1 /* Report modules by examining dynamic linker data structures.
2 Copyright (C) 2008-2016 Red Hat, Inc.
3 Copyright (C) 2021 Mark J. Wielaard <mark@klomp.org>
4 This file is part of elfutils.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of either
8
9 * the GNU Lesser General Public License as published by the Free
10 Software Foundation; either version 3 of the License, or (at
11 your option) any later version
12
13 or
14
15 * the GNU General Public License as published by the Free
16 Software Foundation; either version 2 of the License, or (at
17 your option) any later version
18
19 or both in parallel, as here.
20
21 elfutils is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
25
26 You should have received copies of the GNU General Public License and
27 the GNU Lesser General Public License along with this program. If
28 not, see <http://www.gnu.org/licenses/>. */
29
30 #include <config.h>
31 #include "libdwflP.h"
32 #include "../libdw/memory-access.h"
33 #include "system.h"
34
35 #include <fcntl.h>
36
37 /* This element is always provided and always has a constant value.
38 This makes it an easy thing to scan for to discern the format. */
39 #define PROBE_TYPE AT_PHENT
40 #define PROBE_VAL32 sizeof (Elf32_Phdr)
41 #define PROBE_VAL64 sizeof (Elf64_Phdr)
42
43
44 static inline bool
do_check64(const char * a64,uint_fast8_t * elfdata)45 do_check64 (const char *a64, uint_fast8_t *elfdata)
46 {
47 /* The AUXV pointer might not even be naturally aligned for 64-bit
48 data, because note payloads in a core file are not aligned. */
49 const char *typep = a64 + offsetof (Elf64_auxv_t, a_type);
50 uint64_t type = read_8ubyte_unaligned_noncvt (typep);
51 const char *valp = a64 + offsetof (Elf64_auxv_t, a_un.a_val);
52 uint64_t val = read_8ubyte_unaligned_noncvt (valp);
53
54 if (type == BE64 (PROBE_TYPE)
55 && val == BE64 (PROBE_VAL64))
56 {
57 *elfdata = ELFDATA2MSB;
58 return true;
59 }
60
61 if (type == LE64 (PROBE_TYPE)
62 && val == LE64 (PROBE_VAL64))
63 {
64 *elfdata = ELFDATA2LSB;
65 return true;
66 }
67
68 return false;
69 }
70
71 static inline bool
do_check32(const char * a32,uint_fast8_t * elfdata)72 do_check32 (const char *a32, uint_fast8_t *elfdata)
73 {
74 /* The AUXV pointer might not even be naturally aligned for 32-bit
75 data, because note payloads in a core file are not aligned. */
76 const char *typep = a32 + offsetof (Elf32_auxv_t, a_type);
77 uint32_t type = read_4ubyte_unaligned_noncvt (typep);
78 const char *valp = a32 + offsetof (Elf32_auxv_t, a_un.a_val);
79 uint32_t val = read_4ubyte_unaligned_noncvt (valp);
80
81 if (type == BE32 (PROBE_TYPE)
82 && val == BE32 (PROBE_VAL32))
83 {
84 *elfdata = ELFDATA2MSB;
85 return true;
86 }
87
88 if (type == LE32 (PROBE_TYPE)
89 && val == LE32 (PROBE_VAL32))
90 {
91 *elfdata = ELFDATA2LSB;
92 return true;
93 }
94
95 return false;
96 }
97
98 /* Examine an auxv data block and determine its format.
99 Return true iff we figured it out. */
100 static bool
auxv_format_probe(const void * auxv,size_t size,uint_fast8_t * elfclass,uint_fast8_t * elfdata)101 auxv_format_probe (const void *auxv, size_t size,
102 uint_fast8_t *elfclass, uint_fast8_t *elfdata)
103 {
104 for (size_t i = 0; i < size / sizeof (Elf64_auxv_t); ++i)
105 {
106 if (do_check64 (auxv + i * sizeof (Elf64_auxv_t), elfdata))
107 {
108 *elfclass = ELFCLASS64;
109 return true;
110 }
111
112 if (do_check32 (auxv + (i * 2) * sizeof (Elf32_auxv_t), elfdata)
113 || do_check32 (auxv + (i * 2 + 1) * sizeof (Elf32_auxv_t), elfdata))
114 {
115 *elfclass = ELFCLASS32;
116 return true;
117 }
118 }
119
120 return false;
121 }
122
123 /* This is a Dwfl_Memory_Callback that wraps another memory callback.
124 If the underlying callback cannot fill the data, then this will
125 fall back to fetching data from module files. */
126
127 struct integrated_memory_callback
128 {
129 Dwfl_Memory_Callback *memory_callback;
130 void *memory_callback_arg;
131 void *buffer;
132 };
133
134 static bool
integrated_memory_callback(Dwfl * dwfl,int ndx,void ** buffer,size_t * buffer_available,GElf_Addr vaddr,size_t minread,void * arg)135 integrated_memory_callback (Dwfl *dwfl, int ndx,
136 void **buffer, size_t *buffer_available,
137 GElf_Addr vaddr,
138 size_t minread,
139 void *arg)
140 {
141 struct integrated_memory_callback *info = arg;
142
143 if (ndx == -1)
144 {
145 /* Called for cleanup. */
146 if (info->buffer != NULL)
147 {
148 /* The last probe buffer came from the underlying callback.
149 Let it do its cleanup. */
150 assert (*buffer == info->buffer); /* XXX */
151 *buffer = info->buffer;
152 info->buffer = NULL;
153 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
154 vaddr, minread,
155 info->memory_callback_arg);
156 }
157 *buffer = NULL;
158 *buffer_available = 0;
159 return false;
160 }
161
162 if (*buffer != NULL)
163 /* For a final-read request, we only use the underlying callback. */
164 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
165 vaddr, minread, info->memory_callback_arg);
166
167 /* Let the underlying callback try to fill this request. */
168 if ((*info->memory_callback) (dwfl, ndx, &info->buffer, buffer_available,
169 vaddr, minread, info->memory_callback_arg))
170 {
171 *buffer = info->buffer;
172 return true;
173 }
174
175 /* Now look for module text covering this address. */
176
177 Dwfl_Module *mod;
178 (void) INTUSE(dwfl_addrsegment) (dwfl, vaddr, &mod);
179 if (mod == NULL)
180 return false;
181
182 Dwarf_Addr bias;
183 Elf_Scn *scn = INTUSE(dwfl_module_address_section) (mod, &vaddr, &bias);
184 if (unlikely (scn == NULL))
185 {
186 #if 0 // XXX would have to handle ndx=-1 cleanup calls passed down.
187 /* If we have no sections we can try to fill it from the module file
188 based on its phdr mappings. */
189 if (likely (mod->e_type != ET_REL) && mod->main.elf != NULL)
190 return INTUSE(dwfl_elf_phdr_memory_callback)
191 (dwfl, 0, buffer, buffer_available,
192 vaddr - mod->main.bias, minread, mod->main.elf);
193 #endif
194 return false;
195 }
196
197 Elf_Data *data = elf_rawdata (scn, NULL);
198 if (unlikely (data == NULL))
199 // XXX throw error?
200 return false;
201
202 if (unlikely (data->d_size < vaddr))
203 return false;
204
205 /* Provide as much data as we have. */
206 void *contents = data->d_buf + vaddr;
207 size_t avail = data->d_size - vaddr;
208 if (unlikely (avail < minread))
209 return false;
210
211 /* If probing for a string, make sure it's terminated. */
212 if (minread == 0 && unlikely (memchr (contents, '\0', avail) == NULL))
213 return false;
214
215 /* We have it! */
216 *buffer = contents;
217 *buffer_available = avail;
218 return true;
219 }
220
221 static size_t
addrsize(uint_fast8_t elfclass)222 addrsize (uint_fast8_t elfclass)
223 {
224 return elfclass * 4;
225 }
226
227 struct memory_closure
228 {
229 Dwfl *dwfl;
230 Dwfl_Memory_Callback *callback;
231 void *arg;
232 };
233
234 static inline int
release_buffer(struct memory_closure * closure,void ** buffer,size_t * buffer_available,int result)235 release_buffer (struct memory_closure *closure,
236 void **buffer, size_t *buffer_available, int result)
237 {
238 if (*buffer != NULL)
239 (*closure->callback) (closure->dwfl, -1, buffer, buffer_available, 0, 0,
240 closure->arg);
241
242 return result;
243 }
244
245 static inline bool
read_addrs(struct memory_closure * closure,uint_fast8_t elfclass,uint_fast8_t elfdata,void ** buffer,size_t * buffer_available,GElf_Addr vaddr,GElf_Addr * read_vaddr,size_t n,GElf_Addr * addrs)246 read_addrs (struct memory_closure *closure,
247 uint_fast8_t elfclass, uint_fast8_t elfdata,
248 void **buffer, size_t *buffer_available,
249 GElf_Addr vaddr, GElf_Addr *read_vaddr,
250 size_t n, GElf_Addr *addrs /* [4] */)
251 {
252 size_t nb = n * addrsize (elfclass); /* Address words -> bytes to read. */
253 Dwfl *dwfl = closure->dwfl;
254
255 /* Read a new buffer if the old one doesn't cover these words. */
256 if (*buffer == NULL
257 || vaddr < *read_vaddr
258 || nb > *buffer_available
259 || vaddr - (*read_vaddr) > *buffer_available - nb)
260 {
261 release_buffer (closure, buffer, buffer_available, 0);
262
263 *read_vaddr = vaddr;
264 int segndx = INTUSE(dwfl_addrsegment) (dwfl, vaddr, NULL);
265 if (unlikely (segndx < 0)
266 || unlikely (! (*closure->callback) (dwfl, segndx,
267 buffer, buffer_available,
268 vaddr, nb, closure->arg)))
269 return true;
270 }
271
272 unsigned char *addr = vaddr - (*read_vaddr) + (*buffer);
273
274 if (elfclass == ELFCLASS32)
275 {
276 if (elfdata == ELFDATA2MSB)
277 for (size_t i = 0; i < n; ++i)
278 addrs[i] = BE32 (read_4ubyte_unaligned_noncvt (addr + i * 4));
279 else
280 for (size_t i = 0; i < n; ++i)
281 addrs[i] = LE32 (read_4ubyte_unaligned_noncvt (addr + i * 4));
282 }
283 else
284 {
285 if (elfdata == ELFDATA2MSB)
286 for (size_t i = 0; i < n; ++i)
287 addrs[i] = BE64 (read_8ubyte_unaligned_noncvt (addr + i * 8));
288 else
289 for (size_t i = 0; i < n; ++i)
290 addrs[i] = LE64 (read_8ubyte_unaligned_noncvt (addr + i * 8));
291 }
292
293 return false;
294 }
295
296 /* Report a module for each struct link_map in the linked list at r_map
297 in the struct r_debug at R_DEBUG_VADDR. For r_debug_info description
298 see dwfl_link_map_report in libdwflP.h. If R_DEBUG_INFO is not NULL then no
299 modules get added to DWFL, caller has to add them from filled in
300 R_DEBUG_INFO.
301
302 For each link_map entry, if an existing module resides at its address,
303 this just modifies that module's name and suggested file name. If
304 no such module exists, this calls dwfl_report_elf on the l_name string.
305
306 Returns the number of modules found, or -1 for errors. */
307
308 static int
report_r_debug(uint_fast8_t elfclass,uint_fast8_t elfdata,Dwfl * dwfl,GElf_Addr r_debug_vaddr,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg,struct r_debug_info * r_debug_info)309 report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata,
310 Dwfl *dwfl, GElf_Addr r_debug_vaddr,
311 Dwfl_Memory_Callback *memory_callback,
312 void *memory_callback_arg,
313 struct r_debug_info *r_debug_info)
314 {
315 /* Skip r_version, to aligned r_map field. */
316 GElf_Addr read_vaddr = r_debug_vaddr + addrsize (elfclass);
317
318 void *buffer = NULL;
319 size_t buffer_available = 0;
320 GElf_Addr addrs[4];
321 struct memory_closure memory_closure = { dwfl, memory_callback,
322 memory_callback_arg };
323 if (unlikely (read_addrs (&memory_closure, elfclass, elfdata,
324 &buffer, &buffer_available, read_vaddr, &read_vaddr,
325 1, addrs)))
326 return release_buffer (&memory_closure, &buffer, &buffer_available, -1);
327
328 GElf_Addr next = addrs[0];
329
330 Dwfl_Module **lastmodp = &dwfl->modulelist;
331 int result = 0;
332
333 /* There can't be more elements in the link_map list than there are
334 segments. DWFL->lookup_elts is probably twice that number, so it
335 is certainly above the upper bound. If we iterate too many times,
336 there must be a loop in the pointers due to link_map clobberation. */
337 size_t iterations = 0;
338 while (next != 0 && ++iterations < dwfl->lookup_elts)
339 {
340 if (read_addrs (&memory_closure, elfclass, elfdata,
341 &buffer, &buffer_available, next, &read_vaddr,
342 4, addrs))
343 return release_buffer (&memory_closure, &buffer, &buffer_available, -1);
344
345 /* Unused: l_addr is the difference between the address in memory
346 and the ELF file when the core was created. We need to
347 recalculate the difference below because the ELF file we use
348 might be differently pre-linked. */
349 // GElf_Addr l_addr = addrs[0];
350 GElf_Addr l_name = addrs[1];
351 GElf_Addr l_ld = addrs[2];
352 next = addrs[3];
353
354 /* If a clobbered or truncated memory image has no useful pointer,
355 just skip this element. */
356 if (l_ld == 0)
357 continue;
358
359 /* Fetch the string at the l_name address. */
360 const char *name = NULL;
361 if (buffer != NULL
362 && read_vaddr <= l_name
363 && l_name + 1 - read_vaddr < buffer_available
364 && memchr (l_name - read_vaddr + buffer, '\0',
365 buffer_available - (l_name - read_vaddr)) != NULL)
366 name = l_name - read_vaddr + buffer;
367 else
368 {
369 release_buffer (&memory_closure, &buffer, &buffer_available, 0);
370 read_vaddr = l_name;
371 int segndx = INTUSE(dwfl_addrsegment) (dwfl, l_name, NULL);
372 if (likely (segndx >= 0)
373 && (*memory_callback) (dwfl, segndx,
374 &buffer, &buffer_available,
375 l_name, 0, memory_callback_arg))
376 name = buffer;
377 }
378
379 if (name != NULL && name[0] == '\0')
380 name = NULL;
381
382 if (iterations == 1
383 && dwfl->user_core != NULL
384 && dwfl->user_core->executable_for_core != NULL)
385 name = dwfl->user_core->executable_for_core;
386
387 struct r_debug_info_module *r_debug_info_module = NULL;
388 if (r_debug_info != NULL)
389 {
390 /* Save link map information about valid shared library (or
391 executable) which has not been found on disk. */
392 const char *name1 = name == NULL ? "" : name;
393 r_debug_info_module = malloc (sizeof (*r_debug_info_module)
394 + strlen (name1) + 1);
395 if (unlikely (r_debug_info_module == NULL))
396 release_buffer (&memory_closure, &buffer,
397 &buffer_available, result);
398 r_debug_info_module->fd = -1;
399 r_debug_info_module->elf = NULL;
400 r_debug_info_module->l_ld = l_ld;
401 r_debug_info_module->start = 0;
402 r_debug_info_module->end = 0;
403 r_debug_info_module->disk_file_has_build_id = false;
404 strcpy (r_debug_info_module->name, name1);
405 r_debug_info_module->next = r_debug_info->module;
406 r_debug_info->module = r_debug_info_module;
407 }
408
409 Dwfl_Module *mod = NULL;
410 if (name != NULL)
411 {
412 /* This code is mostly inlined dwfl_report_elf. */
413 // XXX hook for sysroot
414 int fd = open (name, O_RDONLY);
415 if (fd >= 0)
416 {
417 Elf *elf;
418 Dwfl_Error error = __libdw_open_file (&fd, &elf, true, false);
419 GElf_Addr elf_dynamic_vaddr;
420 if (error == DWFL_E_NOERROR
421 && __libdwfl_dynamic_vaddr_get (elf, &elf_dynamic_vaddr))
422 {
423 const void *build_id_bits;
424 GElf_Addr build_id_elfaddr;
425 int build_id_len;
426 bool valid = true;
427
428 if (__libdwfl_find_elf_build_id (NULL, elf, &build_id_bits,
429 &build_id_elfaddr,
430 &build_id_len) > 0
431 && build_id_elfaddr != 0)
432 {
433 if (r_debug_info_module != NULL)
434 r_debug_info_module->disk_file_has_build_id = true;
435 GElf_Addr build_id_vaddr = (build_id_elfaddr
436 - elf_dynamic_vaddr + l_ld);
437
438 release_buffer (&memory_closure, &buffer,
439 &buffer_available, 0);
440 int segndx = INTUSE(dwfl_addrsegment) (dwfl,
441 build_id_vaddr,
442 NULL);
443 if (! (*memory_callback) (dwfl, segndx,
444 &buffer, &buffer_available,
445 build_id_vaddr, build_id_len,
446 memory_callback_arg))
447 {
448 /* File has valid build-id which cannot be read from
449 memory. This happens for core files without bit 4
450 (0x10) set in Linux /proc/PID/coredump_filter. */
451 }
452 else
453 {
454 if (memcmp (build_id_bits, buffer, build_id_len) != 0)
455 /* File has valid build-id which does not match
456 the one in memory. */
457 valid = false;
458 release_buffer (&memory_closure, &buffer,
459 &buffer_available, 0);
460
461 }
462 }
463
464 if (valid)
465 {
466 // It is like l_addr but it handles differently prelinked
467 // files at core dumping vs. core loading time.
468 GElf_Addr base = l_ld - elf_dynamic_vaddr;
469 if (r_debug_info_module == NULL)
470 {
471 // XXX hook for sysroot
472 mod = __libdwfl_report_elf (dwfl, basename (name),
473 name, fd, elf, base,
474 true, true);
475 if (mod != NULL)
476 {
477 elf = NULL;
478 fd = -1;
479 }
480 }
481 else if (__libdwfl_elf_address_range (elf, base, true,
482 true, NULL, NULL,
483 &r_debug_info_module->start,
484 &r_debug_info_module->end,
485 NULL, NULL))
486 {
487 r_debug_info_module->elf = elf;
488 r_debug_info_module->fd = fd;
489 elf = NULL;
490 fd = -1;
491 }
492 }
493 if (elf != NULL)
494 elf_end (elf);
495 if (fd != -1)
496 close (fd);
497 }
498 }
499 }
500
501 if (mod != NULL)
502 {
503 ++result;
504
505 /* Move this module to the end of the list, so that we end
506 up with a list in the same order as the link_map chain. */
507 if (mod->next != NULL)
508 {
509 if (*lastmodp != mod)
510 {
511 lastmodp = &dwfl->modulelist;
512 while (*lastmodp != mod)
513 lastmodp = &(*lastmodp)->next;
514 }
515 *lastmodp = mod->next;
516 mod->next = NULL;
517 while (*lastmodp != NULL)
518 lastmodp = &(*lastmodp)->next;
519 *lastmodp = mod;
520 }
521
522 lastmodp = &mod->next;
523 }
524 }
525
526 return release_buffer (&memory_closure, &buffer, &buffer_available, result);
527 }
528
529 static GElf_Addr
consider_executable(Dwfl_Module * mod,GElf_Addr at_phdr,GElf_Addr at_entry,uint_fast8_t * elfclass,uint_fast8_t * elfdata,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg)530 consider_executable (Dwfl_Module *mod, GElf_Addr at_phdr, GElf_Addr at_entry,
531 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
532 Dwfl_Memory_Callback *memory_callback,
533 void *memory_callback_arg)
534 {
535 GElf_Ehdr ehdr;
536 if (unlikely (gelf_getehdr (mod->main.elf, &ehdr) == NULL))
537 return 0;
538
539 if (at_entry != 0)
540 {
541 /* If we have an AT_ENTRY value, reject this executable if
542 its entry point address could not have supplied that. */
543
544 if (ehdr.e_entry == 0)
545 return 0;
546
547 if (mod->e_type == ET_EXEC)
548 {
549 if (ehdr.e_entry != at_entry)
550 return 0;
551 }
552 else
553 {
554 /* It could be a PIE. */
555 }
556 }
557
558 // XXX this could be saved in the file cache: phdr vaddr, DT_DEBUG d_val vaddr
559 /* Find the vaddr of the DT_DEBUG's d_ptr. This is the memory
560 address where &r_debug was written at runtime. */
561 GElf_Xword align = mod->dwfl->segment_align;
562 GElf_Addr d_val_vaddr = 0;
563 size_t phnum;
564 if (elf_getphdrnum (mod->main.elf, &phnum) != 0)
565 return 0;
566
567 for (size_t i = 0; i < phnum; ++i)
568 {
569 GElf_Phdr phdr_mem;
570 GElf_Phdr *phdr = gelf_getphdr (mod->main.elf, i, &phdr_mem);
571 if (phdr == NULL)
572 break;
573
574 if (phdr->p_align > 1 && (align == 0 || phdr->p_align < align))
575 align = phdr->p_align;
576
577 if (at_phdr != 0
578 && phdr->p_type == PT_LOAD
579 && (phdr->p_offset & -align) == (ehdr.e_phoff & -align))
580 {
581 /* This is the segment that would map the phdrs.
582 If we have an AT_PHDR value, reject this executable
583 if its phdr mapping could not have supplied that. */
584 if (mod->e_type == ET_EXEC)
585 {
586 if (ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr != at_phdr)
587 return 0;
588 }
589 else
590 {
591 /* It could be a PIE. If the AT_PHDR value and our
592 phdr address don't match modulo ALIGN, then this
593 could not have been the right PIE. */
594 if (((ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr) & -align)
595 != (at_phdr & -align))
596 return 0;
597
598 /* Calculate the bias applied to the PIE's p_vaddr values. */
599 GElf_Addr bias = (at_phdr - (ehdr.e_phoff - phdr->p_offset
600 + phdr->p_vaddr));
601
602 /* Final sanity check: if we have an AT_ENTRY value,
603 reject this PIE unless its biased e_entry matches. */
604 if (at_entry != 0 && at_entry != ehdr.e_entry + bias)
605 return 0;
606
607 /* If we're changing the module's address range,
608 we've just invalidated the module lookup table. */
609 GElf_Addr mod_bias = dwfl_adjusted_address (mod, 0);
610 if (bias != mod_bias)
611 {
612 mod->low_addr -= mod_bias;
613 mod->high_addr -= mod_bias;
614 mod->low_addr += bias;
615 mod->high_addr += bias;
616
617 free (mod->dwfl->lookup_module);
618 mod->dwfl->lookup_module = NULL;
619 }
620 }
621 }
622
623 if (phdr->p_type == PT_DYNAMIC)
624 {
625 Elf_Data *data = elf_getdata_rawchunk (mod->main.elf, phdr->p_offset,
626 phdr->p_filesz, ELF_T_DYN);
627 if (data == NULL)
628 continue;
629 const size_t entsize = gelf_fsize (mod->main.elf,
630 ELF_T_DYN, 1, EV_CURRENT);
631 const size_t n = data->d_size / entsize;
632 for (size_t j = 0; j < n; ++j)
633 {
634 GElf_Dyn dyn_mem;
635 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
636 if (dyn != NULL && dyn->d_tag == DT_DEBUG)
637 {
638 d_val_vaddr = phdr->p_vaddr + entsize * j + entsize / 2;
639 break;
640 }
641 }
642 }
643 }
644
645 if (d_val_vaddr != 0)
646 {
647 /* Now we have the final address from which to read &r_debug. */
648 d_val_vaddr = dwfl_adjusted_address (mod, d_val_vaddr);
649
650 void *buffer = NULL;
651 size_t buffer_available = addrsize (ehdr.e_ident[EI_CLASS]);
652
653 int segndx = INTUSE(dwfl_addrsegment) (mod->dwfl, d_val_vaddr, NULL);
654
655 if ((*memory_callback) (mod->dwfl, segndx,
656 &buffer, &buffer_available,
657 d_val_vaddr, buffer_available,
658 memory_callback_arg))
659 {
660 const union
661 {
662 Elf32_Addr a32;
663 Elf64_Addr a64;
664 } *u = buffer;
665
666 GElf_Addr vaddr;
667 if (ehdr.e_ident[EI_CLASS] == ELFCLASS32)
668 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
669 ? BE32 (u->a32) : LE32 (u->a32));
670 else
671 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
672 ? BE64 (u->a64) : LE64 (u->a64));
673
674 (*memory_callback) (mod->dwfl, -1, &buffer, &buffer_available, 0, 0,
675 memory_callback_arg);
676
677 if (*elfclass == ELFCLASSNONE)
678 *elfclass = ehdr.e_ident[EI_CLASS];
679 else if (*elfclass != ehdr.e_ident[EI_CLASS])
680 return 0;
681
682 if (*elfdata == ELFDATANONE)
683 *elfdata = ehdr.e_ident[EI_DATA];
684 else if (*elfdata != ehdr.e_ident[EI_DATA])
685 return 0;
686
687 return vaddr;
688 }
689 }
690
691 return 0;
692 }
693
694 /* Try to find an existing executable module with a DT_DEBUG. */
695 static GElf_Addr
find_executable(Dwfl * dwfl,GElf_Addr at_phdr,GElf_Addr at_entry,uint_fast8_t * elfclass,uint_fast8_t * elfdata,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg)696 find_executable (Dwfl *dwfl, GElf_Addr at_phdr, GElf_Addr at_entry,
697 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
698 Dwfl_Memory_Callback *memory_callback,
699 void *memory_callback_arg)
700 {
701 for (Dwfl_Module *mod = dwfl->modulelist; mod != NULL; mod = mod->next)
702 if (mod->main.elf != NULL)
703 {
704 GElf_Addr r_debug_vaddr = consider_executable (mod, at_phdr, at_entry,
705 elfclass, elfdata,
706 memory_callback,
707 memory_callback_arg);
708 if (r_debug_vaddr != 0)
709 return r_debug_vaddr;
710 }
711
712 return 0;
713 }
714
715
716 int
dwfl_link_map_report(Dwfl * dwfl,const void * auxv,size_t auxv_size,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg,struct r_debug_info * r_debug_info)717 dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
718 Dwfl_Memory_Callback *memory_callback,
719 void *memory_callback_arg,
720 struct r_debug_info *r_debug_info)
721 {
722 GElf_Addr r_debug_vaddr = 0;
723
724 uint_fast8_t elfclass = ELFCLASSNONE;
725 uint_fast8_t elfdata = ELFDATANONE;
726 if (likely (auxv != NULL)
727 && likely (auxv_format_probe (auxv, auxv_size, &elfclass, &elfdata)))
728 {
729 GElf_Addr entry = 0;
730 GElf_Addr phdr = 0;
731 GElf_Xword phent = 0;
732 GElf_Xword phnum = 0;
733
734 #define READ_AUXV32(ptr) read_4ubyte_unaligned_noncvt (ptr)
735 #define READ_AUXV64(ptr) read_8ubyte_unaligned_noncvt (ptr)
736 #define AUXV_SCAN(NN, BL) do \
737 { \
738 const Elf##NN##_auxv_t *av = auxv; \
739 for (size_t i = 0; i < auxv_size / sizeof av[0]; ++i) \
740 { \
741 const char *typep = auxv + i * sizeof (Elf##NN##_auxv_t); \
742 typep += offsetof (Elf##NN##_auxv_t, a_type); \
743 uint##NN##_t type = READ_AUXV##NN (typep); \
744 const char *valp = auxv + i * sizeof (Elf##NN##_auxv_t); \
745 valp += offsetof (Elf##NN##_auxv_t, a_un.a_val); \
746 uint##NN##_t val = BL##NN (READ_AUXV##NN (valp)); \
747 if (type == BL##NN (AT_ENTRY)) \
748 entry = val; \
749 else if (type == BL##NN (AT_PHDR)) \
750 phdr = val; \
751 else if (type == BL##NN (AT_PHNUM)) \
752 phnum = val; \
753 else if (type == BL##NN (AT_PHENT)) \
754 phent = val; \
755 else if (type == BL##NN (AT_PAGESZ)) \
756 { \
757 if (val > 1 \
758 && (dwfl->segment_align == 0 \
759 || val < dwfl->segment_align)) \
760 dwfl->segment_align = val; \
761 } \
762 } \
763 } \
764 while (0)
765
766 if (elfclass == ELFCLASS32)
767 {
768 if (elfdata == ELFDATA2MSB)
769 AUXV_SCAN (32, BE);
770 else
771 AUXV_SCAN (32, LE);
772 }
773 else
774 {
775 if (elfdata == ELFDATA2MSB)
776 AUXV_SCAN (64, BE);
777 else
778 AUXV_SCAN (64, LE);
779 }
780
781 /* If we found the phdr dimensions, search phdrs for PT_DYNAMIC. */
782 GElf_Addr dyn_vaddr = 0;
783 GElf_Xword dyn_filesz = 0;
784 GElf_Addr dyn_bias = (GElf_Addr) -1;
785
786 if (phdr != 0 && phnum != 0
787 && ((elfclass == ELFCLASS32 && phent == sizeof (Elf32_Phdr))
788 || (elfclass == ELFCLASS64 && phent == sizeof (Elf64_Phdr))))
789 {
790 Dwfl_Module *phdr_mod;
791 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod);
792 Elf_Data in =
793 {
794 .d_type = ELF_T_PHDR,
795 .d_version = EV_CURRENT,
796 .d_size = phnum * phent,
797 .d_buf = NULL
798 };
799 bool in_ok = (*memory_callback) (dwfl, phdr_segndx, &in.d_buf,
800 &in.d_size, phdr, phnum * phent,
801 memory_callback_arg);
802 bool in_from_exec = false;
803 if (! in_ok
804 && dwfl->user_core != NULL
805 && dwfl->user_core->executable_for_core != NULL)
806 {
807 /* AUXV -> PHDR -> DYNAMIC
808 Both AUXV and DYNAMIC should be always present in a core file.
809 PHDR may be missing in core file, try to read it from
810 EXECUTABLE_FOR_CORE to find where DYNAMIC is located in the
811 core file. */
812
813 int fd = open (dwfl->user_core->executable_for_core, O_RDONLY);
814 Elf *elf;
815 Dwfl_Error error = DWFL_E_ERRNO;
816 if (fd != -1)
817 error = __libdw_open_file (&fd, &elf, true, false);
818 if (error != DWFL_E_NOERROR)
819 {
820 __libdwfl_seterrno (error);
821 return false;
822 }
823 GElf_Ehdr ehdr_mem, *ehdr = gelf_getehdr (elf, &ehdr_mem);
824 if (ehdr == NULL)
825 {
826 elf_end (elf);
827 close (fd);
828 __libdwfl_seterrno (DWFL_E_LIBELF);
829 return false;
830 }
831 size_t e_phnum;
832 if (elf_getphdrnum (elf, &e_phnum) != 0)
833 {
834 elf_end (elf);
835 close (fd);
836 __libdwfl_seterrno (DWFL_E_LIBELF);
837 return false;
838 }
839 if (e_phnum != phnum || ehdr->e_phentsize != phent)
840 {
841 elf_end (elf);
842 close (fd);
843 __libdwfl_seterrno (DWFL_E_BADELF);
844 return false;
845 }
846 off_t off = ehdr->e_phoff;
847 assert (in.d_buf == NULL);
848 /* Note this in the !in_ok path. That means memory_callback
849 failed. But the callback might still have reset the d_size
850 value (to zero). So explicitly set it here again. */
851 if (unlikely (phnum > SIZE_MAX / phent))
852 {
853 __libdwfl_seterrno (DWFL_E_NOMEM);
854 return false;
855 }
856 in.d_size = phnum * phent;
857 in.d_buf = malloc (in.d_size);
858 if (unlikely (in.d_buf == NULL))
859 {
860 elf_end (elf);
861 close (fd);
862 __libdwfl_seterrno (DWFL_E_NOMEM);
863 return false;
864 }
865 ssize_t nread = pread_retry (fd, in.d_buf, in.d_size, off);
866 elf_end (elf);
867 close (fd);
868 if (nread != (ssize_t) in.d_size)
869 {
870 free (in.d_buf);
871 __libdwfl_seterrno (DWFL_E_ERRNO);
872 return false;
873 }
874 in_ok = true;
875 in_from_exec = true;
876 }
877 if (in_ok)
878 {
879 if (unlikely (phnum > SIZE_MAX / phent))
880 {
881 __libdwfl_seterrno (DWFL_E_NOMEM);
882 return false;
883 }
884 size_t nbytes = phnum * phent;
885 /* We can only process as many bytes/phnum as there are
886 in in.d_size. The data might have been truncated. */
887 if (nbytes > in.d_size)
888 {
889 nbytes = in.d_size;
890 phnum = nbytes / phent;
891 if (phnum == 0)
892 {
893 __libdwfl_seterrno (DWFL_E_BADELF);
894 return false;
895 }
896 }
897 void *buf = malloc (nbytes);
898 Elf32_Phdr (*p32)[phnum] = buf;
899 Elf64_Phdr (*p64)[phnum] = buf;
900 if (unlikely (buf == NULL))
901 {
902 __libdwfl_seterrno (DWFL_E_NOMEM);
903 return false;
904 }
905 Elf_Data out =
906 {
907 .d_type = ELF_T_PHDR,
908 .d_version = EV_CURRENT,
909 .d_size = nbytes,
910 .d_buf = buf
911 };
912 if (in.d_size > out.d_size)
913 {
914 in.d_size = out.d_size;
915 phnum = in.d_size / phent;
916 if (phnum == 0)
917 {
918 free (buf);
919 __libdwfl_seterrno (DWFL_E_BADELF);
920 return false;
921 }
922 }
923 bool is32 = (elfclass == ELFCLASS32);
924 size_t phdr_align = (is32
925 ? __alignof__ (Elf32_Phdr)
926 : __alignof__ (Elf64_Phdr));
927 if (!in_from_exec
928 && ((uintptr_t) in.d_buf & (phdr_align - 1)) != 0)
929 {
930 memcpy (out.d_buf, in.d_buf, in.d_size);
931 in.d_buf = out.d_buf;
932 }
933 if (likely ((elfclass == ELFCLASS32
934 ? elf32_xlatetom : elf64_xlatetom)
935 (&out, &in, elfdata) != NULL))
936 {
937 for (size_t i = 0; i < phnum; ++i)
938 {
939 GElf_Word type = (is32
940 ? (*p32)[i].p_type
941 : (*p64)[i].p_type);
942 GElf_Addr vaddr = (is32
943 ? (*p32)[i].p_vaddr
944 : (*p64)[i].p_vaddr);
945 GElf_Xword filesz = (is32
946 ? (*p32)[i].p_filesz
947 : (*p64)[i].p_filesz);
948
949 if (type == PT_PHDR)
950 {
951 if (dyn_bias == (GElf_Addr) -1
952 /* Do a sanity check on the putative address. */
953 && ((vaddr & (dwfl->segment_align - 1))
954 == (phdr & (dwfl->segment_align - 1))))
955 {
956 dyn_bias = phdr - vaddr;
957 if (dyn_vaddr != 0)
958 break;
959 }
960
961 }
962 else if (type == PT_DYNAMIC)
963 {
964 dyn_vaddr = vaddr;
965 dyn_filesz = filesz;
966 if (dyn_bias != (GElf_Addr) -1)
967 break;
968 }
969 }
970 }
971
972 if (in_from_exec)
973 free (in.d_buf);
974 else
975 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
976 memory_callback_arg);
977 free (buf);
978 }
979 else
980 /* We could not read the executable's phdrs from the
981 memory image. If we have a presupplied executable,
982 we can still use the AT_PHDR and AT_ENTRY values to
983 verify it, and to adjust its bias if it's a PIE.
984
985 If there was an ET_EXEC module presupplied that contains
986 the AT_PHDR address, then we only consider that one.
987 We'll either accept it if its phdr location and e_entry
988 make sense or reject it if they don't. If there is no
989 presupplied ET_EXEC, then look for a presupplied module,
990 which might be a PIE (ET_DYN) that needs its bias adjusted. */
991 r_debug_vaddr = ((phdr_mod == NULL
992 || phdr_mod->main.elf == NULL
993 || phdr_mod->e_type != ET_EXEC)
994 ? find_executable (dwfl, phdr, entry,
995 &elfclass, &elfdata,
996 memory_callback,
997 memory_callback_arg)
998 : consider_executable (phdr_mod, phdr, entry,
999 &elfclass, &elfdata,
1000 memory_callback,
1001 memory_callback_arg));
1002 }
1003
1004 /* If we found PT_DYNAMIC, search it for DT_DEBUG. */
1005 if (dyn_filesz != 0)
1006 {
1007 if (dyn_bias != (GElf_Addr) -1)
1008 dyn_vaddr += dyn_bias;
1009
1010 Elf_Data in =
1011 {
1012 .d_type = ELF_T_DYN,
1013 .d_version = EV_CURRENT,
1014 .d_size = dyn_filesz,
1015 .d_buf = NULL
1016 };
1017 int dyn_segndx = dwfl_addrsegment (dwfl, dyn_vaddr, NULL);
1018 if ((*memory_callback) (dwfl, dyn_segndx, &in.d_buf, &in.d_size,
1019 dyn_vaddr, dyn_filesz, memory_callback_arg))
1020 {
1021 size_t entsize = (elfclass == ELFCLASS32
1022 ? sizeof (Elf32_Dyn) : sizeof (Elf64_Dyn));
1023 if (unlikely (dyn_filesz > SIZE_MAX / entsize))
1024 {
1025 __libdwfl_seterrno (DWFL_E_NOMEM);
1026 return false;
1027 }
1028 /* We can only process as many bytes as there are in
1029 in.d_size. The data might have been truncated. */
1030 if (dyn_filesz > in.d_size)
1031 dyn_filesz = in.d_size;
1032 if (dyn_filesz / entsize == 0)
1033 {
1034 __libdwfl_seterrno (DWFL_E_BADELF);
1035 return false;
1036 }
1037 void *buf = malloc (dyn_filesz);
1038 if (unlikely (buf == NULL))
1039 {
1040 __libdwfl_seterrno (DWFL_E_NOMEM);
1041 return false;
1042 }
1043 Elf_Data out =
1044 {
1045 .d_type = ELF_T_DYN,
1046 .d_version = EV_CURRENT,
1047 .d_size = dyn_filesz,
1048 .d_buf = buf
1049 };
1050 if (in.d_size > out.d_size)
1051 in.d_size = out.d_size;
1052 size_t dyn_align = (elfclass == ELFCLASS32
1053 ? __alignof__ (Elf32_Dyn)
1054 : __alignof__ (Elf64_Dyn));
1055 if (((uintptr_t) in.d_buf & (dyn_align - 1)) != 0)
1056 {
1057 memcpy (out.d_buf, in.d_buf, in.d_size);
1058 in.d_buf = out.d_buf;
1059 }
1060 if (likely ((elfclass == ELFCLASS32
1061 ? elf32_xlatetom : elf64_xlatetom)
1062 (&out, &in, elfdata) != NULL))
1063 {
1064 /* We are looking for DT_DEBUG. */
1065 if (elfclass == ELFCLASS32)
1066 {
1067 Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = buf;
1068 size_t n = dyn_filesz / sizeof (Elf32_Dyn);
1069 for (size_t i = 0; i < n; ++i)
1070 if ((*d32)[i].d_tag == DT_DEBUG)
1071 {
1072 r_debug_vaddr = (*d32)[i].d_un.d_val;
1073 break;
1074 }
1075 }
1076 else
1077 {
1078 Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = buf;
1079 size_t n = dyn_filesz / sizeof (Elf64_Dyn);
1080 for (size_t i = 0; i < n; ++i)
1081 if ((*d64)[i].d_tag == DT_DEBUG)
1082 {
1083 r_debug_vaddr = (*d64)[i].d_un.d_val;
1084 break;
1085 }
1086 }
1087 }
1088
1089 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
1090 memory_callback_arg);
1091 free (buf);
1092 }
1093 }
1094 }
1095 else
1096 /* We have to look for a presupplied executable file to determine
1097 the vaddr of its dynamic section and DT_DEBUG therein. */
1098 r_debug_vaddr = find_executable (dwfl, 0, 0, &elfclass, &elfdata,
1099 memory_callback, memory_callback_arg);
1100
1101 if (r_debug_vaddr == 0)
1102 return 0;
1103
1104 /* For following pointers from struct link_map, we will use an
1105 integrated memory access callback that can consult module text
1106 elided from the core file. This is necessary when the l_name
1107 pointer for the dynamic linker's own entry is a pointer into the
1108 executable's .interp section. */
1109 struct integrated_memory_callback mcb =
1110 {
1111 .memory_callback = memory_callback,
1112 .memory_callback_arg = memory_callback_arg
1113 };
1114
1115 /* Now we can follow the dynamic linker's library list. */
1116 return report_r_debug (elfclass, elfdata, dwfl, r_debug_vaddr,
1117 &integrated_memory_callback, &mcb, r_debug_info);
1118 }
1119 INTDEF (dwfl_link_map_report)
1120