2 * Copyright (c) 1993 Paul Kranenburg
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Paul Kranenburg.
16 * 4. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 * $FreeBSD: src/libexec/rtld-aout/rtld.c,v 1.58.2.2 2002/03/04 12:00:31 dwmalone Exp $
31 * $DragonFly: src/libexec/rtld-aout/Attic/rtld.c,v 1.3 2003/11/14 03:54:31 dillon Exp $
34 #include <sys/param.h>
35 #include <sys/types.h>
39 #include <sys/resource.h>
40 #include <sys/errno.h>
43 #define MAP_COPY MAP_PRIVATE
70 #define anon_open() do { \
71 if ((anon_fd = open(_PATH_DEVZERO, O_RDWR, 0)) == -1) \
72 err("open: %s", _PATH_DEVZERO); \
74 #define anon_close() do { \
75 (void)close(anon_fd); \
84 * Structure for building a list of shared objects.
87 struct so_map *sol_map; /* Link map for shared object */
88 struct so_list *sol_next; /* Next entry in the list */
92 * Loader private data, hung off <so_map>->som_spd
94 struct somap_private {
96 struct so_map *spd_parent;
97 struct so_list *spd_children;
98 struct so_map *spd_prev;
103 #define RTLD_MAIN 0x01
104 #define RTLD_RTLD 0x02
106 #define RTLD_INIT 0x08
107 unsigned long a_text; /* text size, if known */
108 unsigned long a_data; /* initialized data size */
109 unsigned long a_bss; /* uninitialized data size */
112 long spd_offset; /* Correction for Sun main programs */
116 #define LM_PRIVATE(smp) ((struct somap_private *)(smp)->som_spd)
119 #define LM_OFFSET(smp) (LM_PRIVATE(smp)->spd_offset)
121 #define LM_OFFSET(smp) (0)
124 /* Base address for section_dispatch_table entries */
125 #define LM_LDBASE(smp) (smp->som_addr + LM_OFFSET(smp))
127 /* Start of text segment */
128 #define LM_TXTADDR(smp) (smp->som_addr == (caddr_t)0 ? PAGSIZ : 0)
130 /* Start of run-time relocation_info */
131 #define LM_REL(smp) ((struct relocation_info *) \
132 (smp->som_addr + LM_OFFSET(smp) + LD_REL((smp)->som_dynamic)))
134 /* Start of symbols */
135 #define LM_SYMBOL(smp, i) ((struct nzlist *) \
136 (smp->som_addr + LM_OFFSET(smp) + LD_SYMBOL((smp)->som_dynamic) + \
137 i * (LD_VERSION_NZLIST_P(smp->som_dynamic->d_version) ? \
138 sizeof(struct nzlist) : sizeof(struct nlist))))
140 /* Start of hash table */
141 #define LM_HASH(smp) ((struct rrs_hash *) \
142 ((smp)->som_addr + LM_OFFSET(smp) + LD_HASH((smp)->som_dynamic)))
144 /* Start of strings */
145 #define LM_STRINGS(smp) ((char *) \
146 ((smp)->som_addr + LM_OFFSET(smp) + LD_STRINGS((smp)->som_dynamic)))
148 /* Start of search paths */
149 #define LM_PATHS(smp) ((char *) \
150 ((smp)->som_addr + LM_OFFSET(smp) + LD_PATHS((smp)->som_dynamic)))
153 #define LM_ETEXT(smp) ((char *) \
154 ((smp)->som_addr + LM_TXTADDR(smp) + LD_TEXTSZ((smp)->som_dynamic)))
156 /* Needed shared objects */
157 #define LM_NEED(smp) ((struct sod *) \
158 ((smp)->som_addr + LM_TXTADDR(smp) + LD_NEED((smp)->som_dynamic)))
160 /* PLT is in data segment, so don't use LM_OFFSET here */
161 #define LM_PLT(smp) ((jmpslot_t *) \
162 ((smp)->som_addr + LD_PLT((smp)->som_dynamic)))
164 /* Parent of link map */
165 #define LM_PARENT(smp) (LM_PRIVATE(smp)->spd_parent)
167 #ifndef RELOC_EXTERN_P
168 #define RELOC_EXTERN_P(s) ((s)->r_extern)
172 #define RELOC_SYMBOL(s) ((s)->r_symbolnum)
175 #ifndef RELOC_PCREL_P
176 #define RELOC_PCREL_P(s) ((s)->r_pcrel)
179 #define END_SYM "_end"
181 static char __main_progname[] = "main";
182 static char *main_progname = __main_progname;
183 static char us[] = "/usr/libexec/ld.so";
189 static uid_t uid, euid;
190 static gid_t gid, egid;
192 static int anon_fd = -1;
194 static char *ld_bind_now;
195 static char *ld_ignore_missing_objects;
196 static char *ld_library_path;
197 static char *ld_preload;
198 static char *ld_tracing;
199 static char *ld_suppress_warnings;
200 static char *ld_warn_non_pure_code;
202 struct so_map *link_map_head;
203 struct so_map *link_map_tail;
204 struct rt_symbol *rt_symbol_head;
206 static void *__dlopen (const char *, int);
207 static int __dlclose (void *);
208 static void *__dlsym (void *, const char *);
209 static const char *__dlerror (void);
210 static void __dlexit (void);
211 static void *__dlsym3 (void *, const char *, void *);
212 static int __dladdr (const void *, Dl_info *);
214 static struct ld_entry ld_entry = {
215 __dlopen, __dlclose, __dlsym, __dlerror, __dlexit, __dlsym3, __dladdr
218 void xprintf (char *, ...);
219 static struct so_map *map_object ( const char *,
222 static int map_preload (void);
223 static int map_sods (struct so_map *);
224 static int reloc_dag (struct so_map *, int);
225 static void unmap_object (struct so_map *, int);
226 static struct so_map *alloc_link_map ( const char *, struct sod *,
227 struct so_map *, caddr_t,
229 static void init_link_map ( struct so_map *,
230 struct somap_private *,
231 const char *, struct sod *,
232 struct so_map *, caddr_t,
234 static void free_link_map (struct so_map *);
235 static inline int check_text_reloc ( struct relocation_info *,
238 static int reloc_map (struct so_map *, int);
239 static void reloc_copy (struct so_map *);
240 static void init_dag (struct so_map *);
241 static void init_sods (struct so_list *);
242 static void init_internal_malloc (void);
243 static void init_external_malloc (void);
244 static int call_map (struct so_map *, char *);
245 static char *findhint (char *, int, int *);
246 static char *rtfindlib (char *, int, int, int);
247 static char *rtfindfile (const char *);
248 void binder_entry (void);
249 long binder (jmpslot_t *);
250 static struct nzlist *lookup (char *, struct so_map **, int);
251 static inline struct rt_symbol *lookup_rts (char *, unsigned long);
252 static struct nzlist *lookup_in_obj (char *, unsigned long,
253 struct so_map *, int);
254 static struct rt_symbol *enter_rts (char *, unsigned long, long, int,
255 caddr_t, long, struct so_map *);
256 static void *sym_addr (char *);
257 static struct nzlist * lookup_errno_hack(char *, struct so_map **, int);
258 static void die (void);
259 static void generror (char *, ...);
260 static int maphints (void);
261 static void unmaphints (void);
262 static void ld_trace (struct so_map *);
263 static void rt_readenv (void);
264 static int hinthash (char *, int);
265 int rtld (int, struct crt_ldso *, struct _dynamic *);
268 * Compute a hash value for symbol tables. Don't change this -- the
269 * algorithm is dictated by the way the linker builds the symbol
270 * tables in the shared objects.
272 static inline unsigned long
281 return h & 0x7fffffffUL;
285 strcmp (register const char *s1, register const char *s2)
290 return (*(unsigned char *)s1 - *(unsigned char *)--s2);
293 #include "md-static-funcs.c"
296 * Called from assembler stub that has set up crtp (passed from crt0)
297 * and dp (our __DYNAMIC).
300 rtld(version, crtp, dp)
302 struct crt_ldso *crtp;
305 struct relocation_info *reloc;
306 struct relocation_info *reloc_limit; /* End+1 of relocation */
307 struct so_debug *ddp;
308 struct so_map *main_map;
314 if (version != CRT_VERSION_BSD_2 &&
315 version != CRT_VERSION_BSD_3 &&
316 version != CRT_VERSION_BSD_4 &&
317 version != CRT_VERSION_BSD_5 &&
318 version != CRT_VERSION_SUN)
321 /* Fixup __DYNAMIC structure */
322 (long)dp->d_un.d_sdt += crtp->crt_ba;
324 /* Relocate ourselves */
325 reloc = (struct relocation_info *) (LD_REL(dp) + crtp->crt_ba);
327 (struct relocation_info *) ((char *) reloc + LD_RELSZ(dp));
328 while(reloc < reloc_limit) {
330 * Objects linked with "-Bsymbolic" (in particular, ld.so
331 * itself) can end up having unused relocation entries at
332 * the end. These can be detected by the fact that they
333 * have an address of 0.
335 if(reloc->r_address == 0) /* We're done */
337 md_relocate_simple(reloc, crtp->crt_ba,
338 reloc->r_address + crtp->crt_ba);
342 if (version >= CRT_VERSION_BSD_4)
343 __progname = crtp->crt_ldso;
344 if (version >= CRT_VERSION_BSD_3)
345 main_progname = crtp->crt_prog;
346 main_path = version >= CRT_VERSION_BSD_5 ? crtp->crt_argv[0] :
349 /* Some buggy versions of crt0.o have crt_ldso filled in as NULL. */
350 if (__progname == NULL)
353 /* Fill in some fields in _DYNAMIC or crt structure */
354 if (version >= CRT_VERSION_BSD_4)
355 crtp->crt_ldentry = &ld_entry; /* crt */
357 crtp->crt_dp->d_entry = &ld_entry; /* _DYNAMIC */
359 /* Initialize our internal malloc package. */
360 init_internal_malloc();
362 /* Setup out (private) environ variable */
363 environ = crtp->crt_ep;
365 /* Get user and group identifiers */
366 uid = getuid(); euid = geteuid();
367 gid = getgid(); egid = getegid();
369 careful = (uid != euid) || (gid != egid);
375 /* Make a link map entry for the main program */
376 main_map = alloc_link_map(main_path,
377 (struct sod *) NULL, (struct so_map *) NULL,
378 (caddr_t) 0, crtp->crt_dp);
379 LM_PRIVATE(main_map)->spd_refcount++;
380 LM_PRIVATE(main_map)->spd_flags |= RTLD_MAIN;
382 /* Make a link map entry for ourselves */
383 smp = alloc_link_map(us,
384 (struct sod *) NULL, (struct so_map *) NULL,
385 (caddr_t) crtp->crt_ba, dp);
386 LM_PRIVATE(smp)->spd_refcount++;
387 LM_PRIVATE(smp)->spd_flags |= RTLD_RTLD;
390 * Setup the executable's run path
392 if (version >= CRT_VERSION_BSD_4) {
393 add_paths = LM_PATHS(main_map);
395 add_search_path(add_paths);
399 * Setup the directory search list for findshlib. We use only
400 * the standard search path. Any extra directories from
401 * LD_LIBRARY_PATH are searched explicitly, in rtfindlib.
405 /* Map in LD_PRELOADs before the main program's shared objects so we
406 can intercept those calls */
407 if (ld_preload != NULL) {
408 if(map_preload() == -1) /* Failed */
412 /* Map all the shared objects that the main program depends upon */
413 if(map_sods(main_map) == -1)
416 if(ld_tracing) { /* We're done */
417 ld_trace(link_map_head);
421 crtp->crt_dp->d_un.d_sdt->sdt_loaded = link_map_head->som_next;
423 /* Relocate all mapped objects. */
424 if(reloc_dag(main_map, ld_bind_now != NULL) == -1) /* Failed */
428 * Switch to the same malloc that the program uses. We do
429 * this before initializing the loaded objects, because their
430 * initialization functions may well call malloc, and it won't
431 * work right until we have set it up.
433 init_external_malloc();
435 /* Initialize all mapped objects. */
438 ddp = crtp->crt_dp->d_debug;
439 ddp->dd_cc = rt_symbol_head;
440 if (ddp->dd_in_debugger) {
441 caddr_t addr = (caddr_t)((long)crtp->crt_bp & (~(PAGSIZ - 1)));
443 /* Set breakpoint for the benefit of debuggers */
444 if (mprotect(addr, PAGSIZ,
445 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
446 err(1, "Cannot set breakpoint (%s)", main_progname);
448 md_set_breakpoint((long)crtp->crt_bp, (long *)&ddp->dd_bpt_shadow);
449 if (mprotect(addr, PAGSIZ, PROT_READ|PROT_EXEC) == -1) {
450 err(1, "Cannot re-protect breakpoint (%s)",
454 ddp->dd_bpt_addr = crtp->crt_bp;
456 ddp->dd_sym_loaded = 1;
459 /* Close the hints file */
462 /* Close our file descriptor */
463 (void)close(crtp->crt_ldfd);
466 return LDSO_VERSION_HAS_DLADDR;
473 char *fmt1, *fmt2, *fmt, *main_local;
476 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL)
479 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL)
480 fmt1 = "\t-l%o.%m => %p (%x)\n";
482 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL)
483 fmt2 = "\t%o (%x)\n";
485 for (; smp; smp = smp->som_next) {
489 if ((sodp = smp->som_sod) == NULL)
492 name = (char *)sodp->sod_name;
494 name += (long)LM_LDBASE(LM_PARENT(smp));
496 if ((path = smp->som_path) == NULL)
499 fmt = sodp->sod_library ? fmt1 : fmt2;
500 while ((c = *fmt++) != '\0') {
526 printf("%s", main_local);
529 printf("%s", main_progname);
535 printf("%d", sodp->sod_major);
538 printf("%d", sodp->sod_minor);
544 printf("%p", smp->som_addr);
555 * Allocate a new link map and return a pointer to it.
557 * PATH is the pathname of the shared object.
559 * SODP is a pointer to the shared object dependency structure responsible
560 * for causing the new object to be loaded. PARENT is the shared object
561 * into which SODP points. Both can be NULL if the new object is not
562 * being loaded as a result of a shared object dependency.
564 * ADDR is the address at which the object has been mapped. DP is a pointer
565 * to its _dynamic structure.
567 static struct so_map *
568 alloc_link_map(path, sodp, parent, addr, dp)
571 struct so_map *parent;
576 struct somap_private *smpp;
579 xprintf("alloc_link_map: \"%s\" at %p\n", path, addr);
582 smp = (struct so_map *)xmalloc(sizeof(struct so_map));
583 smpp = (struct somap_private *)xmalloc(sizeof(struct somap_private));
584 init_link_map(smp, smpp, path, sodp, parent, addr, dp);
586 /* Link the new entry into the list of link maps */
587 smpp->spd_prev = link_map_tail;
588 if(link_map_tail == NULL) /* First link map entered into list */
589 link_map_head = link_map_tail = smp;
590 else { /* Append to end of list */
591 link_map_tail->som_next = smp;
599 * Initialize a link map entry that has already been allocated.
602 init_link_map(smp, smpp, path, sodp, parent, addr, dp)
604 struct somap_private *smpp;
607 struct so_map *parent;
611 memset(smp, 0, sizeof *smp);
612 memset(smpp, 0, sizeof *smpp);
613 smp->som_spd = (caddr_t)smpp;
614 smp->som_addr = addr;
615 smp->som_path = path ? strdup(path) : NULL;
617 smp->som_dynamic = dp;
618 smpp->spd_parent = parent;
621 (addr==0 && dp && dp->d_version==LD_VERSION_SUN) ? PAGSIZ : 0;
626 * Remove the specified link map entry from the list of link maps, and free
627 * the associated storage.
633 struct somap_private *smpp = LM_PRIVATE(smp);
636 xprintf("free_link_map: \"%s\"\n", smp->som_path);
639 if(smpp->spd_prev == NULL) /* Removing first entry in list */
640 link_map_head = smp->som_next;
641 else /* Update link of previous entry */
642 smpp->spd_prev->som_next = smp->som_next;
644 if(smp->som_next == NULL) /* Removing last entry in list */
645 link_map_tail = smpp->spd_prev;
646 else /* Update back link of next entry */
647 LM_PRIVATE(smp->som_next)->spd_prev = smpp->spd_prev;
649 if (smp->som_path != NULL)
656 * Map the shared object specified by PATH into memory, if it is not
657 * already mapped. Increment the object's reference count, and return a
658 * pointer to its link map.
660 * As a special case, if PATH is NULL, it is taken to refer to the main
663 * SODP is a pointer to the shared object dependency structure that caused
664 * this object to be requested. PARENT is a pointer to the link map of
665 * the shared object containing that structure. For a shared object not
666 * being mapped as a result of a shared object dependency, these pointers
667 * should be NULL. An example of this is a shared object that is explicitly
668 * loaded via dlopen().
670 * The return value is a pointer to the link map for the requested object.
671 * If the operation failed, the return value is NULL. In that case, an
672 * error message can be retrieved by calling dlerror().
674 static struct so_map *
675 map_object(path, sodp, parent)
678 struct so_map *parent;
683 if(path == NULL) /* Special case for the main program itself */
687 * Check whether the shared object is already mapped.
688 * We check first for an exact match by pathname. That
689 * will detect the usual case. If no match is found by
690 * pathname, then stat the file, and check for a match by
691 * device and inode. That will detect the less common case
692 * involving multiple links to the same library.
694 for(smp = link_map_head; smp != NULL; smp = smp->som_next) {
695 if(!(LM_PRIVATE(smp)->spd_flags & (RTLD_MAIN|RTLD_RTLD))
696 && smp->som_path != NULL
697 && strcmp(smp->som_path, path) == 0)
700 if(smp == NULL) { /* Check for a match by device and inode */
701 if (stat(path, &statbuf) == -1) {
702 generror ("cannot stat \"%s\" : %s",
703 path, strerror(errno));
706 for (smp = link_map_head; smp != NULL;
707 smp = smp->som_next) {
708 struct somap_private *smpp = LM_PRIVATE(smp);
710 if (!(smpp->spd_flags & (RTLD_MAIN | RTLD_RTLD))
711 && smpp->spd_ino == statbuf.st_ino
712 && smpp->spd_dev == statbuf.st_dev)
718 if (smp == NULL) { /* We must map the object */
723 struct somap_private *smpp;
725 if ((fd = open(path, O_RDONLY, 0)) == -1) {
726 generror ("open failed for \"%s\" : %s",
727 path, strerror (errno));
731 if (read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
732 generror ("header read failed for \"%s\"", path);
738 generror ("bad magic number in \"%s\"", path);
744 * Map the entire address space of the object. It is
745 * tempting to map just the text segment at first, in
746 * order to avoid having to use mprotect to change the
747 * protections of the data segment. But that would not
748 * be correct. Mmap might find a group of free pages
749 * large enough to hold the text segment, but not large
750 * enough for the entire object. When we then mapped
751 * in the data and BSS segments, they would either be
752 * non-contiguous with the text segment (if we didn't
753 * specify MAP_FIXED), or they would map over some
754 * previously mapped region (if we did use MAP_FIXED).
755 * The only way we can be sure of getting a contigous
756 * region that is large enough is to map the entire
759 if ((addr = mmap(0, hdr.a_text + hdr.a_data + hdr.a_bss,
761 MAP_COPY, fd, 0)) == (caddr_t)-1) {
762 generror ("mmap failed for \"%s\" : %s",
763 path, strerror (errno));
770 /* Change the data segment to writable */
771 if (mprotect(addr + hdr.a_text, hdr.a_data,
772 PROT_READ|PROT_WRITE|PROT_EXEC) != 0) {
773 generror ("mprotect failed for \"%s\" : %s",
774 path, strerror (errno));
775 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
779 /* Map in pages of zeros for the BSS segment */
780 if (mmap(addr + hdr.a_text + hdr.a_data, hdr.a_bss,
781 PROT_READ|PROT_WRITE|PROT_EXEC,
782 MAP_ANON|MAP_COPY|MAP_FIXED,
783 anon_fd, 0) == (caddr_t)-1) {
784 generror ("mmap failed for \"%s\" : %s",
785 path, strerror (errno));
786 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
790 /* Assume _DYNAMIC is the first data item */
791 dp = (struct _dynamic *)(addr+hdr.a_text);
793 /* Fixup __DYNAMIC structure */
794 (long)dp->d_un.d_sdt += (long)addr;
796 smp = alloc_link_map(path, sodp, parent, addr, dp);
798 /* save segment sizes for unmap. */
799 smpp = LM_PRIVATE(smp);
800 smpp->a_text = hdr.a_text;
801 smpp->a_data = hdr.a_data;
802 smpp->a_bss = hdr.a_bss;
805 * Save the device and inode, so we can detect multiple links
806 * to the same library. Note, if we reach this point, then
807 * statbuf is guaranteed to have been filled in.
809 smpp->spd_dev = statbuf.st_dev;
810 smpp->spd_ino = statbuf.st_ino;
813 LM_PRIVATE(smp)->spd_refcount++;
814 if(LM_PRIVATE(smp)->spd_refcount == 1) { /* First use of object */
816 * Recursively map all of the shared objects that this
819 if(map_sods(smp) == -1) { /* Failed */
820 unmap_object(smp, 0); /* Clean up */
829 * Map all the shared libraries named in the LD_PRELOAD environment
832 * Returns 0 on success, -1 on failure. On failure, an error message can
833 * be gotten via dlerror().
837 char *ld_name = ld_preload;
840 while ((name = strsep(&ld_name, ":")) != NULL) {
842 struct so_map *smp = NULL;
845 path = (strchr(name, '/') != NULL) ? strdup(name) :
849 generror("Can't find LD_PRELOAD shared"
850 " library \"%s\"", name);
852 smp = map_object(path, (struct sod *) NULL,
853 (struct so_map *) NULL);
857 *(ld_name - 1) = ':';
860 * We don't bother to unmap already-loaded libraries
861 * on failure, because in that case the program is
862 * about to die anyway.
871 * Map all of the shared objects that a given object depends upon. PARENT is
872 * a pointer to the link map for the shared object whose dependencies are
875 * Returns 0 on success. Returns -1 on failure. In that case, an error
876 * message can be retrieved by calling dlerror().
880 struct so_map *parent;
882 struct somap_private *parpp = LM_PRIVATE(parent);
883 struct so_list **soltail = &parpp->spd_children;
884 long next = LD_NEED(parent->som_dynamic);
888 (struct sod *) (LM_LDBASE(parent) + next);
890 (char *) (LM_LDBASE(parent) + sodp->sod_name);
892 struct so_map *smp = NULL;
894 if(sodp->sod_library) {
896 * First try for a match with an adequate minor
899 path = rtfindlib(name, sodp->sod_major,
902 * If none was found, try for just a major version
903 * match. A warning is issued by rtfindlib in
904 * this case, since the minor version number isn't
905 * really high enough.
908 path = rtfindlib(name, sodp->sod_major,
910 if(path == NULL && !ld_tracing) {
911 generror ("Can't find shared library"
912 " \"lib%s.so.%d.%d\"", name,
913 sodp->sod_major, sodp->sod_minor);
916 if(careful && name[0] != '/') {
917 generror("Shared library path must start"
918 " with \"/\" for \"%s\"", name);
924 smp = map_object(path, sodp, parent);
929 struct so_list *solp = (struct so_list *)
930 xmalloc(sizeof(struct so_list));
932 solp->sol_next = NULL;
934 soltail = &solp->sol_next;
935 } else if(ld_tracing) {
937 * Allocate a dummy map entry so that we will get the
938 * "not found" message.
940 (void)alloc_link_map(NULL, sodp, parent, 0, 0);
941 } else if (ld_ignore_missing_objects) {
944 * Call __dlerror() even it we're not going to use
945 * the message, in order to clear the saved message.
947 msg = __dlerror(); /* Should never be NULL */
948 if (!ld_suppress_warnings)
949 warnx("warning: %s", msg);
953 next = sodp->sod_next;
958 * Oh drat, we have to clean up a mess.
960 * We failed to load a shared object that we depend upon.
961 * So now we have to unload any dependencies that we had
962 * already successfully loaded prior to the error.
964 * Cleaning up doesn't matter so much for the initial
965 * loading of the program, since any failure is going to
966 * terminate the program anyway. But it is very important
967 * to clean up properly when something is being loaded
970 struct so_list *solp;
972 while((solp = parpp->spd_children) != NULL) {
973 unmap_object(solp->sol_map, 0);
974 parpp->spd_children = solp->sol_next;
985 * Relocate the DAG of shared objects rooted at the given link map
986 * entry. Returns 0 on success, or -1 on failure. On failure, an
987 * error message can be retrieved via dlerror().
990 reloc_dag(root, bind_now)
997 * Relocate all newly-loaded objects. We avoid recursion for this
998 * step by taking advantage of a few facts. This function is called
999 * only when there are in fact some newly-loaded objects to process.
1000 * Furthermore, all newly-loaded objects will have their link map
1001 * entries at the end of the link map list. And, the root of the
1002 * tree of objects just loaded will have been the first to be loaded
1003 * and therefore the first new object in the link map list. Finally,
1004 * we take advantage of the fact that we can relocate the newly-loaded
1005 * objects in any order.
1007 * All these facts conspire to let us simply loop over the tail
1008 * portion of the link map list, relocating each object so
1011 for(smp = root; smp != NULL; smp = smp->som_next) {
1012 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)) {
1013 if(reloc_map(smp, bind_now) < 0)
1019 * Copy any relocated initialized data. Again, we can just loop
1020 * over the appropriate portion of the link map list.
1022 for(smp = root; smp != NULL; smp = smp->som_next) {
1023 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD))
1031 * Remove a reference to the shared object specified by SMP. If no
1032 * references remain, unmap the object and, recursively, its descendents.
1033 * This function also takes care of calling the finalization routines for
1034 * objects that are removed.
1036 * If KEEP is true, then the actual calls to munmap() are skipped,
1037 * and the object is kept in memory. That is used only for finalization,
1038 * from dlexit(), when the program is exiting. There are two reasons
1039 * for it. First, the program is exiting and there is no point in
1040 * spending the time to explicitly unmap its shared objects. Second,
1041 * even after dlexit() has been called, there are still a couple of
1042 * calls that are made to functions in libc. (This is really a bug
1043 * in crt0.) So libc and the main program, at least, must remain
1044 * mapped in that situation.
1046 * Under no reasonable circumstances should this function fail. If
1047 * anything goes wrong, we consider it an internal error, and report
1051 unmap_object(smp, keep)
1055 struct somap_private *smpp = LM_PRIVATE(smp);
1057 smpp->spd_refcount--;
1058 if(smpp->spd_refcount == 0) { /* Finished with this object */
1059 struct so_list *solp;
1061 if(smpp->spd_flags & RTLD_INIT) { /* Was initialized */
1063 * Call the object's finalization routine. For
1064 * backward compatibility, we first try to call
1065 * ".fini". If that does not exist, we call
1068 if(call_map(smp, ".fini") == -1)
1069 call_map(smp, "__fini");
1072 /* Recursively unreference the object's descendents */
1073 while((solp = smpp->spd_children) != NULL) {
1074 unmap_object(solp->sol_map, keep);
1075 smpp->spd_children = solp->sol_next;
1079 if(!keep) { /* Unmap the object from memory */
1080 if(munmap(smp->som_addr,
1081 smpp->a_text + smpp->a_data + smpp->a_bss) < 0)
1082 err(1, "internal error 1: munmap failed");
1084 /* Unlink and free the object's link map entry */
1091 check_text_reloc(r, smp, addr)
1092 struct relocation_info *r;
1098 if (addr >= LM_ETEXT(smp))
1101 if (RELOC_EXTERN_P(r))
1102 sym = LM_STRINGS(smp) +
1103 LM_SYMBOL(smp, RELOC_SYMBOL(r))->nz_strx;
1107 if (!ld_suppress_warnings && ld_warn_non_pure_code)
1108 warnx("warning: non pure code in %s at %x (%s)",
1109 smp->som_path, r->r_address, sym);
1111 if (smp->som_write == 0 &&
1112 mprotect(smp->som_addr + LM_TXTADDR(smp),
1113 LD_TEXTSZ(smp->som_dynamic),
1114 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
1115 generror ("mprotect failed for \"%s\" : %s",
1116 smp->som_path, strerror (errno));
1125 reloc_map(smp, bind_now)
1130 * Caching structure for reducing the number of calls to
1131 * lookup() during relocation.
1133 * While relocating a given shared object, the dynamic linker
1134 * maintains a caching vector that is directly indexed by
1135 * the symbol number in the relocation entry. The first time
1136 * a given symbol is looked up, the caching vector is
1137 * filled in with a pointer to the symbol table entry, and
1138 * a pointer to the so_map of the shared object in which the
1139 * symbol was defined. On subsequent uses of the same symbol,
1140 * that information is retrieved directly from the caching
1141 * vector, without calling lookup() again.
1143 * A symbol that is referenced in a relocation entry is
1144 * typically referenced in many relocation entries, so this
1145 * caching reduces the number of calls to lookup()
1146 * dramatically. The overall improvement in the speed of
1147 * dynamic linking is also dramatic -- as much as a factor
1148 * of three for programs that use many shared libaries.
1151 struct nzlist *np; /* Pointer to symbol entry */
1152 struct so_map *src_map; /* Shared object that defined symbol */
1155 struct _dynamic *dp = smp->som_dynamic;
1156 struct relocation_info *r = LM_REL(smp);
1157 struct relocation_info *rend = r + LD_RELSZ(dp)/sizeof(*r);
1158 long symbolbase = (long)LM_SYMBOL(smp, 0);
1159 char *stringbase = LM_STRINGS(smp);
1160 int symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
1161 sizeof(struct nzlist) :
1162 sizeof(struct nlist);
1163 long numsyms = LD_STABSZ(dp) / symsize;
1164 size_t cachebytes = numsyms * sizeof(struct cacheent);
1165 struct cacheent *symcache =
1166 (struct cacheent *) alloca(cachebytes);
1168 if(symcache == NULL) {
1169 generror("Cannot allocate symbol caching vector for %s",
1173 bzero(symcache, cachebytes);
1176 md_fix_jmpslot(LM_PLT(smp),
1177 (long)LM_PLT(smp), (long)binder_entry);
1179 for (; r < rend; r++) {
1184 * Objects linked with "-Bsymbolic" can end up having unused
1185 * relocation entries at the end. These can be detected by
1186 * the fact that they have an address of 0.
1188 if(r->r_address == 0) /* Finished relocating this object */
1191 addr = smp->som_addr + r->r_address;
1192 if (check_text_reloc(r, smp, addr) < 0)
1195 if (RELOC_EXTERN_P(r)) {
1196 struct so_map *src_map = NULL;
1197 struct nzlist *p, *np;
1200 if (RELOC_JMPTAB_P(r) && !bind_now)
1203 p = (struct nzlist *)
1204 (symbolbase + symsize * RELOC_SYMBOL(r));
1206 if (p->nz_type == (N_SETV + N_EXT))
1209 sym = stringbase + p->nz_strx;
1212 * Look up the symbol, checking the caching
1215 np = symcache[RELOC_SYMBOL(r)].np;
1216 if(np != NULL) /* Symbol already cached */
1217 src_map = symcache[RELOC_SYMBOL(r)].src_map;
1218 else { /* Symbol not cached yet */
1219 np = lookup(sym, &src_map, RELOC_JMPTAB_P(r));
1221 * Record the needed information about
1222 * the symbol in the caching vector,
1223 * so that we won't have to call
1224 * lookup the next time we encounter
1227 symcache[RELOC_SYMBOL(r)].np = np;
1228 symcache[RELOC_SYMBOL(r)].src_map = src_map;
1232 generror ("Undefined symbol \"%s\" in %s:%s",
1233 sym, main_progname, smp->som_path);
1238 * Found symbol definition.
1239 * If it's in a link map, adjust value
1240 * according to the load address of that map.
1241 * Otherwise it's a run-time allocated common
1242 * whose value is already up-to-date.
1244 relocation = np->nz_value;
1246 relocation += (long)src_map->som_addr;
1248 if (RELOC_JMPTAB_P(r)) {
1249 md_bind_jmpslot(relocation, addr);
1253 relocation += md_get_addend(r, addr);
1255 if (RELOC_PCREL_P(r))
1256 relocation -= (long)smp->som_addr;
1258 if (RELOC_COPY_P(r) && src_map) {
1259 (void)enter_rts(sym, sym_hash(sym),
1262 src_map->som_addr + np->nz_value,
1263 np->nz_size, src_map);
1267 md_relocate(r, relocation, addr, 0);
1271 md_get_rt_segment_addend(r, addr)
1273 md_get_addend(r, addr)
1275 + (long)smp->som_addr, addr, 0);
1280 if (smp->som_write) {
1281 if (mprotect(smp->som_addr + LM_TXTADDR(smp),
1282 LD_TEXTSZ(smp->som_dynamic),
1283 PROT_READ|PROT_EXEC) == -1) {
1284 generror ("mprotect failed for \"%s\" : %s",
1285 smp->som_path, strerror (errno));
1297 struct rt_symbol *rtsp;
1299 for (rtsp = rt_symbol_head; rtsp; rtsp = rtsp->rt_next)
1300 if ((rtsp->rt_smp == NULL || rtsp->rt_smp == smp) &&
1301 rtsp->rt_sp->nz_type == N_DATA + N_EXT) {
1302 bcopy(rtsp->rt_srcaddr, (caddr_t)rtsp->rt_sp->nz_value,
1303 rtsp->rt_sp->nz_size);
1308 * Initialize the DAG of shared objects rooted at the given object.
1314 struct somap_private *smpp = LM_PRIVATE(smp);
1316 if(!(smpp->spd_flags & RTLD_INIT)) { /* Not initialized yet */
1317 smpp->spd_flags |= RTLD_INIT;
1319 /* Make sure all the children are initialized */
1320 if(smpp->spd_children != NULL)
1321 init_sods(smpp->spd_children);
1323 if(call_map(smp, ".init") == -1)
1324 call_map(smp, "__init");
1330 struct so_list *solp;
1332 /* Recursively initialize the rest of the list */
1333 if(solp->sol_next != NULL)
1334 init_sods(solp->sol_next);
1336 /* Initialize the first element of the list */
1337 init_dag(solp->sol_map);
1342 * Call a function in a given shared object. SMP is the shared object, and
1343 * SYM is the name of the function.
1345 * Returns 0 on success, or -1 if the symbol was not found. Failure is not
1346 * necessarily an error condition, so no error message is generated.
1353 struct so_map *src_map = smp;
1356 np = lookup(sym, &src_map, 1);
1358 (*(void (*)())(src_map->som_addr + np->nz_value))();
1366 * Run-time common symbol table.
1369 #define RTC_TABSIZE 57
1370 static struct rt_symbol *rt_symtab[RTC_TABSIZE];
1373 * Look up a symbol in the run-time common symbol table. For efficiency,
1374 * the symbol's hash value must be passed in too.
1376 static inline struct rt_symbol *
1377 lookup_rts(name, hash)
1381 register struct rt_symbol *rtsp;
1383 for (rtsp = rt_symtab[hash % RTC_TABSIZE]; rtsp; rtsp = rtsp->rt_link)
1384 if (strcmp(name, rtsp->rt_sp->nz_name) == 0)
1391 * Enter a symbol into the run-time common symbol table. For efficiency,
1392 * the symbol's hash value must be passed in too.
1394 static struct rt_symbol *
1395 enter_rts(name, hash, value, type, srcaddr, size, smp)
1404 register struct rt_symbol *rtsp, **rpp;
1406 /* Find end of bucket */
1407 for (rpp = &rt_symtab[hash % RTC_TABSIZE]; *rpp; rpp = &(*rpp)->rt_link)
1410 /* Allocate new common symbol */
1411 rtsp = (struct rt_symbol *)xmalloc(sizeof(struct rt_symbol));
1412 rtsp->rt_sp = (struct nzlist *)xmalloc(sizeof(struct nzlist));
1413 rtsp->rt_sp->nz_name = strdup(name);
1414 rtsp->rt_sp->nz_value = value;
1415 rtsp->rt_sp->nz_type = type;
1416 rtsp->rt_sp->nz_size = size;
1417 rtsp->rt_srcaddr = srcaddr;
1419 rtsp->rt_link = NULL;
1421 /* Link onto linear list as well */
1422 rtsp->rt_next = rt_symbol_head;
1423 rt_symbol_head = rtsp;
1432 * Lookup NAME in the link maps. The link map producing a definition
1433 * is returned in SRC_MAP. If SRC_MAP is not NULL on entry the search
1434 * is confined to that map.
1436 * REAL_DEF_ONLY is a boolean which specifies whether certain special
1437 * symbols for functions should satisfy the lookup or not. The
1438 * reasons behind it are somewhat complicated. They are motivated
1439 * by the scenario in which the address of a single function is
1440 * taken from several shared objects. The address should come out
1441 * the same in all cases, because the application code might decide
1442 * to use it in comparisons. To make this work, the linker creates
1443 * a symbol entry for the function in the main executable, with a
1444 * type of N_UNDF+N_EXT, an N_AUX of AUX_FUNC, and a value that
1445 * refers to the PLT entry for the function in the main executable.
1446 * If REAL_DEF_ONLY is false, then this kind of special symbol is
1447 * considered a "definition" when lookup up the symbol. Since the
1448 * main executable is at the beginning of the shared object search
1449 * list, the result is that references from all shared objects will
1450 * resolve to the main program's PLT entry, and thus the function
1451 * addresses will compare equal as they should.
1453 * When relocating the PLT entry itself, we obviously must match
1454 * only the true defining symbol for the function. In that case, we
1455 * set REAL_DEF_ONLY to true, which disables matching the special
1456 * N_UNDF+N_EXT entries.
1458 * It is not so clear how to set this flag for a lookup done from
1459 * dlsym. If the lookup specifies a particular shared object other
1460 * than the main executable, the flag makes no difference -- only the
1461 * true definition will be matched. (That is because the special
1462 * symbols are only present in the main executable, which will not
1463 * be searched.) But when the lookup is over all the shared objects
1464 * (i.e., dlsym's "fd" parameter is NULL), then the flag does have an
1465 * effect. We elect to match only the true definition even in that
1468 * The upshot of all this is the following rule of thumb: Set
1469 * REAL_DEF_ONLY in all cases except when processing a non-PLT
1472 static struct nzlist *
1473 lookup(name, src_map, real_def_only)
1475 struct so_map **src_map; /* IN/OUT */
1480 hash = sym_hash(name);
1482 if (*src_map != NULL) /* Look in just one specific object */
1483 return lookup_in_obj(name, hash, *src_map, real_def_only);
1484 else { /* Search runtime symbols and all loaded objects */
1485 unsigned long common_size;
1487 struct rt_symbol *rtsp;
1490 if ((rtsp = lookup_rts(name, hash)) != NULL)
1494 for (smp = link_map_head; smp; smp = smp->som_next) {
1495 if (LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
1497 np = lookup_in_obj(name, hash, smp, real_def_only);
1500 /* We know that np->nz_value > 0 at this point. */
1501 if (np->nz_type == N_UNDF+N_EXT &&
1502 N_AUX(&np->nlist) != AUX_FUNC) { /* Common */
1503 if (common_size < np->nz_value)
1504 common_size = np->nz_value;
1508 /* We found the symbol definition. */
1512 if (common_size > 0) { /* It is a common symbol. */
1515 mem = memset(xmalloc(common_size), 0, common_size);
1516 rtsp = enter_rts(name, hash, (long)mem, N_UNDF + N_EXT,
1517 0, common_size, NULL);
1522 * Just before giving up, check for the __error() hack.
1524 np = lookup_errno_hack(name, src_map, real_def_only);
1528 /* No definition was found for the symbol. */
1534 * Lookup a symbol in one specific shared object. The hash
1535 * value is passed in for efficiency. For an explanation of the
1536 * "real_def_only" flag, see the comment preceding the "lookup"
1539 static struct nzlist *
1540 lookup_in_obj(name, hash, smp, real_def_only)
1546 unsigned long buckets;
1547 struct rrs_hash *hp;
1551 struct rrs_hash *hashbase;
1555 if ((buckets = LD_BUCKETS(smp->som_dynamic)) == 0)
1558 hashbase = LM_HASH(smp);
1561 hp = &hashbase[hash % buckets];
1562 if (hp->rh_symbolnum == -1)
1565 symbolbase = (char *)LM_SYMBOL(smp, 0);
1566 stringbase = LM_STRINGS(smp);
1567 symsize = LD_VERSION_NZLIST_P(smp->som_dynamic->d_version)?
1568 sizeof(struct nzlist) : sizeof(struct nlist);
1570 np = (struct nzlist *)(symbolbase + hp->rh_symbolnum*symsize);
1571 cp = stringbase + np->nz_strx;
1572 if (strcmp(cp, name) == 0)
1574 if (hp->rh_next == 0) /* End of hash chain */
1576 hp = hashbase + hp->rh_next;
1580 * We have a symbol with the name we're looking for.
1582 if (np->nz_type == N_INDR+N_EXT) {
1584 * Next symbol gives the aliased name. Restart
1585 * search with new name.
1587 name = stringbase + (++np)->nz_strx;
1588 hash = sym_hash(name);
1592 if (np->nz_value == 0) /* It's not a definition */
1595 if (real_def_only) /* Don't match special function symbols. */
1596 if (np->nz_type == N_UNDF+N_EXT &&
1597 N_AUX(&np->nlist) == AUX_FUNC)
1604 * Return the value of a symbol in the user's program. This is used
1605 * internally for a few symbols which must exist. If the requested
1606 * symbol is not found, this simply exits with a fatal error.
1616 np = lookup(name, &smp, 1);
1618 errx(1, "Program has no symbol \"%s\"", name);
1619 return ((smp == NULL) ? NULL : smp->som_addr) + np->nz_value;
1623 static int *p_errno; /* Pointer to errno variable in main program. */
1626 * Help old a.out binaries that are broken by the new errno macro. They
1627 * can be missing __error() through no fault of their own. In particular,
1628 * old a.out binaries can link against an old libc that does not contain
1629 * __error(), yet still require __error() because of other libraries that
1630 * have been recompiled since the errno change. This locates the backward
1631 * compatible work-alike we have hidden here in ld.so.
1633 static struct nzlist *
1634 lookup_errno_hack(sym, src_map, real_def_only)
1636 struct so_map **src_map;
1642 if (strcmp(sym, "___error") != 0)
1646 * Locate errno in the main program. If it's not there, NULL
1647 * will be returned by our __error() substitute, and a core dump
1648 * will follow. That's impossible, of course, since crt0.o always
1652 np = lookup("_errno", &smp, 1);
1653 if (np != NULL && smp != NULL) {
1654 p_errno = (int *)(smp->som_addr + np->nz_value);
1656 xprintf(" HACK: _errno at %p in %s\n", p_errno, smp->som_path);
1661 * Specifically find the ld.so link map because most routines
1662 * skip over it during normal operation.
1664 for (smp = link_map_head; ; smp = smp->som_next)
1665 if (LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
1669 * Find our __error() substitute stashed here in ld.so.
1671 np = lookup("___error_unthreaded_hack", &smp, real_def_only);
1677 xprintf(" HACK: %s fudge not found, oops\n", sym);
1679 xprintf(" HACK: %s fudge in %s\n", sym, smp->som_path);
1687 * Just like __error_unthreaded(), but for those poor orphaned a.out
1688 * binaries from way back that are bamboozled by the new errno macro.
1691 __error_unthreaded_hack()
1698 * This routine is called from the jumptable to resolve
1699 * procedure calls to shared objects.
1705 struct so_map *smp, *src_map = NULL;
1712 * Find the PLT map that contains JSP.
1714 for (smp = link_map_head; smp; smp = smp->som_next) {
1715 if (LM_PLT(smp) < jsp &&
1716 jsp < LM_PLT(smp) + LD_PLTSZ(smp->som_dynamic)/sizeof(*jsp))
1721 errx(1, "Call to binder from unknown location: %p\n", jsp);
1723 index = jsp->reloc_index & JMPSLOT_RELOC_MASK;
1725 /* Get the local symbol this jmpslot refers to */
1726 sym = LM_STRINGS(smp) +
1727 LM_SYMBOL(smp,RELOC_SYMBOL(&LM_REL(smp)[index]))->nz_strx;
1729 np = lookup(sym, &src_map, 1);
1731 errx(1, "Undefined symbol \"%s\" called from %s:%s at %p",
1732 sym, main_progname, smp->som_path, jsp);
1734 /* Fixup jmpslot so future calls transfer directly to target */
1735 addr = np->nz_value;
1737 addr += (long)src_map->som_addr;
1739 md_fix_jmpslot(jsp, (long)jsp, addr);
1742 xprintf(" BINDER: %s located at = %#x in %s\n", sym, addr,
1748 static struct hints_header *hheader; /* NULL means not mapped */
1749 static struct hints_bucket *hbuckets;
1750 static char *hstrtab;
1753 * Map the hints file into memory, if it is not already mapped. Returns
1754 * 0 on success, or -1 on failure.
1759 static int hints_bad; /* TRUE if hints are unusable */
1760 static int paths_added;
1762 struct hints_header hdr;
1765 if (hheader != NULL) /* Already mapped */
1768 if (hints_bad) /* Known to be corrupt or unavailable */
1771 if ((hfd = open(_PATH_LD_HINTS, O_RDONLY, 0)) == -1) {
1776 /* Read the header and check it */
1778 if (read(hfd, &hdr, sizeof hdr) != sizeof hdr ||
1780 (hdr.hh_version != LD_HINTS_VERSION_1 &&
1781 hdr.hh_version != LD_HINTS_VERSION_2)) {
1787 /* Map the hints into memory */
1789 addr = mmap(0, hdr.hh_ehints, PROT_READ, MAP_SHARED, hfd, 0);
1790 if (addr == (caddr_t)-1) {
1798 hheader = (struct hints_header *)addr;
1799 hbuckets = (struct hints_bucket *)(addr + hheader->hh_hashtab);
1800 hstrtab = (char *)(addr + hheader->hh_strtab);
1801 /* pluck out the system ldconfig path */
1802 if (hheader->hh_version >= LD_HINTS_VERSION_2 && !paths_added) {
1803 add_search_path(hstrtab + hheader->hh_dirlist);
1811 * Unmap the hints file, if it is currently mapped.
1816 if (hheader != NULL) {
1817 munmap((caddr_t)hheader, hheader->hh_ehints);
1823 hinthash(cp, vmajor)
1830 k = (((k << 1) + (k >> 14)) ^ (*cp++)) & 0x3fff;
1832 k = (((k << 1) + (k >> 14)) ^ (vmajor*257)) & 0x3fff;
1841 * Search for a library in the hints generated by ldconfig. On success,
1842 * returns the full pathname of the matching library. This string is
1843 * always dynamically allocated on the heap.
1845 * MINORP is an in/out parameter. If the incoming value of *MINORP is
1846 * >= 0, then no library will be considered a match unless its minor
1847 * version number is at least that large. Otherwise, only the major
1848 * version number is checked. In any case, the minor number of the
1849 * matching library is stored into *MINORP.
1851 * Returns NULL if the library cannot be found.
1854 findhint(name, major, minorp)
1859 struct hints_bucket *bp =
1860 hbuckets + (hinthash(name, major) % hheader->hh_nbucket);
1864 if (bp->hi_namex >= hheader->hh_strtab_sz) {
1865 warnx("Bad name index: %#x\n", bp->hi_namex);
1868 if (bp->hi_pathx >= hheader->hh_strtab_sz) {
1869 warnx("Bad path index: %#x\n", bp->hi_pathx);
1873 * For a given major number, the hints file has only one
1874 * entry -- namely, the one with the highest minor number.
1875 * If we find an entry with a matching major number, we
1876 * know it is the best one.
1878 if (strcmp(name, hstrtab + bp->hi_namex) == 0 &&
1879 bp->hi_major == major) {
1883 realminor = bp->hi_ndewey >= 2 ? bp->hi_minor : 0;
1884 if (realminor < *minorp) /* Not good enough */
1886 if (stat(hstrtab + bp->hi_pathx, &s) == -1)
1887 return NULL; /* Doesn't actually exist */
1888 *minorp = realminor;
1889 return strdup(hstrtab + bp->hi_pathx);
1892 if (bp->hi_next == -1)
1895 /* Move on to next in bucket */
1896 bp = &hbuckets[bp->hi_next];
1899 /* No hints available for name */
1904 * Search for the given shared library. On success, returns a string
1905 * containing the full pathname for the library. This string is always
1906 * dynamically allocated on the heap.
1908 * Returns NULL if the library cannot be found.
1911 rtfindlib(name, major, minor, strictminor)
1916 char *ld_path = ld_library_path;
1920 realminor = strictminor ? minor : -1;
1921 if (ld_path != NULL) { /* First, search the directories in ld_path */
1923 * There is no point in trying to use the hints file for this.
1927 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1928 path = search_lib_dir(dir, name, &major, &realminor, 0);
1929 if (ld_path != NULL)
1930 *(ld_path - 1) = ':';
1934 if (path == NULL && maphints() == 0) /* Search the hints file */
1935 path = findhint(name, major, &realminor);
1937 if (path == NULL) /* Search the standard directories */
1938 path = findshlib(name, &major, &realminor, 0);
1940 if (path != NULL && realminor < minor && !ld_suppress_warnings) {
1941 warnx("warning: %s: minor version %d"
1942 " older than expected %d, using it anyway",
1943 path, realminor, minor);
1950 * Search for the given shared library file. This is similar to rtfindlib,
1951 * except that the argument is the actual name of the desired library file.
1952 * Thus there is no need to worry about version numbers. The return value
1953 * is a string containing the full pathname for the library. This string
1954 * is always dynamically allocated on the heap.
1956 * Returns NULL if the library cannot be found.
1962 char *ld_path = ld_library_path;
1965 if (ld_path != NULL) { /* First, search the directories in ld_path */
1968 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1971 path = concat(dir, "/", name);
1972 if (lstat(path, &sb) == -1) { /* Does not exist */
1976 if (ld_path != NULL)
1977 *(ld_path - 1) = ':';
1982 * We don't search the hints file. It is organized around major
1983 * and minor version numbers, so it is not suitable for finding
1984 * a specific file name.
1987 if (path == NULL) /* Search the standard directories */
1988 path = find_lib_file(name);
1994 * Buffer for error messages and a pointer that is set to point to the buffer
1995 * when a error occurs. It acts as a last error flag, being set to NULL
1996 * after an error is returned.
1998 #define DLERROR_BUF_SIZE 512
1999 static char dlerror_buf [DLERROR_BUF_SIZE];
2000 static char *dlerror_msg = NULL;
2004 __dlopen(path, mode)
2008 struct so_map *old_tail = link_map_tail;
2010 int bind_now = mode == RTLD_NOW;
2014 * path == NULL is handled by map_object()
2019 name = (path && strchr(path, '/') == NULL) ? rtfindfile(path) : (char *)path;
2021 /* Map the object, and the objects on which it depends */
2022 smp = map_object(name, (struct sod *) NULL, (struct so_map *) NULL);
2025 if(smp == NULL) /* Failed */
2027 LM_PRIVATE(smp)->spd_flags |= RTLD_DL;
2029 /* Relocate and initialize all newly-mapped objects */
2030 if(link_map_tail != old_tail) { /* We have mapped some new objects */
2031 if(reloc_dag(smp, bind_now) == -1) /* Failed */
2046 struct so_map *smp = (struct so_map *)fd;
2047 struct so_map *scanp;
2050 xprintf("dlclose(%s): refcount = %d\n", smp->som_path,
2051 LM_PRIVATE(smp)->spd_refcount);
2053 /* Check the argument for validity */
2054 for(scanp = link_map_head; scanp != NULL; scanp = scanp->som_next)
2055 if(scanp == smp) /* We found the map in the list */
2057 if(scanp == NULL || !(LM_PRIVATE(smp)->spd_flags & RTLD_DL)) {
2058 generror("Invalid argument to dlclose");
2062 unmap_object(smp, 0);
2068 * This form of dlsym is obsolete. Current versions of crt0 don't call
2069 * it. It can still be called by old executables that were linked with
2070 * old versions of crt0.
2077 if (fd == RTLD_NEXT) {
2078 generror("RTLD_NEXT not supported by this version of"
2082 return __dlsym3(fd, sym, NULL);
2086 resolvesym(fd, sym, retaddr)
2092 struct so_map *src_map;
2096 if (fd == RTLD_NEXT) {
2097 /* Find the shared object that contains the caller. */
2098 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
2099 void *textbase = smp->som_addr + LM_TXTADDR(smp);
2100 void *textlimit = LM_ETEXT(smp);
2102 if (textbase <= retaddr && retaddr < textlimit)
2106 generror("Cannot determine caller's shared object");
2109 smp = smp->som_next;
2110 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
2111 smp = smp->som_next;
2113 generror("No next shared object for RTLD_NEXT");
2118 np = lookup(sym, &src_map, 1);
2119 } while (np == NULL && (smp = smp->som_next) != NULL);
2121 smp = (struct so_map *)fd;
2125 * Restrict search to passed map if dlopen()ed.
2127 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_DL)
2130 np = lookup(sym, &src_map, 1);
2134 generror("Undefined symbol");
2138 addr = np->nz_value;
2140 addr += (long)src_map->som_addr;
2142 return (void *)addr;
2146 __dladdr(addr, dlip)
2150 struct _dynamic *dp;
2157 /* Find the shared object that contains the address. */
2158 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
2159 struct so_map *src_map;
2160 struct somap_private *smpp;
2163 smpp = LM_PRIVATE(smp);
2164 if (smpp->spd_flags & RTLD_RTLD)
2167 if ((void *)smp->som_addr > addr)
2171 if ((np = lookup(END_SYM, &src_map, 1)) == NULL)
2172 continue; /* No "_end" symbol?! */
2173 if (addr < (void *)(smp->som_addr + np->nz_value))
2177 generror("No shared object contains address");
2180 dlip->dli_fname = smp->som_path;
2181 dlip->dli_fbase = smp->som_addr;
2182 dlip->dli_saddr = (void *) 0;
2183 dlip->dli_sname = NULL;
2185 dp = smp->som_dynamic;
2186 symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
2187 sizeof(struct nzlist) : sizeof(struct nlist);
2188 numsyms = LD_STABSZ(dp) / symsize;
2189 stringbase = LM_STRINGS(smp);
2191 for (i = 0; i < numsyms; i++) {
2192 struct nzlist *symp = LM_SYMBOL(smp, i);
2193 unsigned long value;
2195 /* Reject all except definitions. */
2196 if (symp->nz_type != N_EXT + N_ABS &&
2197 symp->nz_type != N_EXT + N_TEXT &&
2198 symp->nz_type != N_EXT + N_DATA &&
2199 symp->nz_type != N_EXT + N_BSS)
2203 * If the symbol is greater than the specified address, or
2204 * if it is further away from addr than the current nearest
2205 * symbol, then reject it.
2207 value = (unsigned long) (smp->som_addr + symp->nz_value);
2208 if (value > (unsigned long) addr ||
2209 value < (unsigned long) dlip->dli_saddr)
2212 /* Update our idea of the nearest symbol. */
2213 dlip->dli_sname = stringbase + symp->nz_strx;
2214 dlip->dli_saddr = (void *) value;
2216 if (dlip->dli_saddr == addr) /* Can't get any closer. */
2220 * Remove any leading underscore from the symbol name, to hide
2223 if (dlip->dli_sname != NULL && dlip->dli_sname[0] == '_')
2229 __dlsym3(fd, sym, retaddr)
2236 result = resolvesym(fd, sym, retaddr);
2238 * XXX - Ugly, but it makes the least impact on the run-time loader
2239 * sources. We assume that most of the time the error is a
2240 * undefined symbol error from above, so we try again. If it's
2241 * not an undefined symbol we end up getting the same error twice,
2242 * but that's acceptable.
2244 if (result == NULL) {
2245 /* Prepend an underscore and try again */
2246 char *newsym = xmalloc(strlen(sym) + 2);
2249 strcpy(&newsym[1], sym);
2250 result = resolvesym(fd, newsym, retaddr);
2262 dlerror_msg = NULL; /* Next call will return NULL */
2271 xprintf("__dlexit called\n");
2274 unmap_object(link_map_head, 1);
2278 * Print the current error message and exit with failure status.
2285 fprintf(stderr, "ld.so failed");
2286 if ((msg = __dlerror()) != NULL)
2287 fprintf(stderr, ": %s", msg);
2294 * Generate an error message that can be later be retrieved via dlerror.
2298 generror(char *fmt, ...)
2300 generror(fmt, va_alist)
2310 vsnprintf (dlerror_buf, DLERROR_BUF_SIZE, fmt, ap);
2311 dlerror_msg = dlerror_buf;
2318 xprintf(char *fmt, ...)
2320 xprintf(fmt, va_alist)
2332 vsnprintf(buf, sizeof(buf), fmt, ap);
2333 (void)write(1, buf, strlen(buf));
2340 * Do a sweep over the environment once only, pick up what
2341 * looks interesting.
2343 * This is pretty obscure, but is relatively simple. Simply
2344 * look at each environment variable, if it starts with "LD_" then
2345 * look closer at it. If it's in our table, set the variable
2346 * listed. effectively, this is like:
2347 * ld_preload = careful ? NULL : getenv("LD_PRELOAD");
2348 * except that the environment is scanned once only to pick up all
2349 * known variables, rather than scanned multiple times for each
2352 * If an environment variable of interest is set to the empty string, we
2353 * treat it as if it were unset.
2356 #define L(n, u, v) { n, sizeof(n) - 1, u, v },
2357 struct env_scan_tab {
2363 L("LD_LIBRARY_PATH=", 1, &ld_library_path)
2364 L("LD_PRELOAD=", 1, &ld_preload)
2365 L("LD_IGNORE_MISSING_OBJECTS=", 1, &ld_ignore_missing_objects)
2366 L("LD_TRACE_LOADED_OBJECTS=", 0, &ld_tracing)
2367 L("LD_BIND_NOW=", 0, &ld_bind_now)
2368 L("LD_SUPPRESS_WARNINGS=", 0, &ld_suppress_warnings)
2369 L("LD_WARN_NON_PURE_CODE=", 0, &ld_warn_non_pure_code)
2370 { NULL, 0, 0, NULL }
2379 struct env_scan_tab *t;
2381 /* for each string in the environment... */
2382 while ((v = *p++)) {
2384 /* check for LD_xxx */
2385 if (v[0] != 'L' || v[1] != 'D' || v[2] != '_')
2388 for (t = scan_tab; t->name; t++) {
2389 if (careful && t->unsafe)
2390 continue; /* skip for set[ug]id */
2391 if (strncmp(t->name, v, t->len) == 0) {
2392 if (*(v + t->len) != '\0') /* Not empty */
2393 *t->value = v + t->len;
2401 * Malloc implementation for use within the dynamic linker. At first
2402 * we do a simple allocation using sbrk. After the user's program
2403 * has been loaded, we switch to using whatever malloc functions are
2407 /* Symbols related to the sbrk and brk implementations. */
2408 #define CURBRK_SYM "curbrk"
2409 #define MINBRK_SYM "minbrk"
2410 #define END_SYM "_end"
2412 /* Symbols related to malloc. */
2413 #define FREE_SYM "_free"
2414 #define MALLOC_SYM "_malloc"
2415 #define REALLOC_SYM "_realloc"
2417 /* Hooks into the implementation of sbrk and brk. */
2418 extern char *curbrk __asm__(CURBRK_SYM);
2419 extern char *minbrk __asm__(MINBRK_SYM);
2421 /* Pointers to the user program's malloc functions. */
2422 static void *(*p_malloc) (size_t);
2423 static void *(*p_realloc) (void *, size_t);
2424 static void (*p_free) (void *);
2426 /* Upper limit of the memory allocated by our internal malloc. */
2427 static char *rtld_alloc_lev;
2430 * Set up the internal malloc so that it will take its memory from the
2431 * main program's sbrk arena.
2434 init_internal_malloc (void)
2436 const struct exec *hdr;
2439 * Before anything calls sbrk or brk, we have to initialize
2440 * its idea of the current break level to just beyond the main
2441 * program's address space. Strictly speaking, the right
2442 * way to do that is to look up the value of "_end" in the
2443 * application's run time symbol table.
2445 * That is what we used to do, and it works correctly for
2446 * every valid program. Unfortunately, it doesn't work right
2447 * for "unexec"ed versions of emacs. They are incorrectly
2448 * generated with a wrong value for "_end". (xemacs gets it
2451 * To work around this, we peek at the exec header to get the
2452 * sizes of the text, data, and bss segments. Luckily, the
2453 * header is in memory at the start of the first mapped page.
2454 * From the segment sizes, we can calculate a proper initial
2455 * value for the break level.
2457 hdr = (const struct exec *)PAGSIZ;
2458 if (N_BADMAG(*hdr)) /* Sanity check */
2459 errx(1, "Cannot find program's a.out header");
2460 rtld_alloc_lev = curbrk = minbrk =
2461 (char *)hdr + hdr->a_text + hdr->a_data + hdr->a_bss;
2465 * Set things up so that the dynamic linker can use the program's
2469 init_external_malloc (void)
2472 * Patch the program's idea of the current break address to
2473 * what it really is as a result of the allocations we have
2476 *(char **)(sym_addr(CURBRK_SYM)) = curbrk;
2479 * Set the minimum break level too. Otherwise, "unexec"ed
2480 * emacs sets the break too low and wipes out our tables of
2483 *(char **)(sym_addr(MINBRK_SYM)) = curbrk;
2486 * Set up pointers to the program's allocation functions, so
2487 * that we can use them from now on.
2489 p_malloc = (void *(*)(size_t))(sym_addr(MALLOC_SYM));
2490 p_free = (void (*)(void *))(sym_addr(FREE_SYM));
2491 p_realloc = (void *(*)(void *, size_t))(sym_addr(REALLOC_SYM));
2500 /* If we are far enough along, we can use the system malloc. */
2501 if (p_malloc != NULL)
2502 return (*p_malloc)(size);
2505 * Otherwise we use our simple built-in malloc. We get the
2506 * memory from brk() in increments of one page. We store the
2507 * allocated size in the first word, so that realloc can be
2510 if (rtld_alloc_lev == NULL)
2511 errx(1, "Internal error: internal malloc called before"
2512 " being initialized");
2514 p = (char *)ALIGN(rtld_alloc_lev);
2515 rtld_alloc_lev = p + sizeof(size_t) + size;
2517 if (rtld_alloc_lev > curbrk) { /* Get memory from system */
2521 roundup2((unsigned long)rtld_alloc_lev, PAGSIZ);
2522 if (brk(newbrk) == -1)
2526 *(size_t *)p = size;
2527 return p + sizeof(size_t);
2539 return malloc(size);
2542 * If we are far enough along, and if the memory originally came
2543 * from the system malloc, we can use the system realloc.
2545 if (p_realloc != NULL && (char *)ptr >= rtld_alloc_lev)
2546 return (*p_realloc)(ptr, size);
2548 old_size = *((size_t *)ptr - 1);
2549 if (old_size >= size) /* Not expanding the region */
2552 new_ptr = malloc(size);
2553 if (new_ptr != NULL)
2554 memcpy(new_ptr, ptr, old_size);
2566 * If we are far enough along, and if the memory originally came
2567 * from the system malloc, we can use the system free. Otherwise
2568 * we can't free the memory and we just let it go to waste.
2570 if (p_free != NULL && (char *)ptr >= rtld_alloc_lev)