2 * Copyright (c) 1993 Paul Kranenburg
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Paul Kranenburg.
16 * 4. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 * $Id: rtld.c,v 1.52 1998/02/06 16:46:46 jdp Exp $
33 #include <sys/param.h>
34 #include <sys/types.h>
38 #include <sys/resource.h>
39 #include <sys/errno.h>
42 #define MAP_COPY MAP_PRIVATE
68 #define anon_open() do { \
69 if ((anon_fd = open("/dev/zero", O_RDWR, 0)) == -1) \
70 err("open: %s", "/dev/zero"); \
72 #define anon_close() do { \
73 (void)close(anon_fd); \
82 * Structure for building a list of shared objects.
85 struct so_map *sol_map; /* Link map for shared object */
86 struct so_list *sol_next; /* Next entry in the list */
90 * Loader private data, hung off <so_map>->som_spd
92 struct somap_private {
94 struct so_map *spd_parent;
95 struct so_list *spd_children;
96 struct so_map *spd_prev;
101 #define RTLD_MAIN 0x01
102 #define RTLD_RTLD 0x02
104 #define RTLD_INIT 0x08
105 unsigned long a_text; /* text size, if known */
106 unsigned long a_data; /* initialized data size */
107 unsigned long a_bss; /* uninitialized data size */
110 long spd_offset; /* Correction for Sun main programs */
114 #define LM_PRIVATE(smp) ((struct somap_private *)(smp)->som_spd)
117 #define LM_OFFSET(smp) (LM_PRIVATE(smp)->spd_offset)
119 #define LM_OFFSET(smp) (0)
122 /* Base address for section_dispatch_table entries */
123 #define LM_LDBASE(smp) (smp->som_addr + LM_OFFSET(smp))
125 /* Start of text segment */
126 #define LM_TXTADDR(smp) (smp->som_addr == (caddr_t)0 ? PAGSIZ : 0)
128 /* Start of run-time relocation_info */
129 #define LM_REL(smp) ((struct relocation_info *) \
130 (smp->som_addr + LM_OFFSET(smp) + LD_REL((smp)->som_dynamic)))
132 /* Start of symbols */
133 #define LM_SYMBOL(smp, i) ((struct nzlist *) \
134 (smp->som_addr + LM_OFFSET(smp) + LD_SYMBOL((smp)->som_dynamic) + \
135 i * (LD_VERSION_NZLIST_P(smp->som_dynamic->d_version) ? \
136 sizeof(struct nzlist) : sizeof(struct nlist))))
138 /* Start of hash table */
139 #define LM_HASH(smp) ((struct rrs_hash *) \
140 ((smp)->som_addr + LM_OFFSET(smp) + LD_HASH((smp)->som_dynamic)))
142 /* Start of strings */
143 #define LM_STRINGS(smp) ((char *) \
144 ((smp)->som_addr + LM_OFFSET(smp) + LD_STRINGS((smp)->som_dynamic)))
146 /* Start of search paths */
147 #define LM_PATHS(smp) ((char *) \
148 ((smp)->som_addr + LM_OFFSET(smp) + LD_PATHS((smp)->som_dynamic)))
151 #define LM_ETEXT(smp) ((char *) \
152 ((smp)->som_addr + LM_TXTADDR(smp) + LD_TEXTSZ((smp)->som_dynamic)))
154 /* Needed shared objects */
155 #define LM_NEED(smp) ((struct sod *) \
156 ((smp)->som_addr + LM_TXTADDR(smp) + LD_NEED((smp)->som_dynamic)))
158 /* PLT is in data segment, so don't use LM_OFFSET here */
159 #define LM_PLT(smp) ((jmpslot_t *) \
160 ((smp)->som_addr + LD_PLT((smp)->som_dynamic)))
162 /* Parent of link map */
163 #define LM_PARENT(smp) (LM_PRIVATE(smp)->spd_parent)
165 #ifndef RELOC_EXTERN_P
166 #define RELOC_EXTERN_P(s) ((s)->r_extern)
170 #define RELOC_SYMBOL(s) ((s)->r_symbolnum)
173 #ifndef RELOC_PCREL_P
174 #define RELOC_PCREL_P(s) ((s)->r_pcrel)
177 #define END_SYM "_end"
179 static char __main_progname[] = "main";
180 static char *main_progname = __main_progname;
181 static char us[] = "/usr/libexec/ld.so";
187 static uid_t uid, euid;
188 static gid_t gid, egid;
190 static int anon_fd = -1;
192 static char *ld_bind_now;
193 static char *ld_ignore_missing_objects;
194 static char *ld_library_path;
195 static char *ld_preload;
196 static char *ld_tracing;
197 static char *ld_suppress_warnings;
198 static char *ld_warn_non_pure_code;
200 struct so_map *link_map_head;
201 struct so_map *link_map_tail;
202 struct rt_symbol *rt_symbol_head;
204 static void *__dlopen __P((const char *, int));
205 static int __dlclose __P((void *));
206 static void *__dlsym __P((void *, const char *));
207 static const char *__dlerror __P((void));
208 static void __dlexit __P((void));
209 static void *__dlsym3 __P((void *, const char *, void *));
210 static int __dladdr __P((const void *, Dl_info *));
212 static struct ld_entry ld_entry = {
213 __dlopen, __dlclose, __dlsym, __dlerror, __dlexit, __dlsym3, __dladdr
216 void xprintf __P((char *, ...));
217 static struct so_map *map_object __P(( const char *,
220 static int map_preload __P((void));
221 static int map_sods __P((struct so_map *));
222 static int reloc_dag __P((struct so_map *, int));
223 static void unmap_object __P((struct so_map *, int));
224 static struct so_map *alloc_link_map __P(( const char *, struct sod *,
225 struct so_map *, caddr_t,
227 static void init_link_map __P(( struct so_map *,
228 struct somap_private *,
229 const char *, struct sod *,
230 struct so_map *, caddr_t,
232 static void free_link_map __P((struct so_map *));
233 static inline int check_text_reloc __P(( struct relocation_info *,
236 static int reloc_map __P((struct so_map *, int));
237 static void reloc_copy __P((struct so_map *));
238 static void init_dag __P((struct so_map *));
239 static void init_sods __P((struct so_list *));
240 static void init_internal_malloc __P((void));
241 static void init_external_malloc __P((void));
242 static int call_map __P((struct so_map *, char *));
243 static char *findhint __P((char *, int, int *));
244 static char *rtfindlib __P((char *, int, int));
245 static char *rtfindfile __P((char *));
246 void binder_entry __P((void));
247 long binder __P((jmpslot_t *));
248 static struct nzlist *lookup __P((char *, struct so_map **, int));
249 static inline struct rt_symbol *lookup_rts __P((char *, unsigned long));
250 static struct nzlist *lookup_in_obj __P((char *, unsigned long,
251 struct so_map *, int));
252 static struct rt_symbol *enter_rts __P((char *, unsigned long, long, int,
253 caddr_t, long, struct so_map *));
254 static void *sym_addr __P((char *));
255 static void die __P((void));
256 static void generror __P((char *, ...));
257 static int maphints __P((void));
258 static void unmaphints __P((void));
259 static void ld_trace __P((struct so_map *));
260 static void rt_readenv __P((void));
261 static int hinthash __P((char *, int));
262 int rtld __P((int, struct crt_ldso *, struct _dynamic *));
265 * Compute a hash value for symbol tables. Don't change this -- the
266 * algorithm is dictated by the way the linker builds the symbol
267 * tables in the shared objects.
269 static inline unsigned long
278 return h & 0x7fffffffUL;
282 strcmp (register const char *s1, register const char *s2)
287 return (*(unsigned char *)s1 - *(unsigned char *)--s2);
290 #include "md-static-funcs.c"
293 * Called from assembler stub that has set up crtp (passed from crt0)
294 * and dp (our __DYNAMIC).
297 rtld(version, crtp, dp)
299 struct crt_ldso *crtp;
302 struct relocation_info *reloc;
303 struct relocation_info *reloc_limit; /* End+1 of relocation */
304 struct so_debug *ddp;
305 struct so_map *main_map;
311 if (version != CRT_VERSION_BSD_2 &&
312 version != CRT_VERSION_BSD_3 &&
313 version != CRT_VERSION_BSD_4 &&
314 version != CRT_VERSION_BSD_5 &&
315 version != CRT_VERSION_SUN)
318 /* Fixup __DYNAMIC structure */
319 (long)dp->d_un.d_sdt += crtp->crt_ba;
321 /* Relocate ourselves */
322 reloc = (struct relocation_info *) (LD_REL(dp) + crtp->crt_ba);
324 (struct relocation_info *) ((char *) reloc + LD_RELSZ(dp));
325 while(reloc < reloc_limit) {
327 * Objects linked with "-Bsymbolic" (in particular, ld.so
328 * itself) can end up having unused relocation entries at
329 * the end. These can be detected by the fact that they
330 * have an address of 0.
332 if(reloc->r_address == 0) /* We're done */
334 md_relocate_simple(reloc, crtp->crt_ba,
335 reloc->r_address + crtp->crt_ba);
339 if (version >= CRT_VERSION_BSD_4)
340 __progname = crtp->crt_ldso;
341 if (version >= CRT_VERSION_BSD_3)
342 main_progname = crtp->crt_prog;
343 main_path = version >= CRT_VERSION_BSD_5 ? crtp->crt_argv[0] :
346 /* Some buggy versions of crt0.o have crt_ldso filled in as NULL. */
347 if (__progname == NULL)
350 /* Fill in some fields in _DYNAMIC or crt structure */
351 if (version >= CRT_VERSION_BSD_4)
352 crtp->crt_ldentry = &ld_entry; /* crt */
354 crtp->crt_dp->d_entry = &ld_entry; /* _DYNAMIC */
356 /* Initialize our internal malloc package. */
357 init_internal_malloc();
359 /* Setup out (private) environ variable */
360 environ = crtp->crt_ep;
362 /* Get user and group identifiers */
363 uid = getuid(); euid = geteuid();
364 gid = getgid(); egid = getegid();
366 careful = (uid != euid) || (gid != egid);
372 /* Make a link map entry for the main program */
373 main_map = alloc_link_map(main_path,
374 (struct sod *) NULL, (struct so_map *) NULL,
375 (caddr_t) 0, crtp->crt_dp);
376 LM_PRIVATE(main_map)->spd_refcount++;
377 LM_PRIVATE(main_map)->spd_flags |= RTLD_MAIN;
379 /* Make a link map entry for ourselves */
380 smp = alloc_link_map(us,
381 (struct sod *) NULL, (struct so_map *) NULL,
382 (caddr_t) crtp->crt_ba, dp);
383 LM_PRIVATE(smp)->spd_refcount++;
384 LM_PRIVATE(smp)->spd_flags |= RTLD_RTLD;
387 * Setup the executable's run path
389 if (version >= CRT_VERSION_BSD_4) {
390 add_paths = LM_PATHS(main_map);
392 add_search_path(add_paths);
396 * Setup the directory search list for findshlib. We use only
397 * the standard search path. Any extra directories from
398 * LD_LIBRARY_PATH are searched explicitly, in rtfindlib.
402 /* Map in LD_PRELOADs before the main program's shared objects so we
403 can intercept those calls */
404 if (ld_preload != NULL) {
405 if(map_preload() == -1) /* Failed */
409 /* Map all the shared objects that the main program depends upon */
410 if(map_sods(main_map) == -1)
413 if(ld_tracing) { /* We're done */
414 ld_trace(link_map_head);
418 crtp->crt_dp->d_un.d_sdt->sdt_loaded = link_map_head->som_next;
420 /* Relocate all mapped objects. */
421 if(reloc_dag(main_map, ld_bind_now != NULL) == -1) /* Failed */
425 * Switch to the same malloc that the program uses. We do
426 * this before initializing the loaded objects, because their
427 * initialization functions may well call malloc, and it won't
428 * work right until we have set it up.
430 init_external_malloc();
432 /* Initialize all mapped objects. */
435 ddp = crtp->crt_dp->d_debug;
436 ddp->dd_cc = rt_symbol_head;
437 if (ddp->dd_in_debugger) {
438 caddr_t addr = (caddr_t)((long)crtp->crt_bp & (~(PAGSIZ - 1)));
440 /* Set breakpoint for the benefit of debuggers */
441 if (mprotect(addr, PAGSIZ,
442 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
443 err(1, "Cannot set breakpoint (%s)", main_progname);
445 md_set_breakpoint((long)crtp->crt_bp, (long *)&ddp->dd_bpt_shadow);
446 if (mprotect(addr, PAGSIZ, PROT_READ|PROT_EXEC) == -1) {
447 err(1, "Cannot re-protect breakpoint (%s)",
451 ddp->dd_bpt_addr = crtp->crt_bp;
453 ddp->dd_sym_loaded = 1;
456 /* Close the hints file */
459 /* Close our file descriptor */
460 (void)close(crtp->crt_ldfd);
463 return LDSO_VERSION_HAS_DLADDR;
470 char *fmt1, *fmt2, *fmt, *main_local;
473 if ((main_local = getenv("LD_TRACE_LOADED_OBJECTS_PROGNAME")) == NULL)
476 if ((fmt1 = getenv("LD_TRACE_LOADED_OBJECTS_FMT1")) == NULL)
477 fmt1 = "\t-l%o.%m => %p (%x)\n";
479 if ((fmt2 = getenv("LD_TRACE_LOADED_OBJECTS_FMT2")) == NULL)
480 fmt2 = "\t%o (%x)\n";
482 for (; smp; smp = smp->som_next) {
486 if ((sodp = smp->som_sod) == NULL)
489 name = (char *)sodp->sod_name;
491 name += (long)LM_LDBASE(LM_PARENT(smp));
493 if ((path = smp->som_path) == NULL)
496 fmt = sodp->sod_library ? fmt1 : fmt2;
497 while ((c = *fmt++) != '\0') {
523 printf("%s", main_local);
526 printf("%s", main_progname);
532 printf("%d", sodp->sod_major);
535 printf("%d", sodp->sod_minor);
541 printf("%p", smp->som_addr);
552 * Allocate a new link map and return a pointer to it.
554 * PATH is the pathname of the shared object.
556 * SODP is a pointer to the shared object dependency structure responsible
557 * for causing the new object to be loaded. PARENT is the shared object
558 * into which SODP points. Both can be NULL if the new object is not
559 * being loaded as a result of a shared object dependency.
561 * ADDR is the address at which the object has been mapped. DP is a pointer
562 * to its _dynamic structure.
564 static struct so_map *
565 alloc_link_map(path, sodp, parent, addr, dp)
568 struct so_map *parent;
573 struct somap_private *smpp;
576 xprintf("alloc_link_map: \"%s\" at %p\n", path, addr);
579 smp = (struct so_map *)xmalloc(sizeof(struct so_map));
580 smpp = (struct somap_private *)xmalloc(sizeof(struct somap_private));
581 init_link_map(smp, smpp, path, sodp, parent, addr, dp);
583 /* Link the new entry into the list of link maps */
584 smpp->spd_prev = link_map_tail;
585 if(link_map_tail == NULL) /* First link map entered into list */
586 link_map_head = link_map_tail = smp;
587 else { /* Append to end of list */
588 link_map_tail->som_next = smp;
596 * Initialize a link map entry that has already been allocated.
599 init_link_map(smp, smpp, path, sodp, parent, addr, dp)
601 struct somap_private *smpp;
604 struct so_map *parent;
608 memset(smp, 0, sizeof *smp);
609 memset(smpp, 0, sizeof *smpp);
610 smp->som_spd = (caddr_t)smpp;
611 smp->som_addr = addr;
612 smp->som_path = path ? strdup(path) : NULL;
614 smp->som_dynamic = dp;
615 smpp->spd_parent = parent;
618 (addr==0 && dp && dp->d_version==LD_VERSION_SUN) ? PAGSIZ : 0;
623 * Remove the specified link map entry from the list of link maps, and free
624 * the associated storage.
630 struct somap_private *smpp = LM_PRIVATE(smp);
633 xprintf("free_link_map: \"%s\"\n", smp->som_path);
636 if(smpp->spd_prev == NULL) /* Removing first entry in list */
637 link_map_head = smp->som_next;
638 else /* Update link of previous entry */
639 smpp->spd_prev->som_next = smp->som_next;
641 if(smp->som_next == NULL) /* Removing last entry in list */
642 link_map_tail = smpp->spd_prev;
643 else /* Update back link of next entry */
644 LM_PRIVATE(smp->som_next)->spd_prev = smpp->spd_prev;
646 if (smp->som_path != NULL)
653 * Map the shared object specified by PATH into memory, if it is not
654 * already mapped. Increment the object's reference count, and return a
655 * pointer to its link map.
657 * As a special case, if PATH is NULL, it is taken to refer to the main
660 * SODP is a pointer to the shared object dependency structure that caused
661 * this object to be requested. PARENT is a pointer to the link map of
662 * the shared object containing that structure. For a shared object not
663 * being mapped as a result of a shared object dependency, these pointers
664 * should be NULL. An example of this is a shared object that is explicitly
665 * loaded via dlopen().
667 * The return value is a pointer to the link map for the requested object.
668 * If the operation failed, the return value is NULL. In that case, an
669 * error message can be retrieved by calling dlerror().
671 static struct so_map *
672 map_object(path, sodp, parent)
675 struct so_map *parent;
680 if(path == NULL) /* Special case for the main program itself */
684 * Check whether the shared object is already mapped.
685 * We check first for an exact match by pathname. That
686 * will detect the usual case. If no match is found by
687 * pathname, then stat the file, and check for a match by
688 * device and inode. That will detect the less common case
689 * involving multiple links to the same library.
691 for(smp = link_map_head; smp != NULL; smp = smp->som_next) {
692 if(!(LM_PRIVATE(smp)->spd_flags & (RTLD_MAIN|RTLD_RTLD))
693 && smp->som_path != NULL
694 && strcmp(smp->som_path, path) == 0)
697 if(smp == NULL) { /* Check for a match by device and inode */
698 if (stat(path, &statbuf) == -1) {
699 generror ("cannot stat \"%s\" : %s",
700 path, strerror(errno));
703 for (smp = link_map_head; smp != NULL;
704 smp = smp->som_next) {
705 struct somap_private *smpp = LM_PRIVATE(smp);
707 if (!(smpp->spd_flags & (RTLD_MAIN | RTLD_RTLD))
708 && smpp->spd_ino == statbuf.st_ino
709 && smpp->spd_dev == statbuf.st_dev)
715 if (smp == NULL) { /* We must map the object */
720 struct somap_private *smpp;
722 if ((fd = open(path, O_RDONLY, 0)) == -1) {
723 generror ("open failed for \"%s\" : %s",
724 path, strerror (errno));
728 if (read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
729 generror ("header read failed for \"%s\"", path);
735 generror ("bad magic number in \"%s\"", path);
741 * Map the entire address space of the object. It is
742 * tempting to map just the text segment at first, in
743 * order to avoid having to use mprotect to change the
744 * protections of the data segment. But that would not
745 * be correct. Mmap might find a group of free pages
746 * large enough to hold the text segment, but not large
747 * enough for the entire object. When we then mapped
748 * in the data and BSS segments, they would either be
749 * non-contiguous with the text segment (if we didn't
750 * specify MAP_FIXED), or they would map over some
751 * previously mapped region (if we did use MAP_FIXED).
752 * The only way we can be sure of getting a contigous
753 * region that is large enough is to map the entire
756 if ((addr = mmap(0, hdr.a_text + hdr.a_data + hdr.a_bss,
758 MAP_COPY, fd, 0)) == (caddr_t)-1) {
759 generror ("mmap failed for \"%s\" : %s",
760 path, strerror (errno));
767 /* Change the data segment to writable */
768 if (mprotect(addr + hdr.a_text, hdr.a_data,
769 PROT_READ|PROT_WRITE|PROT_EXEC) != 0) {
770 generror ("mprotect failed for \"%s\" : %s",
771 path, strerror (errno));
772 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
776 /* Map in pages of zeros for the BSS segment */
777 if (mmap(addr + hdr.a_text + hdr.a_data, hdr.a_bss,
778 PROT_READ|PROT_WRITE|PROT_EXEC,
779 MAP_ANON|MAP_COPY|MAP_FIXED,
780 anon_fd, 0) == (caddr_t)-1) {
781 generror ("mmap failed for \"%s\" : %s",
782 path, strerror (errno));
783 (void)munmap(addr, hdr.a_text + hdr.a_data + hdr.a_bss);
787 /* Assume _DYNAMIC is the first data item */
788 dp = (struct _dynamic *)(addr+hdr.a_text);
790 /* Fixup __DYNAMIC structure */
791 (long)dp->d_un.d_sdt += (long)addr;
793 smp = alloc_link_map(path, sodp, parent, addr, dp);
795 /* save segment sizes for unmap. */
796 smpp = LM_PRIVATE(smp);
797 smpp->a_text = hdr.a_text;
798 smpp->a_data = hdr.a_data;
799 smpp->a_bss = hdr.a_bss;
802 * Save the device and inode, so we can detect multiple links
803 * to the same library. Note, if we reach this point, then
804 * statbuf is guaranteed to have been filled in.
806 smpp->spd_dev = statbuf.st_dev;
807 smpp->spd_ino = statbuf.st_ino;
810 LM_PRIVATE(smp)->spd_refcount++;
811 if(LM_PRIVATE(smp)->spd_refcount == 1) { /* First use of object */
813 * Recursively map all of the shared objects that this
816 if(map_sods(smp) == -1) { /* Failed */
817 unmap_object(smp, 0); /* Clean up */
826 * Map all the shared libraries named in the LD_PRELOAD environment
829 * Returns 0 on success, -1 on failure. On failure, an error message can
830 * be gotten via dlerror().
833 map_preload __P((void)) {
834 char *ld_name = ld_preload;
837 while ((name = strsep(&ld_name, ":")) != NULL) {
839 struct so_map *smp = NULL;
842 path = (strchr(name, '/') != NULL) ? strdup(name) :
846 generror("Can't find LD_PRELOAD shared"
847 " library \"%s\"", name);
849 smp = map_object(path, (struct sod *) NULL,
850 (struct so_map *) NULL);
854 *(ld_name - 1) = ':';
857 * We don't bother to unmap already-loaded libraries
858 * on failure, because in that case the program is
859 * about to die anyway.
868 * Map all of the shared objects that a given object depends upon. PARENT is
869 * a pointer to the link map for the shared object whose dependencies are
872 * Returns 0 on success. Returns -1 on failure. In that case, an error
873 * message can be retrieved by calling dlerror().
877 struct so_map *parent;
879 struct somap_private *parpp = LM_PRIVATE(parent);
880 struct so_list **soltail = &parpp->spd_children;
881 long next = LD_NEED(parent->som_dynamic);
885 (struct sod *) (LM_LDBASE(parent) + next);
887 (char *) (LM_LDBASE(parent) + sodp->sod_name);
889 struct so_map *smp = NULL;
891 if(sodp->sod_library) {
892 path = rtfindlib(name, sodp->sod_major,
894 if(path == NULL && !ld_tracing) {
895 generror ("Can't find shared library"
896 " \"lib%s.so.%d.%d\"", name,
897 sodp->sod_major, sodp->sod_minor);
900 if(careful && name[0] != '/') {
901 generror("Shared library path must start"
902 " with \"/\" for \"%s\"", name);
908 smp = map_object(path, sodp, parent);
913 struct so_list *solp = (struct so_list *)
914 xmalloc(sizeof(struct so_list));
916 solp->sol_next = NULL;
918 soltail = &solp->sol_next;
919 } else if(ld_tracing) {
921 * Allocate a dummy map entry so that we will get the
922 * "not found" message.
924 (void)alloc_link_map(NULL, sodp, parent, 0, 0);
925 } else if (ld_ignore_missing_objects) {
928 * Call __dlerror() even it we're not going to use
929 * the message, in order to clear the saved message.
931 msg = __dlerror(); /* Should never be NULL */
932 if (!ld_suppress_warnings)
933 warnx("warning: %s", msg);
937 next = sodp->sod_next;
942 * Oh drat, we have to clean up a mess.
944 * We failed to load a shared object that we depend upon.
945 * So now we have to unload any dependencies that we had
946 * already successfully loaded prior to the error.
948 * Cleaning up doesn't matter so much for the initial
949 * loading of the program, since any failure is going to
950 * terminate the program anyway. But it is very important
951 * to clean up properly when something is being loaded
954 struct so_list *solp;
956 while((solp = parpp->spd_children) != NULL) {
957 unmap_object(solp->sol_map, 0);
958 parpp->spd_children = solp->sol_next;
969 * Relocate the DAG of shared objects rooted at the given link map
970 * entry. Returns 0 on success, or -1 on failure. On failure, an
971 * error message can be retrieved via dlerror().
974 reloc_dag(root, bind_now)
981 * Relocate all newly-loaded objects. We avoid recursion for this
982 * step by taking advantage of a few facts. This function is called
983 * only when there are in fact some newly-loaded objects to process.
984 * Furthermore, all newly-loaded objects will have their link map
985 * entries at the end of the link map list. And, the root of the
986 * tree of objects just loaded will have been the first to be loaded
987 * and therefore the first new object in the link map list. Finally,
988 * we take advantage of the fact that we can relocate the newly-loaded
989 * objects in any order.
991 * All these facts conspire to let us simply loop over the tail
992 * portion of the link map list, relocating each object so
995 for(smp = root; smp != NULL; smp = smp->som_next) {
996 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)) {
997 if(reloc_map(smp, bind_now) < 0)
1003 * Copy any relocated initialized data. Again, we can just loop
1004 * over the appropriate portion of the link map list.
1006 for(smp = root; smp != NULL; smp = smp->som_next) {
1007 if(!(LM_PRIVATE(smp)->spd_flags & RTLD_RTLD))
1015 * Remove a reference to the shared object specified by SMP. If no
1016 * references remain, unmap the object and, recursively, its descendents.
1017 * This function also takes care of calling the finalization routines for
1018 * objects that are removed.
1020 * If KEEP is true, then the actual calls to munmap() are skipped,
1021 * and the object is kept in memory. That is used only for finalization,
1022 * from dlexit(), when the program is exiting. There are two reasons
1023 * for it. First, the program is exiting and there is no point in
1024 * spending the time to explicitly unmap its shared objects. Second,
1025 * even after dlexit() has been called, there are still a couple of
1026 * calls that are made to functions in libc. (This is really a bug
1027 * in crt0.) So libc and the main program, at least, must remain
1028 * mapped in that situation.
1030 * Under no reasonable circumstances should this function fail. If
1031 * anything goes wrong, we consider it an internal error, and report
1035 unmap_object(smp, keep)
1039 struct somap_private *smpp = LM_PRIVATE(smp);
1041 smpp->spd_refcount--;
1042 if(smpp->spd_refcount == 0) { /* Finished with this object */
1043 struct so_list *solp;
1045 if(smpp->spd_flags & RTLD_INIT) { /* Was initialized */
1047 * Call the object's finalization routine. For
1048 * backward compatibility, we first try to call
1049 * ".fini". If that does not exist, we call
1052 if(call_map(smp, ".fini") == -1)
1053 call_map(smp, "__fini");
1056 /* Recursively unreference the object's descendents */
1057 while((solp = smpp->spd_children) != NULL) {
1058 unmap_object(solp->sol_map, keep);
1059 smpp->spd_children = solp->sol_next;
1063 if(!keep) { /* Unmap the object from memory */
1064 if(munmap(smp->som_addr,
1065 smpp->a_text + smpp->a_data + smpp->a_bss) < 0)
1066 err(1, "internal error 1: munmap failed");
1068 /* Unlink and free the object's link map entry */
1075 check_text_reloc(r, smp, addr)
1076 struct relocation_info *r;
1082 if (addr >= LM_ETEXT(smp))
1085 if (RELOC_EXTERN_P(r))
1086 sym = LM_STRINGS(smp) +
1087 LM_SYMBOL(smp, RELOC_SYMBOL(r))->nz_strx;
1091 if (!ld_suppress_warnings && ld_warn_non_pure_code)
1092 warnx("warning: non pure code in %s at %x (%s)",
1093 smp->som_path, r->r_address, sym);
1095 if (smp->som_write == 0 &&
1096 mprotect(smp->som_addr + LM_TXTADDR(smp),
1097 LD_TEXTSZ(smp->som_dynamic),
1098 PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
1099 generror ("mprotect failed for \"%s\" : %s",
1100 smp->som_path, strerror (errno));
1109 reloc_map(smp, bind_now)
1114 * Caching structure for reducing the number of calls to
1115 * lookup() during relocation.
1117 * While relocating a given shared object, the dynamic linker
1118 * maintains a caching vector that is directly indexed by
1119 * the symbol number in the relocation entry. The first time
1120 * a given symbol is looked up, the caching vector is
1121 * filled in with a pointer to the symbol table entry, and
1122 * a pointer to the so_map of the shared object in which the
1123 * symbol was defined. On subsequent uses of the same symbol,
1124 * that information is retrieved directly from the caching
1125 * vector, without calling lookup() again.
1127 * A symbol that is referenced in a relocation entry is
1128 * typically referenced in many relocation entries, so this
1129 * caching reduces the number of calls to lookup()
1130 * dramatically. The overall improvement in the speed of
1131 * dynamic linking is also dramatic -- as much as a factor
1132 * of three for programs that use many shared libaries.
1135 struct nzlist *np; /* Pointer to symbol entry */
1136 struct so_map *src_map; /* Shared object that defined symbol */
1139 struct _dynamic *dp = smp->som_dynamic;
1140 struct relocation_info *r = LM_REL(smp);
1141 struct relocation_info *rend = r + LD_RELSZ(dp)/sizeof(*r);
1142 long symbolbase = (long)LM_SYMBOL(smp, 0);
1143 char *stringbase = LM_STRINGS(smp);
1144 int symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
1145 sizeof(struct nzlist) :
1146 sizeof(struct nlist);
1147 long numsyms = LD_STABSZ(dp) / symsize;
1148 size_t cachebytes = numsyms * sizeof(struct cacheent);
1149 struct cacheent *symcache =
1150 (struct cacheent *) alloca(cachebytes);
1152 if(symcache == NULL) {
1153 generror("Cannot allocate symbol caching vector for %s",
1157 bzero(symcache, cachebytes);
1160 md_fix_jmpslot(LM_PLT(smp),
1161 (long)LM_PLT(smp), (long)binder_entry);
1163 for (; r < rend; r++) {
1168 * Objects linked with "-Bsymbolic" can end up having unused
1169 * relocation entries at the end. These can be detected by
1170 * the fact that they have an address of 0.
1172 if(r->r_address == 0) /* Finished relocating this object */
1175 addr = smp->som_addr + r->r_address;
1176 if (check_text_reloc(r, smp, addr) < 0)
1179 if (RELOC_EXTERN_P(r)) {
1180 struct so_map *src_map = NULL;
1181 struct nzlist *p, *np;
1184 if (RELOC_JMPTAB_P(r) && !bind_now)
1187 p = (struct nzlist *)
1188 (symbolbase + symsize * RELOC_SYMBOL(r));
1190 if (p->nz_type == (N_SETV + N_EXT))
1193 sym = stringbase + p->nz_strx;
1196 * Look up the symbol, checking the caching
1199 np = symcache[RELOC_SYMBOL(r)].np;
1200 if(np != NULL) /* Symbol already cached */
1201 src_map = symcache[RELOC_SYMBOL(r)].src_map;
1202 else { /* Symbol not cached yet */
1203 np = lookup(sym, &src_map, RELOC_JMPTAB_P(r));
1205 * Record the needed information about
1206 * the symbol in the caching vector,
1207 * so that we won't have to call
1208 * lookup the next time we encounter
1211 symcache[RELOC_SYMBOL(r)].np = np;
1212 symcache[RELOC_SYMBOL(r)].src_map = src_map;
1216 generror ("Undefined symbol \"%s\" in %s:%s",
1217 sym, main_progname, smp->som_path);
1222 * Found symbol definition.
1223 * If it's in a link map, adjust value
1224 * according to the load address of that map.
1225 * Otherwise it's a run-time allocated common
1226 * whose value is already up-to-date.
1228 relocation = np->nz_value;
1230 relocation += (long)src_map->som_addr;
1232 if (RELOC_JMPTAB_P(r)) {
1233 md_bind_jmpslot(relocation, addr);
1237 relocation += md_get_addend(r, addr);
1239 if (RELOC_PCREL_P(r))
1240 relocation -= (long)smp->som_addr;
1242 if (RELOC_COPY_P(r) && src_map) {
1243 (void)enter_rts(sym, sym_hash(sym),
1246 src_map->som_addr + np->nz_value,
1247 np->nz_size, src_map);
1251 md_relocate(r, relocation, addr, 0);
1255 md_get_rt_segment_addend(r, addr)
1257 md_get_addend(r, addr)
1259 + (long)smp->som_addr, addr, 0);
1264 if (smp->som_write) {
1265 if (mprotect(smp->som_addr + LM_TXTADDR(smp),
1266 LD_TEXTSZ(smp->som_dynamic),
1267 PROT_READ|PROT_EXEC) == -1) {
1268 generror ("mprotect failed for \"%s\" : %s",
1269 smp->som_path, strerror (errno));
1281 struct rt_symbol *rtsp;
1283 for (rtsp = rt_symbol_head; rtsp; rtsp = rtsp->rt_next)
1284 if ((rtsp->rt_smp == NULL || rtsp->rt_smp == smp) &&
1285 rtsp->rt_sp->nz_type == N_DATA + N_EXT) {
1286 bcopy(rtsp->rt_srcaddr, (caddr_t)rtsp->rt_sp->nz_value,
1287 rtsp->rt_sp->nz_size);
1292 * Initialize the DAG of shared objects rooted at the given object.
1298 struct somap_private *smpp = LM_PRIVATE(smp);
1300 if(!(smpp->spd_flags & RTLD_INIT)) { /* Not initialized yet */
1301 smpp->spd_flags |= RTLD_INIT;
1303 /* Make sure all the children are initialized */
1304 if(smpp->spd_children != NULL)
1305 init_sods(smpp->spd_children);
1307 if(call_map(smp, ".init") == -1)
1308 call_map(smp, "__init");
1314 struct so_list *solp;
1316 /* Recursively initialize the rest of the list */
1317 if(solp->sol_next != NULL)
1318 init_sods(solp->sol_next);
1320 /* Initialize the first element of the list */
1321 init_dag(solp->sol_map);
1326 * Call a function in a given shared object. SMP is the shared object, and
1327 * SYM is the name of the function.
1329 * Returns 0 on success, or -1 if the symbol was not found. Failure is not
1330 * necessarily an error condition, so no error message is generated.
1337 struct so_map *src_map = smp;
1340 np = lookup(sym, &src_map, 1);
1342 (*(void (*)())(src_map->som_addr + np->nz_value))();
1350 * Run-time common symbol table.
1353 #define RTC_TABSIZE 57
1354 static struct rt_symbol *rt_symtab[RTC_TABSIZE];
1357 * Look up a symbol in the run-time common symbol table. For efficiency,
1358 * the symbol's hash value must be passed in too.
1360 static inline struct rt_symbol *
1361 lookup_rts(name, hash)
1365 register struct rt_symbol *rtsp;
1367 for (rtsp = rt_symtab[hash % RTC_TABSIZE]; rtsp; rtsp = rtsp->rt_link)
1368 if (strcmp(name, rtsp->rt_sp->nz_name) == 0)
1375 * Enter a symbol into the run-time common symbol table. For efficiency,
1376 * the symbol's hash value must be passed in too.
1378 static struct rt_symbol *
1379 enter_rts(name, hash, value, type, srcaddr, size, smp)
1388 register struct rt_symbol *rtsp, **rpp;
1390 /* Find end of bucket */
1391 for (rpp = &rt_symtab[hash % RTC_TABSIZE]; *rpp; rpp = &(*rpp)->rt_link)
1394 /* Allocate new common symbol */
1395 rtsp = (struct rt_symbol *)xmalloc(sizeof(struct rt_symbol));
1396 rtsp->rt_sp = (struct nzlist *)xmalloc(sizeof(struct nzlist));
1397 rtsp->rt_sp->nz_name = strdup(name);
1398 rtsp->rt_sp->nz_value = value;
1399 rtsp->rt_sp->nz_type = type;
1400 rtsp->rt_sp->nz_size = size;
1401 rtsp->rt_srcaddr = srcaddr;
1403 rtsp->rt_link = NULL;
1405 /* Link onto linear list as well */
1406 rtsp->rt_next = rt_symbol_head;
1407 rt_symbol_head = rtsp;
1416 * Lookup NAME in the link maps. The link map producing a definition
1417 * is returned in SRC_MAP. If SRC_MAP is not NULL on entry the search
1418 * is confined to that map.
1420 * REAL_DEF_ONLY is a boolean which specifies whether certain special
1421 * symbols for functions should satisfy the lookup or not. The
1422 * reasons behind it are somewhat complicated. They are motivated
1423 * by the scenario in which the address of a single function is
1424 * taken from several shared objects. The address should come out
1425 * the same in all cases, because the application code might decide
1426 * to use it in comparisons. To make this work, the linker creates
1427 * a symbol entry for the function in the main executable, with a
1428 * type of N_UNDF+N_EXT, an N_AUX of AUX_FUNC, and a value that
1429 * refers to the PLT entry for the function in the main executable.
1430 * If REAL_DEF_ONLY is false, then this kind of special symbol is
1431 * considered a "definition" when lookup up the symbol. Since the
1432 * main executable is at the beginning of the shared object search
1433 * list, the result is that references from all shared objects will
1434 * resolve to the main program's PLT entry, and thus the function
1435 * addresses will compare equal as they should.
1437 * When relocating the PLT entry itself, we obviously must match
1438 * only the true defining symbol for the function. In that case, we
1439 * set REAL_DEF_ONLY to true, which disables matching the special
1440 * N_UNDF+N_EXT entries.
1442 * It is not so clear how to set this flag for a lookup done from
1443 * dlsym. If the lookup specifies a particular shared object other
1444 * than the main executable, the flag makes no difference -- only the
1445 * true definition will be matched. (That is because the special
1446 * symbols are only present in the main executable, which will not
1447 * be searched.) But when the lookup is over all the shared objects
1448 * (i.e., dlsym's "fd" parameter is NULL), then the flag does have an
1449 * effect. We elect to match only the true definition even in that
1452 * The upshot of all this is the following rule of thumb: Set
1453 * REAL_DEF_ONLY in all cases except when processing a non-PLT
1456 static struct nzlist *
1457 lookup(name, src_map, real_def_only)
1459 struct so_map **src_map; /* IN/OUT */
1464 hash = sym_hash(name);
1466 if (*src_map != NULL) /* Look in just one specific object */
1467 return lookup_in_obj(name, hash, *src_map, real_def_only);
1468 else { /* Search runtime symbols and all loaded objects */
1469 unsigned long common_size;
1471 struct rt_symbol *rtsp;
1474 if ((rtsp = lookup_rts(name, hash)) != NULL)
1478 for (smp = link_map_head; smp; smp = smp->som_next) {
1479 if (LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
1481 np = lookup_in_obj(name, hash, smp, real_def_only);
1484 /* We know that np->nz_value > 0 at this point. */
1485 if (np->nz_type == N_UNDF+N_EXT &&
1486 N_AUX(&np->nlist) != AUX_FUNC) { /* Common */
1487 if (common_size < np->nz_value)
1488 common_size = np->nz_value;
1492 /* We found the symbol definition. */
1496 if (common_size > 0) { /* It is a common symbol. */
1499 mem = memset(xmalloc(common_size), 0, common_size);
1500 rtsp = enter_rts(name, hash, (long)mem, N_UNDF + N_EXT,
1501 0, common_size, NULL);
1505 /* No definition was found for the symbol. */
1511 * Lookup a symbol in one specific shared object. The hash
1512 * value is passed in for efficiency. For an explanation of the
1513 * "real_def_only" flag, see the comment preceding the "lookup"
1516 static struct nzlist *
1517 lookup_in_obj(name, hash, smp, real_def_only)
1523 unsigned long buckets;
1524 struct rrs_hash *hp;
1528 struct rrs_hash *hashbase;
1532 if ((buckets = LD_BUCKETS(smp->som_dynamic)) == 0)
1535 hashbase = LM_HASH(smp);
1538 hp = &hashbase[hash % buckets];
1539 if (hp->rh_symbolnum == -1)
1542 symbolbase = (char *)LM_SYMBOL(smp, 0);
1543 stringbase = LM_STRINGS(smp);
1544 symsize = LD_VERSION_NZLIST_P(smp->som_dynamic->d_version)?
1545 sizeof(struct nzlist) : sizeof(struct nlist);
1547 np = (struct nzlist *)(symbolbase + hp->rh_symbolnum*symsize);
1548 cp = stringbase + np->nz_strx;
1549 if (strcmp(cp, name) == 0)
1551 if (hp->rh_next == 0) /* End of hash chain */
1553 hp = hashbase + hp->rh_next;
1557 * We have a symbol with the name we're looking for.
1559 if (np->nz_type == N_INDR+N_EXT) {
1561 * Next symbol gives the aliased name. Restart
1562 * search with new name.
1564 name = stringbase + (++np)->nz_strx;
1565 hash = sym_hash(name);
1569 if (np->nz_value == 0) /* It's not a definition */
1572 if (real_def_only) /* Don't match special function symbols. */
1573 if (np->nz_type == N_UNDF+N_EXT &&
1574 N_AUX(&np->nlist) == AUX_FUNC)
1581 * Return the value of a symbol in the user's program. This is used
1582 * internally for a few symbols which must exist. If the requested
1583 * symbol is not found, this simply exits with a fatal error.
1593 np = lookup(name, &smp, 1);
1595 errx(1, "Program has no symbol \"%s\"", name);
1596 return ((smp == NULL) ? NULL : smp->som_addr) + np->nz_value;
1600 * This routine is called from the jumptable to resolve
1601 * procedure calls to shared objects.
1607 struct so_map *smp, *src_map = NULL;
1614 * Find the PLT map that contains JSP.
1616 for (smp = link_map_head; smp; smp = smp->som_next) {
1617 if (LM_PLT(smp) < jsp &&
1618 jsp < LM_PLT(smp) + LD_PLTSZ(smp->som_dynamic)/sizeof(*jsp))
1623 errx(1, "Call to binder from unknown location: %p\n", jsp);
1625 index = jsp->reloc_index & JMPSLOT_RELOC_MASK;
1627 /* Get the local symbol this jmpslot refers to */
1628 sym = LM_STRINGS(smp) +
1629 LM_SYMBOL(smp,RELOC_SYMBOL(&LM_REL(smp)[index]))->nz_strx;
1631 np = lookup(sym, &src_map, 1);
1633 errx(1, "Undefined symbol \"%s\" called from %s:%s at %p",
1634 sym, main_progname, smp->som_path, jsp);
1636 /* Fixup jmpslot so future calls transfer directly to target */
1637 addr = np->nz_value;
1639 addr += (long)src_map->som_addr;
1641 md_fix_jmpslot(jsp, (long)jsp, addr);
1644 xprintf(" BINDER: %s located at = %#x in %s\n", sym, addr,
1650 static struct hints_header *hheader; /* NULL means not mapped */
1651 static struct hints_bucket *hbuckets;
1652 static char *hstrtab;
1655 * Map the hints file into memory, if it is not already mapped. Returns
1656 * 0 on success, or -1 on failure.
1659 maphints __P((void))
1661 static int hints_bad; /* TRUE if hints are unusable */
1662 static int paths_added;
1664 struct hints_header hdr;
1667 if (hheader != NULL) /* Already mapped */
1670 if (hints_bad) /* Known to be corrupt or unavailable */
1673 if ((hfd = open(_PATH_LD_HINTS, O_RDONLY, 0)) == -1) {
1678 /* Read the header and check it */
1680 if (read(hfd, &hdr, sizeof hdr) != sizeof hdr ||
1682 (hdr.hh_version != LD_HINTS_VERSION_1 &&
1683 hdr.hh_version != LD_HINTS_VERSION_2)) {
1689 /* Map the hints into memory */
1691 addr = mmap(0, hdr.hh_ehints, PROT_READ, MAP_SHARED, hfd, 0);
1692 if (addr == (caddr_t)-1) {
1700 hheader = (struct hints_header *)addr;
1701 hbuckets = (struct hints_bucket *)(addr + hheader->hh_hashtab);
1702 hstrtab = (char *)(addr + hheader->hh_strtab);
1703 /* pluck out the system ldconfig path */
1704 if (hheader->hh_version >= LD_HINTS_VERSION_2 && !paths_added) {
1705 add_search_path(hstrtab + hheader->hh_dirlist);
1713 * Unmap the hints file, if it is currently mapped.
1718 if (hheader != NULL) {
1719 munmap((caddr_t)hheader, hheader->hh_ehints);
1725 hinthash(cp, vmajor)
1732 k = (((k << 1) + (k >> 14)) ^ (*cp++)) & 0x3fff;
1734 k = (((k << 1) + (k >> 14)) ^ (vmajor*257)) & 0x3fff;
1743 * Search for a library in the hints generated by ldconfig. On success,
1744 * returns the full pathname of the matching library. This string is
1745 * always dynamically allocated on the heap.
1747 * Returns the minor number of the matching library via the pointer
1750 * Returns NULL if the library cannot be found.
1753 findhint(name, major, minorp)
1758 struct hints_bucket *bp =
1759 hbuckets + (hinthash(name, major) % hheader->hh_nbucket);
1763 if (bp->hi_namex >= hheader->hh_strtab_sz) {
1764 warnx("Bad name index: %#x\n", bp->hi_namex);
1767 if (bp->hi_pathx >= hheader->hh_strtab_sz) {
1768 warnx("Bad path index: %#x\n", bp->hi_pathx);
1773 * We accept the current hints entry if its name matches
1774 * and its major number matches. We don't have to search
1775 * for the best minor number, because that was already
1776 * done by "ldconfig" when it built the hints file.
1778 if (strcmp(name, hstrtab + bp->hi_namex) == 0 &&
1779 bp->hi_major == major) {
1782 if (stat(hstrtab + bp->hi_pathx, &s) == -1)
1783 return NULL; /* Doesn't actually exist */
1784 *minorp = bp->hi_ndewey >= 2 ? bp->hi_minor : -1;
1785 return strdup(hstrtab + bp->hi_pathx);
1788 if (bp->hi_next == -1)
1791 /* Move on to next in bucket */
1792 bp = &hbuckets[bp->hi_next];
1795 /* No hints available for name */
1800 * Search for the given shared library. On success, returns a string
1801 * containing the full pathname for the library. This string is always
1802 * dynamically allocated on the heap.
1804 * Returns NULL if the library cannot be found.
1807 rtfindlib(name, major, minor)
1811 char *ld_path = ld_library_path;
1815 if (ld_path != NULL) { /* First, search the directories in ld_path */
1817 * There is no point in trying to use the hints file for this.
1821 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1822 path = search_lib_dir(dir, name, &major, &realminor, 0);
1823 if (ld_path != NULL)
1824 *(ld_path - 1) = ':';
1828 if (path == NULL && maphints() == 0) /* Search the hints file */
1829 path = findhint(name, major, &realminor);
1831 if (path == NULL) /* Search the standard directories */
1832 path = findshlib(name, &major, &realminor, 0);
1834 if (path != NULL && realminor < minor && !ld_suppress_warnings) {
1835 warnx("warning: %s: minor version %d"
1836 " older than expected %d, using it anyway",
1837 path, realminor, minor);
1844 * Search for the given shared library file. This is similar to rtfindlib,
1845 * except that the argument is the actual name of the desired library file.
1846 * Thus there is no need to worry about version numbers. The return value
1847 * is a string containing the full pathname for the library. This string
1848 * is always dynamically allocated on the heap.
1850 * Returns NULL if the library cannot be found.
1856 char *ld_path = ld_library_path;
1859 if (ld_path != NULL) { /* First, search the directories in ld_path */
1862 while (path == NULL && (dir = strsep(&ld_path, ":")) != NULL) {
1865 path = concat(dir, "/", name);
1866 if (lstat(path, &sb) == -1) { /* Does not exist */
1870 if (ld_path != NULL)
1871 *(ld_path - 1) = ':';
1876 * We don't search the hints file. It is organized around major
1877 * and minor version numbers, so it is not suitable for finding
1878 * a specific file name.
1881 if (path == NULL) /* Search the standard directories */
1882 path = find_lib_file(name);
1888 * Buffer for error messages and a pointer that is set to point to the buffer
1889 * when a error occurs. It acts as a last error flag, being set to NULL
1890 * after an error is returned.
1892 #define DLERROR_BUF_SIZE 512
1893 static char dlerror_buf [DLERROR_BUF_SIZE];
1894 static char *dlerror_msg = NULL;
1898 __dlopen(path, mode)
1902 struct so_map *old_tail = link_map_tail;
1904 int bind_now = mode == RTLD_NOW;
1907 * path == NULL is handled by map_object()
1912 /* Map the object, and the objects on which it depends */
1913 smp = map_object(path, (struct sod *) NULL, (struct so_map *) NULL);
1914 if(smp == NULL) /* Failed */
1916 LM_PRIVATE(smp)->spd_flags |= RTLD_DL;
1918 /* Relocate and initialize all newly-mapped objects */
1919 if(link_map_tail != old_tail) { /* We have mapped some new objects */
1920 if(reloc_dag(smp, bind_now) == -1) /* Failed */
1935 struct so_map *smp = (struct so_map *)fd;
1936 struct so_map *scanp;
1939 xprintf("dlclose(%s): refcount = %d\n", smp->som_path,
1940 LM_PRIVATE(smp)->spd_refcount);
1942 /* Check the argument for validity */
1943 for(scanp = link_map_head; scanp != NULL; scanp = scanp->som_next)
1944 if(scanp == smp) /* We found the map in the list */
1946 if(scanp == NULL || !(LM_PRIVATE(smp)->spd_flags & RTLD_DL)) {
1947 generror("Invalid argument to dlclose");
1951 unmap_object(smp, 0);
1957 * This form of dlsym is obsolete. Current versions of crt0 don't call
1958 * it. It can still be called by old executables that were linked with
1959 * old versions of crt0.
1966 if (fd == RTLD_NEXT) {
1967 generror("RTLD_NEXT not supported by this version of"
1971 return __dlsym3(fd, sym, NULL);
1975 resolvesym(fd, sym, retaddr)
1981 struct so_map *src_map;
1985 if (fd == RTLD_NEXT) {
1986 /* Find the shared object that contains the caller. */
1987 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
1988 void *textbase = smp->som_addr + LM_TXTADDR(smp);
1989 void *textlimit = LM_ETEXT(smp);
1991 if (textbase <= retaddr && retaddr < textlimit)
1995 generror("Cannot determine caller's shared object");
1998 smp = smp->som_next;
1999 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_RTLD)
2000 smp = smp->som_next;
2002 generror("No next shared object for RTLD_NEXT");
2007 np = lookup(sym, &src_map, 1);
2008 } while (np == NULL && (smp = smp->som_next) != NULL);
2010 smp = (struct so_map *)fd;
2014 * Restrict search to passed map if dlopen()ed.
2016 if (smp != NULL && LM_PRIVATE(smp)->spd_flags & RTLD_DL)
2019 np = lookup(sym, &src_map, 1);
2023 generror("Undefined symbol");
2027 addr = np->nz_value;
2029 addr += (long)src_map->som_addr;
2031 return (void *)addr;
2035 __dladdr(addr, dlip)
2039 struct _dynamic *dp;
2046 /* Find the shared object that contains the address. */
2047 for (smp = link_map_head; smp != NULL; smp = smp->som_next) {
2048 struct so_map *src_map;
2049 struct somap_private *smpp;
2052 smpp = LM_PRIVATE(smp);
2053 if (smpp->spd_flags & RTLD_RTLD)
2056 if ((void *)smp->som_addr > addr)
2060 if ((np = lookup(END_SYM, &src_map, 1)) == NULL)
2061 continue; /* No "_end" symbol?! */
2062 if (addr < (void *)(smp->som_addr + np->nz_value))
2066 generror("No shared object contains address");
2069 dlip->dli_fname = smp->som_path;
2070 dlip->dli_fbase = smp->som_addr;
2071 dlip->dli_saddr = (void *) 0;
2072 dlip->dli_sname = NULL;
2074 dp = smp->som_dynamic;
2075 symsize = LD_VERSION_NZLIST_P(dp->d_version) ?
2076 sizeof(struct nzlist) : sizeof(struct nlist);
2077 numsyms = LD_STABSZ(dp) / symsize;
2078 stringbase = LM_STRINGS(smp);
2080 for (i = 0; i < numsyms; i++) {
2081 struct nzlist *symp = LM_SYMBOL(smp, i);
2082 unsigned long value;
2084 /* Reject all except definitions. */
2085 if (symp->nz_type != N_EXT + N_ABS &&
2086 symp->nz_type != N_EXT + N_TEXT &&
2087 symp->nz_type != N_EXT + N_DATA &&
2088 symp->nz_type != N_EXT + N_BSS)
2092 * If the symbol is greater than the specified address, or
2093 * if it is further away from addr than the current nearest
2094 * symbol, then reject it.
2096 value = (unsigned long) (smp->som_addr + symp->nz_value);
2097 if (value > (unsigned long) addr ||
2098 value < (unsigned long) dlip->dli_saddr)
2101 /* Update our idea of the nearest symbol. */
2102 dlip->dli_sname = stringbase + symp->nz_strx;
2103 dlip->dli_saddr = (void *) value;
2105 if (dlip->dli_saddr == addr) /* Can't get any closer. */
2109 * Remove any leading underscore from the symbol name, to hide
2112 if (dlip->dli_sname != NULL && dlip->dli_sname[0] == '_')
2118 __dlsym3(fd, sym, retaddr)
2125 result = resolvesym(fd, sym, retaddr);
2127 * XXX - Ugly, but it makes the least impact on the run-time loader
2128 * sources. We assume that most of the time the error is a
2129 * undefined symbol error from above, so we try again. If it's
2130 * not an undefined symbol we end up getting the same error twice,
2131 * but that's acceptable.
2133 if (result == NULL) {
2134 /* Prepend an underscore and try again */
2135 char *newsym = xmalloc(strlen(sym) + 2);
2138 strcpy(&newsym[1], sym);
2139 result = resolvesym(fd, newsym, retaddr);
2146 __dlerror __P((void))
2151 dlerror_msg = NULL; /* Next call will return NULL */
2157 __dlexit __P((void))
2160 xprintf("__dlexit called\n");
2163 unmap_object(link_map_head, 1);
2167 * Print the current error message and exit with failure status.
2174 fprintf(stderr, "ld.so failed");
2175 if ((msg = __dlerror()) != NULL)
2176 fprintf(stderr, ": %s", msg);
2183 * Generate an error message that can be later be retrieved via dlerror.
2187 generror(char *fmt, ...)
2189 generror(fmt, va_alist)
2199 vsnprintf (dlerror_buf, DLERROR_BUF_SIZE, fmt, ap);
2200 dlerror_msg = dlerror_buf;
2207 xprintf(char *fmt, ...)
2209 xprintf(fmt, va_alist)
2221 vsnprintf(buf, sizeof(buf), fmt, ap);
2222 (void)write(1, buf, strlen(buf));
2229 * Do a sweep over the environment once only, pick up what
2230 * looks interesting.
2232 * This is pretty obscure, but is relatively simple. Simply
2233 * look at each environment variable, if it starts with "LD_" then
2234 * look closer at it. If it's in our table, set the variable
2235 * listed. effectively, this is like:
2236 * ld_preload = careful ? NULL : getenv("LD_PRELOAD");
2237 * except that the environment is scanned once only to pick up all
2238 * known variables, rather than scanned multiple times for each
2241 * If an environment variable of interest is set to the empty string, we
2242 * treat it as if it were unset.
2245 #define L(n, u, v) { n, sizeof(n) - 1, u, v },
2246 struct env_scan_tab {
2252 L("LD_LIBRARY_PATH=", 1, &ld_library_path)
2253 L("LD_PRELOAD=", 1, &ld_preload)
2254 L("LD_IGNORE_MISSING_OBJECTS=", 1, &ld_ignore_missing_objects)
2255 L("LD_TRACE_LOADED_OBJECTS=", 0, &ld_tracing)
2256 L("LD_BIND_NOW=", 0, &ld_bind_now)
2257 L("LD_SUPPRESS_WARNINGS=", 0, &ld_suppress_warnings)
2258 L("LD_WARN_NON_PURE_CODE=", 0, &ld_warn_non_pure_code)
2259 { NULL, 0, 0, NULL }
2268 struct env_scan_tab *t;
2270 /* for each string in the environment... */
2271 while ((v = *p++)) {
2273 /* check for LD_xxx */
2274 if (v[0] != 'L' || v[1] != 'D' || v[2] != '_')
2277 for (t = scan_tab; t->name; t++) {
2278 if (careful && t->unsafe)
2279 continue; /* skip for set[ug]id */
2280 if (strncmp(t->name, v, t->len) == 0) {
2281 if (*(v + t->len) != '\0') /* Not empty */
2282 *t->value = v + t->len;
2290 * Malloc implementation for use within the dynamic linker. At first
2291 * we do a simple allocation using sbrk. After the user's program
2292 * has been loaded, we switch to using whatever malloc functions are
2296 /* Symbols related to the sbrk and brk implementations. */
2297 #define CURBRK_SYM "curbrk"
2298 #define MINBRK_SYM "minbrk"
2299 #define END_SYM "_end"
2301 /* Symbols related to malloc. */
2302 #define FREE_SYM "_free"
2303 #define MALLOC_SYM "_malloc"
2304 #define REALLOC_SYM "_realloc"
2306 /* Hooks into the implementation of sbrk and brk. */
2307 extern char *curbrk __asm__(CURBRK_SYM);
2308 extern char *minbrk __asm__(MINBRK_SYM);
2310 /* Pointers to the user program's malloc functions. */
2311 static void *(*p_malloc) __P((size_t));
2312 static void *(*p_realloc) __P((void *, size_t));
2313 static void (*p_free) __P((void *));
2315 /* Upper limit of the memory allocated by our internal malloc. */
2316 static char *rtld_alloc_lev;
2319 * Set up the internal malloc so that it will take its memory from the
2320 * main program's sbrk arena.
2323 init_internal_malloc __P((void))
2325 const struct exec *hdr;
2328 * Before anything calls sbrk or brk, we have to initialize
2329 * its idea of the current break level to just beyond the main
2330 * program's address space. Strictly speaking, the right
2331 * way to do that is to look up the value of "_end" in the
2332 * application's run time symbol table.
2334 * That is what we used to do, and it works correctly for
2335 * every valid program. Unfortunately, it doesn't work right
2336 * for "unexec"ed versions of emacs. They are incorrectly
2337 * generated with a wrong value for "_end". (xemacs gets it
2340 * To work around this, we peek at the exec header to get the
2341 * sizes of the text, data, and bss segments. Luckily, the
2342 * header is in memory at the start of the first mapped page.
2343 * From the segment sizes, we can calculate a proper initial
2344 * value for the break level.
2346 hdr = (const struct exec *)PAGSIZ;
2347 if (N_BADMAG(*hdr)) /* Sanity check */
2348 errx(1, "Cannot find program's a.out header");
2349 rtld_alloc_lev = curbrk = minbrk =
2350 (char *)hdr + hdr->a_text + hdr->a_data + hdr->a_bss;
2354 * Set things up so that the dynamic linker can use the program's
2358 init_external_malloc __P((void))
2361 * Patch the program's idea of the current break address to
2362 * what it really is as a result of the allocations we have
2365 *(char **)(sym_addr(CURBRK_SYM)) = curbrk;
2368 * Set the minimum break level too. Otherwise, "unexec"ed
2369 * emacs sets the break too low and wipes out our tables of
2372 *(char **)(sym_addr(MINBRK_SYM)) = curbrk;
2375 * Set up pointers to the program's allocation functions, so
2376 * that we can use them from now on.
2378 p_malloc = (void *(*)(size_t))(sym_addr(MALLOC_SYM));
2379 p_free = (void (*)(void *))(sym_addr(FREE_SYM));
2380 p_realloc = (void *(*)(void *, size_t))(sym_addr(REALLOC_SYM));
2389 /* If we are far enough along, we can use the system malloc. */
2390 if (p_malloc != NULL)
2391 return (*p_malloc)(size);
2394 * Otherwise we use our simple built-in malloc. We get the
2395 * memory from brk() in increments of one page. We store the
2396 * allocated size in the first word, so that realloc can be
2399 if (rtld_alloc_lev == NULL)
2400 errx(1, "Internal error: internal malloc called before"
2401 " being initialized");
2403 p = (char *)ALIGN(rtld_alloc_lev);
2404 rtld_alloc_lev = p + sizeof(size_t) + size;
2406 if (rtld_alloc_lev > curbrk) { /* Get memory from system */
2410 roundup2((unsigned long)rtld_alloc_lev, PAGSIZ);
2411 if (brk(newbrk) == (char *)-1)
2415 *(size_t *)p = size;
2416 return p + sizeof(size_t);
2428 return malloc(size);
2431 * If we are far enough along, and if the memory originally came
2432 * from the system malloc, we can use the system realloc.
2434 if (p_realloc != NULL && (char *)ptr >= rtld_alloc_lev)
2435 return (*p_realloc)(ptr, size);
2437 old_size = *((size_t *)ptr - 1);
2438 if (old_size >= size) /* Not expanding the region */
2441 new_ptr = malloc(size);
2442 if (new_ptr != NULL)
2443 memcpy(new_ptr, ptr, old_size);
2455 * If we are far enough along, and if the memory originally came
2456 * from the system malloc, we can use the system free. Otherwise
2457 * we can't free the memory and we just let it go to waste.
2459 if (p_free != NULL && (char *)ptr >= rtld_alloc_lev)