1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <android/api-level.h> 30 #include <dlfcn.h> 31 #include <errno.h> 32 #include <fcntl.h> 33 #include <inttypes.h> 34 #include <pthread.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 #include <sys/mman.h> 39 #include <sys/param.h> 40 #include <sys/prctl.h> 41 #include <unistd.h> 42 43 #include <new> 44 #include <string> 45 #include <vector> 46 47 // Private C library headers. 48 #include "private/bionic_tls.h" 49 #include "private/KernelArgumentBlock.h" 50 #include "private/ScopedPthreadMutexLocker.h" 51 #include "private/ScopeGuard.h" 52 #include "private/UniquePtr.h" 53 54 #include "linker.h" 55 #include "linker_block_allocator.h" 56 #include "linker_debug.h" 57 #include "linker_sleb128.h" 58 #include "linker_phdr.h" 59 #include "linker_relocs.h" 60 #include "linker_reloc_iterators.h" 61 #include "ziparchive/zip_archive.h" 62 63 extern void __libc_init_AT_SECURE(KernelArgumentBlock&); 64 65 // Override macros to use C++ style casts. 66 #undef ELF_ST_TYPE 67 #define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 68 69 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 70 71 static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 72 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 73 74 static soinfo* solist; 75 static soinfo* sonext; 76 static soinfo* somain; // main process, always the one after libdl_info 77 78 static const char* const kDefaultLdPaths[] = { 79 #if defined(__LP64__) 80 "/vendor/lib64", 81 "/system/lib64", 82 #else 83 "/vendor/lib", 84 "/system/lib", 85 #endif 86 nullptr 87 }; 88 89 static const ElfW(Versym) kVersymNotNeeded = 0; 90 static const ElfW(Versym) kVersymGlobal = 1; 91 92 static std::vector<std::string> g_ld_library_paths; 93 static std::vector<std::string> g_ld_preload_names; 94 95 static std::vector<soinfo*> g_ld_preloads; 96 97 __LIBC_HIDDEN__ int g_ld_debug_verbosity; 98 99 __LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 100 101 #if STATS 102 struct linker_stats_t { 103 int count[kRelocMax]; 104 }; 105 106 static linker_stats_t linker_stats; 107 count_relocation(RelocationKind kind)108 void count_relocation(RelocationKind kind) { 109 ++linker_stats.count[kind]; 110 } 111 #else count_relocation(RelocationKind)112 void count_relocation(RelocationKind) { 113 } 114 #endif 115 116 #if COUNT_PAGES 117 uint32_t bitmask[4096]; 118 #endif 119 120 static char __linker_dl_err_buf[768]; 121 linker_get_error_buffer()122 char* linker_get_error_buffer() { 123 return &__linker_dl_err_buf[0]; 124 } 125 linker_get_error_buffer_size()126 size_t linker_get_error_buffer_size() { 127 return sizeof(__linker_dl_err_buf); 128 } 129 130 // This function is an empty stub where GDB locates a breakpoint to get notified 131 // about linker activity. 132 extern "C" 133 void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 134 135 static pthread_mutex_t g__r_debug_mutex = PTHREAD_MUTEX_INITIALIZER; 136 static r_debug _r_debug = 137 {1, nullptr, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 138 139 static link_map* r_debug_tail = 0; 140 insert_soinfo_into_debug_map(soinfo * info)141 static void insert_soinfo_into_debug_map(soinfo* info) { 142 // Copy the necessary fields into the debug structure. 143 link_map* map = &(info->link_map_head); 144 map->l_addr = info->load_bias; 145 // link_map l_name field is not const. 146 map->l_name = const_cast<char*>(info->get_realpath()); 147 map->l_ld = info->dynamic; 148 149 // Stick the new library at the end of the list. 150 // gdb tends to care more about libc than it does 151 // about leaf libraries, and ordering it this way 152 // reduces the back-and-forth over the wire. 153 if (r_debug_tail) { 154 r_debug_tail->l_next = map; 155 map->l_prev = r_debug_tail; 156 map->l_next = 0; 157 } else { 158 _r_debug.r_map = map; 159 map->l_prev = 0; 160 map->l_next = 0; 161 } 162 r_debug_tail = map; 163 } 164 remove_soinfo_from_debug_map(soinfo * info)165 static void remove_soinfo_from_debug_map(soinfo* info) { 166 link_map* map = &(info->link_map_head); 167 168 if (r_debug_tail == map) { 169 r_debug_tail = map->l_prev; 170 } 171 172 if (map->l_prev) { 173 map->l_prev->l_next = map->l_next; 174 } 175 if (map->l_next) { 176 map->l_next->l_prev = map->l_prev; 177 } 178 } 179 notify_gdb_of_load(soinfo * info)180 static void notify_gdb_of_load(soinfo* info) { 181 if (info->is_main_executable()) { 182 // GDB already knows about the main executable 183 return; 184 } 185 186 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 187 188 _r_debug.r_state = r_debug::RT_ADD; 189 rtld_db_dlactivity(); 190 191 insert_soinfo_into_debug_map(info); 192 193 _r_debug.r_state = r_debug::RT_CONSISTENT; 194 rtld_db_dlactivity(); 195 } 196 notify_gdb_of_unload(soinfo * info)197 static void notify_gdb_of_unload(soinfo* info) { 198 if (info->is_main_executable()) { 199 // GDB already knows about the main executable 200 return; 201 } 202 203 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 204 205 _r_debug.r_state = r_debug::RT_DELETE; 206 rtld_db_dlactivity(); 207 208 remove_soinfo_from_debug_map(info); 209 210 _r_debug.r_state = r_debug::RT_CONSISTENT; 211 rtld_db_dlactivity(); 212 } 213 notify_gdb_of_libraries()214 void notify_gdb_of_libraries() { 215 _r_debug.r_state = r_debug::RT_ADD; 216 rtld_db_dlactivity(); 217 _r_debug.r_state = r_debug::RT_CONSISTENT; 218 rtld_db_dlactivity(); 219 } 220 alloc()221 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 222 return g_soinfo_links_allocator.alloc(); 223 } 224 free(LinkedListEntry<soinfo> * entry)225 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 226 g_soinfo_links_allocator.free(entry); 227 } 228 soinfo_alloc(const char * name,struct stat * file_stat,off64_t file_offset,uint32_t rtld_flags)229 static soinfo* soinfo_alloc(const char* name, struct stat* file_stat, 230 off64_t file_offset, uint32_t rtld_flags) { 231 if (strlen(name) >= PATH_MAX) { 232 DL_ERR("library name \"%s\" too long", name); 233 return nullptr; 234 } 235 236 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(name, file_stat, file_offset, rtld_flags); 237 238 sonext->next = si; 239 sonext = si; 240 241 TRACE("name %s: allocated soinfo @ %p", name, si); 242 return si; 243 } 244 soinfo_free(soinfo * si)245 static void soinfo_free(soinfo* si) { 246 if (si == nullptr) { 247 return; 248 } 249 250 if (si->base != 0 && si->size != 0) { 251 munmap(reinterpret_cast<void*>(si->base), si->size); 252 } 253 254 soinfo *prev = nullptr, *trav; 255 256 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si); 257 258 for (trav = solist; trav != nullptr; trav = trav->next) { 259 if (trav == si) { 260 break; 261 } 262 prev = trav; 263 } 264 265 if (trav == nullptr) { 266 // si was not in solist 267 DL_ERR("name \"%s\"@%p is not in solist!", si->get_realpath(), si); 268 return; 269 } 270 271 // clear links to/from si 272 si->remove_all_links(); 273 274 // prev will never be null, because the first entry in solist is 275 // always the static libdl_info. 276 prev->next = si->next; 277 if (si == sonext) { 278 sonext = prev; 279 } 280 281 si->~soinfo(); 282 g_soinfo_allocator.free(si); 283 } 284 parse_path(const char * path,const char * delimiters,std::vector<std::string> * paths)285 static void parse_path(const char* path, const char* delimiters, 286 std::vector<std::string>* paths) { 287 if (path == nullptr) { 288 return; 289 } 290 291 paths->clear(); 292 293 for (const char *p = path; ; ++p) { 294 size_t len = strcspn(p, delimiters); 295 // skip empty tokens 296 if (len == 0) { 297 continue; 298 } 299 300 paths->push_back(std::string(p, len)); 301 p += len; 302 303 if (*p == '\0') { 304 break; 305 } 306 } 307 } 308 parse_LD_LIBRARY_PATH(const char * path)309 static void parse_LD_LIBRARY_PATH(const char* path) { 310 parse_path(path, ":", &g_ld_library_paths); 311 } 312 parse_LD_PRELOAD(const char * path)313 static void parse_LD_PRELOAD(const char* path) { 314 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 315 parse_path(path, " :", &g_ld_preload_names); 316 } 317 realpath_fd(int fd,std::string * realpath)318 static bool realpath_fd(int fd, std::string* realpath) { 319 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX); 320 snprintf(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd); 321 // set DUMPABLE to 1 to access /proc/self/fd 322 int dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0); 323 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); 324 auto guard = make_scope_guard([&]() { 325 // restore dumpable 326 prctl(PR_SET_DUMPABLE, dumpable, 0, 0, 0); 327 }); 328 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) { 329 PRINT("readlink('%s') failed: %s [fd=%d]", &proc_self_fd[0], strerror(errno), fd); 330 return false; 331 } 332 333 *realpath = std::string(&buf[0]); 334 return true; 335 } 336 337 #if defined(__arm__) 338 339 // For a given PC, find the .so that it belongs to. 340 // Returns the base address of the .ARM.exidx section 341 // for that .so, and the number of 8-byte entries 342 // in that section (via *pcount). 343 // 344 // Intended to be called by libc's __gnu_Unwind_Find_exidx(). 345 // 346 // This function is exposed via dlfcn.cpp and libdl.so. dl_unwind_find_exidx(_Unwind_Ptr pc,int * pcount)347 _Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 348 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 349 350 for (soinfo* si = solist; si != 0; si = si->next) { 351 if ((addr >= si->base) && (addr < (si->base + si->size))) { 352 *pcount = si->ARM_exidx_count; 353 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 354 } 355 } 356 *pcount = 0; 357 return nullptr; 358 } 359 360 #endif 361 362 // Here, we only have to provide a callback to iterate across all the 363 // loaded libraries. gcc_eh does the rest. do_dl_iterate_phdr(int (* cb)(dl_phdr_info * info,size_t size,void * data),void * data)364 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 365 int rv = 0; 366 for (soinfo* si = solist; si != nullptr; si = si->next) { 367 dl_phdr_info dl_info; 368 dl_info.dlpi_addr = si->link_map_head.l_addr; 369 dl_info.dlpi_name = si->link_map_head.l_name; 370 dl_info.dlpi_phdr = si->phdr; 371 dl_info.dlpi_phnum = si->phnum; 372 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 373 if (rv != 0) { 374 break; 375 } 376 } 377 return rv; 378 } 379 ElfW(Versym)380 const ElfW(Versym)* soinfo::get_versym(size_t n) const { 381 if (has_min_version(2) && versym_ != nullptr) { 382 return versym_ + n; 383 } 384 385 return nullptr; 386 } 387 ElfW(Addr)388 ElfW(Addr) soinfo::get_verneed_ptr() const { 389 if (has_min_version(2)) { 390 return verneed_ptr_; 391 } 392 393 return 0; 394 } 395 get_verneed_cnt() const396 size_t soinfo::get_verneed_cnt() const { 397 if (has_min_version(2)) { 398 return verneed_cnt_; 399 } 400 401 return 0; 402 } 403 ElfW(Addr)404 ElfW(Addr) soinfo::get_verdef_ptr() const { 405 if (has_min_version(2)) { 406 return verdef_ptr_; 407 } 408 409 return 0; 410 } 411 get_verdef_cnt() const412 size_t soinfo::get_verdef_cnt() const { 413 if (has_min_version(2)) { 414 return verdef_cnt_; 415 } 416 417 return 0; 418 } 419 420 template<typename F> for_each_verdef(const soinfo * si,F functor)421 static bool for_each_verdef(const soinfo* si, F functor) { 422 if (!si->has_min_version(2)) { 423 return true; 424 } 425 426 uintptr_t verdef_ptr = si->get_verdef_ptr(); 427 if (verdef_ptr == 0) { 428 return true; 429 } 430 431 size_t offset = 0; 432 433 size_t verdef_cnt = si->get_verdef_cnt(); 434 for (size_t i = 0; i<verdef_cnt; ++i) { 435 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset); 436 size_t verdaux_offset = offset + verdef->vd_aux; 437 offset += verdef->vd_next; 438 439 if (verdef->vd_version != 1) { 440 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s", 441 i, verdef->vd_version, si->get_realpath()); 442 return false; 443 } 444 445 if ((verdef->vd_flags & VER_FLG_BASE) != 0) { 446 // "this is the version of the file itself. It must not be used for 447 // matching a symbol. It can be used to match references." 448 // 449 // http://www.akkadia.org/drepper/symbol-versioning 450 continue; 451 } 452 453 if (verdef->vd_cnt == 0) { 454 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i); 455 return false; 456 } 457 458 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset); 459 460 if (functor(i, verdef, verdaux) == true) { 461 break; 462 } 463 } 464 465 return true; 466 } 467 find_verdef_version_index(const version_info * vi,ElfW (Versym)* versym) const468 bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const { 469 if (vi == nullptr) { 470 *versym = kVersymNotNeeded; 471 return true; 472 } 473 474 *versym = kVersymGlobal; 475 476 return for_each_verdef(this, 477 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 478 if (verdef->vd_hash == vi->elf_hash && 479 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) { 480 *versym = verdef->vd_ndx; 481 return true; 482 } 483 484 return false; 485 } 486 ); 487 } 488 find_symbol_by_name(SymbolName & symbol_name,const version_info * vi,const ElfW (Sym)** symbol) const489 bool soinfo::find_symbol_by_name(SymbolName& symbol_name, 490 const version_info* vi, 491 const ElfW(Sym)** symbol) const { 492 uint32_t symbol_index; 493 bool success = 494 is_gnu_hash() ? 495 gnu_lookup(symbol_name, vi, &symbol_index) : 496 elf_lookup(symbol_name, vi, &symbol_index); 497 498 if (success) { 499 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index; 500 } 501 502 return success; 503 } 504 is_symbol_global_and_defined(const soinfo * si,const ElfW (Sym)* s)505 static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 506 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 507 ELF_ST_BIND(s->st_info) == STB_WEAK) { 508 return s->st_shndx != SHN_UNDEF; 509 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 510 DL_WARN("unexpected ST_BIND value: %d for '%s' in '%s'", 511 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_realpath()); 512 } 513 514 return false; 515 } 516 517 static const ElfW(Versym) kVersymHiddenBit = 0x8000; 518 is_versym_hidden(const ElfW (Versym)* versym)519 static inline bool is_versym_hidden(const ElfW(Versym)* versym) { 520 // the symbol is hidden if bit 15 of versym is set. 521 return versym != nullptr && (*versym & kVersymHiddenBit) != 0; 522 } 523 check_symbol_version(const ElfW (Versym)verneed,const ElfW (Versym)* verdef)524 static inline bool check_symbol_version(const ElfW(Versym) verneed, 525 const ElfW(Versym)* verdef) { 526 return verneed == kVersymNotNeeded || 527 verdef == nullptr || 528 verneed == (*verdef & ~kVersymHiddenBit); 529 } 530 gnu_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const531 bool soinfo::gnu_lookup(SymbolName& symbol_name, 532 const version_info* vi, 533 uint32_t* symbol_index) const { 534 uint32_t hash = symbol_name.gnu_hash(); 535 uint32_t h2 = hash >> gnu_shift2_; 536 537 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 538 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 539 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 540 541 *symbol_index = 0; 542 543 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 544 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 545 546 // test against bloom filter 547 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 548 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 549 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 550 551 return true; 552 } 553 554 // bloom test says "probably yes"... 555 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 556 557 if (n == 0) { 558 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 559 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 560 561 return true; 562 } 563 564 // lookup versym for the version definition in this library 565 // note the difference between "version is not requested" (vi == nullptr) 566 // and "version not found". In the first case verneed is kVersymNotNeeded 567 // which implies that the default version can be accepted; the second case results in 568 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols 569 // for this library and consider only *global* ones. 570 ElfW(Versym) verneed = 0; 571 if (!find_verdef_version_index(vi, &verneed)) { 572 return false; 573 } 574 575 do { 576 ElfW(Sym)* s = symtab_ + n; 577 const ElfW(Versym)* verdef = get_versym(n); 578 // skip hidden versions when verneed == kVersymNotNeeded (0) 579 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 580 continue; 581 } 582 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 583 check_symbol_version(verneed, verdef) && 584 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 585 is_symbol_global_and_defined(this, s)) { 586 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 587 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(s->st_value), 588 static_cast<size_t>(s->st_size)); 589 *symbol_index = n; 590 return true; 591 } 592 } while ((gnu_chain_[n++] & 1) == 0); 593 594 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 595 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 596 597 return true; 598 } 599 elf_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const600 bool soinfo::elf_lookup(SymbolName& symbol_name, 601 const version_info* vi, 602 uint32_t* symbol_index) const { 603 uint32_t hash = symbol_name.elf_hash(); 604 605 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 606 symbol_name.get_name(), get_realpath(), 607 reinterpret_cast<void*>(base), hash, hash % nbucket_); 608 609 ElfW(Versym) verneed = 0; 610 if (!find_verdef_version_index(vi, &verneed)) { 611 return false; 612 } 613 614 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 615 ElfW(Sym)* s = symtab_ + n; 616 const ElfW(Versym)* verdef = get_versym(n); 617 618 // skip hidden versions when verneed == 0 619 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 620 continue; 621 } 622 623 if (check_symbol_version(verneed, verdef) && 624 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 625 is_symbol_global_and_defined(this, s)) { 626 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 627 symbol_name.get_name(), get_realpath(), 628 reinterpret_cast<void*>(s->st_value), 629 static_cast<size_t>(s->st_size)); 630 *symbol_index = n; 631 return true; 632 } 633 } 634 635 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 636 symbol_name.get_name(), get_realpath(), 637 reinterpret_cast<void*>(base), hash, hash % nbucket_); 638 639 *symbol_index = 0; 640 return true; 641 } 642 soinfo(const char * realpath,const struct stat * file_stat,off64_t file_offset,int rtld_flags)643 soinfo::soinfo(const char* realpath, const struct stat* file_stat, 644 off64_t file_offset, int rtld_flags) { 645 memset(this, 0, sizeof(*this)); 646 647 if (realpath != nullptr) { 648 realpath_ = realpath; 649 } 650 651 flags_ = FLAG_NEW_SOINFO; 652 version_ = SOINFO_VERSION; 653 654 if (file_stat != nullptr) { 655 this->st_dev_ = file_stat->st_dev; 656 this->st_ino_ = file_stat->st_ino; 657 this->file_offset_ = file_offset; 658 } 659 660 this->rtld_flags_ = rtld_flags; 661 } 662 663 elf_hash()664 uint32_t SymbolName::elf_hash() { 665 if (!has_elf_hash_) { 666 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 667 uint32_t h = 0, g; 668 669 while (*name) { 670 h = (h << 4) + *name++; 671 g = h & 0xf0000000; 672 h ^= g; 673 h ^= g >> 24; 674 } 675 676 elf_hash_ = h; 677 has_elf_hash_ = true; 678 } 679 680 return elf_hash_; 681 } 682 gnu_hash()683 uint32_t SymbolName::gnu_hash() { 684 if (!has_gnu_hash_) { 685 uint32_t h = 5381; 686 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 687 while (*name != 0) { 688 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 689 } 690 691 gnu_hash_ = h; 692 has_gnu_hash_ = true; 693 } 694 695 return gnu_hash_; 696 } 697 soinfo_do_lookup(soinfo * si_from,const char * name,const version_info * vi,soinfo ** si_found_in,const soinfo::soinfo_list_t & global_group,const soinfo::soinfo_list_t & local_group,const ElfW (Sym)** symbol)698 bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi, 699 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group, 700 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) { 701 SymbolName symbol_name(name); 702 const ElfW(Sym)* s = nullptr; 703 704 /* "This element's presence in a shared object library alters the dynamic linker's 705 * symbol resolution algorithm for references within the library. Instead of starting 706 * a symbol search with the executable file, the dynamic linker starts from the shared 707 * object itself. If the shared object fails to supply the referenced symbol, the 708 * dynamic linker then searches the executable file and other shared objects as usual." 709 * 710 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 711 * 712 * Note that this is unlikely since static linker avoids generating 713 * relocations for -Bsymbolic linked dynamic executables. 714 */ 715 if (si_from->has_DT_SYMBOLIC) { 716 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_realpath(), name); 717 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) { 718 return false; 719 } 720 721 if (s != nullptr) { 722 *si_found_in = si_from; 723 } 724 } 725 726 // 1. Look for it in global_group 727 if (s == nullptr) { 728 bool error = false; 729 global_group.visit([&](soinfo* global_si) { 730 DEBUG("%s: looking up %s in %s (from global group)", 731 si_from->get_realpath(), name, global_si->get_realpath()); 732 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) { 733 error = true; 734 return false; 735 } 736 737 if (s != nullptr) { 738 *si_found_in = global_si; 739 return false; 740 } 741 742 return true; 743 }); 744 745 if (error) { 746 return false; 747 } 748 } 749 750 // 2. Look for it in the local group 751 if (s == nullptr) { 752 bool error = false; 753 local_group.visit([&](soinfo* local_si) { 754 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 755 // we already did this - skip 756 return true; 757 } 758 759 DEBUG("%s: looking up %s in %s (from local group)", 760 si_from->get_realpath(), name, local_si->get_realpath()); 761 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) { 762 error = true; 763 return false; 764 } 765 766 if (s != nullptr) { 767 *si_found_in = local_si; 768 return false; 769 } 770 771 return true; 772 }); 773 774 if (error) { 775 return false; 776 } 777 } 778 779 if (s != nullptr) { 780 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 781 "found in %s, base = %p, load bias = %p", 782 si_from->get_realpath(), name, reinterpret_cast<void*>(s->st_value), 783 (*si_found_in)->get_realpath(), reinterpret_cast<void*>((*si_found_in)->base), 784 reinterpret_cast<void*>((*si_found_in)->load_bias)); 785 } 786 787 *symbol = s; 788 return true; 789 } 790 791 class ProtectedDataGuard { 792 public: ProtectedDataGuard()793 ProtectedDataGuard() { 794 if (ref_count_++ == 0) { 795 protect_data(PROT_READ | PROT_WRITE); 796 } 797 } 798 ~ProtectedDataGuard()799 ~ProtectedDataGuard() { 800 if (ref_count_ == 0) { // overflow 801 __libc_fatal("Too many nested calls to dlopen()"); 802 } 803 804 if (--ref_count_ == 0) { 805 protect_data(PROT_READ); 806 } 807 } 808 private: protect_data(int protection)809 void protect_data(int protection) { 810 g_soinfo_allocator.protect_all(protection); 811 g_soinfo_links_allocator.protect_all(protection); 812 } 813 814 static size_t ref_count_; 815 }; 816 817 size_t ProtectedDataGuard::ref_count_ = 0; 818 819 // Each size has it's own allocator. 820 template<size_t size> 821 class SizeBasedAllocator { 822 public: alloc()823 static void* alloc() { 824 return allocator_.alloc(); 825 } 826 free(void * ptr)827 static void free(void* ptr) { 828 allocator_.free(ptr); 829 } 830 831 private: 832 static LinkerBlockAllocator allocator_; 833 }; 834 835 template<size_t size> 836 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 837 838 template<typename T> 839 class TypeBasedAllocator { 840 public: alloc()841 static T* alloc() { 842 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 843 } 844 free(T * ptr)845 static void free(T* ptr) { 846 SizeBasedAllocator<sizeof(T)>::free(ptr); 847 } 848 }; 849 850 class LoadTask { 851 public: 852 struct deleter_t { operator ()LoadTask::deleter_t853 void operator()(LoadTask* t) { 854 TypeBasedAllocator<LoadTask>::free(t); 855 } 856 }; 857 858 typedef UniquePtr<LoadTask, deleter_t> unique_ptr; 859 860 static deleter_t deleter; 861 create(const char * name,soinfo * needed_by)862 static LoadTask* create(const char* name, soinfo* needed_by) { 863 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 864 return new (ptr) LoadTask(name, needed_by); 865 } 866 get_name() const867 const char* get_name() const { 868 return name_; 869 } 870 get_needed_by() const871 soinfo* get_needed_by() const { 872 return needed_by_; 873 } 874 private: LoadTask(const char * name,soinfo * needed_by)875 LoadTask(const char* name, soinfo* needed_by) 876 : name_(name), needed_by_(needed_by) {} 877 878 const char* name_; 879 soinfo* needed_by_; 880 881 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 882 }; 883 884 LoadTask::deleter_t LoadTask::deleter; 885 886 template <typename T> 887 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 888 889 typedef linked_list_t<soinfo> SoinfoLinkedList; 890 typedef linked_list_t<const char> StringLinkedList; 891 typedef linked_list_t<LoadTask> LoadTaskList; 892 893 894 // This function walks down the tree of soinfo dependencies 895 // in breadth-first order and 896 // * calls action(soinfo* si) for each node, and 897 // * terminates walk if action returns false. 898 // 899 // walk_dependencies_tree returns false if walk was terminated 900 // by the action and true otherwise. 901 template<typename F> walk_dependencies_tree(soinfo * root_soinfos[],size_t root_soinfos_size,F action)902 static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 903 SoinfoLinkedList visit_list; 904 SoinfoLinkedList visited; 905 906 for (size_t i = 0; i < root_soinfos_size; ++i) { 907 visit_list.push_back(root_soinfos[i]); 908 } 909 910 soinfo* si; 911 while ((si = visit_list.pop_front()) != nullptr) { 912 if (visited.contains(si)) { 913 continue; 914 } 915 916 if (!action(si)) { 917 return false; 918 } 919 920 visited.push_back(si); 921 922 si->get_children().for_each([&](soinfo* child) { 923 visit_list.push_back(child); 924 }); 925 } 926 927 return true; 928 } 929 930 ElfW(Sym)931 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* root, soinfo* skip_until, 932 soinfo** found, SymbolName& symbol_name) { 933 const ElfW(Sym)* result = nullptr; 934 bool skip_lookup = skip_until != nullptr; 935 936 walk_dependencies_tree(&root, 1, [&](soinfo* current_soinfo) { 937 if (skip_lookup) { 938 skip_lookup = current_soinfo != skip_until; 939 return true; 940 } 941 942 if (!current_soinfo->find_symbol_by_name(symbol_name, nullptr, &result)) { 943 result = nullptr; 944 return false; 945 } 946 947 if (result != nullptr) { 948 *found = current_soinfo; 949 return false; 950 } 951 952 return true; 953 }); 954 955 return result; 956 } 957 958 // This is used by dlsym(3). It performs symbol lookup only within the 959 // specified soinfo object and its dependencies in breadth first order. ElfW(Sym)960 const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, const char* name) { 961 // According to man dlopen(3) and posix docs in the case when si is handle 962 // of the main executable we need to search not only in the executable and its 963 // dependencies but also in all libraries loaded with RTLD_GLOBAL. 964 // 965 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared 966 // libraries and they are loaded in breath-first (correct) order we can just execute 967 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup. 968 if (si == somain) { 969 return dlsym_linear_lookup(name, found, nullptr, RTLD_DEFAULT); 970 } 971 972 SymbolName symbol_name(name); 973 return dlsym_handle_lookup(si, nullptr, found, symbol_name); 974 } 975 976 /* This is used by dlsym(3) to performs a global symbol lookup. If the 977 start value is null (for RTLD_DEFAULT), the search starts at the 978 beginning of the global solist. Otherwise the search starts at the 979 specified soinfo (for RTLD_NEXT). 980 */ ElfW(Sym)981 const ElfW(Sym)* dlsym_linear_lookup(const char* name, 982 soinfo** found, 983 soinfo* caller, 984 void* handle) { 985 SymbolName symbol_name(name); 986 987 soinfo* start = solist; 988 989 if (handle == RTLD_NEXT) { 990 if (caller == nullptr) { 991 return nullptr; 992 } else { 993 start = caller->next; 994 } 995 } 996 997 const ElfW(Sym)* s = nullptr; 998 for (soinfo* si = start; si != nullptr; si = si->next) { 999 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...) 1000 // if the library is opened by application with target api level <= 22 1001 // See http://b/21565766 1002 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() > 22) { 1003 continue; 1004 } 1005 1006 if (!si->find_symbol_by_name(symbol_name, nullptr, &s)) { 1007 return nullptr; 1008 } 1009 1010 if (s != nullptr) { 1011 *found = si; 1012 break; 1013 } 1014 } 1015 1016 // If not found - use dlsym_handle_lookup for caller's 1017 // local_group unless it is part of the global group in which 1018 // case we already did it. 1019 if (s == nullptr && caller != nullptr && 1020 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) { 1021 return dlsym_handle_lookup(caller->get_local_group_root(), 1022 (handle == RTLD_NEXT) ? caller : nullptr, found, symbol_name); 1023 } 1024 1025 if (s != nullptr) { 1026 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 1027 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 1028 } 1029 1030 return s; 1031 } 1032 find_containing_library(const void * p)1033 soinfo* find_containing_library(const void* p) { 1034 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 1035 for (soinfo* si = solist; si != nullptr; si = si->next) { 1036 if (address >= si->base && address - si->base < si->size) { 1037 return si; 1038 } 1039 } 1040 return nullptr; 1041 } 1042 ElfW(Sym)1043 ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 1044 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 1045 } 1046 symbol_matches_soaddr(const ElfW (Sym)* sym,ElfW (Addr)soaddr)1047 static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 1048 return sym->st_shndx != SHN_UNDEF && 1049 soaddr >= sym->st_value && 1050 soaddr < sym->st_value + sym->st_size; 1051 } 1052 ElfW(Sym)1053 ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 1054 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1055 1056 for (size_t i = 0; i < gnu_nbucket_; ++i) { 1057 uint32_t n = gnu_bucket_[i]; 1058 1059 if (n == 0) { 1060 continue; 1061 } 1062 1063 do { 1064 ElfW(Sym)* sym = symtab_ + n; 1065 if (symbol_matches_soaddr(sym, soaddr)) { 1066 return sym; 1067 } 1068 } while ((gnu_chain_[n++] & 1) == 0); 1069 } 1070 1071 return nullptr; 1072 } 1073 ElfW(Sym)1074 ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 1075 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1076 1077 // Search the library's symbol table for any defined symbol which 1078 // contains this address. 1079 for (size_t i = 0; i < nchain_; ++i) { 1080 ElfW(Sym)* sym = symtab_ + i; 1081 if (symbol_matches_soaddr(sym, soaddr)) { 1082 return sym; 1083 } 1084 } 1085 1086 return nullptr; 1087 } 1088 open_library_in_zipfile(const char * const path,off64_t * file_offset)1089 static int open_library_in_zipfile(const char* const path, 1090 off64_t* file_offset) { 1091 TRACE("Trying zip file open from path '%s'", path); 1092 1093 // Treat an '!/' separator inside a path as the separator between the name 1094 // of the zip file on disk and the subdirectory to search within it. 1095 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for 1096 // "bar/bas/x.so" within "foo.zip". 1097 const char* separator = strstr(path, "!/"); 1098 if (separator == nullptr) { 1099 return -1; 1100 } 1101 1102 char buf[512]; 1103 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) { 1104 PRINT("Warning: ignoring very long library path: %s", path); 1105 return -1; 1106 } 1107 1108 buf[separator - path] = '\0'; 1109 1110 const char* zip_path = buf; 1111 const char* file_path = &buf[separator - path + 2]; 1112 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1113 if (fd == -1) { 1114 return -1; 1115 } 1116 1117 ZipArchiveHandle handle; 1118 if (OpenArchiveFd(fd, "", &handle, false) != 0) { 1119 // invalid zip-file (?) 1120 close(fd); 1121 return -1; 1122 } 1123 1124 auto archive_guard = make_scope_guard([&]() { 1125 CloseArchive(handle); 1126 }); 1127 1128 ZipEntry entry; 1129 1130 if (FindEntry(handle, ZipEntryName(file_path), &entry) != 0) { 1131 // Entry was not found. 1132 close(fd); 1133 return -1; 1134 } 1135 1136 // Check if it is properly stored 1137 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) { 1138 close(fd); 1139 return -1; 1140 } 1141 1142 *file_offset = entry.offset; 1143 return fd; 1144 } 1145 format_path(char * buf,size_t buf_size,const char * path,const char * name)1146 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) { 1147 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name); 1148 if (n < 0 || n >= static_cast<int>(buf_size)) { 1149 PRINT("Warning: ignoring very long library path: %s/%s", path, name); 1150 return false; 1151 } 1152 1153 return true; 1154 } 1155 open_library_on_default_path(const char * name,off64_t * file_offset)1156 static int open_library_on_default_path(const char* name, off64_t* file_offset) { 1157 for (size_t i = 0; kDefaultLdPaths[i] != nullptr; ++i) { 1158 char buf[512]; 1159 if (!format_path(buf, sizeof(buf), kDefaultLdPaths[i], name)) { 1160 continue; 1161 } 1162 1163 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1164 if (fd != -1) { 1165 *file_offset = 0; 1166 return fd; 1167 } 1168 } 1169 1170 return -1; 1171 } 1172 open_library_on_ld_library_path(const char * name,off64_t * file_offset)1173 static int open_library_on_ld_library_path(const char* name, off64_t* file_offset) { 1174 for (const auto& path_str : g_ld_library_paths) { 1175 char buf[512]; 1176 const char* const path = path_str.c_str(); 1177 if (!format_path(buf, sizeof(buf), path, name)) { 1178 continue; 1179 } 1180 1181 int fd = -1; 1182 if (strchr(buf, '!') != nullptr) { 1183 fd = open_library_in_zipfile(buf, file_offset); 1184 } 1185 1186 if (fd == -1) { 1187 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1188 if (fd != -1) { 1189 *file_offset = 0; 1190 } 1191 } 1192 1193 if (fd != -1) { 1194 return fd; 1195 } 1196 } 1197 1198 return -1; 1199 } 1200 open_library(const char * name,off64_t * file_offset)1201 static int open_library(const char* name, off64_t* file_offset) { 1202 TRACE("[ opening %s ]", name); 1203 1204 // If the name contains a slash, we should attempt to open it directly and not search the paths. 1205 if (strchr(name, '/') != nullptr) { 1206 if (strchr(name, '!') != nullptr) { 1207 int fd = open_library_in_zipfile(name, file_offset); 1208 if (fd != -1) { 1209 return fd; 1210 } 1211 } 1212 1213 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 1214 if (fd != -1) { 1215 *file_offset = 0; 1216 } 1217 return fd; 1218 } 1219 1220 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 1221 int fd = open_library_on_ld_library_path(name, file_offset); 1222 if (fd == -1) { 1223 fd = open_library_on_default_path(name, file_offset); 1224 } 1225 return fd; 1226 } 1227 fix_dt_needed(const char * dt_needed,const char * sopath __unused)1228 static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) { 1229 #if !defined(__LP64__) 1230 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029 1231 if (get_application_target_sdk_version() <= 22) { 1232 const char* bname = basename(dt_needed); 1233 if (bname != dt_needed) { 1234 DL_WARN("'%s' library has invalid DT_NEEDED entry '%s'", sopath, dt_needed); 1235 } 1236 1237 return bname; 1238 } 1239 #endif 1240 return dt_needed; 1241 } 1242 1243 template<typename F> for_each_dt_needed(const soinfo * si,F action)1244 static void for_each_dt_needed(const soinfo* si, F action) { 1245 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1246 if (d->d_tag == DT_NEEDED) { 1247 action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath())); 1248 } 1249 } 1250 } 1251 load_library(int fd,off64_t file_offset,LoadTaskList & load_tasks,const char * name,int rtld_flags,const android_dlextinfo * extinfo)1252 static soinfo* load_library(int fd, off64_t file_offset, 1253 LoadTaskList& load_tasks, 1254 const char* name, int rtld_flags, 1255 const android_dlextinfo* extinfo) { 1256 if ((file_offset % PAGE_SIZE) != 0) { 1257 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 1258 return nullptr; 1259 } 1260 if (file_offset < 0) { 1261 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 1262 return nullptr; 1263 } 1264 1265 struct stat file_stat; 1266 if (TEMP_FAILURE_RETRY(fstat(fd, &file_stat)) != 0) { 1267 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 1268 return nullptr; 1269 } 1270 if (file_offset >= file_stat.st_size) { 1271 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, 1272 name, file_offset, file_stat.st_size); 1273 return nullptr; 1274 } 1275 1276 // Check for symlink and other situations where 1277 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set 1278 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) { 1279 for (soinfo* si = solist; si != nullptr; si = si->next) { 1280 if (si->get_st_dev() != 0 && 1281 si->get_st_ino() != 0 && 1282 si->get_st_dev() == file_stat.st_dev && 1283 si->get_st_ino() == file_stat.st_ino && 1284 si->get_file_offset() == file_offset) { 1285 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - " 1286 "will return existing soinfo", name, si->get_realpath()); 1287 return si; 1288 } 1289 } 1290 } 1291 1292 if ((rtld_flags & RTLD_NOLOAD) != 0) { 1293 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 1294 return nullptr; 1295 } 1296 1297 std::string realpath = name; 1298 if (!realpath_fd(fd, &realpath)) { 1299 PRINT("warning: unable to get realpath for the library \"%s\". Will use given name.", name); 1300 realpath = name; 1301 } 1302 1303 // Read the ELF header and load the segments. 1304 ElfReader elf_reader(realpath.c_str(), fd, file_offset, file_stat.st_size); 1305 if (!elf_reader.Load(extinfo)) { 1306 return nullptr; 1307 } 1308 1309 soinfo* si = soinfo_alloc(realpath.c_str(), &file_stat, file_offset, rtld_flags); 1310 if (si == nullptr) { 1311 return nullptr; 1312 } 1313 si->base = elf_reader.load_start(); 1314 si->size = elf_reader.load_size(); 1315 si->load_bias = elf_reader.load_bias(); 1316 si->phnum = elf_reader.phdr_count(); 1317 si->phdr = elf_reader.loaded_phdr(); 1318 1319 if (!si->prelink_image()) { 1320 soinfo_free(si); 1321 return nullptr; 1322 } 1323 1324 for_each_dt_needed(si, [&] (const char* name) { 1325 load_tasks.push_back(LoadTask::create(name, si)); 1326 }); 1327 1328 return si; 1329 } 1330 load_library(LoadTaskList & load_tasks,const char * name,int rtld_flags,const android_dlextinfo * extinfo)1331 static soinfo* load_library(LoadTaskList& load_tasks, 1332 const char* name, int rtld_flags, 1333 const android_dlextinfo* extinfo) { 1334 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 1335 off64_t file_offset = 0; 1336 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1337 file_offset = extinfo->library_fd_offset; 1338 } 1339 return load_library(extinfo->library_fd, file_offset, load_tasks, name, rtld_flags, extinfo); 1340 } 1341 1342 // Open the file. 1343 off64_t file_offset; 1344 int fd = open_library(name, &file_offset); 1345 if (fd == -1) { 1346 DL_ERR("library \"%s\" not found", name); 1347 return nullptr; 1348 } 1349 soinfo* result = load_library(fd, file_offset, load_tasks, name, rtld_flags, extinfo); 1350 close(fd); 1351 return result; 1352 } 1353 1354 // Returns true if library was found and false in 2 cases 1355 // 1. The library was found but loaded under different target_sdk_version 1356 // (*candidate != nullptr) 1357 // 2. The library was not found by soname (*candidate is nullptr) find_loaded_library_by_soname(const char * name,soinfo ** candidate)1358 static bool find_loaded_library_by_soname(const char* name, soinfo** candidate) { 1359 *candidate = nullptr; 1360 1361 // Ignore filename with path. 1362 if (strchr(name, '/') != nullptr) { 1363 return false; 1364 } 1365 1366 uint32_t target_sdk_version = get_application_target_sdk_version(); 1367 1368 for (soinfo* si = solist; si != nullptr; si = si->next) { 1369 const char* soname = si->get_soname(); 1370 if (soname != nullptr && (strcmp(name, soname) == 0)) { 1371 // If the library was opened under different target sdk version 1372 // skip this step and try to reopen it. The exceptions are 1373 // "libdl.so" and global group. There is no point in skipping 1374 // them because relocation process is going to use them 1375 // in any case. 1376 bool is_libdl = si == solist; 1377 if (is_libdl || (si->get_dt_flags_1() & DF_1_GLOBAL) != 0 || 1378 !si->is_linked() || si->get_target_sdk_version() == target_sdk_version) { 1379 *candidate = si; 1380 return true; 1381 } else if (*candidate == nullptr) { 1382 // for the different sdk version - remember the first library. 1383 *candidate = si; 1384 } 1385 } 1386 } 1387 1388 return false; 1389 } 1390 find_library_internal(LoadTaskList & load_tasks,const char * name,int rtld_flags,const android_dlextinfo * extinfo)1391 static soinfo* find_library_internal(LoadTaskList& load_tasks, const char* name, 1392 int rtld_flags, const android_dlextinfo* extinfo) { 1393 soinfo* candidate; 1394 1395 if (find_loaded_library_by_soname(name, &candidate)) { 1396 return candidate; 1397 } 1398 1399 // Library might still be loaded, the accurate detection 1400 // of this fact is done by load_library. 1401 TRACE("[ '%s' find_loaded_library_by_soname returned false (*candidate=%s@%p). Trying harder...]", 1402 name, candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate); 1403 1404 soinfo* si = load_library(load_tasks, name, rtld_flags, extinfo); 1405 1406 // In case we were unable to load the library but there 1407 // is a candidate loaded under the same soname but different 1408 // sdk level - return it anyways. 1409 if (si == nullptr && candidate != nullptr) { 1410 si = candidate; 1411 } 1412 1413 return si; 1414 } 1415 1416 static void soinfo_unload(soinfo* si); 1417 1418 // TODO: this is slightly unusual way to construct 1419 // the global group for relocation. Not every RTLD_GLOBAL 1420 // library is included in this group for backwards-compatibility 1421 // reasons. 1422 // 1423 // This group consists of the main executable, LD_PRELOADs 1424 // and libraries with the DF_1_GLOBAL flag set. make_global_group()1425 static soinfo::soinfo_list_t make_global_group() { 1426 soinfo::soinfo_list_t global_group; 1427 for (soinfo* si = somain; si != nullptr; si = si->next) { 1428 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1429 global_group.push_back(si); 1430 } 1431 } 1432 1433 return global_group; 1434 } 1435 find_libraries(soinfo * start_with,const char * const library_names[],size_t library_names_count,soinfo * soinfos[],std::vector<soinfo * > * ld_preloads,size_t ld_preloads_count,int rtld_flags,const android_dlextinfo * extinfo)1436 static bool find_libraries(soinfo* start_with, const char* const library_names[], 1437 size_t library_names_count, soinfo* soinfos[], std::vector<soinfo*>* ld_preloads, 1438 size_t ld_preloads_count, int rtld_flags, const android_dlextinfo* extinfo) { 1439 // Step 0: prepare. 1440 LoadTaskList load_tasks; 1441 for (size_t i = 0; i < library_names_count; ++i) { 1442 const char* name = library_names[i]; 1443 load_tasks.push_back(LoadTask::create(name, start_with)); 1444 } 1445 1446 // Construct global_group. 1447 soinfo::soinfo_list_t global_group = make_global_group(); 1448 1449 // If soinfos array is null allocate one on stack. 1450 // The array is needed in case of failure; for example 1451 // when library_names[] = {libone.so, libtwo.so} and libone.so 1452 // is loaded correctly but libtwo.so failed for some reason. 1453 // In this case libone.so should be unloaded on return. 1454 // See also implementation of failure_guard below. 1455 1456 if (soinfos == nullptr) { 1457 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 1458 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 1459 memset(soinfos, 0, soinfos_size); 1460 } 1461 1462 // list of libraries to link - see step 2. 1463 size_t soinfos_count = 0; 1464 1465 auto failure_guard = make_scope_guard([&]() { 1466 // Housekeeping 1467 load_tasks.for_each([] (LoadTask* t) { 1468 LoadTask::deleter(t); 1469 }); 1470 1471 for (size_t i = 0; i<soinfos_count; ++i) { 1472 soinfo_unload(soinfos[i]); 1473 } 1474 }); 1475 1476 // Step 1: load and pre-link all DT_NEEDED libraries in breadth first order. 1477 for (LoadTask::unique_ptr task(load_tasks.pop_front()); 1478 task.get() != nullptr; task.reset(load_tasks.pop_front())) { 1479 soinfo* needed_by = task->get_needed_by(); 1480 1481 soinfo* si = find_library_internal(load_tasks, task->get_name(), 1482 rtld_flags, needed_by == nullptr ? extinfo : nullptr); 1483 if (si == nullptr) { 1484 return false; 1485 } 1486 1487 if (needed_by != nullptr) { 1488 needed_by->add_child(si); 1489 } 1490 1491 if (si->is_linked()) { 1492 si->increment_ref_count(); 1493 } 1494 1495 // When ld_preloads is not null, the first 1496 // ld_preloads_count libs are in fact ld_preloads. 1497 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 1498 // Add LD_PRELOADed libraries to the global group for future runs. 1499 // There is no need to explicitly add them to the global group 1500 // for this run because they are going to appear in the local 1501 // group in the correct order. 1502 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 1503 ld_preloads->push_back(si); 1504 } 1505 1506 if (soinfos_count < library_names_count) { 1507 soinfos[soinfos_count++] = si; 1508 } 1509 } 1510 1511 // Step 2: link libraries. 1512 soinfo::soinfo_list_t local_group; 1513 walk_dependencies_tree( 1514 start_with == nullptr ? soinfos : &start_with, 1515 start_with == nullptr ? soinfos_count : 1, 1516 [&] (soinfo* si) { 1517 local_group.push_back(si); 1518 return true; 1519 }); 1520 1521 // We need to increment ref_count in case 1522 // the root of the local group was not linked. 1523 bool was_local_group_root_linked = local_group.front()->is_linked(); 1524 1525 bool linked = local_group.visit([&](soinfo* si) { 1526 if (!si->is_linked()) { 1527 if (!si->link_image(global_group, local_group, extinfo)) { 1528 return false; 1529 } 1530 si->set_linked(); 1531 } 1532 1533 return true; 1534 }); 1535 1536 if (linked) { 1537 failure_guard.disable(); 1538 } 1539 1540 if (!was_local_group_root_linked) { 1541 local_group.front()->increment_ref_count(); 1542 } 1543 1544 return linked; 1545 } 1546 find_library(const char * name,int rtld_flags,const android_dlextinfo * extinfo)1547 static soinfo* find_library(const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 1548 soinfo* si; 1549 1550 if (name == nullptr) { 1551 si = somain; 1552 } else if (!find_libraries(nullptr, &name, 1, &si, nullptr, 0, rtld_flags, extinfo)) { 1553 return nullptr; 1554 } 1555 1556 return si; 1557 } 1558 soinfo_unload(soinfo * root)1559 static void soinfo_unload(soinfo* root) { 1560 // Note that the library can be loaded but not linked; 1561 // in which case there is no root but we still need 1562 // to walk the tree and unload soinfos involved. 1563 // 1564 // This happens on unsuccessful dlopen, when one of 1565 // the DT_NEEDED libraries could not be linked/found. 1566 if (root->is_linked()) { 1567 root = root->get_local_group_root(); 1568 } 1569 1570 if (!root->can_unload()) { 1571 TRACE("not unloading '%s' - the binary is flagged with NODELETE", root->get_realpath()); 1572 return; 1573 } 1574 1575 size_t ref_count = root->is_linked() ? root->decrement_ref_count() : 0; 1576 1577 if (ref_count == 0) { 1578 soinfo::soinfo_list_t local_unload_list; 1579 soinfo::soinfo_list_t external_unload_list; 1580 soinfo::soinfo_list_t depth_first_list; 1581 depth_first_list.push_back(root); 1582 soinfo* si = nullptr; 1583 1584 while ((si = depth_first_list.pop_front()) != nullptr) { 1585 if (local_unload_list.contains(si)) { 1586 continue; 1587 } 1588 1589 local_unload_list.push_back(si); 1590 1591 if (si->has_min_version(0)) { 1592 soinfo* child = nullptr; 1593 while ((child = si->get_children().pop_front()) != nullptr) { 1594 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si, 1595 child->get_realpath(), child); 1596 1597 if (local_unload_list.contains(child)) { 1598 continue; 1599 } else if (child->is_linked() && child->get_local_group_root() != root) { 1600 external_unload_list.push_back(child); 1601 } else { 1602 depth_first_list.push_front(child); 1603 } 1604 } 1605 } else { 1606 #if !defined(__work_around_b_19059885__) 1607 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 1608 #else 1609 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 1610 for_each_dt_needed(si, [&] (const char* library_name) { 1611 TRACE("deprecated (old format of soinfo): %s needs to unload %s", 1612 si->get_realpath(), library_name); 1613 1614 soinfo* needed = find_library(library_name, RTLD_NOLOAD, nullptr); 1615 if (needed != nullptr) { 1616 // Not found: for example if symlink was deleted between dlopen and dlclose 1617 // Since we cannot really handle errors at this point - print and continue. 1618 PRINT("warning: couldn't find %s needed by %s on unload.", 1619 library_name, si->get_realpath()); 1620 return; 1621 } else if (local_unload_list.contains(needed)) { 1622 // already visited 1623 return; 1624 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 1625 // external group 1626 external_unload_list.push_back(needed); 1627 } else { 1628 // local group 1629 depth_first_list.push_front(needed); 1630 } 1631 }); 1632 #endif 1633 } 1634 } 1635 1636 local_unload_list.for_each([](soinfo* si) { 1637 si->call_destructors(); 1638 }); 1639 1640 while ((si = local_unload_list.pop_front()) != nullptr) { 1641 notify_gdb_of_unload(si); 1642 soinfo_free(si); 1643 } 1644 1645 while ((si = external_unload_list.pop_front()) != nullptr) { 1646 soinfo_unload(si); 1647 } 1648 } else { 1649 TRACE("not unloading '%s' group, decrementing ref_count to %zd", 1650 root->get_realpath(), ref_count); 1651 } 1652 } 1653 do_android_get_LD_LIBRARY_PATH(char * buffer,size_t buffer_size)1654 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 1655 // Use basic string manipulation calls to avoid snprintf. 1656 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 1657 // When debug malloc is enabled, this call returns 0. This in turn causes 1658 // snprintf to do nothing, which causes libraries to fail to load. 1659 // See b/17302493 for further details. 1660 // Once the above bug is fixed, this code can be modified to use 1661 // snprintf again. 1662 size_t required_len = strlen(kDefaultLdPaths[0]) + strlen(kDefaultLdPaths[1]) + 2; 1663 if (buffer_size < required_len) { 1664 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: " 1665 "buffer len %zu, required len %zu", buffer_size, required_len); 1666 } 1667 char* end = stpcpy(buffer, kDefaultLdPaths[0]); 1668 *end = ':'; 1669 strcpy(end + 1, kDefaultLdPaths[1]); 1670 } 1671 do_android_update_LD_LIBRARY_PATH(const char * ld_library_path)1672 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 1673 parse_LD_LIBRARY_PATH(ld_library_path); 1674 } 1675 do_dlopen(const char * name,int flags,const android_dlextinfo * extinfo)1676 soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 1677 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 1678 DL_ERR("invalid flags to dlopen: %x", flags); 1679 return nullptr; 1680 } 1681 if (extinfo != nullptr) { 1682 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 1683 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 1684 return nullptr; 1685 } 1686 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 1687 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1688 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without " 1689 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 1690 return nullptr; 1691 } 1692 } 1693 1694 ProtectedDataGuard guard; 1695 soinfo* si = find_library(name, flags, extinfo); 1696 if (si != nullptr) { 1697 si->call_constructors(); 1698 } 1699 return si; 1700 } 1701 do_dlclose(soinfo * si)1702 void do_dlclose(soinfo* si) { 1703 ProtectedDataGuard guard; 1704 soinfo_unload(si); 1705 } 1706 call_ifunc_resolver(ElfW (Addr)resolver_addr)1707 static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 1708 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 1709 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 1710 ElfW(Addr) ifunc_addr = ifunc_resolver(); 1711 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", 1712 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 1713 1714 return ifunc_addr; 1715 } 1716 get_version_info(ElfW (Versym)source_symver) const1717 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const { 1718 if (source_symver < 2 || 1719 source_symver >= version_infos.size() || 1720 version_infos[source_symver].name == nullptr) { 1721 return nullptr; 1722 } 1723 1724 return &version_infos[source_symver]; 1725 } 1726 add_version_info(size_t source_index,ElfW (Word)elf_hash,const char * ver_name,const soinfo * target_si)1727 void VersionTracker::add_version_info(size_t source_index, 1728 ElfW(Word) elf_hash, 1729 const char* ver_name, 1730 const soinfo* target_si) { 1731 if (source_index >= version_infos.size()) { 1732 version_infos.resize(source_index+1); 1733 } 1734 1735 version_infos[source_index].elf_hash = elf_hash; 1736 version_infos[source_index].name = ver_name; 1737 version_infos[source_index].target_si = target_si; 1738 } 1739 init_verneed(const soinfo * si_from)1740 bool VersionTracker::init_verneed(const soinfo* si_from) { 1741 uintptr_t verneed_ptr = si_from->get_verneed_ptr(); 1742 1743 if (verneed_ptr == 0) { 1744 return true; 1745 } 1746 1747 size_t verneed_cnt = si_from->get_verneed_cnt(); 1748 1749 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) { 1750 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset); 1751 size_t vernaux_offset = offset + verneed->vn_aux; 1752 offset += verneed->vn_next; 1753 1754 if (verneed->vn_version != 1) { 1755 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version); 1756 return false; 1757 } 1758 1759 const char* target_soname = si_from->get_string(verneed->vn_file); 1760 // find it in dependencies 1761 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) { 1762 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0; 1763 }); 1764 1765 if (target_si == nullptr) { 1766 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"", 1767 target_soname, i, si_from->get_realpath()); 1768 return false; 1769 } 1770 1771 for (size_t j = 0; j<verneed->vn_cnt; ++j) { 1772 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset); 1773 vernaux_offset += vernaux->vna_next; 1774 1775 const ElfW(Word) elf_hash = vernaux->vna_hash; 1776 const char* ver_name = si_from->get_string(vernaux->vna_name); 1777 ElfW(Half) source_index = vernaux->vna_other; 1778 1779 add_version_info(source_index, elf_hash, ver_name, target_si); 1780 } 1781 } 1782 1783 return true; 1784 } 1785 init_verdef(const soinfo * si_from)1786 bool VersionTracker::init_verdef(const soinfo* si_from) { 1787 return for_each_verdef(si_from, 1788 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 1789 add_version_info(verdef->vd_ndx, verdef->vd_hash, 1790 si_from->get_string(verdaux->vda_name), si_from); 1791 return false; 1792 } 1793 ); 1794 } 1795 init(const soinfo * si_from)1796 bool VersionTracker::init(const soinfo* si_from) { 1797 if (!si_from->has_min_version(2)) { 1798 return true; 1799 } 1800 1801 return init_verneed(si_from) && init_verdef(si_from); 1802 } 1803 lookup_version_info(const VersionTracker & version_tracker,ElfW (Word)sym,const char * sym_name,const version_info ** vi)1804 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym, 1805 const char* sym_name, const version_info** vi) { 1806 const ElfW(Versym)* sym_ver_ptr = get_versym(sym); 1807 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr; 1808 1809 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) { 1810 *vi = version_tracker.get_version_info(sym_ver); 1811 1812 if (*vi == nullptr) { 1813 DL_ERR("cannot find verneed/verdef for version index=%d " 1814 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath()); 1815 return false; 1816 } 1817 } else { 1818 // there is no version info 1819 *vi = nullptr; 1820 } 1821 1822 return true; 1823 } 1824 1825 #if !defined(__mips__) 1826 #if defined(USE_RELA) get_addend(ElfW (Rela)* rela,ElfW (Addr)reloc_addr __unused)1827 static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 1828 return rela->r_addend; 1829 } 1830 #else get_addend(ElfW (Rel)* rel,ElfW (Addr)reloc_addr)1831 static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 1832 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || 1833 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 1834 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 1835 } 1836 return 0; 1837 } 1838 #endif 1839 1840 template<typename ElfRelIteratorT> relocate(const VersionTracker & version_tracker,ElfRelIteratorT && rel_iterator,const soinfo_list_t & global_group,const soinfo_list_t & local_group)1841 bool soinfo::relocate(const VersionTracker& version_tracker, ElfRelIteratorT&& rel_iterator, 1842 const soinfo_list_t& global_group, const soinfo_list_t& local_group) { 1843 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 1844 const auto rel = rel_iterator.next(); 1845 if (rel == nullptr) { 1846 return false; 1847 } 1848 1849 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 1850 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 1851 1852 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 1853 ElfW(Addr) sym_addr = 0; 1854 const char* sym_name = nullptr; 1855 ElfW(Addr) addend = get_addend(rel, reloc); 1856 1857 DEBUG("Processing '%s' relocation at index %zd", get_realpath(), idx); 1858 if (type == R_GENERIC_NONE) { 1859 continue; 1860 } 1861 1862 const ElfW(Sym)* s = nullptr; 1863 soinfo* lsi = nullptr; 1864 1865 if (sym != 0) { 1866 sym_name = get_string(symtab_[sym].st_name); 1867 const version_info* vi = nullptr; 1868 1869 if (!lookup_version_info(version_tracker, sym, sym_name, &vi)) { 1870 return false; 1871 } 1872 1873 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) { 1874 return false; 1875 } 1876 1877 if (s == nullptr) { 1878 // We only allow an undefined symbol if this is a weak reference... 1879 s = &symtab_[sym]; 1880 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1881 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_realpath()); 1882 return false; 1883 } 1884 1885 /* IHI0044C AAELF 4.5.1.1: 1886 1887 Libraries are not searched to resolve weak references. 1888 It is not an error for a weak reference to remain unsatisfied. 1889 1890 During linking, the value of an undefined weak reference is: 1891 - Zero if the relocation type is absolute 1892 - The address of the place if the relocation is pc-relative 1893 - The address of nominal base address if the relocation 1894 type is base-relative. 1895 */ 1896 1897 switch (type) { 1898 case R_GENERIC_JUMP_SLOT: 1899 case R_GENERIC_GLOB_DAT: 1900 case R_GENERIC_RELATIVE: 1901 case R_GENERIC_IRELATIVE: 1902 #if defined(__aarch64__) 1903 case R_AARCH64_ABS64: 1904 case R_AARCH64_ABS32: 1905 case R_AARCH64_ABS16: 1906 #elif defined(__x86_64__) 1907 case R_X86_64_32: 1908 case R_X86_64_64: 1909 #elif defined(__arm__) 1910 case R_ARM_ABS32: 1911 #elif defined(__i386__) 1912 case R_386_32: 1913 #endif 1914 /* 1915 * The sym_addr was initialized to be zero above, or the relocation 1916 * code below does not care about value of sym_addr. 1917 * No need to do anything. 1918 */ 1919 break; 1920 #if defined(__x86_64__) 1921 case R_X86_64_PC32: 1922 sym_addr = reloc; 1923 break; 1924 #elif defined(__i386__) 1925 case R_386_PC32: 1926 sym_addr = reloc; 1927 break; 1928 #endif 1929 default: 1930 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1931 return false; 1932 } 1933 } else { // We got a definition. 1934 #if !defined(__LP64__) 1935 // When relocating dso with text_relocation .text segment is 1936 // not executable. We need to restore elf flags before resolving 1937 // STT_GNU_IFUNC symbol. 1938 bool protect_segments = has_text_relocations && 1939 lsi == this && 1940 ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC; 1941 if (protect_segments) { 1942 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 1943 DL_ERR("can't protect segments for \"%s\": %s", 1944 get_realpath(), strerror(errno)); 1945 return false; 1946 } 1947 } 1948 #endif 1949 sym_addr = lsi->resolve_symbol_address(s); 1950 #if !defined(__LP64__) 1951 if (protect_segments) { 1952 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 1953 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1954 get_realpath(), strerror(errno)); 1955 return false; 1956 } 1957 } 1958 #endif 1959 } 1960 count_relocation(kRelocSymbol); 1961 } 1962 1963 switch (type) { 1964 case R_GENERIC_JUMP_SLOT: 1965 count_relocation(kRelocAbsolute); 1966 MARK(rel->r_offset); 1967 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 1968 reinterpret_cast<void*>(reloc), 1969 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1970 1971 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1972 break; 1973 case R_GENERIC_GLOB_DAT: 1974 count_relocation(kRelocAbsolute); 1975 MARK(rel->r_offset); 1976 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 1977 reinterpret_cast<void*>(reloc), 1978 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1979 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1980 break; 1981 case R_GENERIC_RELATIVE: 1982 count_relocation(kRelocRelative); 1983 MARK(rel->r_offset); 1984 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 1985 reinterpret_cast<void*>(reloc), 1986 reinterpret_cast<void*>(load_bias + addend)); 1987 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 1988 break; 1989 case R_GENERIC_IRELATIVE: 1990 count_relocation(kRelocRelative); 1991 MARK(rel->r_offset); 1992 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 1993 reinterpret_cast<void*>(reloc), 1994 reinterpret_cast<void*>(load_bias + addend)); 1995 { 1996 #if !defined(__LP64__) 1997 // When relocating dso with text_relocation .text segment is 1998 // not executable. We need to restore elf flags for this 1999 // particular call. 2000 if (has_text_relocations) { 2001 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2002 DL_ERR("can't protect segments for \"%s\": %s", 2003 get_realpath(), strerror(errno)); 2004 return false; 2005 } 2006 } 2007 #endif 2008 ElfW(Addr) ifunc_addr = call_ifunc_resolver(load_bias + addend); 2009 #if !defined(__LP64__) 2010 // Unprotect it afterwards... 2011 if (has_text_relocations) { 2012 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2013 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2014 get_realpath(), strerror(errno)); 2015 return false; 2016 } 2017 } 2018 #endif 2019 *reinterpret_cast<ElfW(Addr)*>(reloc) = ifunc_addr; 2020 } 2021 break; 2022 2023 #if defined(__aarch64__) 2024 case R_AARCH64_ABS64: 2025 count_relocation(kRelocAbsolute); 2026 MARK(rel->r_offset); 2027 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 2028 reloc, (sym_addr + addend), sym_name); 2029 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2030 break; 2031 case R_AARCH64_ABS32: 2032 count_relocation(kRelocAbsolute); 2033 MARK(rel->r_offset); 2034 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 2035 reloc, (sym_addr + addend), sym_name); 2036 { 2037 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2038 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2039 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2040 if ((min_value <= (reloc_value + (sym_addr + addend))) && 2041 ((reloc_value + (sym_addr + addend)) <= max_value)) { 2042 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2043 } else { 2044 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2045 (reloc_value + (sym_addr + addend)), min_value, max_value); 2046 return false; 2047 } 2048 } 2049 break; 2050 case R_AARCH64_ABS16: 2051 count_relocation(kRelocAbsolute); 2052 MARK(rel->r_offset); 2053 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 2054 reloc, (sym_addr + addend), sym_name); 2055 { 2056 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2057 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2058 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2059 if ((min_value <= (reloc_value + (sym_addr + addend))) && 2060 ((reloc_value + (sym_addr + addend)) <= max_value)) { 2061 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2062 } else { 2063 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2064 reloc_value + (sym_addr + addend), min_value, max_value); 2065 return false; 2066 } 2067 } 2068 break; 2069 case R_AARCH64_PREL64: 2070 count_relocation(kRelocRelative); 2071 MARK(rel->r_offset); 2072 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 2073 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2074 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend) - rel->r_offset; 2075 break; 2076 case R_AARCH64_PREL32: 2077 count_relocation(kRelocRelative); 2078 MARK(rel->r_offset); 2079 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 2080 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2081 { 2082 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2083 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2084 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2085 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 2086 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 2087 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 2088 } else { 2089 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2090 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 2091 return false; 2092 } 2093 } 2094 break; 2095 case R_AARCH64_PREL16: 2096 count_relocation(kRelocRelative); 2097 MARK(rel->r_offset); 2098 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 2099 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2100 { 2101 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2102 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2103 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2104 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 2105 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 2106 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 2107 } else { 2108 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2109 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 2110 return false; 2111 } 2112 } 2113 break; 2114 2115 case R_AARCH64_COPY: 2116 /* 2117 * ET_EXEC is not supported so this should not happen. 2118 * 2119 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf 2120 * 2121 * Section 4.6.11 "Dynamic relocations" 2122 * R_AARCH64_COPY may only appear in executable objects where e_type is 2123 * set to ET_EXEC. 2124 */ 2125 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_realpath()); 2126 return false; 2127 case R_AARCH64_TLS_TPREL64: 2128 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 2129 reloc, (sym_addr + addend), rel->r_offset); 2130 break; 2131 case R_AARCH64_TLS_DTPREL32: 2132 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 2133 reloc, (sym_addr + addend), rel->r_offset); 2134 break; 2135 #elif defined(__x86_64__) 2136 case R_X86_64_32: 2137 count_relocation(kRelocRelative); 2138 MARK(rel->r_offset); 2139 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2140 static_cast<size_t>(sym_addr), sym_name); 2141 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2142 break; 2143 case R_X86_64_64: 2144 count_relocation(kRelocRelative); 2145 MARK(rel->r_offset); 2146 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2147 static_cast<size_t>(sym_addr), sym_name); 2148 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2149 break; 2150 case R_X86_64_PC32: 2151 count_relocation(kRelocRelative); 2152 MARK(rel->r_offset); 2153 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 2154 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 2155 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 2156 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - reloc; 2157 break; 2158 #elif defined(__arm__) 2159 case R_ARM_ABS32: 2160 count_relocation(kRelocAbsolute); 2161 MARK(rel->r_offset); 2162 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 2163 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2164 break; 2165 case R_ARM_REL32: 2166 count_relocation(kRelocRelative); 2167 MARK(rel->r_offset); 2168 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 2169 reloc, sym_addr, rel->r_offset, sym_name); 2170 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 2171 break; 2172 case R_ARM_COPY: 2173 /* 2174 * ET_EXEC is not supported so this should not happen. 2175 * 2176 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 2177 * 2178 * Section 4.6.1.10 "Dynamic relocations" 2179 * R_ARM_COPY may only appear in executable objects where e_type is 2180 * set to ET_EXEC. 2181 */ 2182 DL_ERR("%s R_ARM_COPY relocations are not supported", get_realpath()); 2183 return false; 2184 #elif defined(__i386__) 2185 case R_386_32: 2186 count_relocation(kRelocRelative); 2187 MARK(rel->r_offset); 2188 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 2189 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2190 break; 2191 case R_386_PC32: 2192 count_relocation(kRelocRelative); 2193 MARK(rel->r_offset); 2194 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 2195 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 2196 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 2197 break; 2198 #endif 2199 default: 2200 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 2201 return false; 2202 } 2203 } 2204 return true; 2205 } 2206 #endif // !defined(__mips__) 2207 call_array(const char * array_name __unused,linker_function_t * functions,size_t count,bool reverse)2208 void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, 2209 size_t count, bool reverse) { 2210 if (functions == nullptr) { 2211 return; 2212 } 2213 2214 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, get_realpath()); 2215 2216 int begin = reverse ? (count - 1) : 0; 2217 int end = reverse ? -1 : count; 2218 int step = reverse ? -1 : 1; 2219 2220 for (int i = begin; i != end; i += step) { 2221 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 2222 call_function("function", functions[i]); 2223 } 2224 2225 TRACE("[ Done calling %s for '%s' ]", array_name, get_realpath()); 2226 } 2227 call_function(const char * function_name __unused,linker_function_t function)2228 void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 2229 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 2230 return; 2231 } 2232 2233 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, get_realpath()); 2234 function(); 2235 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, get_realpath()); 2236 } 2237 call_pre_init_constructors()2238 void soinfo::call_pre_init_constructors() { 2239 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 2240 // but ignored in a shared library. 2241 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 2242 } 2243 call_constructors()2244 void soinfo::call_constructors() { 2245 if (constructors_called) { 2246 return; 2247 } 2248 2249 // We set constructors_called before actually calling the constructors, otherwise it doesn't 2250 // protect against recursive constructor calls. One simple example of constructor recursion 2251 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 2252 // 1. The program depends on libc, so libc's constructor is called here. 2253 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 2254 // 3. dlopen() calls the constructors on the newly created 2255 // soinfo for libc_malloc_debug_leak.so. 2256 // 4. The debug .so depends on libc, so CallConstructors is 2257 // called again with the libc soinfo. If it doesn't trigger the early- 2258 // out above, the libc constructor will be called again (recursively!). 2259 constructors_called = true; 2260 2261 if (!is_main_executable() && preinit_array_ != nullptr) { 2262 // The GNU dynamic linker silently ignores these, but we warn the developer. 2263 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 2264 get_realpath(), preinit_array_count_); 2265 } 2266 2267 get_children().for_each([] (soinfo* si) { 2268 si->call_constructors(); 2269 }); 2270 2271 TRACE("\"%s\": calling constructors", get_realpath()); 2272 2273 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 2274 call_function("DT_INIT", init_func_); 2275 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 2276 } 2277 call_destructors()2278 void soinfo::call_destructors() { 2279 if (!constructors_called) { 2280 return; 2281 } 2282 TRACE("\"%s\": calling destructors", get_realpath()); 2283 2284 // DT_FINI_ARRAY must be parsed in reverse order. 2285 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 2286 2287 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 2288 call_function("DT_FINI", fini_func_); 2289 2290 // This is needed on second call to dlopen 2291 // after library has been unloaded with RTLD_NODELETE 2292 constructors_called = false; 2293 } 2294 add_child(soinfo * child)2295 void soinfo::add_child(soinfo* child) { 2296 if (has_min_version(0)) { 2297 child->parents_.push_back(this); 2298 this->children_.push_back(child); 2299 } 2300 } 2301 remove_all_links()2302 void soinfo::remove_all_links() { 2303 if (!has_min_version(0)) { 2304 return; 2305 } 2306 2307 // 1. Untie connected soinfos from 'this'. 2308 children_.for_each([&] (soinfo* child) { 2309 child->parents_.remove_if([&] (const soinfo* parent) { 2310 return parent == this; 2311 }); 2312 }); 2313 2314 parents_.for_each([&] (soinfo* parent) { 2315 parent->children_.remove_if([&] (const soinfo* child) { 2316 return child == this; 2317 }); 2318 }); 2319 2320 // 2. Once everything untied - clear local lists. 2321 parents_.clear(); 2322 children_.clear(); 2323 } 2324 get_st_dev() const2325 dev_t soinfo::get_st_dev() const { 2326 if (has_min_version(0)) { 2327 return st_dev_; 2328 } 2329 2330 return 0; 2331 }; 2332 get_st_ino() const2333 ino_t soinfo::get_st_ino() const { 2334 if (has_min_version(0)) { 2335 return st_ino_; 2336 } 2337 2338 return 0; 2339 } 2340 get_file_offset() const2341 off64_t soinfo::get_file_offset() const { 2342 if (has_min_version(1)) { 2343 return file_offset_; 2344 } 2345 2346 return 0; 2347 } 2348 get_rtld_flags() const2349 uint32_t soinfo::get_rtld_flags() const { 2350 if (has_min_version(1)) { 2351 return rtld_flags_; 2352 } 2353 2354 return 0; 2355 } 2356 get_dt_flags_1() const2357 uint32_t soinfo::get_dt_flags_1() const { 2358 if (has_min_version(1)) { 2359 return dt_flags_1_; 2360 } 2361 2362 return 0; 2363 } 2364 set_dt_flags_1(uint32_t dt_flags_1)2365 void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 2366 if (has_min_version(1)) { 2367 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 2368 rtld_flags_ |= RTLD_GLOBAL; 2369 } 2370 2371 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 2372 rtld_flags_ |= RTLD_NODELETE; 2373 } 2374 2375 dt_flags_1_ = dt_flags_1; 2376 } 2377 } 2378 get_realpath() const2379 const char* soinfo::get_realpath() const { 2380 #if defined(__work_around_b_19059885__) 2381 if (has_min_version(2)) { 2382 return realpath_.c_str(); 2383 } else { 2384 return old_name_; 2385 } 2386 #else 2387 return realpath_.c_str(); 2388 #endif 2389 } 2390 get_soname() const2391 const char* soinfo::get_soname() const { 2392 #if defined(__work_around_b_19059885__) 2393 if (has_min_version(2)) { 2394 return soname_; 2395 } else { 2396 return old_name_; 2397 } 2398 #else 2399 return soname_; 2400 #endif 2401 } 2402 2403 // This is a return on get_children()/get_parents() if 2404 // 'this->flags' does not have FLAG_NEW_SOINFO set. 2405 static soinfo::soinfo_list_t g_empty_list; 2406 get_children()2407 soinfo::soinfo_list_t& soinfo::get_children() { 2408 if (has_min_version(0)) { 2409 return children_; 2410 } 2411 2412 return g_empty_list; 2413 } 2414 get_children() const2415 const soinfo::soinfo_list_t& soinfo::get_children() const { 2416 if (has_min_version(0)) { 2417 return children_; 2418 } 2419 2420 return g_empty_list; 2421 } 2422 get_parents()2423 soinfo::soinfo_list_t& soinfo::get_parents() { 2424 if (has_min_version(0)) { 2425 return parents_; 2426 } 2427 2428 return g_empty_list; 2429 } 2430 ElfW(Addr)2431 ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const { 2432 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 2433 return call_ifunc_resolver(s->st_value + load_bias); 2434 } 2435 2436 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 2437 } 2438 get_string(ElfW (Word)index) const2439 const char* soinfo::get_string(ElfW(Word) index) const { 2440 if (has_min_version(1) && (index >= strtab_size_)) { 2441 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", 2442 get_realpath(), strtab_size_, index); 2443 } 2444 2445 return strtab_ + index; 2446 } 2447 is_gnu_hash() const2448 bool soinfo::is_gnu_hash() const { 2449 return (flags_ & FLAG_GNU_HASH) != 0; 2450 } 2451 can_unload() const2452 bool soinfo::can_unload() const { 2453 return (get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0; 2454 } 2455 is_linked() const2456 bool soinfo::is_linked() const { 2457 return (flags_ & FLAG_LINKED) != 0; 2458 } 2459 is_main_executable() const2460 bool soinfo::is_main_executable() const { 2461 return (flags_ & FLAG_EXE) != 0; 2462 } 2463 set_linked()2464 void soinfo::set_linked() { 2465 flags_ |= FLAG_LINKED; 2466 } 2467 set_linker_flag()2468 void soinfo::set_linker_flag() { 2469 flags_ |= FLAG_LINKER; 2470 } 2471 set_main_executable()2472 void soinfo::set_main_executable() { 2473 flags_ |= FLAG_EXE; 2474 } 2475 increment_ref_count()2476 void soinfo::increment_ref_count() { 2477 local_group_root_->ref_count_++; 2478 } 2479 decrement_ref_count()2480 size_t soinfo::decrement_ref_count() { 2481 return --local_group_root_->ref_count_; 2482 } 2483 get_local_group_root() const2484 soinfo* soinfo::get_local_group_root() const { 2485 return local_group_root_; 2486 } 2487 2488 // This function returns api-level at the time of 2489 // dlopen/load. Note that libraries opened by system 2490 // will always have 'current' api level. get_target_sdk_version() const2491 uint32_t soinfo::get_target_sdk_version() const { 2492 if (!has_min_version(2)) { 2493 return __ANDROID_API__; 2494 } 2495 2496 return local_group_root_->target_sdk_version_; 2497 } 2498 prelink_image()2499 bool soinfo::prelink_image() { 2500 /* Extract dynamic section */ 2501 ElfW(Word) dynamic_flags = 0; 2502 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 2503 2504 /* We can't log anything until the linker is relocated */ 2505 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 2506 if (!relocating_linker) { 2507 INFO("[ linking %s ]", get_realpath()); 2508 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 2509 } 2510 2511 if (dynamic == nullptr) { 2512 if (!relocating_linker) { 2513 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath()); 2514 } 2515 return false; 2516 } else { 2517 if (!relocating_linker) { 2518 DEBUG("dynamic = %p", dynamic); 2519 } 2520 } 2521 2522 #if defined(__arm__) 2523 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 2524 &ARM_exidx, &ARM_exidx_count); 2525 #endif 2526 2527 // Extract useful information from dynamic section. 2528 // Note that: "Except for the DT_NULL element at the end of the array, 2529 // and the relative order of DT_NEEDED elements, entries may appear in any order." 2530 // 2531 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html 2532 uint32_t needed_count = 0; 2533 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2534 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 2535 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2536 switch (d->d_tag) { 2537 case DT_SONAME: 2538 // this is parsed after we have strtab initialized (see below). 2539 break; 2540 2541 case DT_HASH: 2542 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2543 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2544 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 2545 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 2546 break; 2547 2548 case DT_GNU_HASH: 2549 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2550 // skip symndx 2551 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 2552 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 2553 2554 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 2555 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 2556 // amend chain for symndx = header[1] 2557 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - 2558 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2559 2560 if (!powerof2(gnu_maskwords_)) { 2561 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", 2562 gnu_maskwords_, get_realpath()); 2563 return false; 2564 } 2565 --gnu_maskwords_; 2566 2567 flags_ |= FLAG_GNU_HASH; 2568 break; 2569 2570 case DT_STRTAB: 2571 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 2572 break; 2573 2574 case DT_STRSZ: 2575 strtab_size_ = d->d_un.d_val; 2576 break; 2577 2578 case DT_SYMTAB: 2579 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 2580 break; 2581 2582 case DT_SYMENT: 2583 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 2584 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", 2585 static_cast<size_t>(d->d_un.d_val), get_realpath()); 2586 return false; 2587 } 2588 break; 2589 2590 case DT_PLTREL: 2591 #if defined(USE_RELA) 2592 if (d->d_un.d_val != DT_RELA) { 2593 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath()); 2594 return false; 2595 } 2596 #else 2597 if (d->d_un.d_val != DT_REL) { 2598 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath()); 2599 return false; 2600 } 2601 #endif 2602 break; 2603 2604 case DT_JMPREL: 2605 #if defined(USE_RELA) 2606 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2607 #else 2608 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2609 #endif 2610 break; 2611 2612 case DT_PLTRELSZ: 2613 #if defined(USE_RELA) 2614 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2615 #else 2616 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2617 #endif 2618 break; 2619 2620 case DT_PLTGOT: 2621 #if defined(__mips__) 2622 // Used by mips and mips64. 2623 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 2624 #endif 2625 // Ignore for other platforms... (because RTLD_LAZY is not supported) 2626 break; 2627 2628 case DT_DEBUG: 2629 // Set the DT_DEBUG entry to the address of _r_debug for GDB 2630 // if the dynamic table is writable 2631 // FIXME: not working currently for N64 2632 // The flags for the LOAD and DYNAMIC program headers do not agree. 2633 // The LOAD section containing the dynamic table has been mapped as 2634 // read-only, but the DYNAMIC header claims it is writable. 2635 #if !(defined(__mips__) && defined(__LP64__)) 2636 if ((dynamic_flags & PF_W) != 0) { 2637 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 2638 } 2639 #endif 2640 break; 2641 #if defined(USE_RELA) 2642 case DT_RELA: 2643 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2644 break; 2645 2646 case DT_RELASZ: 2647 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2648 break; 2649 2650 case DT_ANDROID_RELA: 2651 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2652 break; 2653 2654 case DT_ANDROID_RELASZ: 2655 android_relocs_size_ = d->d_un.d_val; 2656 break; 2657 2658 case DT_ANDROID_REL: 2659 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath()); 2660 return false; 2661 2662 case DT_ANDROID_RELSZ: 2663 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath()); 2664 return false; 2665 2666 case DT_RELAENT: 2667 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 2668 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2669 return false; 2670 } 2671 break; 2672 2673 // ignored (see DT_RELCOUNT comments for details) 2674 case DT_RELACOUNT: 2675 break; 2676 2677 case DT_REL: 2678 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath()); 2679 return false; 2680 2681 case DT_RELSZ: 2682 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath()); 2683 return false; 2684 2685 #else 2686 case DT_REL: 2687 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2688 break; 2689 2690 case DT_RELSZ: 2691 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2692 break; 2693 2694 case DT_RELENT: 2695 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 2696 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2697 return false; 2698 } 2699 break; 2700 2701 case DT_ANDROID_REL: 2702 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2703 break; 2704 2705 case DT_ANDROID_RELSZ: 2706 android_relocs_size_ = d->d_un.d_val; 2707 break; 2708 2709 case DT_ANDROID_RELA: 2710 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath()); 2711 return false; 2712 2713 case DT_ANDROID_RELASZ: 2714 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath()); 2715 return false; 2716 2717 // "Indicates that all RELATIVE relocations have been concatenated together, 2718 // and specifies the RELATIVE relocation count." 2719 // 2720 // TODO: Spec also mentions that this can be used to optimize relocation process; 2721 // Not currently used by bionic linker - ignored. 2722 case DT_RELCOUNT: 2723 break; 2724 2725 case DT_RELA: 2726 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath()); 2727 return false; 2728 2729 case DT_RELASZ: 2730 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath()); 2731 return false; 2732 2733 #endif 2734 case DT_INIT: 2735 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2736 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); 2737 break; 2738 2739 case DT_FINI: 2740 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2741 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); 2742 break; 2743 2744 case DT_INIT_ARRAY: 2745 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2746 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); 2747 break; 2748 2749 case DT_INIT_ARRAYSZ: 2750 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2751 break; 2752 2753 case DT_FINI_ARRAY: 2754 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2755 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); 2756 break; 2757 2758 case DT_FINI_ARRAYSZ: 2759 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2760 break; 2761 2762 case DT_PREINIT_ARRAY: 2763 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2764 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_); 2765 break; 2766 2767 case DT_PREINIT_ARRAYSZ: 2768 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2769 break; 2770 2771 case DT_TEXTREL: 2772 #if defined(__LP64__) 2773 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2774 return false; 2775 #else 2776 has_text_relocations = true; 2777 break; 2778 #endif 2779 2780 case DT_SYMBOLIC: 2781 has_DT_SYMBOLIC = true; 2782 break; 2783 2784 case DT_NEEDED: 2785 ++needed_count; 2786 break; 2787 2788 case DT_FLAGS: 2789 if (d->d_un.d_val & DF_TEXTREL) { 2790 #if defined(__LP64__) 2791 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2792 return false; 2793 #else 2794 has_text_relocations = true; 2795 #endif 2796 } 2797 if (d->d_un.d_val & DF_SYMBOLIC) { 2798 has_DT_SYMBOLIC = true; 2799 } 2800 break; 2801 2802 case DT_FLAGS_1: 2803 set_dt_flags_1(d->d_un.d_val); 2804 2805 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 2806 DL_WARN("%s: unsupported flags DT_FLAGS_1=%p", get_realpath(), reinterpret_cast<void*>(d->d_un.d_val)); 2807 } 2808 break; 2809 #if defined(__mips__) 2810 case DT_MIPS_RLD_MAP: 2811 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 2812 { 2813 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 2814 *dp = &_r_debug; 2815 } 2816 break; 2817 case DT_MIPS_RLD_MAP2: 2818 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 2819 { 2820 r_debug** dp = reinterpret_cast<r_debug**>( 2821 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 2822 *dp = &_r_debug; 2823 } 2824 break; 2825 2826 case DT_MIPS_RLD_VERSION: 2827 case DT_MIPS_FLAGS: 2828 case DT_MIPS_BASE_ADDRESS: 2829 case DT_MIPS_UNREFEXTNO: 2830 break; 2831 2832 case DT_MIPS_SYMTABNO: 2833 mips_symtabno_ = d->d_un.d_val; 2834 break; 2835 2836 case DT_MIPS_LOCAL_GOTNO: 2837 mips_local_gotno_ = d->d_un.d_val; 2838 break; 2839 2840 case DT_MIPS_GOTSYM: 2841 mips_gotsym_ = d->d_un.d_val; 2842 break; 2843 #endif 2844 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 2845 case DT_BIND_NOW: 2846 break; 2847 2848 case DT_VERSYM: 2849 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr); 2850 break; 2851 2852 case DT_VERDEF: 2853 verdef_ptr_ = load_bias + d->d_un.d_ptr; 2854 break; 2855 case DT_VERDEFNUM: 2856 verdef_cnt_ = d->d_un.d_val; 2857 break; 2858 2859 case DT_VERNEED: 2860 verneed_ptr_ = load_bias + d->d_un.d_ptr; 2861 break; 2862 2863 case DT_VERNEEDNUM: 2864 verneed_cnt_ = d->d_un.d_val; 2865 break; 2866 2867 default: 2868 if (!relocating_linker) { 2869 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(), 2870 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2871 } 2872 break; 2873 } 2874 } 2875 2876 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 2877 reinterpret_cast<void*>(base), strtab_, symtab_); 2878 2879 // Sanity checks. 2880 if (relocating_linker && needed_count != 0) { 2881 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 2882 return false; 2883 } 2884 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 2885 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" " 2886 "(new hash type from the future?)", get_realpath()); 2887 return false; 2888 } 2889 if (strtab_ == 0) { 2890 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath()); 2891 return false; 2892 } 2893 if (symtab_ == 0) { 2894 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath()); 2895 return false; 2896 } 2897 2898 // second pass - parse entries relying on strtab 2899 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2900 if (d->d_tag == DT_SONAME) { 2901 soname_ = get_string(d->d_un.d_val); 2902 #if defined(__work_around_b_19059885__) 2903 strlcpy(old_name_, soname_, sizeof(old_name_)); 2904 #endif 2905 break; 2906 } 2907 } 2908 2909 // Before M release linker was using basename in place of soname. 2910 // In the case when dt_soname is absent some apps stop working 2911 // because they can't find dt_needed library by soname. 2912 // This workaround should keep them working. (applies only 2913 // for apps targeting sdk version <=22). Make an exception for 2914 // the main executable and linker; they do not need to have dt_soname 2915 if (soname_ == nullptr && this != somain && (flags_ & FLAG_LINKER) == 0 && 2916 get_application_target_sdk_version() <= 22) { 2917 soname_ = basename(realpath_.c_str()); 2918 DL_WARN("%s: is missing DT_SONAME will use basename as a replacement: \"%s\"", 2919 get_realpath(), soname_); 2920 } 2921 return true; 2922 } 2923 link_image(const soinfo_list_t & global_group,const soinfo_list_t & local_group,const android_dlextinfo * extinfo)2924 bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 2925 const android_dlextinfo* extinfo) { 2926 2927 local_group_root_ = local_group.front(); 2928 if (local_group_root_ == nullptr) { 2929 local_group_root_ = this; 2930 } 2931 2932 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) { 2933 target_sdk_version_ = get_application_target_sdk_version(); 2934 } 2935 2936 VersionTracker version_tracker; 2937 2938 if (!version_tracker.init(this)) { 2939 return false; 2940 } 2941 2942 #if !defined(__LP64__) 2943 if (has_text_relocations) { 2944 // Fail if app is targeting sdk version > 22 2945 // TODO (dimitry): remove != __ANDROID_API__ check once http://b/20020312 is fixed 2946 if (get_application_target_sdk_version() != __ANDROID_API__ 2947 && get_application_target_sdk_version() > 22) { 2948 PRINT("%s: has text relocations", get_realpath()); 2949 DL_ERR("%s: has text relocations", get_realpath()); 2950 return false; 2951 } 2952 // Make segments writable to allow text relocations to work properly. We will later call 2953 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 2954 DL_WARN("%s has text relocations. This is wasting memory and prevents " 2955 "security hardening. Please fix.", get_realpath()); 2956 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2957 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2958 get_realpath(), strerror(errno)); 2959 return false; 2960 } 2961 } 2962 #endif 2963 2964 if (android_relocs_ != nullptr) { 2965 // check signature 2966 if (android_relocs_size_ > 3 && 2967 android_relocs_[0] == 'A' && 2968 android_relocs_[1] == 'P' && 2969 android_relocs_[2] == 'S' && 2970 android_relocs_[3] == '2') { 2971 DEBUG("[ android relocating %s ]", get_realpath()); 2972 2973 bool relocated = false; 2974 const uint8_t* packed_relocs = android_relocs_ + 4; 2975 const size_t packed_relocs_size = android_relocs_size_ - 4; 2976 2977 relocated = relocate( 2978 version_tracker, 2979 packed_reloc_iterator<sleb128_decoder>( 2980 sleb128_decoder(packed_relocs, packed_relocs_size)), 2981 global_group, local_group); 2982 2983 if (!relocated) { 2984 return false; 2985 } 2986 } else { 2987 DL_ERR("bad android relocation header."); 2988 return false; 2989 } 2990 } 2991 2992 #if defined(USE_RELA) 2993 if (rela_ != nullptr) { 2994 DEBUG("[ relocating %s ]", get_realpath()); 2995 if (!relocate(version_tracker, 2996 plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 2997 return false; 2998 } 2999 } 3000 if (plt_rela_ != nullptr) { 3001 DEBUG("[ relocating %s plt ]", get_realpath()); 3002 if (!relocate(version_tracker, 3003 plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 3004 return false; 3005 } 3006 } 3007 #else 3008 if (rel_ != nullptr) { 3009 DEBUG("[ relocating %s ]", get_realpath()); 3010 if (!relocate(version_tracker, 3011 plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 3012 return false; 3013 } 3014 } 3015 if (plt_rel_ != nullptr) { 3016 DEBUG("[ relocating %s plt ]", get_realpath()); 3017 if (!relocate(version_tracker, 3018 plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 3019 return false; 3020 } 3021 } 3022 #endif 3023 3024 #if defined(__mips__) 3025 if (!mips_relocate_got(version_tracker, global_group, local_group)) { 3026 return false; 3027 } 3028 #endif 3029 3030 DEBUG("[ finished linking %s ]", get_realpath()); 3031 3032 #if !defined(__LP64__) 3033 if (has_text_relocations) { 3034 // All relocations are done, we can protect our segments back to read-only. 3035 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 3036 DL_ERR("can't protect segments for \"%s\": %s", 3037 get_realpath(), strerror(errno)); 3038 return false; 3039 } 3040 } 3041 #endif 3042 3043 /* We can also turn on GNU RELRO protection */ 3044 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 3045 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 3046 get_realpath(), strerror(errno)); 3047 return false; 3048 } 3049 3050 /* Handle serializing/sharing the RELRO segment */ 3051 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 3052 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 3053 extinfo->relro_fd) < 0) { 3054 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 3055 get_realpath(), strerror(errno)); 3056 return false; 3057 } 3058 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 3059 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 3060 extinfo->relro_fd) < 0) { 3061 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 3062 get_realpath(), strerror(errno)); 3063 return false; 3064 } 3065 } 3066 3067 notify_gdb_of_load(this); 3068 return true; 3069 } 3070 3071 /* 3072 * This function add vdso to internal dso list. 3073 * It helps to stack unwinding through signal handlers. 3074 * Also, it makes bionic more like glibc. 3075 */ add_vdso(KernelArgumentBlock & args __unused)3076 static void add_vdso(KernelArgumentBlock& args __unused) { 3077 #if defined(AT_SYSINFO_EHDR) 3078 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 3079 if (ehdr_vdso == nullptr) { 3080 return; 3081 } 3082 3083 soinfo* si = soinfo_alloc("[vdso]", nullptr, 0, 0); 3084 3085 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 3086 si->phnum = ehdr_vdso->e_phnum; 3087 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 3088 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 3089 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 3090 3091 si->prelink_image(); 3092 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 3093 #endif 3094 } 3095 3096 /* 3097 * This is linker soinfo for GDB. See details below. 3098 */ 3099 #if defined(__LP64__) 3100 #define LINKER_PATH "/system/bin/linker64" 3101 #else 3102 #define LINKER_PATH "/system/bin/linker" 3103 #endif 3104 3105 // This is done to avoid calling c-tor prematurely 3106 // because soinfo c-tor needs memory allocator 3107 // which might be initialized after global variables. 3108 static uint8_t linker_soinfo_for_gdb_buf[sizeof(soinfo)] __attribute__((aligned(8))); 3109 static soinfo* linker_soinfo_for_gdb = nullptr; 3110 3111 /* gdb expects the linker to be in the debug shared object list. 3112 * Without this, gdb has trouble locating the linker's ".text" 3113 * and ".plt" sections. Gdb could also potentially use this to 3114 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 3115 * Don't use soinfo_alloc(), because the linker shouldn't 3116 * be on the soinfo list. 3117 */ init_linker_info_for_gdb(ElfW (Addr)linker_base)3118 static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 3119 linker_soinfo_for_gdb = new (linker_soinfo_for_gdb_buf) soinfo(LINKER_PATH, nullptr, 0, 0); 3120 3121 linker_soinfo_for_gdb->load_bias = linker_base; 3122 3123 /* 3124 * Set the dynamic field in the link map otherwise gdb will complain with 3125 * the following: 3126 * warning: .dynamic section for "/system/bin/linker" is not at the 3127 * expected address (wrong library or version mismatch?) 3128 */ 3129 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 3130 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 3131 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 3132 &linker_soinfo_for_gdb->dynamic, nullptr); 3133 insert_soinfo_into_debug_map(linker_soinfo_for_gdb); 3134 } 3135 3136 extern "C" int __system_properties_init(void); 3137 3138 /* 3139 * This code is called after the linker has linked itself and 3140 * fixed it's own GOT. It is safe to make references to externs 3141 * and other non-local data at this point. 3142 */ __linker_init_post_relocation(KernelArgumentBlock & args,ElfW (Addr)linker_base)3143 static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 3144 #if TIMING 3145 struct timeval t0, t1; 3146 gettimeofday(&t0, 0); 3147 #endif 3148 3149 // Sanitize the environment. 3150 __libc_init_AT_SECURE(args); 3151 3152 // Initialize system properties 3153 __system_properties_init(); // may use 'environ' 3154 3155 debuggerd_init(); 3156 3157 // Get a few environment variables. 3158 const char* LD_DEBUG = getenv("LD_DEBUG"); 3159 if (LD_DEBUG != nullptr) { 3160 g_ld_debug_verbosity = atoi(LD_DEBUG); 3161 } 3162 3163 // These should have been sanitized by __libc_init_AT_SECURE, but the test 3164 // doesn't cost us anything. 3165 const char* ldpath_env = nullptr; 3166 const char* ldpreload_env = nullptr; 3167 if (!getauxval(AT_SECURE)) { 3168 ldpath_env = getenv("LD_LIBRARY_PATH"); 3169 ldpreload_env = getenv("LD_PRELOAD"); 3170 } 3171 3172 INFO("[ android linker & debugger ]"); 3173 3174 soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); 3175 if (si == nullptr) { 3176 exit(EXIT_FAILURE); 3177 } 3178 3179 /* bootstrap the link map, the main exe always needs to be first */ 3180 si->set_main_executable(); 3181 link_map* map = &(si->link_map_head); 3182 3183 map->l_addr = 0; 3184 map->l_name = args.argv[0]; 3185 map->l_prev = nullptr; 3186 map->l_next = nullptr; 3187 3188 _r_debug.r_map = map; 3189 r_debug_tail = map; 3190 3191 init_linker_info_for_gdb(linker_base); 3192 3193 // Extract information passed from the kernel. 3194 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 3195 si->phnum = args.getauxval(AT_PHNUM); 3196 si->entry = args.getauxval(AT_ENTRY); 3197 3198 /* Compute the value of si->base. We can't rely on the fact that 3199 * the first entry is the PHDR because this will not be true 3200 * for certain executables (e.g. some in the NDK unit test suite) 3201 */ 3202 si->base = 0; 3203 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 3204 si->load_bias = 0; 3205 for (size_t i = 0; i < si->phnum; ++i) { 3206 if (si->phdr[i].p_type == PT_PHDR) { 3207 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 3208 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 3209 break; 3210 } 3211 } 3212 si->dynamic = nullptr; 3213 3214 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 3215 if (elf_hdr->e_type != ET_DYN) { 3216 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 3217 exit(EXIT_FAILURE); 3218 } 3219 3220 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 3221 parse_LD_LIBRARY_PATH(ldpath_env); 3222 parse_LD_PRELOAD(ldpreload_env); 3223 3224 somain = si; 3225 3226 if (!si->prelink_image()) { 3227 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3228 exit(EXIT_FAILURE); 3229 } 3230 3231 // add somain to global group 3232 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 3233 3234 // Load ld_preloads and dependencies. 3235 StringLinkedList needed_library_name_list; 3236 size_t needed_libraries_count = 0; 3237 size_t ld_preloads_count = 0; 3238 3239 for (const auto& ld_preload_name : g_ld_preload_names) { 3240 needed_library_name_list.push_back(ld_preload_name.c_str()); 3241 ++needed_libraries_count; 3242 ++ld_preloads_count; 3243 } 3244 3245 for_each_dt_needed(si, [&](const char* name) { 3246 needed_library_name_list.push_back(name); 3247 ++needed_libraries_count; 3248 }); 3249 3250 const char* needed_library_names[needed_libraries_count]; 3251 3252 memset(needed_library_names, 0, sizeof(needed_library_names)); 3253 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 3254 3255 if (needed_libraries_count > 0 && 3256 !find_libraries(si, needed_library_names, needed_libraries_count, nullptr, 3257 &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr)) { 3258 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3259 exit(EXIT_FAILURE); 3260 } else if (needed_libraries_count == 0) { 3261 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 3262 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3263 exit(EXIT_FAILURE); 3264 } 3265 si->increment_ref_count(); 3266 } 3267 3268 add_vdso(args); 3269 3270 { 3271 ProtectedDataGuard guard; 3272 3273 si->call_pre_init_constructors(); 3274 3275 /* After the prelink_image, the si->load_bias is initialized. 3276 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 3277 * We need to update this value for so exe here. So Unwind_Backtrace 3278 * for some arch like x86 could work correctly within so exe. 3279 */ 3280 map->l_addr = si->load_bias; 3281 si->call_constructors(); 3282 } 3283 3284 #if TIMING 3285 gettimeofday(&t1, nullptr); 3286 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 3287 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 3288 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 3289 #endif 3290 #if STATS 3291 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 3292 linker_stats.count[kRelocAbsolute], 3293 linker_stats.count[kRelocRelative], 3294 linker_stats.count[kRelocCopy], 3295 linker_stats.count[kRelocSymbol]); 3296 #endif 3297 #if COUNT_PAGES 3298 { 3299 unsigned n; 3300 unsigned i; 3301 unsigned count = 0; 3302 for (n = 0; n < 4096; n++) { 3303 if (bitmask[n]) { 3304 unsigned x = bitmask[n]; 3305 #if defined(__LP64__) 3306 for (i = 0; i < 32; i++) { 3307 #else 3308 for (i = 0; i < 8; i++) { 3309 #endif 3310 if (x & 1) { 3311 count++; 3312 } 3313 x >>= 1; 3314 } 3315 } 3316 } 3317 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 3318 } 3319 #endif 3320 3321 #if TIMING || STATS || COUNT_PAGES 3322 fflush(stdout); 3323 #endif 3324 3325 TRACE("[ Ready to execute '%s' @ %p ]", si->get_realpath(), reinterpret_cast<void*>(si->entry)); 3326 return si->entry; 3327 } 3328 3329 /* Compute the load-bias of an existing executable. This shall only 3330 * be used to compute the load bias of an executable or shared library 3331 * that was loaded by the kernel itself. 3332 * 3333 * Input: 3334 * elf -> address of ELF header, assumed to be at the start of the file. 3335 * Return: 3336 * load bias, i.e. add the value of any p_vaddr in the file to get 3337 * the corresponding address in memory. 3338 */ 3339 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 3340 ElfW(Addr) offset = elf->e_phoff; 3341 const ElfW(Phdr)* phdr_table = 3342 reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 3343 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 3344 3345 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 3346 if (phdr->p_type == PT_LOAD) { 3347 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 3348 } 3349 } 3350 return 0; 3351 } 3352 3353 extern "C" void _start(); 3354 3355 /* 3356 * This is the entry point for the linker, called from begin.S. This 3357 * method is responsible for fixing the linker's own relocations, and 3358 * then calling __linker_init_post_relocation(). 3359 * 3360 * Because this method is called before the linker has fixed it's own 3361 * relocations, any attempt to reference an extern variable, extern 3362 * function, or other GOT reference will generate a segfault. 3363 */ 3364 extern "C" ElfW(Addr) __linker_init(void* raw_args) { 3365 KernelArgumentBlock args(raw_args); 3366 3367 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 3368 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 3369 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 3370 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 3371 3372 soinfo linker_so(nullptr, nullptr, 0, 0); 3373 3374 // If the linker is not acting as PT_INTERP entry_point is equal to 3375 // _start. Which means that the linker is running as an executable and 3376 // already linked by PT_INTERP. 3377 // 3378 // This happens when user tries to run 'adb shell /system/bin/linker' 3379 // see also https://code.google.com/p/android/issues/detail?id=63174 3380 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 3381 __libc_fatal("This is %s, the helper program for shared library executables.\n", args.argv[0]); 3382 } 3383 3384 linker_so.base = linker_addr; 3385 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 3386 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 3387 linker_so.dynamic = nullptr; 3388 linker_so.phdr = phdr; 3389 linker_so.phnum = elf_hdr->e_phnum; 3390 linker_so.set_linker_flag(); 3391 3392 // This might not be obvious... The reasons why we pass g_empty_list 3393 // in place of local_group here are (1) we do not really need it, because 3394 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 3395 // itself without having to look into local_group and (2) allocators 3396 // are not yet initialized, and therefore we cannot use linked_list.push_* 3397 // functions at this point. 3398 if (!(linker_so.prelink_image() && linker_so.link_image(g_empty_list, g_empty_list, nullptr))) { 3399 // It would be nice to print an error message, but if the linker 3400 // can't link itself, there's no guarantee that we'll be able to 3401 // call write() (because it involves a GOT reference). We may as 3402 // well try though... 3403 const char* msg = "CANNOT LINK EXECUTABLE: "; 3404 write(2, msg, strlen(msg)); 3405 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 3406 write(2, "\n", 1); 3407 _exit(EXIT_FAILURE); 3408 } 3409 3410 __libc_init_tls(args); 3411 3412 // Initialize the linker's own global variables 3413 linker_so.call_constructors(); 3414 3415 // Initialize static variables. Note that in order to 3416 // get correct libdl_info we need to call constructors 3417 // before get_libdl_info(). 3418 solist = get_libdl_info(); 3419 sonext = get_libdl_info(); 3420 3421 // We have successfully fixed our own relocations. It's safe to run 3422 // the main part of the linker now. 3423 args.abort_message_ptr = &g_abort_message; 3424 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 3425 3426 INFO("[ jumping to _start ]"); 3427 3428 // Return the address that the calling assembly stub should jump to. 3429 return start_address; 3430 } 3431