for (rtsp = rt_symtab[hash % RTC_TABSIZE]; rtsp; rtsp = rtsp->rt_link)
1383 if (strcmp(name, rtsp->rt_sp->nz_name) == 0)
1390 * Enter a symbol into the run-time common symbol table. For efficiency,
1391 * the symbol's hash value must be passed in too.
1393 static struct rt_symbol *
1394 enter_rts(name, hash, value, type, srcaddr, size, smp)
1403 register struct rt_symbol *rtsp, **rpp;
1405 /* Find end of bucket */
1406 for (rpp = &rt_symtab[hash % RTC_TABSIZE]; *rpp; rpp = &(*rpp)->rt_link)
1409 /* Allocate new common symbol */
1410 rtsp = (struct rt_symbol *)xmalloc(sizeof(struct rt_symbol));
1411 rtsp->rt_sp = (struct nzlist *)xmalloc(sizeof(struct nzlist));
1412 rtsp->rt_sp->nz_name = strdup(name);
1413 rtsp->rt_sp->nz_value = value;
1414 rtsp->rt_sp->nz_type = type;
1415 rtsp->rt_sp->nz_size = size;
1416 rtsp->rt_srcaddr = srcaddr;
1418 rtsp->rt_link = NULL;
1420 /* Link onto linear list as well */
1421 rtsp->rt_next = rt_symbol_head;
1422 rt_symbol_head = rtsp;
1431 * Lookup NAME in the link maps. The link map producing a definition
1432 * is returned in SRC_MAP. If SRC_MAP is not NULL on entry the search
1433 * is confined to that map.
1435 * REAL_DEF_ONLY is a boolean which specifies whether certain special
1436 * symbols for functions should satisfy the lookup or not. The
1437 * reasons behind it are somewhat complicated. They are motivated
1438 * by the scenario in which the address of a single function is
1439 * taken from several shared objects. The address should come out
1440 * the same in all cases, because the application code might decide
1441 * to use it in comparisons. To make this work, the linker creates
1442 * a symbol entry for the function in the main executable, with a
1443 * type of N_UNDF+N_EXT, an N_AUX of AUX_FUNC, and a value that
1444 * refers to the PLT entry for the function in the main executable.
1445 * If REAL_DEF_ONLY is false, then this kind of special symbol is
1446 * considered a "definition" when lookup up the symbol. Since the
1447 * main executable is at the beginning of the shared object search
1448 * list, the result is that references from all shared objects will
1449 * resolve to the main program's PLT entry, and thus the function
1450 * addresses will compare equal as they should.
1452 * When relocating the PLT entry itself, we obviously must match
1453 * only the true defining symbol for the function. In that case, we
1454 * set REAL_DEF_ONLY to true, which disables matching the special
1455 * N_UNDF+N_EXT entries.
1457 * It is not so clear how to set this flag for a lookup done from
1458 * dlsym. If the lookup specifies a particular shared object other
1459 * than the main executable, the flag makes no difference -- only the
1460 * true definition will be matched. (That is because the special
1461 * symbols are only present in the main executable, which will not
1462 * be searched.) But when the lookup is over all the shared objects
1463 * (i.e., dlsym's "fd" parameter is NULL), then the flag does have an
1464 * effect. We elect to match only the true definition even in that
1467 * The upshot of all this is the following rule of thumb: Set
1468 * REAL_DEF_ONLY in all cases except when processing a non-PLT
1471 static struct nzlist *
1472 lookup(name, src_map, real_def_only)
1474 struct so_map **src_map; /* IN/OUT */
1479 hash = sym_hash(name);
1481 if (*src_map != NULL) /* Look in just one specific object */
1482 return lookup_in_obj(name, hash, *src_map, real_def_only);
1483 else { /* Search runtime symbols and all loaded objects */
1484 unsigned long common_size;
1486 struct rt_symbol *rtsp;
1489 if ((rtsp = lookup_rts(name, hash)) != NULL)
1493 for (smp = link_map_head; smp; smp = smp->som_next) {
1494 if (LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
1496 np = lookup_in_obj(name, hash, smp, real_def_only);
1499 /* We know that np->nz_value > 0 at this point. */
1500 if (np->nz_type == N_UNDF+N_EXT &&
1501 N_AUX(&np->nlist) != AUX_FUNC) { /* Common */
1502 if (common_size < np->nz_value)
1503 common_size = np->nz_value;
1507 /* We found the symbol definition. */
1511 if (common_size > 0) { /* It is a common symbol. */
1514 mem = memset(xmalloc(common_size), 0, common_size);
1515 rtsp = enter_rts(name, hash, (long)mem, N_UNDF + N_EXT,
1516 0, common_size, NULL);
1521 * Just before giving up, check for the __error() hack.
1523 np = lookup_errno_hack(name, src_map, real_def_only);
1527 /* No definition was found for the symbol. */
1533 * Lookup a symbol in one specific shared object. The hash
1534 * value is passed in for efficiency. For an explanation of the
1535 * "real_def_only" flag, see the comment preceding the "lookup"
1538 static struct nzlist *
1539 lookup_in_obj(name, hash, smp, real_def_only)
1545 unsigned long buckets;
1546 struct rrs_hash *hp;
1550 struct rrs_hash *hashbase;
1554 if ((buckets = LD_BUCKETS(smp->som_dynamic)) == 0)
1557 hashbase = LM_HASH(smp);
1560 hp = &hashbase[hash % buckets];
1561 if (hp->rh_symbolnum == -1)
1564 symbolbase = (char *)LM_SYMBOL(smp, 0);
1565 stringbase = LM_STRINGS(smp);
1566 symsize = LD_VERSION_NZLIST_P(smp->som_dynamic->d_version)?
1567 sizeof(struct nzlist) : sizeof(struct nlist);
1569 np = (struct nzlist *)(symbolbase + hp->rh_symbolnum*symsize);
1570 cp = stringbase + np->nz_strx;
1571 if (strcmp(cp, name) == 0)
1573 if (hp->rh_next == 0) /* End of hash chain */
1575 hp = hashbase + hp->rh_next;
1579 * We have a symbol with the name we're looking for.
1581 if (np->nz_type == N_INDR+N_EXT) {
1583 * Next symbol gives the aliased name. Restart
1584 * search with new name.
1586 name = stringbase + (++np)->nz_strx;
1587 hash = sym_hash(name);
1591 if (np->nz_value == 0) /* It's not a definition */
1594 if (real_def_only) /* Don't match special function symbols. */
1595 if (np->nz_type == N_UNDF+N_EXT &&
1596 N_AUX(&np->nlist) == AUX_FUNC)
1603 * Return the value of a symbol in the user's program. This is used
1604 * internally for a few symbols which must exist. If the requested
1605 * symbol is not found, this simply exits with a fatal error.
1615 np = lookup(name, &smp, 1);
1617 errx(1, "Program has no symbol \"%s\"", name);
1618 return ((smp == NULL) ? NULL : smp->som_addr) + np->nz_value;
1622 static int *p_errno; /* Pointer to errno variable in main program. */
1625 * Help old a.out binaries that are broken by the new errno macro. They
1626 * can be missing __error() through no fault of their own. In particular,
1627 * old a.out binaries can link against an old libc that does not contain
1628 * __error(), yet still require __error() because of other libraries that
1629 * have been recompiled since the errno change. This locates the backward
1630 * compatible work-alike we have hidden here in ld.so.
1632 static struct nzlist *
1633 lookup_errno_hack(sym, src_map, real_def_only)
1635 struct so_map **src_map;
1641 if (strcmp(sym, "___error") != 0)
1645 * Locate errno in the main program. If it's not there, NULL
1646 * will be returned by our __error() substitute, and a core dump
1647 * will follow. That's impossible, of course, since crt0.o always
1651 np = lookup("_errno", &smp, 1);
1652 if (np != NULL && smp != NULL) {
1653 p_errno = (int *)(smp->som_addr + np->nz_value);
1655 xprintf(" HACK: _errno at %p in %s\n", p_errno, smp->som_path);
1660 * Specifically find the ld.so link map because most routines
1661 * skip over it during normal operation.
1663 for (smp = link_map_head; ; smp = smp->som_next)
1664 if (LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
1668 * Find our __error() substitute stashed here in ld.so.
1670 np = lookup("___error_unthreaded_hack", &smp, real_def_only);
1676 xprintf(" HACK: %s fudge not found, oops\n", sym);
1678 xprintf(" HACK: %s fudge in %s\n", sym, smp->som_path);
1686 * Just like __error_unthreaded(), but for those poor orphaned a.out
1687 * binaries from way back that are bamboozled by the new errno macro.
1690 __error_unthreaded_hack()
1697 * This routine is called from the jumptable to resolve
1698 * procedure calls to shared objects.
1704 struct so_map *smp, *src_map = NULL;
1711 * Find the PLT map that contains JSP.
1713 for (smp = link_map_head; smp; smp = smp->som_next) {
1714 if (LM_PLT(smp) < jsp &&
1715 jsp < LM_PLT(smp) + LD_PLTSZ(smp->som_dynamic)/sizeof(*jsp))
1720 errx(1, "Call to binder from unknown location: %p\n", jsp);
1722 index = jsp->reloc_index & JMPSLOT_RELOC_MASK;
1724 /* Get the local symbol this jmpslot refers to */
1725 sym = LM_STRINGS(smp) +
1726 LM_SYMBOL(smp,RELOC_SYMBOL(&LM_REL(smp)[index]))->nz_strx;
1728 np = lookup(sym, &src_map, 1);
1730 errx(1, "Undefined symbol \"%s\" called from %s:%s at %p",
1731 sym, main_progname, smp->som_path, jsp);
1733 /* Fixup jmpslot so future calls transfer directly to target */
1734 addr = np->nz_value;
1736 addr += (long)src_map->som_addr;
1738 md_fix_jmpslot(jsp, (long)jsp, addr);
1741 xprintf(" BINDER: %s located at = %#x in %s\n", sym, addr,
1747 static struct hints_header *hheader; /* NULL means not mapped */
1748 static struct hints_bucket *hbuckets;
1749 static char *hstrtab;
1752 * Map the hints file into memory, if it is not already mapped. Returns
1753 * 0 on success, or -1 on failure.
1756 maphints __P((void))
1758 static int hints_bad; /* TRUE if hints are unusable */
1759 static int paths_added;
1761 struct hints_header hdr;
1764 if (hheader != NULL) /* Already mapped */
1767 if (hints_bad) /* Known to be corrupt or unavailable */
1770 if ((hfd = open(_PATH_LD_HINTS, O_RDONLY, 0)) == -1) {
1775 /* Read the header and check it */
1777 if (read(hfd, &hdr, sizeof hdr) != sizeof hdr ||
1779 (hdr.hh_version != LD_HINTS_VERSION_1 &&
1780 hdr.hh_version != LD_HINTS_VERSION_2)) {
1786 /* Map the hints into memory */
1788 addr = mmap(0, hdr.hh_ehints, PROT_READ, MAP_SHARED, hfd, 0);
1789 if (addr == (caddr_t)-1) {
1797 hheader = (struct hints_header *)addr;
1798 hbuckets = (struct hints_bucket *)(addr + hheader->hh_hashtab);
1799 hstrtab = (char *)(addr + hheader->hh_strtab);
1800 /* pluck out the system ldconfig path */
1801 if (hheader->hh_version >= LD_HINTS_VERSION_2 && !paths_added) {
1802 add_search_path(hstrtab + hheader->hh_dirlist);
1810 * Unmap the hints file, if it is currently mapped.
1815 if (hheader != NULL) {
1816 munmap((caddr_t)hheader, hheader->hh_ehints);
1822 hinthash(cp, vmajor)
1829 k = (((k << 1) + (k >> 14)) ^ (*cp++)) & 0x3fff;
1831 k = (((k << 1) + (k >> 14)) ^ (vmajor*257)) & 0x3fff;
1840 * Search for a library in the hints generated by ldconfig. On success,
1841 * returns the full pathname of the matching library. This string is
1842 * always dynamically allocated on the heap.
1844 * MINORP is an in/out parameter. If the incoming value of *MINORP is
1845 * >= 0, then no library will be considered a match unless its minor
1846 * version number is at least that large. Otherwise, only the major
1847 * version number is checked. In any case, the minor number of the
1848 * matching library is stored into *MINORP.
1850 * Returns NULL if the library cannot be found.
1853 findhint(name, major, minorp)
1858 struct hints_bucket *bp =
1859 hbuckets + (hinthash(name, major) % hheader->hh_nbucket);
1863 if (bp->hi_namex >= hheader->hh_strtab_sz) {
1864 warnx("Bad name index: %#x\n", bp->hi_namex);
1867 if (bp->hi_pathx >= hheader->hh_strtab_sz) {
1868 warnx("Bad path index: %#x\n", bp->hi_pathx);
1872 * For a given major number, the hints file has only one
1873 * entry -- namely, the one with the highest minor number.
1874 * If we find an entry with a matching major number, we
1875 * know it is the best one.
1877 if (strcmp(name, hstrtab + bp->hi_namex) == 0 &&
1878 bp->hi_major == major) {
1882 realminor = bp->hi_ndewey >= 2 ? bp->hi_minor : 0;
1883 if (realminor < *minorp) /* Not good enough */
1885 if (stat(hstrtab + bp->hi_pathx, &s) == -1)
1886 return NULL; /* Doesn't actually exist */
1887 *minorp = realminor;
1888 return strdup(hstrtab + bp->hi_pathx);
1891 if (bp->hi_next == -1)
1894 /* Move on to next in bucket */
1895 bp = &hbuckets[bp->hi_next];
1898 /* No hints available for name */
1903 * Search for the given shared library. On success, returns a string
1904 * containing the full pathname for the library. This string is always
1905 * dynamically allocated on the heap.
1907 * Returns NULL if the library cannot be found.
1910 rtfindlib(name, major, minor, strictminor)
1915 char *ld_path = ld_library_path;
1919 realminor = strictminor ? minor : -1;
1920 if (ld_path != NULL) { /* First, search the directories in ld_path */
1922 * There is no point in trying to use the hints file for this.
1926 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1927 path = search_lib_dir(dir, name, &major, &realminor, 0);
1928 if (ld_path != NULL)
1929 *(ld_path - 1) = ':';
1933 if (path == NULL && maphints() == 0) /* Search the hints file */
1934 path = findhint(name, major, &realminor);
1936 if (path == NULL) /* Search the standard directories */
1937 path = findshlib(name, &major, &realminor, 0);
1939 if (path != NULL && realminor < minor && !ld_suppress_warnings) {
1940 warnx("warning: %s: minor version %d"
1941 " older than expected %d, using it anyway",
1942 path, realminor, minor);
1949 * Search for the given shared library file. This is similar to rtfindlib,
1950 * except that the argument is the actual name of the desired library file.
1951 * Thus there is no need to worry about version numbers. The return value
1952 * is a string containing the full pathname for the library. This string
1953 * is always dynamically allocated on the heap.
1955 * Returns NULL if the library cannot be found.
1961 char *ld_path = ld_library_path;
1964 if (ld_path != NULL) { /* First, search the directories in ld_path */
1967 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1970 path = concat(dir, "/", name);
1971 if (lstat(path, &sb) == -1) { /* Does not exist */
1975 if (ld_path != NULL)
1976 *(ld_path - 1) = ':';
1981 * We don't search the hints file. It is organized around major
1982 * and minor version numbers, so it is not suitable for finding
1983 * a specific file name.
1986 if (path == NULL) /* Search the standard directories */
1987 path = find_lib_file(name);
1993 * Buffer for error messages and a pointer that is set to point to the buffer
1994 * when a error occurs. It acts as a last error flag, being set to NULL
1995 * after an error is returned.
1997 #define DLERROR_BUF_SIZE 512
1998 static char dlerror_buf [DLERROR_BUF_SIZE];
1999 static char *dlerror_msg = NULL;
2003 __dlopen(path, mode)
2007 struct so_map *old_tail = link_map_tail;
2009 int bind_now = mode == RTLD_NOW;
2013 * path == NULL is handled by map_object()
2018 name = (path && strchr(path, '/') == NULL) ? rtfindfile(path) : (char *)path;
2020 /* Map the object, and the objects on which it depends */
2021 smp = map_object(name, (struct sod *) NULL, (struct so_map *) NULL);
2024 if(smp == NULL) /* Failed */
2026 LM_PRIVATE(smp)->spd_flags |= RTLD_DL;
2028 /* Relocate and initialize all newly-mapped objects */
2029 if(link_map_tail != old_tail) { /* We have mapped some new objects */
2030 if(reloc_dag(smp, bind_now) == -1) /* Failed */
2045 struct so_map *smp = (struct so_map *)fd;
2046 struct so_map *scanp;
2049 xprintf("dlclose(%s): refcount = %d\n", smp->som_path,
2050 LM_PRIVATE(smp)->spd_refcount);
2052 /* Check the argument for validity */
2053 for(scanp = link_map_head; scanp != NULL; scanp = scanp->som_next)
2054 if(scanp == smp) /* We found the map in the list */
2056 if(scanp == NULL || !(LM_PRIVATE(smp)->spd_flags & RTLD_DL)) {
2057 generror("Invalid argument to dlclose");
2061 unmap_object(smp, 0);
2067 * This form of dlsym is obsolete. Current versions of crt0 don't call
2068 * it. It can still be called by old executables that were linked with
2069 * old versions of crt0.
2076 if (fd == RTLD_NEXT) {
2077 generror("RTLD_NEXT not supported by this version of"
2081 return __dlsym3(fd, sym, NULL);
2085 resolvesym(fd, sym, retaddr)
2091 struct so_map *src_map;
2095 if (fd == RTLD_NEXT) {
2096 /* Find the shared object that contains the caller. */
2097 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
2098 void *textbase = smp->som_addr + LM_TXTADDR(smp);
2099 void *textlimit = LM_ETEXT(smp);
2101 if (textbase <= retaddr && retaddr < textlimit)
2105 generror("Cannot determine caller's shared object");
2108 smp = smp->som_next;
2109 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
2110 smp = smp->som_next;
2112 generror("No next shared object for RTLD_NEXT");
2117 np = lookup(sym, &src_map, 1);
2118 } while (np == NULL && (smp = smp->som_next) != NULL);
2120 smp = (struct so_map *)fd;
2124 * Restrict search to passed map if dlopen()ed.
2126 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_DL)
2129 np = lookup(sym, &src_map, 1);
2133 generror("Undefined symbol");
2137 addr = np->nz_value;
2139 addr += (long)src_map->som_addr;
2141 return (void *)addr;
2145 __dladdr(addr, dlip)
2149 struct _dynamic *dp;
2156 /* Find the shared object that contains the address. */
2157 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
2158 struct so_map *src_map;
2159 struct somap_private *smpp;
2162 smpp = LM_PRIVATE(smp);
2163 if (smpp->spd_flags & RTLD_RTLD)
2166 if ((void *)smp->som_addr > addr)
2170 if ((np = lookup(END_SYM, &src_map, 1)) == NULL)
2171 continue; /* No "_end" symbol?! */
2172 if (addr < (void *)(smp->som_addr + np->nz_value))
2176 generror("No shared object contains address");
2179 dlip->dli_fname = smp->som_path;
2180 dlip->dli_fbase = smp->som_addr;
2181 dlip->dli_saddr = (void *) 0;
2182 dlip->dli_sname = NULL;
2184 dp = smp->som_dynamic;
2185 symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
2186 sizeof(struct nzlist) : sizeof(struct nlist);
2187 numsyms = LD_STABSZ(dp) / symsize;
2188 stringbase = LM_STRINGS(smp);
2190 for (i = 0; i < numsyms; i++) {
2191 struct nzlist *symp = LM_SYMBOL(smp, i);
2192 unsigned long value;
2194 /* Reject all except definitions. */
2195 if (symp->nz_type != N_EXT + N_ABS &&
2196 symp->nz_type != N_EXT + N_TEXT &&
2197 symp->nz_type != N_EXT + N_DATA &&
2198 symp->nz_type != N_EXT + N_BSS)
2202 * If the symbol is greater than the specified address, or
2203 * if it is further away from addr than the current nearest
2204 * symbol, then reject it.
2206 value = (unsigned long) (smp->som_addr + symp->nz_value);
2207 if (value > (unsigned long) addr ||
2208 value < (unsigned long) dlip->dli_saddr)
2211 /* Update our idea of the nearest symbol. */
2212 dlip->dli_sname = stringbase + symp->nz_strx;
2213 dlip->dli_saddr = (void *) value;
2215 if (dlip->dli_saddr == addr) /* Can't get any closer. */
2219 * Remove any leading underscore from the symbol name, to hide
2222 if (dlip->dli_sname != NULL && dlip->dli_sname[0] == '_')
2228 __dlsym3(fd, sym, retaddr)
2235 result = resolvesym(fd, sym, retaddr);
2237 * XXX - Ugly, but it makes the least impact on the run-time loader
2238 * sources. We assume that most of the time the error is a
2239 * undefined symbol error from above, so we try again. If it's
2240 * not an undefined symbol we end up getting the same error twice,
2241 * but that's acceptable.
2243 if (result == NULL) {
2244 /* Prepend an underscore and try again */
2245 char *newsym = xmalloc(strlen(sym) + 2);
2248 strcpy(&newsym[1], sym);
2249 result = resolvesym(fd, newsym, retaddr);
2256 __dlerror __P((void))
2261 dlerror_msg = NULL; /* Next call will return NULL */
2267 __dlexit __P((void))
2270 xprintf("__dlexit called\n");
2273 unmap_object(link_map_head, 1);
2277 * Print the current error message and exit with failure status.
2284 fprintf(stderr, "ld.so failed");
2285 if ((msg = __dlerror()) != NULL)
2286 fprintf(stderr, ": %s", msg);
2293 * Generate an error message that can be later be retrieved via dlerror.
2297 generror(char *fmt, ...)
2299 generror(fmt, va_alist)
2309 vsnprintf (dlerror_buf, DLERROR_BUF_SIZE, fmt, ap);
2310 dlerror_msg = dlerror_buf;
2317 xprintf(char *fmt, ...)
2319 xprintf(fmt, va_alist)
2331 vsnprintf(buf, sizeof(buf), fmt, ap);
2332 (void)write(1, buf, strlen(buf));
2339 * Do a sweep over the environment once only, pick up what
2340 * looks interesting.
2342 * This is pretty obscure, but is relatively simple. Simply
2343 * look at each environment variable, if it starts with "LD_" then
2344 * look closer at it. If it's in our table, set the variable
2345 * listed. effectively, this is like:
2346 * ld_preload = careful ? NULL : getenv("LD_PRELOAD");
2347 * except that the environment is scanned once only to pick up all
2348 * known variables, rather than scanned multiple times for each
2351 * If an environment variable of interest is set to the empty string, we
2352 * treat it as if it were unset.
2355 #define L(n, u, v) { n, sizeof(n) - 1, u, v },
2356 struct env_scan_tab {
2362 L("LD_LIBRARY_PATH=", 1, &ld_library_path)
2363 L("LD_PRELOAD=", 1, &ld_preload)
2364 L("LD_IGNORE_MISSING_OBJECTS=", 1, &ld_ignore_missing_objects)
2365 L("LD_TRACE_LOADED_OBJECTS=", 0, &ld_tracing)
2366 L("LD_BIND_NOW=", 0, &ld_bind_now)
2367 L("LD_SUPPRESS_WARNINGS=", 0, &ld_suppress_warnings)
2368 L("LD_WARN_NON_PURE_CODE=", 0, &ld_warn_non_pure_code)
2369 { NULL, 0, 0, NULL }
2378 struct env_scan_tab *t;
2380 /* for each string in the environment... */
2381 while ((v = *p++)) {
2383 /* check for LD_xxx */
2384 if (v[0] != 'L' || v[1] != 'D' || v[2] != '_')
2387 for (t = scan_tab; t->name; t++) {
2388 if (careful && t->unsafe)
2389 continue; /* skip for set[ug]id */
2390 if (strncmp(t->name, v, t->len) == 0) {
2391 if (*(v + t->len) != '\0') /* Not empty */
2392 *t->value = v + t->len;
2400 * Malloc implementation for use within the dynamic linker. At first
2401 * we do a simple allocation using sbrk. After the user's program
2402 * has been loaded, we switch to using whatever malloc functions are
2406 /* Symbols related to the sbrk and brk implementations. */
2407 #define CURBRK_SYM "curbrk"
2408 #define MINBRK_SYM "minbrk"
2409 #define END_SYM "_end"
2411 /* Symbols related to malloc. */
2412 #define FREE_SYM "_free"
2413 #define MALLOC_SYM "_malloc"
2414 #define REALLOC_SYM "_realloc"
2416 /* Hooks into the implementation of sbrk and brk. */
2417 extern char *curbrk __asm__(CURBRK_SYM);
2418 extern char *minbrk __asm__(MINBRK_SYM);
2420 /* Pointers to the user program's malloc functions. */
2421 static void *(*p_malloc) __P((size_t));
2422 static void *(*p_realloc) __P((void *, size_t));
2423 static void (*p_free) __P((void *));
2425 /* Upper limit of the memory allocated by our internal malloc. */
2426 static char *rtld_alloc_lev;
2429 * Set up the internal malloc so that it will take its memory from the
2430 * main program's sbrk arena.
2433 init_internal_malloc __P((void))
2435 const struct exec *hdr;
2438 * Before anything calls sbrk or brk, we have to initialize
2439 * its idea of the current break level to just beyond the main
2440 * program's address space. Strictly speaking, the right
2441 * way to do that is to look up the value of "_end" in the
2442 * application's run time symbol table.
2444 * That is what we used to do, and it works correctly for
2445 * every valid program. Unfortunately, it doesn't work right
2446 * for "unexec"ed versions of emacs. They are incorrectly
2447 * generated with a wrong value for "_end". (xemacs gets it
2450 * To work around this, we peek at the exec header to get the
2451 * sizes of the text, data, and bss segments. Luckily, the
2452 * header is in memory at the start of the first mapped page.
2453 * From the segment sizes, we can calculate a proper initial
2454 * value for the break level.
2456 hdr = (const struct exec *)PAGSIZ;
2457 if (N_BADMAG(*hdr)) /* Sanity check */
2458 errx(1, "Cannot find program's a.out header");
2459 rtld_alloc_lev = curbrk = minbrk =
2460 (char *)hdr + hdr->a_text + hdr->a_data + hdr->a_bss;
2464 * Set things up so that the dynamic linker can use the program's
2468 init_external_malloc __P((void))
2471 * Patch the program's idea of the current break address to
2472 * what it really is as a result of the allocations we have
2475 *(char **)(sym_addr(CURBRK_SYM)) = curbrk;
2478 * Set the minimum break level too. Otherwise, "unexec"ed
2479 * emacs sets the break too low and wipes out our tables of
2482 *(char **)(sym_addr(MINBRK_SYM)) = curbrk;
2485 * Set up pointers to the program's allocation functions, so
2486 * that we can use them from now on.
2488 p_malloc = (void *(*)(size_t))(sym_addr(MALLOC_SYM));
2489 p_free = (void (*)(void *))(sym_addr(FREE_SYM));
2490 p_realloc = (void *(*)(void *, size_t))(sym_addr(REALLOC_SYM));
2499 /* If we are far enough along, we can use the system malloc. */
2500 if (p_malloc != NULL)
2501 return (*p_malloc)(size);
2504 * Otherwise we use our simple built-in malloc. We get the
2505 * memory from brk() in increments of one page. We store the
2506 * allocated size in the first word, so that realloc can be
2509 if (rtld_alloc_lev == NULL)
2510 errx(1, "Internal error: internal malloc called before"
2511 " being initialized");
2513 p = (char *)ALIGN(rtld_alloc_lev);
2514 rtld_alloc_lev = p + sizeof(size_t) + size;
2516 if (rtld_alloc_lev > curbrk) { /* Get memory from system */
2520 roundup2((unsigned long)rtld_alloc_lev, PAGSIZ);
2521 if (brk(newbrk) == -1)
2525 *(size_t *)p = size;
2526 return p + sizeof(size_t);
2538 return malloc(size);
2541 * If we are far enough along, and if the memory originally came
2542 * from the system malloc, we can use the system realloc.
2544 if (p_realloc != NULL && (char *)ptr >= rtld_alloc_lev)
2545 return (*p_realloc)(ptr, size);
2547 old_size = *((size_t *)ptr - 1);
2548 if (old_size >= size) /* Not expanding the region */
2551 new_ptr = malloc(size);
2552 if (new_ptr != NULL)
2553 memcpy(new_ptr, ptr, old_size);
2565 * If we are far enough along, and if the memory originally came
2566 * from the system malloc, we can use the system free. Otherwise
2567 * we can't free the memory and we just let it go to waste.
2569 if (p_free != NULL && (char *)ptr >= rtld_alloc_lev)