1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <android/api-level.h> 30 #include <errno.h> 31 #include <fcntl.h> 32 #include <inttypes.h> 33 #include <pthread.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <sys/mman.h> 38 #include <sys/param.h> 39 #include <unistd.h> 40 41 #include <new> 42 #include <string> 43 #include <unordered_map> 44 #include <vector> 45 46 // Private C library headers. 47 #include "private/bionic_globals.h" 48 #include "private/bionic_tls.h" 49 #include "private/KernelArgumentBlock.h" 50 #include "private/ScopedPthreadMutexLocker.h" 51 #include "private/ScopeGuard.h" 52 53 #include "linker.h" 54 #include "linker_block_allocator.h" 55 #include "linker_gdb_support.h" 56 #include "linker_debug.h" 57 #include "linker_dlwarning.h" 58 #include "linker_sleb128.h" 59 #include "linker_phdr.h" 60 #include "linker_relocs.h" 61 #include "linker_reloc_iterators.h" 62 #include "linker_utils.h" 63 64 #include "android-base/strings.h" 65 #include "ziparchive/zip_archive.h" 66 67 extern void __libc_init_globals(KernelArgumentBlock&); 68 extern void __libc_init_AT_SECURE(KernelArgumentBlock&); 69 70 extern "C" void _start(); 71 72 // Override macros to use C++ style casts. 73 #undef ELF_ST_TYPE 74 #define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 75 76 struct android_namespace_t { 77 public: android_namespace_tandroid_namespace_t78 android_namespace_t() : name_(nullptr), is_isolated_(false) {} 79 get_nameandroid_namespace_t80 const char* get_name() const { return name_; } set_nameandroid_namespace_t81 void set_name(const char* name) { name_ = name; } 82 is_isolatedandroid_namespace_t83 bool is_isolated() const { return is_isolated_; } set_isolatedandroid_namespace_t84 void set_isolated(bool isolated) { is_isolated_ = isolated; } 85 get_ld_library_pathsandroid_namespace_t86 const std::vector<std::string>& get_ld_library_paths() const { 87 return ld_library_paths_; 88 } set_ld_library_pathsandroid_namespace_t89 void set_ld_library_paths(std::vector<std::string>&& library_paths) { 90 ld_library_paths_ = library_paths; 91 } 92 get_default_library_pathsandroid_namespace_t93 const std::vector<std::string>& get_default_library_paths() const { 94 return default_library_paths_; 95 } set_default_library_pathsandroid_namespace_t96 void set_default_library_paths(std::vector<std::string>&& library_paths) { 97 default_library_paths_ = library_paths; 98 } 99 get_permitted_pathsandroid_namespace_t100 const std::vector<std::string>& get_permitted_paths() const { 101 return permitted_paths_; 102 } set_permitted_pathsandroid_namespace_t103 void set_permitted_paths(std::vector<std::string>&& permitted_paths) { 104 permitted_paths_ = permitted_paths; 105 } 106 add_soinfoandroid_namespace_t107 void add_soinfo(soinfo* si) { 108 soinfo_list_.push_back(si); 109 } 110 add_soinfosandroid_namespace_t111 void add_soinfos(const soinfo::soinfo_list_t& soinfos) { 112 for (auto si : soinfos) { 113 add_soinfo(si); 114 si->add_secondary_namespace(this); 115 } 116 } 117 remove_soinfoandroid_namespace_t118 void remove_soinfo(soinfo* si) { 119 soinfo_list_.remove_if([&](soinfo* candidate) { 120 return si == candidate; 121 }); 122 } 123 soinfo_listandroid_namespace_t124 const soinfo::soinfo_list_t& soinfo_list() const { return soinfo_list_; } 125 126 // For isolated namespaces - checks if the file is on the search path; 127 // always returns true for not isolated namespace. 128 bool is_accessible(const std::string& path); 129 130 private: 131 const char* name_; 132 bool is_isolated_; 133 std::vector<std::string> ld_library_paths_; 134 std::vector<std::string> default_library_paths_; 135 std::vector<std::string> permitted_paths_; 136 soinfo::soinfo_list_t soinfo_list_; 137 138 DISALLOW_COPY_AND_ASSIGN(android_namespace_t); 139 }; 140 141 android_namespace_t g_default_namespace; 142 143 static std::unordered_map<uintptr_t, soinfo*> g_soinfo_handles_map; 144 static android_namespace_t* g_anonymous_namespace = &g_default_namespace; 145 146 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 147 148 static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 149 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 150 151 static LinkerTypeAllocator<android_namespace_t> g_namespace_allocator; 152 static LinkerTypeAllocator<LinkedListEntry<android_namespace_t>> g_namespace_list_allocator; 153 154 static soinfo* solist; 155 static soinfo* sonext; 156 static soinfo* somain; // main process, always the one after libdl_info 157 158 static const char* const kDefaultLdPaths[] = { 159 #if defined(__LP64__) 160 "/system/lib64", 161 "/vendor/lib64", 162 #else 163 "/system/lib", 164 "/vendor/lib", 165 #endif 166 nullptr 167 }; 168 169 static const char* const kAsanDefaultLdPaths[] = { 170 #if defined(__LP64__) 171 "/data/lib64", 172 "/system/lib64", 173 "/data/vendor/lib64", 174 "/vendor/lib64", 175 #else 176 "/data/lib", 177 "/system/lib", 178 "/data/vendor/lib", 179 "/vendor/lib", 180 #endif 181 nullptr 182 }; 183 is_system_library(const std::string & realpath)184 static bool is_system_library(const std::string& realpath) { 185 for (const auto& dir : g_default_namespace.get_default_library_paths()) { 186 if (file_is_in_dir(realpath, dir)) { 187 return true; 188 } 189 } 190 return false; 191 } 192 193 #if defined(__LP64__) 194 static const char* const kSystemLibDir = "/system/lib64"; 195 #else 196 static const char* const kSystemLibDir = "/system/lib"; 197 #endif 198 199 static std::string dirname(const char *path); 200 201 // TODO(dimitry): The grey-list is a workaround for http://b/26394120 --- 202 // gradually remove libraries from this list until it is gone. is_greylisted(const char * name,const soinfo * needed_by)203 static bool is_greylisted(const char* name, const soinfo* needed_by) { 204 static const char* const kLibraryGreyList[] = { 205 "libandroid_runtime.so", 206 "libbinder.so", 207 "libcrypto.so", 208 "libcutils.so", 209 "libexpat.so", 210 "libgui.so", 211 "libmedia.so", 212 "libnativehelper.so", 213 "libskia.so", 214 "libssl.so", 215 "libstagefright.so", 216 "libsqlite.so", 217 "libui.so", 218 "libutils.so", 219 "libvorbisidec.so", 220 nullptr 221 }; 222 223 // limit greylisting to apps targeting sdk version 23 and below 224 if (get_application_target_sdk_version() > 23) { 225 return false; 226 } 227 228 // if the library needed by a system library - implicitly assume it 229 // is greylisted 230 231 if (needed_by != nullptr && is_system_library(needed_by->get_realpath())) { 232 return true; 233 } 234 235 // if this is an absolute path - make sure it points to /system/lib(64) 236 if (name[0] == '/' && dirname(name) == kSystemLibDir) { 237 // and reduce the path to basename 238 name = basename(name); 239 } 240 241 for (size_t i = 0; kLibraryGreyList[i] != nullptr; ++i) { 242 if (strcmp(name, kLibraryGreyList[i]) == 0) { 243 return true; 244 } 245 } 246 247 return false; 248 } 249 // END OF WORKAROUND 250 251 static const ElfW(Versym) kVersymNotNeeded = 0; 252 static const ElfW(Versym) kVersymGlobal = 1; 253 254 static const char* const* g_default_ld_paths; 255 static std::vector<std::string> g_ld_preload_names; 256 257 static std::vector<soinfo*> g_ld_preloads; 258 259 static bool g_public_namespace_initialized; 260 static soinfo::soinfo_list_t g_public_namespace; 261 262 __LIBC_HIDDEN__ int g_ld_debug_verbosity; 263 264 __LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 265 dirname(const char * path)266 static std::string dirname(const char *path) { 267 const char* last_slash = strrchr(path, '/'); 268 if (last_slash == path) return "/"; 269 else if (last_slash == nullptr) return "."; 270 else 271 return std::string(path, last_slash - path); 272 } 273 274 #if STATS 275 struct linker_stats_t { 276 int count[kRelocMax]; 277 }; 278 279 static linker_stats_t linker_stats; 280 count_relocation(RelocationKind kind)281 void count_relocation(RelocationKind kind) { 282 ++linker_stats.count[kind]; 283 } 284 #else count_relocation(RelocationKind)285 void count_relocation(RelocationKind) { 286 } 287 #endif 288 289 #if COUNT_PAGES 290 uint32_t bitmask[4096]; 291 #endif 292 293 static char __linker_dl_err_buf[768]; 294 linker_get_error_buffer()295 char* linker_get_error_buffer() { 296 return &__linker_dl_err_buf[0]; 297 } 298 linker_get_error_buffer_size()299 size_t linker_get_error_buffer_size() { 300 return sizeof(__linker_dl_err_buf); 301 } 302 notify_gdb_of_load(soinfo * info)303 static void notify_gdb_of_load(soinfo* info) { 304 if (info->is_linker() || info->is_main_executable()) { 305 // gdb already knows about the linker and the main executable. 306 return; 307 } 308 309 link_map* map = &(info->link_map_head); 310 311 map->l_addr = info->load_bias; 312 // link_map l_name field is not const. 313 map->l_name = const_cast<char*>(info->get_realpath()); 314 map->l_ld = info->dynamic; 315 316 CHECK(map->l_name != nullptr); 317 CHECK(map->l_name[0] != '\0'); 318 319 notify_gdb_of_load(map); 320 } 321 notify_gdb_of_unload(soinfo * info)322 static void notify_gdb_of_unload(soinfo* info) { 323 notify_gdb_of_unload(&(info->link_map_head)); 324 } 325 is_accessible(const std::string & file)326 bool android_namespace_t::is_accessible(const std::string& file) { 327 if (!is_isolated_) { 328 return true; 329 } 330 331 for (const auto& dir : ld_library_paths_) { 332 if (file_is_in_dir(file, dir)) { 333 return true; 334 } 335 } 336 337 for (const auto& dir : default_library_paths_) { 338 if (file_is_in_dir(file, dir)) { 339 return true; 340 } 341 } 342 343 for (const auto& dir : permitted_paths_) { 344 if (file_is_under_dir(file, dir)) { 345 return true; 346 } 347 } 348 349 return false; 350 } 351 alloc()352 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 353 return g_soinfo_links_allocator.alloc(); 354 } 355 free(LinkedListEntry<soinfo> * entry)356 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 357 g_soinfo_links_allocator.free(entry); 358 } 359 alloc()360 LinkedListEntry<android_namespace_t>* NamespaceListAllocator::alloc() { 361 return g_namespace_list_allocator.alloc(); 362 } 363 free(LinkedListEntry<android_namespace_t> * entry)364 void NamespaceListAllocator::free(LinkedListEntry<android_namespace_t>* entry) { 365 g_namespace_list_allocator.free(entry); 366 } 367 soinfo_alloc(android_namespace_t * ns,const char * name,struct stat * file_stat,off64_t file_offset,uint32_t rtld_flags)368 static soinfo* soinfo_alloc(android_namespace_t* ns, const char* name, 369 struct stat* file_stat, off64_t file_offset, 370 uint32_t rtld_flags) { 371 if (strlen(name) >= PATH_MAX) { 372 DL_ERR("library name \"%s\" too long", name); 373 return nullptr; 374 } 375 376 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(ns, name, file_stat, 377 file_offset, rtld_flags); 378 379 sonext->next = si; 380 sonext = si; 381 382 si->generate_handle(); 383 ns->add_soinfo(si); 384 385 TRACE("name %s: allocated soinfo @ %p", name, si); 386 return si; 387 } 388 soinfo_free(soinfo * si)389 static void soinfo_free(soinfo* si) { 390 if (si == nullptr) { 391 return; 392 } 393 394 if (si->base != 0 && si->size != 0) { 395 if (!si->is_mapped_by_caller()) { 396 munmap(reinterpret_cast<void*>(si->base), si->size); 397 } else { 398 // remap the region as PROT_NONE, MAP_ANONYMOUS | MAP_NORESERVE 399 mmap(reinterpret_cast<void*>(si->base), si->size, PROT_NONE, 400 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0); 401 } 402 } 403 404 soinfo *prev = nullptr, *trav; 405 406 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si); 407 408 for (trav = solist; trav != nullptr; trav = trav->next) { 409 if (trav == si) { 410 break; 411 } 412 prev = trav; 413 } 414 415 if (trav == nullptr) { 416 // si was not in solist 417 DL_ERR("name \"%s\"@%p is not in solist!", si->get_realpath(), si); 418 return; 419 } 420 421 // clear links to/from si 422 si->remove_all_links(); 423 424 // prev will never be null, because the first entry in solist is 425 // always the static libdl_info. 426 prev->next = si->next; 427 if (si == sonext) { 428 sonext = prev; 429 } 430 431 si->~soinfo(); 432 g_soinfo_allocator.free(si); 433 } 434 435 // For every path element this function checks of it exists, and is a directory, 436 // and normalizes it: 437 // 1. For regular path it converts it to realpath() 438 // 2. For path in a zip file it uses realpath on the zipfile 439 // normalizes entry name by calling normalize_path function. resolve_paths(std::vector<std::string> & paths,std::vector<std::string> * resolved_paths)440 static void resolve_paths(std::vector<std::string>& paths, 441 std::vector<std::string>* resolved_paths) { 442 resolved_paths->clear(); 443 for (const auto& path : paths) { 444 char resolved_path[PATH_MAX]; 445 const char* original_path = path.c_str(); 446 if (realpath(original_path, resolved_path) != nullptr) { 447 struct stat s; 448 if (stat(resolved_path, &s) == 0) { 449 if (S_ISDIR(s.st_mode)) { 450 resolved_paths->push_back(resolved_path); 451 } else { 452 DL_WARN("Warning: \"%s\" is not a directory (excluding from path)", resolved_path); 453 continue; 454 } 455 } else { 456 DL_WARN("Warning: cannot stat file \"%s\": %s", resolved_path, strerror(errno)); 457 continue; 458 } 459 } else { 460 std::string zip_path; 461 std::string entry_path; 462 463 std::string normalized_path; 464 465 if (!normalize_path(original_path, &normalized_path)) { 466 DL_WARN("Warning: unable to normalize \"%s\"", original_path); 467 continue; 468 } 469 470 if (parse_zip_path(normalized_path.c_str(), &zip_path, &entry_path)) { 471 if (realpath(zip_path.c_str(), resolved_path) == nullptr) { 472 DL_WARN("Warning: unable to resolve \"%s\": %s", zip_path.c_str(), strerror(errno)); 473 continue; 474 } 475 476 resolved_paths->push_back(std::string(resolved_path) + kZipFileSeparator + entry_path); 477 } 478 } 479 } 480 } 481 split_path(const char * path,const char * delimiters,std::vector<std::string> * paths)482 static void split_path(const char* path, const char* delimiters, 483 std::vector<std::string>* paths) { 484 if (path != nullptr && path[0] != 0) { 485 *paths = android::base::Split(path, delimiters); 486 } 487 } 488 parse_path(const char * path,const char * delimiters,std::vector<std::string> * resolved_paths)489 static void parse_path(const char* path, const char* delimiters, 490 std::vector<std::string>* resolved_paths) { 491 std::vector<std::string> paths; 492 split_path(path, delimiters, &paths); 493 resolve_paths(paths, resolved_paths); 494 } 495 parse_LD_LIBRARY_PATH(const char * path)496 static void parse_LD_LIBRARY_PATH(const char* path) { 497 std::vector<std::string> ld_libary_paths; 498 parse_path(path, ":", &ld_libary_paths); 499 g_default_namespace.set_ld_library_paths(std::move(ld_libary_paths)); 500 } 501 set_dt_runpath(const char * path)502 void soinfo::set_dt_runpath(const char* path) { 503 if (!has_min_version(3)) { 504 return; 505 } 506 507 std::vector<std::string> runpaths; 508 509 split_path(path, ":", &runpaths); 510 511 std::string origin = dirname(get_realpath()); 512 // FIXME: add $LIB and $PLATFORM. 513 std::pair<std::string, std::string> substs[] = {{"ORIGIN", origin}}; 514 for (auto&& s : runpaths) { 515 size_t pos = 0; 516 while (pos < s.size()) { 517 pos = s.find("$", pos); 518 if (pos == std::string::npos) break; 519 for (const auto& subst : substs) { 520 const std::string& token = subst.first; 521 const std::string& replacement = subst.second; 522 if (s.substr(pos + 1, token.size()) == token) { 523 s.replace(pos, token.size() + 1, replacement); 524 // -1 to compensate for the ++pos below. 525 pos += replacement.size() - 1; 526 break; 527 } else if (s.substr(pos + 1, token.size() + 2) == "{" + token + "}") { 528 s.replace(pos, token.size() + 3, replacement); 529 pos += replacement.size() - 1; 530 break; 531 } 532 } 533 // Skip $ in case it did not match any of the known substitutions. 534 ++pos; 535 } 536 } 537 538 resolve_paths(runpaths, &dt_runpath_); 539 } 540 parse_LD_PRELOAD(const char * path)541 static void parse_LD_PRELOAD(const char* path) { 542 g_ld_preload_names.clear(); 543 if (path != nullptr) { 544 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 545 g_ld_preload_names = android::base::Split(path, " :"); 546 std::remove_if(g_ld_preload_names.begin(), 547 g_ld_preload_names.end(), 548 [] (const std::string& s) { return s.empty(); }); 549 } 550 } 551 realpath_fd(int fd,std::string * realpath)552 static bool realpath_fd(int fd, std::string* realpath) { 553 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX); 554 __libc_format_buffer(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd); 555 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) { 556 PRINT("readlink(\"%s\") failed: %s [fd=%d]", &proc_self_fd[0], strerror(errno), fd); 557 return false; 558 } 559 560 *realpath = &buf[0]; 561 return true; 562 } 563 564 #if defined(__arm__) 565 566 // For a given PC, find the .so that it belongs to. 567 // Returns the base address of the .ARM.exidx section 568 // for that .so, and the number of 8-byte entries 569 // in that section (via *pcount). 570 // 571 // Intended to be called by libc's __gnu_Unwind_Find_exidx(). 572 // 573 // This function is exposed via dlfcn.cpp and libdl.so. dl_unwind_find_exidx(_Unwind_Ptr pc,int * pcount)574 _Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 575 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 576 577 for (soinfo* si = solist; si != 0; si = si->next) { 578 if ((addr >= si->base) && (addr < (si->base + si->size))) { 579 *pcount = si->ARM_exidx_count; 580 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 581 } 582 } 583 *pcount = 0; 584 return nullptr; 585 } 586 587 #endif 588 589 // Here, we only have to provide a callback to iterate across all the 590 // loaded libraries. gcc_eh does the rest. do_dl_iterate_phdr(int (* cb)(dl_phdr_info * info,size_t size,void * data),void * data)591 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 592 int rv = 0; 593 for (soinfo* si = solist; si != nullptr; si = si->next) { 594 dl_phdr_info dl_info; 595 dl_info.dlpi_addr = si->link_map_head.l_addr; 596 dl_info.dlpi_name = si->link_map_head.l_name; 597 dl_info.dlpi_phdr = si->phdr; 598 dl_info.dlpi_phnum = si->phnum; 599 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 600 if (rv != 0) { 601 break; 602 } 603 } 604 return rv; 605 } 606 ElfW(Versym)607 const ElfW(Versym)* soinfo::get_versym(size_t n) const { 608 if (has_min_version(2) && versym_ != nullptr) { 609 return versym_ + n; 610 } 611 612 return nullptr; 613 } 614 ElfW(Addr)615 ElfW(Addr) soinfo::get_verneed_ptr() const { 616 if (has_min_version(2)) { 617 return verneed_ptr_; 618 } 619 620 return 0; 621 } 622 get_verneed_cnt() const623 size_t soinfo::get_verneed_cnt() const { 624 if (has_min_version(2)) { 625 return verneed_cnt_; 626 } 627 628 return 0; 629 } 630 ElfW(Addr)631 ElfW(Addr) soinfo::get_verdef_ptr() const { 632 if (has_min_version(2)) { 633 return verdef_ptr_; 634 } 635 636 return 0; 637 } 638 get_verdef_cnt() const639 size_t soinfo::get_verdef_cnt() const { 640 if (has_min_version(2)) { 641 return verdef_cnt_; 642 } 643 644 return 0; 645 } 646 647 template<typename F> for_each_verdef(const soinfo * si,F functor)648 static bool for_each_verdef(const soinfo* si, F functor) { 649 if (!si->has_min_version(2)) { 650 return true; 651 } 652 653 uintptr_t verdef_ptr = si->get_verdef_ptr(); 654 if (verdef_ptr == 0) { 655 return true; 656 } 657 658 size_t offset = 0; 659 660 size_t verdef_cnt = si->get_verdef_cnt(); 661 for (size_t i = 0; i<verdef_cnt; ++i) { 662 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset); 663 size_t verdaux_offset = offset + verdef->vd_aux; 664 offset += verdef->vd_next; 665 666 if (verdef->vd_version != 1) { 667 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s", 668 i, verdef->vd_version, si->get_realpath()); 669 return false; 670 } 671 672 if ((verdef->vd_flags & VER_FLG_BASE) != 0) { 673 // "this is the version of the file itself. It must not be used for 674 // matching a symbol. It can be used to match references." 675 // 676 // http://www.akkadia.org/drepper/symbol-versioning 677 continue; 678 } 679 680 if (verdef->vd_cnt == 0) { 681 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i); 682 return false; 683 } 684 685 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset); 686 687 if (functor(i, verdef, verdaux) == true) { 688 break; 689 } 690 } 691 692 return true; 693 } 694 find_verdef_version_index(const version_info * vi,ElfW (Versym)* versym) const695 bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const { 696 if (vi == nullptr) { 697 *versym = kVersymNotNeeded; 698 return true; 699 } 700 701 *versym = kVersymGlobal; 702 703 return for_each_verdef(this, 704 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 705 if (verdef->vd_hash == vi->elf_hash && 706 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) { 707 *versym = verdef->vd_ndx; 708 return true; 709 } 710 711 return false; 712 } 713 ); 714 } 715 find_symbol_by_name(SymbolName & symbol_name,const version_info * vi,const ElfW (Sym)** symbol) const716 bool soinfo::find_symbol_by_name(SymbolName& symbol_name, 717 const version_info* vi, 718 const ElfW(Sym)** symbol) const { 719 uint32_t symbol_index; 720 bool success = 721 is_gnu_hash() ? 722 gnu_lookup(symbol_name, vi, &symbol_index) : 723 elf_lookup(symbol_name, vi, &symbol_index); 724 725 if (success) { 726 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index; 727 } 728 729 return success; 730 } 731 is_symbol_global_and_defined(const soinfo * si,const ElfW (Sym)* s)732 static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 733 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 734 ELF_ST_BIND(s->st_info) == STB_WEAK) { 735 return s->st_shndx != SHN_UNDEF; 736 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 737 DL_WARN("unexpected ST_BIND value: %d for \"%s\" in \"%s\"", 738 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_realpath()); 739 } 740 741 return false; 742 } 743 744 static const ElfW(Versym) kVersymHiddenBit = 0x8000; 745 is_versym_hidden(const ElfW (Versym)* versym)746 static inline bool is_versym_hidden(const ElfW(Versym)* versym) { 747 // the symbol is hidden if bit 15 of versym is set. 748 return versym != nullptr && (*versym & kVersymHiddenBit) != 0; 749 } 750 check_symbol_version(const ElfW (Versym)verneed,const ElfW (Versym)* verdef)751 static inline bool check_symbol_version(const ElfW(Versym) verneed, 752 const ElfW(Versym)* verdef) { 753 return verneed == kVersymNotNeeded || 754 verdef == nullptr || 755 verneed == (*verdef & ~kVersymHiddenBit); 756 } 757 gnu_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const758 bool soinfo::gnu_lookup(SymbolName& symbol_name, 759 const version_info* vi, 760 uint32_t* symbol_index) const { 761 uint32_t hash = symbol_name.gnu_hash(); 762 uint32_t h2 = hash >> gnu_shift2_; 763 764 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 765 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 766 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 767 768 *symbol_index = 0; 769 770 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 771 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 772 773 // test against bloom filter 774 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 775 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 776 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 777 778 return true; 779 } 780 781 // bloom test says "probably yes"... 782 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 783 784 if (n == 0) { 785 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 786 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 787 788 return true; 789 } 790 791 // lookup versym for the version definition in this library 792 // note the difference between "version is not requested" (vi == nullptr) 793 // and "version not found". In the first case verneed is kVersymNotNeeded 794 // which implies that the default version can be accepted; the second case results in 795 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols 796 // for this library and consider only *global* ones. 797 ElfW(Versym) verneed = 0; 798 if (!find_verdef_version_index(vi, &verneed)) { 799 return false; 800 } 801 802 do { 803 ElfW(Sym)* s = symtab_ + n; 804 const ElfW(Versym)* verdef = get_versym(n); 805 // skip hidden versions when verneed == kVersymNotNeeded (0) 806 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 807 continue; 808 } 809 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 810 check_symbol_version(verneed, verdef) && 811 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 812 is_symbol_global_and_defined(this, s)) { 813 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 814 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(s->st_value), 815 static_cast<size_t>(s->st_size)); 816 *symbol_index = n; 817 return true; 818 } 819 } while ((gnu_chain_[n++] & 1) == 0); 820 821 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 822 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 823 824 return true; 825 } 826 elf_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const827 bool soinfo::elf_lookup(SymbolName& symbol_name, 828 const version_info* vi, 829 uint32_t* symbol_index) const { 830 uint32_t hash = symbol_name.elf_hash(); 831 832 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 833 symbol_name.get_name(), get_realpath(), 834 reinterpret_cast<void*>(base), hash, hash % nbucket_); 835 836 ElfW(Versym) verneed = 0; 837 if (!find_verdef_version_index(vi, &verneed)) { 838 return false; 839 } 840 841 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 842 ElfW(Sym)* s = symtab_ + n; 843 const ElfW(Versym)* verdef = get_versym(n); 844 845 // skip hidden versions when verneed == 0 846 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 847 continue; 848 } 849 850 if (check_symbol_version(verneed, verdef) && 851 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 852 is_symbol_global_and_defined(this, s)) { 853 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 854 symbol_name.get_name(), get_realpath(), 855 reinterpret_cast<void*>(s->st_value), 856 static_cast<size_t>(s->st_size)); 857 *symbol_index = n; 858 return true; 859 } 860 } 861 862 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 863 symbol_name.get_name(), get_realpath(), 864 reinterpret_cast<void*>(base), hash, hash % nbucket_); 865 866 *symbol_index = 0; 867 return true; 868 } 869 soinfo(android_namespace_t * ns,const char * realpath,const struct stat * file_stat,off64_t file_offset,int rtld_flags)870 soinfo::soinfo(android_namespace_t* ns, const char* realpath, 871 const struct stat* file_stat, off64_t file_offset, 872 int rtld_flags) { 873 memset(this, 0, sizeof(*this)); 874 875 if (realpath != nullptr) { 876 realpath_ = realpath; 877 } 878 879 flags_ = FLAG_NEW_SOINFO; 880 version_ = SOINFO_VERSION; 881 882 if (file_stat != nullptr) { 883 this->st_dev_ = file_stat->st_dev; 884 this->st_ino_ = file_stat->st_ino; 885 this->file_offset_ = file_offset; 886 } 887 888 this->rtld_flags_ = rtld_flags; 889 this->primary_namespace_ = ns; 890 } 891 ~soinfo()892 soinfo::~soinfo() { 893 g_soinfo_handles_map.erase(handle_); 894 } 895 calculate_elf_hash(const char * name)896 static uint32_t calculate_elf_hash(const char* name) { 897 const uint8_t* name_bytes = reinterpret_cast<const uint8_t*>(name); 898 uint32_t h = 0, g; 899 900 while (*name_bytes) { 901 h = (h << 4) + *name_bytes++; 902 g = h & 0xf0000000; 903 h ^= g; 904 h ^= g >> 24; 905 } 906 907 return h; 908 } 909 elf_hash()910 uint32_t SymbolName::elf_hash() { 911 if (!has_elf_hash_) { 912 elf_hash_ = calculate_elf_hash(name_); 913 has_elf_hash_ = true; 914 } 915 916 return elf_hash_; 917 } 918 gnu_hash()919 uint32_t SymbolName::gnu_hash() { 920 if (!has_gnu_hash_) { 921 uint32_t h = 5381; 922 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 923 while (*name != 0) { 924 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 925 } 926 927 gnu_hash_ = h; 928 has_gnu_hash_ = true; 929 } 930 931 return gnu_hash_; 932 } 933 soinfo_do_lookup(soinfo * si_from,const char * name,const version_info * vi,soinfo ** si_found_in,const soinfo::soinfo_list_t & global_group,const soinfo::soinfo_list_t & local_group,const ElfW (Sym)** symbol)934 bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi, 935 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group, 936 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) { 937 SymbolName symbol_name(name); 938 const ElfW(Sym)* s = nullptr; 939 940 /* "This element's presence in a shared object library alters the dynamic linker's 941 * symbol resolution algorithm for references within the library. Instead of starting 942 * a symbol search with the executable file, the dynamic linker starts from the shared 943 * object itself. If the shared object fails to supply the referenced symbol, the 944 * dynamic linker then searches the executable file and other shared objects as usual." 945 * 946 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 947 * 948 * Note that this is unlikely since static linker avoids generating 949 * relocations for -Bsymbolic linked dynamic executables. 950 */ 951 if (si_from->has_DT_SYMBOLIC) { 952 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_realpath(), name); 953 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) { 954 return false; 955 } 956 957 if (s != nullptr) { 958 *si_found_in = si_from; 959 } 960 } 961 962 // 1. Look for it in global_group 963 if (s == nullptr) { 964 bool error = false; 965 global_group.visit([&](soinfo* global_si) { 966 DEBUG("%s: looking up %s in %s (from global group)", 967 si_from->get_realpath(), name, global_si->get_realpath()); 968 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) { 969 error = true; 970 return false; 971 } 972 973 if (s != nullptr) { 974 *si_found_in = global_si; 975 return false; 976 } 977 978 return true; 979 }); 980 981 if (error) { 982 return false; 983 } 984 } 985 986 // 2. Look for it in the local group 987 if (s == nullptr) { 988 bool error = false; 989 local_group.visit([&](soinfo* local_si) { 990 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 991 // we already did this - skip 992 return true; 993 } 994 995 DEBUG("%s: looking up %s in %s (from local group)", 996 si_from->get_realpath(), name, local_si->get_realpath()); 997 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) { 998 error = true; 999 return false; 1000 } 1001 1002 if (s != nullptr) { 1003 *si_found_in = local_si; 1004 return false; 1005 } 1006 1007 return true; 1008 }); 1009 1010 if (error) { 1011 return false; 1012 } 1013 } 1014 1015 if (s != nullptr) { 1016 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 1017 "found in %s, base = %p, load bias = %p", 1018 si_from->get_realpath(), name, reinterpret_cast<void*>(s->st_value), 1019 (*si_found_in)->get_realpath(), reinterpret_cast<void*>((*si_found_in)->base), 1020 reinterpret_cast<void*>((*si_found_in)->load_bias)); 1021 } 1022 1023 *symbol = s; 1024 return true; 1025 } 1026 1027 class ProtectedDataGuard { 1028 public: ProtectedDataGuard()1029 ProtectedDataGuard() { 1030 if (ref_count_++ == 0) { 1031 protect_data(PROT_READ | PROT_WRITE); 1032 } 1033 } 1034 ~ProtectedDataGuard()1035 ~ProtectedDataGuard() { 1036 if (ref_count_ == 0) { // overflow 1037 __libc_fatal("Too many nested calls to dlopen()"); 1038 } 1039 1040 if (--ref_count_ == 0) { 1041 protect_data(PROT_READ); 1042 } 1043 } 1044 private: protect_data(int protection)1045 void protect_data(int protection) { 1046 g_soinfo_allocator.protect_all(protection); 1047 g_soinfo_links_allocator.protect_all(protection); 1048 g_namespace_allocator.protect_all(protection); 1049 g_namespace_list_allocator.protect_all(protection); 1050 } 1051 1052 static size_t ref_count_; 1053 }; 1054 1055 size_t ProtectedDataGuard::ref_count_ = 0; 1056 1057 // Each size has it's own allocator. 1058 template<size_t size> 1059 class SizeBasedAllocator { 1060 public: alloc()1061 static void* alloc() { 1062 return allocator_.alloc(); 1063 } 1064 free(void * ptr)1065 static void free(void* ptr) { 1066 allocator_.free(ptr); 1067 } 1068 1069 private: 1070 static LinkerBlockAllocator allocator_; 1071 }; 1072 1073 template<size_t size> 1074 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 1075 1076 template<typename T> 1077 class TypeBasedAllocator { 1078 public: alloc()1079 static T* alloc() { 1080 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 1081 } 1082 free(T * ptr)1083 static void free(T* ptr) { 1084 SizeBasedAllocator<sizeof(T)>::free(ptr); 1085 } 1086 }; 1087 1088 class LoadTask { 1089 public: 1090 struct deleter_t { operator ()LoadTask::deleter_t1091 void operator()(LoadTask* t) { 1092 t->~LoadTask(); 1093 TypeBasedAllocator<LoadTask>::free(t); 1094 } 1095 }; 1096 1097 static deleter_t deleter; 1098 create(const char * name,soinfo * needed_by,std::unordered_map<const soinfo *,ElfReader> * readers_map)1099 static LoadTask* create(const char* name, soinfo* needed_by, 1100 std::unordered_map<const soinfo*, ElfReader>* readers_map) { 1101 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 1102 return new (ptr) LoadTask(name, needed_by, readers_map); 1103 } 1104 get_name() const1105 const char* get_name() const { 1106 return name_; 1107 } 1108 get_needed_by() const1109 soinfo* get_needed_by() const { 1110 return needed_by_; 1111 } 1112 get_soinfo() const1113 soinfo* get_soinfo() const { 1114 return si_; 1115 } 1116 set_soinfo(soinfo * si)1117 void set_soinfo(soinfo* si) { 1118 si_ = si; 1119 } 1120 get_file_offset() const1121 off64_t get_file_offset() const { 1122 return file_offset_; 1123 } 1124 set_file_offset(off64_t offset)1125 void set_file_offset(off64_t offset) { 1126 file_offset_ = offset; 1127 } 1128 get_fd() const1129 int get_fd() const { 1130 return fd_; 1131 } 1132 set_fd(int fd,bool assume_ownership)1133 void set_fd(int fd, bool assume_ownership) { 1134 fd_ = fd; 1135 close_fd_ = assume_ownership; 1136 } 1137 get_extinfo() const1138 const android_dlextinfo* get_extinfo() const { 1139 return extinfo_; 1140 } 1141 set_extinfo(const android_dlextinfo * extinfo)1142 void set_extinfo(const android_dlextinfo* extinfo) { 1143 extinfo_ = extinfo; 1144 } 1145 is_dt_needed() const1146 bool is_dt_needed() const { 1147 return is_dt_needed_; 1148 } 1149 set_dt_needed(bool is_dt_needed)1150 void set_dt_needed(bool is_dt_needed) { 1151 is_dt_needed_ = is_dt_needed; 1152 } 1153 get_elf_reader() const1154 const ElfReader& get_elf_reader() const { 1155 CHECK(si_ != nullptr); 1156 return (*elf_readers_map_)[si_]; 1157 } 1158 get_elf_reader()1159 ElfReader& get_elf_reader() { 1160 CHECK(si_ != nullptr); 1161 return (*elf_readers_map_)[si_]; 1162 } 1163 get_readers_map()1164 std::unordered_map<const soinfo*, ElfReader>* get_readers_map() { 1165 return elf_readers_map_; 1166 } 1167 read(const char * realpath,off64_t file_size)1168 bool read(const char* realpath, off64_t file_size) { 1169 ElfReader& elf_reader = get_elf_reader(); 1170 return elf_reader.Read(realpath, fd_, file_offset_, file_size); 1171 } 1172 load()1173 bool load() { 1174 ElfReader& elf_reader = get_elf_reader(); 1175 if (!elf_reader.Load(extinfo_)) { 1176 return false; 1177 } 1178 1179 si_->base = elf_reader.load_start(); 1180 si_->size = elf_reader.load_size(); 1181 si_->set_mapped_by_caller(elf_reader.is_mapped_by_caller()); 1182 si_->load_bias = elf_reader.load_bias(); 1183 si_->phnum = elf_reader.phdr_count(); 1184 si_->phdr = elf_reader.loaded_phdr(); 1185 1186 return true; 1187 } 1188 1189 private: LoadTask(const char * name,soinfo * needed_by,std::unordered_map<const soinfo *,ElfReader> * readers_map)1190 LoadTask(const char* name, soinfo* needed_by, 1191 std::unordered_map<const soinfo*, ElfReader>* readers_map) 1192 : name_(name), needed_by_(needed_by), si_(nullptr), 1193 fd_(-1), close_fd_(false), file_offset_(0), elf_readers_map_(readers_map), 1194 is_dt_needed_(false) {} 1195 ~LoadTask()1196 ~LoadTask() { 1197 if (fd_ != -1 && close_fd_) { 1198 close(fd_); 1199 } 1200 } 1201 1202 const char* name_; 1203 soinfo* needed_by_; 1204 soinfo* si_; 1205 const android_dlextinfo* extinfo_; 1206 int fd_; 1207 bool close_fd_; 1208 off64_t file_offset_; 1209 std::unordered_map<const soinfo*, ElfReader>* elf_readers_map_; 1210 // TODO(dimitry): needed by workaround for http://b/26394120 (the grey-list) 1211 bool is_dt_needed_; 1212 // END OF WORKAROUND 1213 1214 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 1215 }; 1216 1217 LoadTask::deleter_t LoadTask::deleter; 1218 1219 template <typename T> 1220 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 1221 1222 typedef linked_list_t<soinfo> SoinfoLinkedList; 1223 typedef linked_list_t<const char> StringLinkedList; 1224 typedef std::vector<LoadTask*> LoadTaskList; 1225 1226 1227 // This function walks down the tree of soinfo dependencies 1228 // in breadth-first order and 1229 // * calls action(soinfo* si) for each node, and 1230 // * terminates walk if action returns false. 1231 // 1232 // walk_dependencies_tree returns false if walk was terminated 1233 // by the action and true otherwise. 1234 template<typename F> walk_dependencies_tree(soinfo * root_soinfos[],size_t root_soinfos_size,F action)1235 static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 1236 SoinfoLinkedList visit_list; 1237 SoinfoLinkedList visited; 1238 1239 for (size_t i = 0; i < root_soinfos_size; ++i) { 1240 visit_list.push_back(root_soinfos[i]); 1241 } 1242 1243 soinfo* si; 1244 while ((si = visit_list.pop_front()) != nullptr) { 1245 if (visited.contains(si)) { 1246 continue; 1247 } 1248 1249 if (!action(si)) { 1250 return false; 1251 } 1252 1253 visited.push_back(si); 1254 1255 si->get_children().for_each([&](soinfo* child) { 1256 visit_list.push_back(child); 1257 }); 1258 } 1259 1260 return true; 1261 } 1262 1263 ElfW(Sym)1264 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* root, soinfo* skip_until, 1265 soinfo** found, SymbolName& symbol_name, 1266 const version_info* vi) { 1267 const ElfW(Sym)* result = nullptr; 1268 bool skip_lookup = skip_until != nullptr; 1269 1270 walk_dependencies_tree(&root, 1, [&](soinfo* current_soinfo) { 1271 if (skip_lookup) { 1272 skip_lookup = current_soinfo != skip_until; 1273 return true; 1274 } 1275 1276 if (!current_soinfo->find_symbol_by_name(symbol_name, vi, &result)) { 1277 result = nullptr; 1278 return false; 1279 } 1280 1281 if (result != nullptr) { 1282 *found = current_soinfo; 1283 return false; 1284 } 1285 1286 return true; 1287 }); 1288 1289 return result; 1290 } 1291 1292 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns, 1293 const char* name, 1294 const version_info* vi, 1295 soinfo** found, 1296 soinfo* caller, 1297 void* handle); 1298 1299 // This is used by dlsym(3). It performs symbol lookup only within the 1300 // specified soinfo object and its dependencies in breadth first order. ElfW(Sym)1301 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, 1302 const char* name, const version_info* vi) { 1303 // According to man dlopen(3) and posix docs in the case when si is handle 1304 // of the main executable we need to search not only in the executable and its 1305 // dependencies but also in all libraries loaded with RTLD_GLOBAL. 1306 // 1307 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared 1308 // libraries and they are loaded in breath-first (correct) order we can just execute 1309 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup. 1310 if (si == somain) { 1311 return dlsym_linear_lookup(&g_default_namespace, name, vi, found, nullptr, RTLD_DEFAULT); 1312 } 1313 1314 SymbolName symbol_name(name); 1315 return dlsym_handle_lookup(si, nullptr, found, symbol_name, vi); 1316 } 1317 1318 /* This is used by dlsym(3) to performs a global symbol lookup. If the 1319 start value is null (for RTLD_DEFAULT), the search starts at the 1320 beginning of the global solist. Otherwise the search starts at the 1321 specified soinfo (for RTLD_NEXT). 1322 */ ElfW(Sym)1323 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns, 1324 const char* name, 1325 const version_info* vi, 1326 soinfo** found, 1327 soinfo* caller, 1328 void* handle) { 1329 SymbolName symbol_name(name); 1330 1331 auto& soinfo_list = ns->soinfo_list(); 1332 auto start = soinfo_list.begin(); 1333 1334 if (handle == RTLD_NEXT) { 1335 if (caller == nullptr) { 1336 return nullptr; 1337 } else { 1338 auto it = soinfo_list.find(caller); 1339 CHECK (it != soinfo_list.end()); 1340 start = ++it; 1341 } 1342 } 1343 1344 const ElfW(Sym)* s = nullptr; 1345 for (auto it = start, end = soinfo_list.end(); it != end; ++it) { 1346 soinfo* si = *it; 1347 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...) 1348 // if the library is opened by application with target api level <= 22 1349 // See http://b/21565766 1350 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() > 22) { 1351 continue; 1352 } 1353 1354 if (!si->find_symbol_by_name(symbol_name, vi, &s)) { 1355 return nullptr; 1356 } 1357 1358 if (s != nullptr) { 1359 *found = si; 1360 break; 1361 } 1362 } 1363 1364 // If not found - use dlsym_handle_lookup for caller's 1365 // local_group unless it is part of the global group in which 1366 // case we already did it. 1367 if (s == nullptr && caller != nullptr && 1368 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) { 1369 return dlsym_handle_lookup(caller->get_local_group_root(), 1370 (handle == RTLD_NEXT) ? caller : nullptr, found, symbol_name, vi); 1371 } 1372 1373 if (s != nullptr) { 1374 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 1375 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 1376 } 1377 1378 return s; 1379 } 1380 find_containing_library(const void * p)1381 soinfo* find_containing_library(const void* p) { 1382 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 1383 for (soinfo* si = solist; si != nullptr; si = si->next) { 1384 if (address >= si->base && address - si->base < si->size) { 1385 return si; 1386 } 1387 } 1388 return nullptr; 1389 } 1390 ElfW(Sym)1391 ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 1392 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 1393 } 1394 symbol_matches_soaddr(const ElfW (Sym)* sym,ElfW (Addr)soaddr)1395 static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 1396 return sym->st_shndx != SHN_UNDEF && 1397 soaddr >= sym->st_value && 1398 soaddr < sym->st_value + sym->st_size; 1399 } 1400 ElfW(Sym)1401 ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 1402 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1403 1404 for (size_t i = 0; i < gnu_nbucket_; ++i) { 1405 uint32_t n = gnu_bucket_[i]; 1406 1407 if (n == 0) { 1408 continue; 1409 } 1410 1411 do { 1412 ElfW(Sym)* sym = symtab_ + n; 1413 if (symbol_matches_soaddr(sym, soaddr)) { 1414 return sym; 1415 } 1416 } while ((gnu_chain_[n++] & 1) == 0); 1417 } 1418 1419 return nullptr; 1420 } 1421 ElfW(Sym)1422 ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 1423 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1424 1425 // Search the library's symbol table for any defined symbol which 1426 // contains this address. 1427 for (size_t i = 0; i < nchain_; ++i) { 1428 ElfW(Sym)* sym = symtab_ + i; 1429 if (symbol_matches_soaddr(sym, soaddr)) { 1430 return sym; 1431 } 1432 } 1433 1434 return nullptr; 1435 } 1436 1437 class ZipArchiveCache { 1438 public: ZipArchiveCache()1439 ZipArchiveCache() {} 1440 ~ZipArchiveCache(); 1441 1442 bool get_or_open(const char* zip_path, ZipArchiveHandle* handle); 1443 private: 1444 DISALLOW_COPY_AND_ASSIGN(ZipArchiveCache); 1445 1446 std::unordered_map<std::string, ZipArchiveHandle> cache_; 1447 }; 1448 get_or_open(const char * zip_path,ZipArchiveHandle * handle)1449 bool ZipArchiveCache::get_or_open(const char* zip_path, ZipArchiveHandle* handle) { 1450 std::string key(zip_path); 1451 1452 auto it = cache_.find(key); 1453 if (it != cache_.end()) { 1454 *handle = it->second; 1455 return true; 1456 } 1457 1458 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1459 if (fd == -1) { 1460 return false; 1461 } 1462 1463 if (OpenArchiveFd(fd, "", handle) != 0) { 1464 // invalid zip-file (?) 1465 CloseArchive(handle); 1466 close(fd); 1467 return false; 1468 } 1469 1470 cache_[key] = *handle; 1471 return true; 1472 } 1473 ~ZipArchiveCache()1474 ZipArchiveCache::~ZipArchiveCache() { 1475 for (const auto& it : cache_) { 1476 CloseArchive(it.second); 1477 } 1478 } 1479 open_library_in_zipfile(ZipArchiveCache * zip_archive_cache,const char * const input_path,off64_t * file_offset,std::string * realpath)1480 static int open_library_in_zipfile(ZipArchiveCache* zip_archive_cache, 1481 const char* const input_path, 1482 off64_t* file_offset, std::string* realpath) { 1483 std::string normalized_path; 1484 if (!normalize_path(input_path, &normalized_path)) { 1485 return -1; 1486 } 1487 1488 const char* const path = normalized_path.c_str(); 1489 TRACE("Trying zip file open from path \"%s\" -> normalized \"%s\"", input_path, path); 1490 1491 // Treat an '!/' separator inside a path as the separator between the name 1492 // of the zip file on disk and the subdirectory to search within it. 1493 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for 1494 // "bar/bas/x.so" within "foo.zip". 1495 const char* const separator = strstr(path, kZipFileSeparator); 1496 if (separator == nullptr) { 1497 return -1; 1498 } 1499 1500 char buf[512]; 1501 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) { 1502 PRINT("Warning: ignoring very long library path: %s", path); 1503 return -1; 1504 } 1505 1506 buf[separator - path] = '\0'; 1507 1508 const char* zip_path = buf; 1509 const char* file_path = &buf[separator - path + 2]; 1510 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1511 if (fd == -1) { 1512 return -1; 1513 } 1514 1515 ZipArchiveHandle handle; 1516 if (!zip_archive_cache->get_or_open(zip_path, &handle)) { 1517 // invalid zip-file (?) 1518 close(fd); 1519 return -1; 1520 } 1521 1522 ZipEntry entry; 1523 1524 if (FindEntry(handle, ZipString(file_path), &entry) != 0) { 1525 // Entry was not found. 1526 close(fd); 1527 return -1; 1528 } 1529 1530 // Check if it is properly stored 1531 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) { 1532 close(fd); 1533 return -1; 1534 } 1535 1536 *file_offset = entry.offset; 1537 1538 if (realpath_fd(fd, realpath)) { 1539 *realpath += separator; 1540 } else { 1541 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", 1542 normalized_path.c_str()); 1543 *realpath = normalized_path; 1544 } 1545 1546 return fd; 1547 } 1548 format_path(char * buf,size_t buf_size,const char * path,const char * name)1549 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) { 1550 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name); 1551 if (n < 0 || n >= static_cast<int>(buf_size)) { 1552 PRINT("Warning: ignoring very long library path: %s/%s", path, name); 1553 return false; 1554 } 1555 1556 return true; 1557 } 1558 open_library_on_paths(ZipArchiveCache * zip_archive_cache,const char * name,off64_t * file_offset,const std::vector<std::string> & paths,std::string * realpath)1559 static int open_library_on_paths(ZipArchiveCache* zip_archive_cache, 1560 const char* name, off64_t* file_offset, 1561 const std::vector<std::string>& paths, 1562 std::string* realpath) { 1563 for (const auto& path : paths) { 1564 char buf[512]; 1565 if (!format_path(buf, sizeof(buf), path.c_str(), name)) { 1566 continue; 1567 } 1568 1569 int fd = -1; 1570 if (strstr(buf, kZipFileSeparator) != nullptr) { 1571 fd = open_library_in_zipfile(zip_archive_cache, buf, file_offset, realpath); 1572 } 1573 1574 if (fd == -1) { 1575 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1576 if (fd != -1) { 1577 *file_offset = 0; 1578 if (!realpath_fd(fd, realpath)) { 1579 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", buf); 1580 *realpath = buf; 1581 } 1582 } 1583 } 1584 1585 if (fd != -1) { 1586 return fd; 1587 } 1588 } 1589 1590 return -1; 1591 } 1592 open_library(android_namespace_t * ns,ZipArchiveCache * zip_archive_cache,const char * name,soinfo * needed_by,off64_t * file_offset,std::string * realpath)1593 static int open_library(android_namespace_t* ns, 1594 ZipArchiveCache* zip_archive_cache, 1595 const char* name, soinfo *needed_by, 1596 off64_t* file_offset, std::string* realpath) { 1597 TRACE("[ opening %s ]", name); 1598 1599 // If the name contains a slash, we should attempt to open it directly and not search the paths. 1600 if (strchr(name, '/') != nullptr) { 1601 int fd = -1; 1602 1603 if (strstr(name, kZipFileSeparator) != nullptr) { 1604 fd = open_library_in_zipfile(zip_archive_cache, name, file_offset, realpath); 1605 } 1606 1607 if (fd == -1) { 1608 fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 1609 if (fd != -1) { 1610 *file_offset = 0; 1611 if (!realpath_fd(fd, realpath)) { 1612 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", name); 1613 *realpath = name; 1614 } 1615 } 1616 } 1617 1618 return fd; 1619 } 1620 1621 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the default library path 1622 int fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_ld_library_paths(), realpath); 1623 if (fd == -1 && needed_by != nullptr) { 1624 fd = open_library_on_paths(zip_archive_cache, name, file_offset, needed_by->get_dt_runpath(), realpath); 1625 // Check if the library is accessible 1626 if (fd != -1 && !ns->is_accessible(*realpath)) { 1627 fd = -1; 1628 } 1629 } 1630 1631 if (fd == -1) { 1632 fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_default_library_paths(), realpath); 1633 } 1634 1635 // TODO(dimitry): workaround for http://b/26394120 (the grey-list) 1636 if (fd == -1 && ns != &g_default_namespace && is_greylisted(name, needed_by)) { 1637 // try searching for it on default_namespace default_library_path 1638 fd = open_library_on_paths(zip_archive_cache, name, file_offset, 1639 g_default_namespace.get_default_library_paths(), realpath); 1640 } 1641 // END OF WORKAROUND 1642 1643 return fd; 1644 } 1645 fix_dt_needed(const char * dt_needed,const char * sopath __unused)1646 static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) { 1647 #if !defined(__LP64__) 1648 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029 1649 if (get_application_target_sdk_version() <= 22) { 1650 const char* bname = basename(dt_needed); 1651 if (bname != dt_needed) { 1652 DL_WARN("library \"%s\" has invalid DT_NEEDED entry \"%s\"", sopath, dt_needed); 1653 add_dlwarning(sopath, "invalid DT_NEEDED entry", dt_needed); 1654 } 1655 1656 return bname; 1657 } 1658 #endif 1659 return dt_needed; 1660 } 1661 1662 template<typename F> for_each_dt_needed(const soinfo * si,F action)1663 static void for_each_dt_needed(const soinfo* si, F action) { 1664 for (const ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1665 if (d->d_tag == DT_NEEDED) { 1666 action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath())); 1667 } 1668 } 1669 } 1670 1671 template<typename F> for_each_dt_needed(const ElfReader & elf_reader,F action)1672 static void for_each_dt_needed(const ElfReader& elf_reader, F action) { 1673 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { 1674 if (d->d_tag == DT_NEEDED) { 1675 action(fix_dt_needed(elf_reader.get_string(d->d_un.d_val), elf_reader.name())); 1676 } 1677 } 1678 } 1679 load_library(android_namespace_t * ns,LoadTask * task,LoadTaskList * load_tasks,int rtld_flags,const std::string & realpath)1680 static bool load_library(android_namespace_t* ns, 1681 LoadTask* task, 1682 LoadTaskList* load_tasks, 1683 int rtld_flags, 1684 const std::string& realpath) { 1685 off64_t file_offset = task->get_file_offset(); 1686 const char* name = task->get_name(); 1687 const android_dlextinfo* extinfo = task->get_extinfo(); 1688 1689 if ((file_offset % PAGE_SIZE) != 0) { 1690 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 1691 return false; 1692 } 1693 if (file_offset < 0) { 1694 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 1695 return false; 1696 } 1697 1698 struct stat file_stat; 1699 if (TEMP_FAILURE_RETRY(fstat(task->get_fd(), &file_stat)) != 0) { 1700 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 1701 return false; 1702 } 1703 if (file_offset >= file_stat.st_size) { 1704 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, 1705 name, file_offset, file_stat.st_size); 1706 return false; 1707 } 1708 1709 // Check for symlink and other situations where 1710 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set 1711 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) { 1712 auto predicate = [&](soinfo* si) { 1713 return si->get_st_dev() != 0 && 1714 si->get_st_ino() != 0 && 1715 si->get_st_dev() == file_stat.st_dev && 1716 si->get_st_ino() == file_stat.st_ino && 1717 si->get_file_offset() == file_offset; 1718 }; 1719 1720 soinfo* si = ns->soinfo_list().find_if(predicate); 1721 1722 // check public namespace 1723 if (si == nullptr) { 1724 si = g_public_namespace.find_if(predicate); 1725 if (si != nullptr) { 1726 ns->add_soinfo(si); 1727 } 1728 } 1729 1730 if (si != nullptr) { 1731 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - " 1732 "will return existing soinfo", name, si->get_realpath()); 1733 task->set_soinfo(si); 1734 return true; 1735 } 1736 } 1737 1738 if ((rtld_flags & RTLD_NOLOAD) != 0) { 1739 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 1740 return false; 1741 } 1742 1743 if (!ns->is_accessible(realpath)) { 1744 // TODO(dimitry): workaround for http://b/26394120 - the grey-list 1745 const soinfo* needed_by = task->is_dt_needed() ? task->get_needed_by() : nullptr; 1746 if (is_greylisted(name, needed_by)) { 1747 // print warning only if needed by non-system library 1748 if (needed_by == nullptr || !is_system_library(needed_by->get_realpath())) { 1749 const soinfo* needed_or_dlopened_by = task->get_needed_by(); 1750 const char* sopath = needed_or_dlopened_by == nullptr ? "(unknown)" : 1751 needed_or_dlopened_by->get_realpath(); 1752 DL_WARN("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"" 1753 " - the access is temporarily granted as a workaround for http://b/26394120, note that the access" 1754 " will be removed in future releases of Android.", 1755 name, realpath.c_str(), sopath, ns->get_name()); 1756 add_dlwarning(sopath, "unauthorized access to", name); 1757 } 1758 } else { 1759 // do not load libraries if they are not accessible for the specified namespace. 1760 const char* needed_or_dlopened_by = task->get_needed_by() == nullptr ? 1761 "(unknown)" : 1762 task->get_needed_by()->get_realpath(); 1763 1764 DL_ERR("library \"%s\" needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"", 1765 name, needed_or_dlopened_by, ns->get_name()); 1766 1767 PRINT("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the" 1768 " namespace: [name=\"%s\", ld_library_paths=\"%s\", default_library_paths=\"%s\"," 1769 " permitted_paths=\"%s\"]", 1770 name, realpath.c_str(), 1771 needed_or_dlopened_by, 1772 ns->get_name(), 1773 android::base::Join(ns->get_ld_library_paths(), ':').c_str(), 1774 android::base::Join(ns->get_default_library_paths(), ':').c_str(), 1775 android::base::Join(ns->get_permitted_paths(), ':').c_str()); 1776 return false; 1777 } 1778 } 1779 1780 soinfo* si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags); 1781 if (si == nullptr) { 1782 return false; 1783 } 1784 1785 task->set_soinfo(si); 1786 1787 // Read the ELF header and some of the segments. 1788 if (!task->read(realpath.c_str(), file_stat.st_size)) { 1789 soinfo_free(si); 1790 task->set_soinfo(nullptr); 1791 return false; 1792 } 1793 1794 // find and set DT_RUNPATH and dt_soname 1795 // Note that these field values are temporary and are 1796 // going to be overwritten on soinfo::prelink_image 1797 // with values from PT_LOAD segments. 1798 const ElfReader& elf_reader = task->get_elf_reader(); 1799 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { 1800 if (d->d_tag == DT_RUNPATH) { 1801 si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val)); 1802 } 1803 if (d->d_tag == DT_SONAME) { 1804 si->set_soname(elf_reader.get_string(d->d_un.d_val)); 1805 } 1806 } 1807 1808 for_each_dt_needed(task->get_elf_reader(), [&](const char* name) { 1809 load_tasks->push_back(LoadTask::create(name, si, task->get_readers_map())); 1810 }); 1811 1812 return true; 1813 } 1814 load_library(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags)1815 static bool load_library(android_namespace_t* ns, 1816 LoadTask* task, 1817 ZipArchiveCache* zip_archive_cache, 1818 LoadTaskList* load_tasks, 1819 int rtld_flags) { 1820 const char* name = task->get_name(); 1821 soinfo* needed_by = task->get_needed_by(); 1822 const android_dlextinfo* extinfo = task->get_extinfo(); 1823 1824 off64_t file_offset; 1825 std::string realpath; 1826 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 1827 file_offset = 0; 1828 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1829 file_offset = extinfo->library_fd_offset; 1830 } 1831 1832 if (!realpath_fd(extinfo->library_fd, &realpath)) { 1833 PRINT("warning: unable to get realpath for the library \"%s\" by extinfo->library_fd. " 1834 "Will use given name.", name); 1835 realpath = name; 1836 } 1837 1838 task->set_fd(extinfo->library_fd, false); 1839 task->set_file_offset(file_offset); 1840 return load_library(ns, task, load_tasks, rtld_flags, realpath); 1841 } 1842 1843 // Open the file. 1844 int fd = open_library(ns, zip_archive_cache, name, needed_by, &file_offset, &realpath); 1845 if (fd == -1) { 1846 DL_ERR("library \"%s\" not found", name); 1847 return false; 1848 } 1849 1850 task->set_fd(fd, true); 1851 task->set_file_offset(file_offset); 1852 1853 return load_library(ns, task, load_tasks, rtld_flags, realpath); 1854 } 1855 1856 // Returns true if library was found and false in 2 cases 1857 // 1. (for default namespace only) The library was found but loaded under different 1858 // target_sdk_version (*candidate != nullptr) 1859 // 2. The library was not found by soname (*candidate is nullptr) find_loaded_library_by_soname(android_namespace_t * ns,const char * name,soinfo ** candidate)1860 static bool find_loaded_library_by_soname(android_namespace_t* ns, 1861 const char* name, soinfo** candidate) { 1862 *candidate = nullptr; 1863 1864 // Ignore filename with path. 1865 if (strchr(name, '/') != nullptr) { 1866 return false; 1867 } 1868 1869 uint32_t target_sdk_version = get_application_target_sdk_version(); 1870 1871 return !ns->soinfo_list().visit([&](soinfo* si) { 1872 const char* soname = si->get_soname(); 1873 if (soname != nullptr && (strcmp(name, soname) == 0)) { 1874 // If the library was opened under different target sdk version 1875 // skip this step and try to reopen it. The exceptions are 1876 // "libdl.so" and global group. There is no point in skipping 1877 // them because relocation process is going to use them 1878 // in any case. 1879 bool is_libdl = si == solist; 1880 if (is_libdl || (si->get_dt_flags_1() & DF_1_GLOBAL) != 0 || 1881 !si->is_linked() || si->get_target_sdk_version() == target_sdk_version || 1882 ns != &g_default_namespace) { 1883 *candidate = si; 1884 return false; 1885 } else if (*candidate == nullptr) { 1886 // for the different sdk version in the default namespace 1887 // remember the first library. 1888 *candidate = si; 1889 } 1890 } 1891 1892 return true; 1893 }); 1894 } 1895 find_library_internal(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags)1896 static bool find_library_internal(android_namespace_t* ns, 1897 LoadTask* task, 1898 ZipArchiveCache* zip_archive_cache, 1899 LoadTaskList* load_tasks, 1900 int rtld_flags) { 1901 soinfo* candidate; 1902 1903 if (find_loaded_library_by_soname(ns, task->get_name(), &candidate)) { 1904 task->set_soinfo(candidate); 1905 return true; 1906 } 1907 1908 if (ns != &g_default_namespace) { 1909 // check public namespace 1910 candidate = g_public_namespace.find_if([&](soinfo* si) { 1911 return strcmp(task->get_name(), si->get_soname()) == 0; 1912 }); 1913 1914 if (candidate != nullptr) { 1915 ns->add_soinfo(candidate); 1916 task->set_soinfo(candidate); 1917 return true; 1918 } 1919 } 1920 1921 // Library might still be loaded, the accurate detection 1922 // of this fact is done by load_library. 1923 TRACE("[ \"%s\" find_loaded_library_by_soname failed (*candidate=%s@%p). Trying harder...]", 1924 task->get_name(), candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate); 1925 1926 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags)) { 1927 return true; 1928 } else { 1929 // In case we were unable to load the library but there 1930 // is a candidate loaded under the same soname but different 1931 // sdk level - return it anyways. 1932 if (candidate != nullptr) { 1933 task->set_soinfo(candidate); 1934 return true; 1935 } 1936 } 1937 1938 return false; 1939 } 1940 1941 static void soinfo_unload(soinfo* si); 1942 static void soinfo_unload(soinfo* soinfos[], size_t count); 1943 1944 // TODO: this is slightly unusual way to construct 1945 // the global group for relocation. Not every RTLD_GLOBAL 1946 // library is included in this group for backwards-compatibility 1947 // reasons. 1948 // 1949 // This group consists of the main executable, LD_PRELOADs 1950 // and libraries with the DF_1_GLOBAL flag set. make_global_group(android_namespace_t * ns)1951 static soinfo::soinfo_list_t make_global_group(android_namespace_t* ns) { 1952 soinfo::soinfo_list_t global_group; 1953 ns->soinfo_list().for_each([&](soinfo* si) { 1954 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1955 global_group.push_back(si); 1956 } 1957 }); 1958 1959 return global_group; 1960 } 1961 1962 // This function provides a list of libraries to be shared 1963 // by the namespace. For the default namespace this is the global 1964 // group (see make_global_group). For all others this is a group 1965 // of RTLD_GLOBAL libraries (which includes the global group from 1966 // the default namespace). get_shared_group(android_namespace_t * ns)1967 static soinfo::soinfo_list_t get_shared_group(android_namespace_t* ns) { 1968 if (ns == &g_default_namespace) { 1969 return make_global_group(ns); 1970 } 1971 1972 soinfo::soinfo_list_t shared_group; 1973 ns->soinfo_list().for_each([&](soinfo* si) { 1974 if ((si->get_rtld_flags() & RTLD_GLOBAL) != 0) { 1975 shared_group.push_back(si); 1976 } 1977 }); 1978 1979 return shared_group; 1980 } 1981 shuffle(std::vector<LoadTask * > * v)1982 static void shuffle(std::vector<LoadTask*>* v) { 1983 for (size_t i = 0, size = v->size(); i < size; ++i) { 1984 size_t n = size - i; 1985 size_t r = arc4random_uniform(n); 1986 std::swap((*v)[n-1], (*v)[r]); 1987 } 1988 } 1989 1990 // add_as_children - add first-level loaded libraries (i.e. library_names[], but 1991 // not their transitive dependencies) as children of the start_with library. 1992 // This is false when find_libraries is called for dlopen(), when newly loaded 1993 // libraries must form a disjoint tree. find_libraries(android_namespace_t * ns,soinfo * start_with,const char * const library_names[],size_t library_names_count,soinfo * soinfos[],std::vector<soinfo * > * ld_preloads,size_t ld_preloads_count,int rtld_flags,const android_dlextinfo * extinfo,bool add_as_children)1994 static bool find_libraries(android_namespace_t* ns, 1995 soinfo* start_with, 1996 const char* const library_names[], 1997 size_t library_names_count, soinfo* soinfos[], 1998 std::vector<soinfo*>* ld_preloads, 1999 size_t ld_preloads_count, int rtld_flags, 2000 const android_dlextinfo* extinfo, 2001 bool add_as_children) { 2002 // Step 0: prepare. 2003 LoadTaskList load_tasks; 2004 std::unordered_map<const soinfo*, ElfReader> readers_map; 2005 2006 for (size_t i = 0; i < library_names_count; ++i) { 2007 const char* name = library_names[i]; 2008 load_tasks.push_back(LoadTask::create(name, start_with, &readers_map)); 2009 } 2010 2011 // Construct global_group. 2012 soinfo::soinfo_list_t global_group = make_global_group(ns); 2013 2014 // If soinfos array is null allocate one on stack. 2015 // The array is needed in case of failure; for example 2016 // when library_names[] = {libone.so, libtwo.so} and libone.so 2017 // is loaded correctly but libtwo.so failed for some reason. 2018 // In this case libone.so should be unloaded on return. 2019 // See also implementation of failure_guard below. 2020 2021 if (soinfos == nullptr) { 2022 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 2023 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 2024 memset(soinfos, 0, soinfos_size); 2025 } 2026 2027 // list of libraries to link - see step 2. 2028 size_t soinfos_count = 0; 2029 2030 auto scope_guard = make_scope_guard([&]() { 2031 for (LoadTask* t : load_tasks) { 2032 LoadTask::deleter(t); 2033 } 2034 }); 2035 2036 auto failure_guard = make_scope_guard([&]() { 2037 // Housekeeping 2038 soinfo_unload(soinfos, soinfos_count); 2039 }); 2040 2041 ZipArchiveCache zip_archive_cache; 2042 2043 // Step 1: expand the list of load_tasks to include 2044 // all DT_NEEDED libraries (do not load them just yet) 2045 for (size_t i = 0; i<load_tasks.size(); ++i) { 2046 LoadTask* task = load_tasks[i]; 2047 soinfo* needed_by = task->get_needed_by(); 2048 2049 bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children); 2050 task->set_extinfo(is_dt_needed ? nullptr : extinfo); 2051 task->set_dt_needed(is_dt_needed); 2052 2053 if(!find_library_internal(ns, task, &zip_archive_cache, &load_tasks, rtld_flags)) { 2054 return false; 2055 } 2056 2057 soinfo* si = task->get_soinfo(); 2058 2059 if (is_dt_needed) { 2060 needed_by->add_child(si); 2061 } 2062 2063 if (si->is_linked()) { 2064 si->increment_ref_count(); 2065 } 2066 2067 // When ld_preloads is not null, the first 2068 // ld_preloads_count libs are in fact ld_preloads. 2069 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 2070 ld_preloads->push_back(si); 2071 } 2072 2073 if (soinfos_count < library_names_count) { 2074 soinfos[soinfos_count++] = si; 2075 } 2076 } 2077 2078 // Step 2: Load libraries in random order (see b/24047022) 2079 LoadTaskList load_list; 2080 for (auto&& task : load_tasks) { 2081 soinfo* si = task->get_soinfo(); 2082 auto pred = [&](const LoadTask* t) { 2083 return t->get_soinfo() == si; 2084 }; 2085 2086 if (!si->is_linked() && 2087 std::find_if(load_list.begin(), load_list.end(), pred) == load_list.end() ) { 2088 load_list.push_back(task); 2089 } 2090 } 2091 shuffle(&load_list); 2092 2093 for (auto&& task : load_list) { 2094 if (!task->load()) { 2095 return false; 2096 } 2097 } 2098 2099 // Step 3: pre-link all DT_NEEDED libraries in breadth first order. 2100 for (auto&& task : load_tasks) { 2101 soinfo* si = task->get_soinfo(); 2102 if (!si->is_linked() && !si->prelink_image()) { 2103 return false; 2104 } 2105 } 2106 2107 // Step 4: Add LD_PRELOADed libraries to the global group for 2108 // future runs. There is no need to explicitly add them to 2109 // the global group for this run because they are going to 2110 // appear in the local group in the correct order. 2111 if (ld_preloads != nullptr) { 2112 for (auto&& si : *ld_preloads) { 2113 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 2114 } 2115 } 2116 2117 2118 // Step 5: link libraries. 2119 soinfo::soinfo_list_t local_group; 2120 walk_dependencies_tree( 2121 (start_with != nullptr && add_as_children) ? &start_with : soinfos, 2122 (start_with != nullptr && add_as_children) ? 1 : soinfos_count, 2123 [&] (soinfo* si) { 2124 local_group.push_back(si); 2125 return true; 2126 }); 2127 2128 // We need to increment ref_count in case 2129 // the root of the local group was not linked. 2130 bool was_local_group_root_linked = local_group.front()->is_linked(); 2131 2132 bool linked = local_group.visit([&](soinfo* si) { 2133 if (!si->is_linked()) { 2134 if (!si->link_image(global_group, local_group, extinfo)) { 2135 return false; 2136 } 2137 } 2138 2139 return true; 2140 }); 2141 2142 if (linked) { 2143 local_group.for_each([](soinfo* si) { 2144 if (!si->is_linked()) { 2145 si->set_linked(); 2146 } 2147 }); 2148 2149 failure_guard.disable(); 2150 } 2151 2152 if (!was_local_group_root_linked) { 2153 local_group.front()->increment_ref_count(); 2154 } 2155 2156 return linked; 2157 } 2158 find_library(android_namespace_t * ns,const char * name,int rtld_flags,const android_dlextinfo * extinfo,soinfo * needed_by)2159 static soinfo* find_library(android_namespace_t* ns, 2160 const char* name, int rtld_flags, 2161 const android_dlextinfo* extinfo, 2162 soinfo* needed_by) { 2163 soinfo* si; 2164 2165 if (name == nullptr) { 2166 si = somain; 2167 } else if (!find_libraries(ns, needed_by, &name, 1, &si, nullptr, 0, rtld_flags, 2168 extinfo, /* add_as_children */ false)) { 2169 return nullptr; 2170 } 2171 2172 return si; 2173 } 2174 soinfo_unload(soinfo * root)2175 static void soinfo_unload(soinfo* root) { 2176 if (root->is_linked()) { 2177 root = root->get_local_group_root(); 2178 } 2179 2180 if (!root->can_unload()) { 2181 TRACE("not unloading \"%s\" - the binary is flagged with NODELETE", root->get_realpath()); 2182 return; 2183 } 2184 2185 soinfo_unload(&root, 1); 2186 } 2187 soinfo_unload(soinfo * soinfos[],size_t count)2188 static void soinfo_unload(soinfo* soinfos[], size_t count) { 2189 // Note that the library can be loaded but not linked; 2190 // in which case there is no root but we still need 2191 // to walk the tree and unload soinfos involved. 2192 // 2193 // This happens on unsuccessful dlopen, when one of 2194 // the DT_NEEDED libraries could not be linked/found. 2195 if (count == 0) { 2196 return; 2197 } 2198 2199 soinfo::soinfo_list_t unload_list; 2200 for (size_t i = 0; i < count; ++i) { 2201 soinfo* si = soinfos[i]; 2202 2203 if (si->can_unload()) { 2204 size_t ref_count = si->is_linked() ? si->decrement_ref_count() : 0; 2205 if (ref_count == 0) { 2206 unload_list.push_back(si); 2207 } else { 2208 TRACE("not unloading '%s' group, decrementing ref_count to %zd", 2209 si->get_realpath(), ref_count); 2210 } 2211 } else { 2212 TRACE("not unloading '%s' - the binary is flagged with NODELETE", si->get_realpath()); 2213 return; 2214 } 2215 } 2216 2217 // This is used to identify soinfos outside of the load-group 2218 // note that we cannot have > 1 in the array and have any of them 2219 // linked. This is why we can safely use the first one. 2220 soinfo* root = soinfos[0]; 2221 2222 soinfo::soinfo_list_t local_unload_list; 2223 soinfo::soinfo_list_t external_unload_list; 2224 soinfo* si = nullptr; 2225 2226 while ((si = unload_list.pop_front()) != nullptr) { 2227 if (local_unload_list.contains(si)) { 2228 continue; 2229 } 2230 2231 local_unload_list.push_back(si); 2232 2233 if (si->has_min_version(0)) { 2234 soinfo* child = nullptr; 2235 while ((child = si->get_children().pop_front()) != nullptr) { 2236 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si, 2237 child->get_realpath(), child); 2238 2239 if (local_unload_list.contains(child)) { 2240 continue; 2241 } else if (child->is_linked() && child->get_local_group_root() != root) { 2242 external_unload_list.push_back(child); 2243 } else { 2244 unload_list.push_front(child); 2245 } 2246 } 2247 } else { 2248 #if !defined(__work_around_b_24465209__) 2249 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 2250 #else 2251 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 2252 for_each_dt_needed(si, [&] (const char* library_name) { 2253 TRACE("deprecated (old format of soinfo): %s needs to unload %s", 2254 si->get_realpath(), library_name); 2255 2256 soinfo* needed = find_library(si->get_primary_namespace(), 2257 library_name, RTLD_NOLOAD, nullptr, nullptr); 2258 2259 if (needed != nullptr) { 2260 // Not found: for example if symlink was deleted between dlopen and dlclose 2261 // Since we cannot really handle errors at this point - print and continue. 2262 PRINT("warning: couldn't find %s needed by %s on unload.", 2263 library_name, si->get_realpath()); 2264 return; 2265 } else if (local_unload_list.contains(needed)) { 2266 // already visited 2267 return; 2268 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 2269 // external group 2270 external_unload_list.push_back(needed); 2271 } else { 2272 // local group 2273 unload_list.push_front(needed); 2274 } 2275 }); 2276 #endif 2277 } 2278 } 2279 2280 local_unload_list.for_each([](soinfo* si) { 2281 si->call_destructors(); 2282 }); 2283 2284 while ((si = local_unload_list.pop_front()) != nullptr) { 2285 notify_gdb_of_unload(si); 2286 soinfo_free(si); 2287 } 2288 2289 while ((si = external_unload_list.pop_front()) != nullptr) { 2290 soinfo_unload(si); 2291 } 2292 } 2293 symbol_display_name(const char * sym_name,const char * sym_ver)2294 static std::string symbol_display_name(const char* sym_name, const char* sym_ver) { 2295 if (sym_ver == nullptr) { 2296 return sym_name; 2297 } 2298 2299 return std::string(sym_name) + ", version " + sym_ver; 2300 } 2301 get_caller_namespace(soinfo * caller)2302 static android_namespace_t* get_caller_namespace(soinfo* caller) { 2303 return caller != nullptr ? caller->get_primary_namespace() : g_anonymous_namespace; 2304 } 2305 do_android_get_LD_LIBRARY_PATH(char * buffer,size_t buffer_size)2306 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 2307 // Use basic string manipulation calls to avoid snprintf. 2308 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 2309 // When debug malloc is enabled, this call returns 0. This in turn causes 2310 // snprintf to do nothing, which causes libraries to fail to load. 2311 // See b/17302493 for further details. 2312 // Once the above bug is fixed, this code can be modified to use 2313 // snprintf again. 2314 size_t required_len = 0; 2315 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 2316 required_len += strlen(g_default_ld_paths[i]) + 1; 2317 } 2318 if (buffer_size < required_len) { 2319 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: " 2320 "buffer len %zu, required len %zu", buffer_size, required_len); 2321 } 2322 char* end = buffer; 2323 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 2324 if (i > 0) *end++ = ':'; 2325 end = stpcpy(end, g_default_ld_paths[i]); 2326 } 2327 } 2328 do_android_update_LD_LIBRARY_PATH(const char * ld_library_path)2329 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 2330 parse_LD_LIBRARY_PATH(ld_library_path); 2331 } 2332 do_dlopen(const char * name,int flags,const android_dlextinfo * extinfo,void * caller_addr)2333 void* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo, 2334 void* caller_addr) { 2335 soinfo* const caller = find_containing_library(caller_addr); 2336 2337 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 2338 DL_ERR("invalid flags to dlopen: %x", flags); 2339 return nullptr; 2340 } 2341 2342 android_namespace_t* ns = get_caller_namespace(caller); 2343 2344 if (extinfo != nullptr) { 2345 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 2346 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 2347 return nullptr; 2348 } 2349 2350 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 2351 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 2352 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without " 2353 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 2354 return nullptr; 2355 } 2356 2357 if ((extinfo->flags & ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS) != 0 && 2358 (extinfo->flags & (ANDROID_DLEXT_RESERVED_ADDRESS | ANDROID_DLEXT_RESERVED_ADDRESS_HINT)) != 0) { 2359 DL_ERR("invalid extended flag combination: ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS is not " 2360 "compatible with ANDROID_DLEXT_RESERVED_ADDRESS/ANDROID_DLEXT_RESERVED_ADDRESS_HINT"); 2361 return nullptr; 2362 } 2363 2364 if ((extinfo->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0) { 2365 if (extinfo->library_namespace == nullptr) { 2366 DL_ERR("ANDROID_DLEXT_USE_NAMESPACE is set but extinfo->library_namespace is null"); 2367 return nullptr; 2368 } 2369 ns = extinfo->library_namespace; 2370 } 2371 } 2372 2373 ProtectedDataGuard guard; 2374 soinfo* si = find_library(ns, name, flags, extinfo, caller); 2375 if (si != nullptr) { 2376 si->call_constructors(); 2377 return si->to_handle(); 2378 } 2379 2380 return nullptr; 2381 } 2382 do_dladdr(const void * addr,Dl_info * info)2383 int do_dladdr(const void* addr, Dl_info* info) { 2384 // Determine if this address can be found in any library currently mapped. 2385 soinfo* si = find_containing_library(addr); 2386 if (si == nullptr) { 2387 return 0; 2388 } 2389 2390 memset(info, 0, sizeof(Dl_info)); 2391 2392 info->dli_fname = si->get_realpath(); 2393 // Address at which the shared object is loaded. 2394 info->dli_fbase = reinterpret_cast<void*>(si->base); 2395 2396 // Determine if any symbol in the library contains the specified address. 2397 ElfW(Sym)* sym = si->find_symbol_by_address(addr); 2398 if (sym != nullptr) { 2399 info->dli_sname = si->get_string(sym->st_name); 2400 info->dli_saddr = reinterpret_cast<void*>(si->resolve_symbol_address(sym)); 2401 } 2402 2403 return 1; 2404 } 2405 soinfo_from_handle(void * handle)2406 static soinfo* soinfo_from_handle(void* handle) { 2407 if ((reinterpret_cast<uintptr_t>(handle) & 1) != 0) { 2408 auto it = g_soinfo_handles_map.find(reinterpret_cast<uintptr_t>(handle)); 2409 if (it == g_soinfo_handles_map.end()) { 2410 return nullptr; 2411 } else { 2412 return it->second; 2413 } 2414 } 2415 2416 return static_cast<soinfo*>(handle); 2417 } 2418 do_dlsym(void * handle,const char * sym_name,const char * sym_ver,void * caller_addr,void ** symbol)2419 bool do_dlsym(void* handle, const char* sym_name, const char* sym_ver, 2420 void* caller_addr, void** symbol) { 2421 #if !defined(__LP64__) 2422 if (handle == nullptr) { 2423 DL_ERR("dlsym failed: library handle is null"); 2424 return false; 2425 } 2426 #endif 2427 2428 if (sym_name == nullptr) { 2429 DL_ERR("dlsym failed: symbol name is null"); 2430 return false; 2431 } 2432 2433 soinfo* found = nullptr; 2434 const ElfW(Sym)* sym = nullptr; 2435 soinfo* caller = find_containing_library(caller_addr); 2436 android_namespace_t* ns = get_caller_namespace(caller); 2437 2438 version_info vi_instance; 2439 version_info* vi = nullptr; 2440 2441 if (sym_ver != nullptr) { 2442 vi_instance.name = sym_ver; 2443 vi_instance.elf_hash = calculate_elf_hash(sym_ver); 2444 vi = &vi_instance; 2445 } 2446 2447 if (handle == RTLD_DEFAULT || handle == RTLD_NEXT) { 2448 sym = dlsym_linear_lookup(ns, sym_name, vi, &found, caller, handle); 2449 } else { 2450 soinfo* si = soinfo_from_handle(handle); 2451 if (si == nullptr) { 2452 DL_ERR("dlsym failed: invalid handle: %p", handle); 2453 return false; 2454 } 2455 sym = dlsym_handle_lookup(si, &found, sym_name, vi); 2456 } 2457 2458 if (sym != nullptr) { 2459 uint32_t bind = ELF_ST_BIND(sym->st_info); 2460 2461 if ((bind == STB_GLOBAL || bind == STB_WEAK) && sym->st_shndx != 0) { 2462 *symbol = reinterpret_cast<void*>(found->resolve_symbol_address(sym)); 2463 return true; 2464 } 2465 2466 DL_ERR("symbol \"%s\" found but not global", symbol_display_name(sym_name, sym_ver).c_str()); 2467 return false; 2468 } 2469 2470 DL_ERR("undefined symbol: %s", symbol_display_name(sym_name, sym_ver).c_str()); 2471 return false; 2472 } 2473 do_dlclose(void * handle)2474 int do_dlclose(void* handle) { 2475 ProtectedDataGuard guard; 2476 soinfo* si = soinfo_from_handle(handle); 2477 if (si == nullptr) { 2478 DL_ERR("invalid handle: %p", handle); 2479 return -1; 2480 } 2481 2482 soinfo_unload(si); 2483 return 0; 2484 } 2485 init_namespaces(const char * public_ns_sonames,const char * anon_ns_library_path)2486 bool init_namespaces(const char* public_ns_sonames, const char* anon_ns_library_path) { 2487 CHECK(public_ns_sonames != nullptr); 2488 if (g_public_namespace_initialized) { 2489 DL_ERR("public namespace has already been initialized."); 2490 return false; 2491 } 2492 2493 std::vector<std::string> sonames = android::base::Split(public_ns_sonames, ":"); 2494 2495 ProtectedDataGuard guard; 2496 2497 auto failure_guard = make_scope_guard([&]() { 2498 g_public_namespace.clear(); 2499 }); 2500 2501 for (const auto& soname : sonames) { 2502 soinfo* candidate = nullptr; 2503 2504 find_loaded_library_by_soname(&g_default_namespace, soname.c_str(), &candidate); 2505 2506 if (candidate == nullptr) { 2507 DL_ERR("error initializing public namespace: \"%s\" was not found" 2508 " in the default namespace", soname.c_str()); 2509 return false; 2510 } 2511 2512 candidate->set_nodelete(); 2513 g_public_namespace.push_back(candidate); 2514 } 2515 2516 g_public_namespace_initialized = true; 2517 2518 // create anonymous namespace 2519 // When the caller is nullptr - create_namespace will take global group 2520 // from the anonymous namespace, which is fine because anonymous namespace 2521 // is still pointing to the default one. 2522 android_namespace_t* anon_ns = 2523 create_namespace(nullptr, "(anonymous)", nullptr, anon_ns_library_path, 2524 ANDROID_NAMESPACE_TYPE_REGULAR, nullptr, &g_default_namespace); 2525 2526 if (anon_ns == nullptr) { 2527 g_public_namespace_initialized = false; 2528 return false; 2529 } 2530 g_anonymous_namespace = anon_ns; 2531 failure_guard.disable(); 2532 return true; 2533 } 2534 create_namespace(const void * caller_addr,const char * name,const char * ld_library_path,const char * default_library_path,uint64_t type,const char * permitted_when_isolated_path,android_namespace_t * parent_namespace)2535 android_namespace_t* create_namespace(const void* caller_addr, 2536 const char* name, 2537 const char* ld_library_path, 2538 const char* default_library_path, 2539 uint64_t type, 2540 const char* permitted_when_isolated_path, 2541 android_namespace_t* parent_namespace) { 2542 if (!g_public_namespace_initialized) { 2543 DL_ERR("cannot create namespace: public namespace is not initialized."); 2544 return nullptr; 2545 } 2546 2547 if (parent_namespace == nullptr) { 2548 // if parent_namespace is nullptr -> set it to the caller namespace 2549 soinfo* caller_soinfo = find_containing_library(caller_addr); 2550 2551 parent_namespace = caller_soinfo != nullptr ? 2552 caller_soinfo->get_primary_namespace() : 2553 g_anonymous_namespace; 2554 } 2555 2556 ProtectedDataGuard guard; 2557 std::vector<std::string> ld_library_paths; 2558 std::vector<std::string> default_library_paths; 2559 std::vector<std::string> permitted_paths; 2560 2561 parse_path(ld_library_path, ":", &ld_library_paths); 2562 parse_path(default_library_path, ":", &default_library_paths); 2563 parse_path(permitted_when_isolated_path, ":", &permitted_paths); 2564 2565 android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t(); 2566 ns->set_name(name); 2567 ns->set_isolated((type & ANDROID_NAMESPACE_TYPE_ISOLATED) != 0); 2568 ns->set_ld_library_paths(std::move(ld_library_paths)); 2569 ns->set_default_library_paths(std::move(default_library_paths)); 2570 ns->set_permitted_paths(std::move(permitted_paths)); 2571 2572 if ((type & ANDROID_NAMESPACE_TYPE_SHARED) != 0) { 2573 // If shared - clone the parent namespace 2574 ns->add_soinfos(parent_namespace->soinfo_list()); 2575 } else { 2576 // If not shared - copy only the shared group 2577 ns->add_soinfos(get_shared_group(parent_namespace)); 2578 } 2579 2580 return ns; 2581 } 2582 call_ifunc_resolver(ElfW (Addr)resolver_addr)2583 static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 2584 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 2585 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 2586 ElfW(Addr) ifunc_addr = ifunc_resolver(); 2587 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", 2588 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 2589 2590 return ifunc_addr; 2591 } 2592 get_version_info(ElfW (Versym)source_symver) const2593 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const { 2594 if (source_symver < 2 || 2595 source_symver >= version_infos.size() || 2596 version_infos[source_symver].name == nullptr) { 2597 return nullptr; 2598 } 2599 2600 return &version_infos[source_symver]; 2601 } 2602 add_version_info(size_t source_index,ElfW (Word)elf_hash,const char * ver_name,const soinfo * target_si)2603 void VersionTracker::add_version_info(size_t source_index, 2604 ElfW(Word) elf_hash, 2605 const char* ver_name, 2606 const soinfo* target_si) { 2607 if (source_index >= version_infos.size()) { 2608 version_infos.resize(source_index+1); 2609 } 2610 2611 version_infos[source_index].elf_hash = elf_hash; 2612 version_infos[source_index].name = ver_name; 2613 version_infos[source_index].target_si = target_si; 2614 } 2615 init_verneed(const soinfo * si_from)2616 bool VersionTracker::init_verneed(const soinfo* si_from) { 2617 uintptr_t verneed_ptr = si_from->get_verneed_ptr(); 2618 2619 if (verneed_ptr == 0) { 2620 return true; 2621 } 2622 2623 size_t verneed_cnt = si_from->get_verneed_cnt(); 2624 2625 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) { 2626 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset); 2627 size_t vernaux_offset = offset + verneed->vn_aux; 2628 offset += verneed->vn_next; 2629 2630 if (verneed->vn_version != 1) { 2631 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version); 2632 return false; 2633 } 2634 2635 const char* target_soname = si_from->get_string(verneed->vn_file); 2636 // find it in dependencies 2637 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) { 2638 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0; 2639 }); 2640 2641 if (target_si == nullptr) { 2642 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"", 2643 target_soname, i, si_from->get_realpath()); 2644 return false; 2645 } 2646 2647 for (size_t j = 0; j<verneed->vn_cnt; ++j) { 2648 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset); 2649 vernaux_offset += vernaux->vna_next; 2650 2651 const ElfW(Word) elf_hash = vernaux->vna_hash; 2652 const char* ver_name = si_from->get_string(vernaux->vna_name); 2653 ElfW(Half) source_index = vernaux->vna_other; 2654 2655 add_version_info(source_index, elf_hash, ver_name, target_si); 2656 } 2657 } 2658 2659 return true; 2660 } 2661 init_verdef(const soinfo * si_from)2662 bool VersionTracker::init_verdef(const soinfo* si_from) { 2663 return for_each_verdef(si_from, 2664 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 2665 add_version_info(verdef->vd_ndx, verdef->vd_hash, 2666 si_from->get_string(verdaux->vda_name), si_from); 2667 return false; 2668 } 2669 ); 2670 } 2671 init(const soinfo * si_from)2672 bool VersionTracker::init(const soinfo* si_from) { 2673 if (!si_from->has_min_version(2)) { 2674 return true; 2675 } 2676 2677 return init_verneed(si_from) && init_verdef(si_from); 2678 } 2679 lookup_version_info(const VersionTracker & version_tracker,ElfW (Word)sym,const char * sym_name,const version_info ** vi)2680 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym, 2681 const char* sym_name, const version_info** vi) { 2682 const ElfW(Versym)* sym_ver_ptr = get_versym(sym); 2683 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr; 2684 2685 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) { 2686 *vi = version_tracker.get_version_info(sym_ver); 2687 2688 if (*vi == nullptr) { 2689 DL_ERR("cannot find verneed/verdef for version index=%d " 2690 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath()); 2691 return false; 2692 } 2693 } else { 2694 // there is no version info 2695 *vi = nullptr; 2696 } 2697 2698 return true; 2699 } 2700 2701 #if !defined(__mips__) 2702 #if defined(USE_RELA) get_addend(ElfW (Rela)* rela,ElfW (Addr)reloc_addr __unused)2703 static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 2704 return rela->r_addend; 2705 } 2706 #else get_addend(ElfW (Rel)* rel,ElfW (Addr)reloc_addr)2707 static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 2708 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || 2709 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 2710 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 2711 } 2712 return 0; 2713 } 2714 #endif 2715 2716 template<typename ElfRelIteratorT> relocate(const VersionTracker & version_tracker,ElfRelIteratorT && rel_iterator,const soinfo_list_t & global_group,const soinfo_list_t & local_group)2717 bool soinfo::relocate(const VersionTracker& version_tracker, ElfRelIteratorT&& rel_iterator, 2718 const soinfo_list_t& global_group, const soinfo_list_t& local_group) { 2719 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 2720 const auto rel = rel_iterator.next(); 2721 if (rel == nullptr) { 2722 return false; 2723 } 2724 2725 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 2726 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 2727 2728 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 2729 ElfW(Addr) sym_addr = 0; 2730 const char* sym_name = nullptr; 2731 ElfW(Addr) addend = get_addend(rel, reloc); 2732 2733 DEBUG("Processing \"%s\" relocation at index %zd", get_realpath(), idx); 2734 if (type == R_GENERIC_NONE) { 2735 continue; 2736 } 2737 2738 const ElfW(Sym)* s = nullptr; 2739 soinfo* lsi = nullptr; 2740 2741 if (sym != 0) { 2742 sym_name = get_string(symtab_[sym].st_name); 2743 const version_info* vi = nullptr; 2744 2745 if (!lookup_version_info(version_tracker, sym, sym_name, &vi)) { 2746 return false; 2747 } 2748 2749 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) { 2750 return false; 2751 } 2752 2753 if (s == nullptr) { 2754 // We only allow an undefined symbol if this is a weak reference... 2755 s = &symtab_[sym]; 2756 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 2757 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_realpath()); 2758 return false; 2759 } 2760 2761 /* IHI0044C AAELF 4.5.1.1: 2762 2763 Libraries are not searched to resolve weak references. 2764 It is not an error for a weak reference to remain unsatisfied. 2765 2766 During linking, the value of an undefined weak reference is: 2767 - Zero if the relocation type is absolute 2768 - The address of the place if the relocation is pc-relative 2769 - The address of nominal base address if the relocation 2770 type is base-relative. 2771 */ 2772 2773 switch (type) { 2774 case R_GENERIC_JUMP_SLOT: 2775 case R_GENERIC_GLOB_DAT: 2776 case R_GENERIC_RELATIVE: 2777 case R_GENERIC_IRELATIVE: 2778 #if defined(__aarch64__) 2779 case R_AARCH64_ABS64: 2780 case R_AARCH64_ABS32: 2781 case R_AARCH64_ABS16: 2782 #elif defined(__x86_64__) 2783 case R_X86_64_32: 2784 case R_X86_64_64: 2785 #elif defined(__arm__) 2786 case R_ARM_ABS32: 2787 #elif defined(__i386__) 2788 case R_386_32: 2789 #endif 2790 /* 2791 * The sym_addr was initialized to be zero above, or the relocation 2792 * code below does not care about value of sym_addr. 2793 * No need to do anything. 2794 */ 2795 break; 2796 #if defined(__x86_64__) 2797 case R_X86_64_PC32: 2798 sym_addr = reloc; 2799 break; 2800 #elif defined(__i386__) 2801 case R_386_PC32: 2802 sym_addr = reloc; 2803 break; 2804 #endif 2805 default: 2806 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 2807 return false; 2808 } 2809 } else { // We got a definition. 2810 #if !defined(__LP64__) 2811 // When relocating dso with text_relocation .text segment is 2812 // not executable. We need to restore elf flags before resolving 2813 // STT_GNU_IFUNC symbol. 2814 bool protect_segments = has_text_relocations && 2815 lsi == this && 2816 ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC; 2817 if (protect_segments) { 2818 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2819 DL_ERR("can't protect segments for \"%s\": %s", 2820 get_realpath(), strerror(errno)); 2821 return false; 2822 } 2823 } 2824 #endif 2825 sym_addr = lsi->resolve_symbol_address(s); 2826 #if !defined(__LP64__) 2827 if (protect_segments) { 2828 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2829 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2830 get_realpath(), strerror(errno)); 2831 return false; 2832 } 2833 } 2834 #endif 2835 } 2836 count_relocation(kRelocSymbol); 2837 } 2838 2839 switch (type) { 2840 case R_GENERIC_JUMP_SLOT: 2841 count_relocation(kRelocAbsolute); 2842 MARK(rel->r_offset); 2843 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 2844 reinterpret_cast<void*>(reloc), 2845 reinterpret_cast<void*>(sym_addr + addend), sym_name); 2846 2847 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2848 break; 2849 case R_GENERIC_GLOB_DAT: 2850 count_relocation(kRelocAbsolute); 2851 MARK(rel->r_offset); 2852 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 2853 reinterpret_cast<void*>(reloc), 2854 reinterpret_cast<void*>(sym_addr + addend), sym_name); 2855 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2856 break; 2857 case R_GENERIC_RELATIVE: 2858 count_relocation(kRelocRelative); 2859 MARK(rel->r_offset); 2860 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 2861 reinterpret_cast<void*>(reloc), 2862 reinterpret_cast<void*>(load_bias + addend)); 2863 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 2864 break; 2865 case R_GENERIC_IRELATIVE: 2866 count_relocation(kRelocRelative); 2867 MARK(rel->r_offset); 2868 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 2869 reinterpret_cast<void*>(reloc), 2870 reinterpret_cast<void*>(load_bias + addend)); 2871 { 2872 #if !defined(__LP64__) 2873 // When relocating dso with text_relocation .text segment is 2874 // not executable. We need to restore elf flags for this 2875 // particular call. 2876 if (has_text_relocations) { 2877 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2878 DL_ERR("can't protect segments for \"%s\": %s", 2879 get_realpath(), strerror(errno)); 2880 return false; 2881 } 2882 } 2883 #endif 2884 ElfW(Addr) ifunc_addr = call_ifunc_resolver(load_bias + addend); 2885 #if !defined(__LP64__) 2886 // Unprotect it afterwards... 2887 if (has_text_relocations) { 2888 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2889 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2890 get_realpath(), strerror(errno)); 2891 return false; 2892 } 2893 } 2894 #endif 2895 *reinterpret_cast<ElfW(Addr)*>(reloc) = ifunc_addr; 2896 } 2897 break; 2898 2899 #if defined(__aarch64__) 2900 case R_AARCH64_ABS64: 2901 count_relocation(kRelocAbsolute); 2902 MARK(rel->r_offset); 2903 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 2904 reloc, sym_addr + addend, sym_name); 2905 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2906 break; 2907 case R_AARCH64_ABS32: 2908 count_relocation(kRelocAbsolute); 2909 MARK(rel->r_offset); 2910 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 2911 reloc, sym_addr + addend, sym_name); 2912 { 2913 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2914 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2915 if ((min_value <= (sym_addr + addend)) && 2916 ((sym_addr + addend) <= max_value)) { 2917 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2918 } else { 2919 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2920 sym_addr + addend, min_value, max_value); 2921 return false; 2922 } 2923 } 2924 break; 2925 case R_AARCH64_ABS16: 2926 count_relocation(kRelocAbsolute); 2927 MARK(rel->r_offset); 2928 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 2929 reloc, sym_addr + addend, sym_name); 2930 { 2931 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2932 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2933 if ((min_value <= (sym_addr + addend)) && 2934 ((sym_addr + addend) <= max_value)) { 2935 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2936 } else { 2937 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2938 sym_addr + addend, min_value, max_value); 2939 return false; 2940 } 2941 } 2942 break; 2943 case R_AARCH64_PREL64: 2944 count_relocation(kRelocRelative); 2945 MARK(rel->r_offset); 2946 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 2947 reloc, sym_addr + addend, rel->r_offset, sym_name); 2948 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 2949 break; 2950 case R_AARCH64_PREL32: 2951 count_relocation(kRelocRelative); 2952 MARK(rel->r_offset); 2953 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 2954 reloc, sym_addr + addend, rel->r_offset, sym_name); 2955 { 2956 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2957 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2958 if ((min_value <= (sym_addr + addend - rel->r_offset)) && 2959 ((sym_addr + addend - rel->r_offset) <= max_value)) { 2960 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 2961 } else { 2962 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2963 sym_addr + addend - rel->r_offset, min_value, max_value); 2964 return false; 2965 } 2966 } 2967 break; 2968 case R_AARCH64_PREL16: 2969 count_relocation(kRelocRelative); 2970 MARK(rel->r_offset); 2971 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 2972 reloc, sym_addr + addend, rel->r_offset, sym_name); 2973 { 2974 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2975 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2976 if ((min_value <= (sym_addr + addend - rel->r_offset)) && 2977 ((sym_addr + addend - rel->r_offset) <= max_value)) { 2978 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 2979 } else { 2980 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2981 sym_addr + addend - rel->r_offset, min_value, max_value); 2982 return false; 2983 } 2984 } 2985 break; 2986 2987 case R_AARCH64_COPY: 2988 /* 2989 * ET_EXEC is not supported so this should not happen. 2990 * 2991 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf 2992 * 2993 * Section 4.6.11 "Dynamic relocations" 2994 * R_AARCH64_COPY may only appear in executable objects where e_type is 2995 * set to ET_EXEC. 2996 */ 2997 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_realpath()); 2998 return false; 2999 case R_AARCH64_TLS_TPREL64: 3000 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 3001 reloc, (sym_addr + addend), rel->r_offset); 3002 break; 3003 case R_AARCH64_TLS_DTPREL32: 3004 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 3005 reloc, (sym_addr + addend), rel->r_offset); 3006 break; 3007 #elif defined(__x86_64__) 3008 case R_X86_64_32: 3009 count_relocation(kRelocRelative); 3010 MARK(rel->r_offset); 3011 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 3012 static_cast<size_t>(sym_addr), sym_name); 3013 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend; 3014 break; 3015 case R_X86_64_64: 3016 count_relocation(kRelocRelative); 3017 MARK(rel->r_offset); 3018 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 3019 static_cast<size_t>(sym_addr), sym_name); 3020 *reinterpret_cast<Elf64_Addr*>(reloc) = sym_addr + addend; 3021 break; 3022 case R_X86_64_PC32: 3023 count_relocation(kRelocRelative); 3024 MARK(rel->r_offset); 3025 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 3026 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 3027 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 3028 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend - reloc; 3029 break; 3030 #elif defined(__arm__) 3031 case R_ARM_ABS32: 3032 count_relocation(kRelocAbsolute); 3033 MARK(rel->r_offset); 3034 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 3035 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 3036 break; 3037 case R_ARM_REL32: 3038 count_relocation(kRelocRelative); 3039 MARK(rel->r_offset); 3040 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 3041 reloc, sym_addr, rel->r_offset, sym_name); 3042 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 3043 break; 3044 case R_ARM_COPY: 3045 /* 3046 * ET_EXEC is not supported so this should not happen. 3047 * 3048 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 3049 * 3050 * Section 4.6.1.10 "Dynamic relocations" 3051 * R_ARM_COPY may only appear in executable objects where e_type is 3052 * set to ET_EXEC. 3053 */ 3054 DL_ERR("%s R_ARM_COPY relocations are not supported", get_realpath()); 3055 return false; 3056 #elif defined(__i386__) 3057 case R_386_32: 3058 count_relocation(kRelocRelative); 3059 MARK(rel->r_offset); 3060 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 3061 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 3062 break; 3063 case R_386_PC32: 3064 count_relocation(kRelocRelative); 3065 MARK(rel->r_offset); 3066 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 3067 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 3068 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 3069 break; 3070 #endif 3071 default: 3072 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 3073 return false; 3074 } 3075 } 3076 return true; 3077 } 3078 #endif // !defined(__mips__) 3079 call_array(const char * array_name __unused,linker_function_t * functions,size_t count,bool reverse)3080 void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, 3081 size_t count, bool reverse) { 3082 if (functions == nullptr) { 3083 return; 3084 } 3085 3086 TRACE("[ Calling %s (size %zd) @ %p for \"%s\" ]", array_name, count, functions, get_realpath()); 3087 3088 int begin = reverse ? (count - 1) : 0; 3089 int end = reverse ? -1 : count; 3090 int step = reverse ? -1 : 1; 3091 3092 for (int i = begin; i != end; i += step) { 3093 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 3094 call_function("function", functions[i]); 3095 } 3096 3097 TRACE("[ Done calling %s for \"%s\" ]", array_name, get_realpath()); 3098 } 3099 call_function(const char * function_name __unused,linker_function_t function)3100 void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 3101 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 3102 return; 3103 } 3104 3105 TRACE("[ Calling %s @ %p for \"%s\" ]", function_name, function, get_realpath()); 3106 function(); 3107 TRACE("[ Done calling %s @ %p for \"%s\" ]", function_name, function, get_realpath()); 3108 } 3109 call_pre_init_constructors()3110 void soinfo::call_pre_init_constructors() { 3111 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 3112 // but ignored in a shared library. 3113 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 3114 } 3115 call_constructors()3116 void soinfo::call_constructors() { 3117 if (constructors_called) { 3118 return; 3119 } 3120 3121 // We set constructors_called before actually calling the constructors, otherwise it doesn't 3122 // protect against recursive constructor calls. One simple example of constructor recursion 3123 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 3124 // 1. The program depends on libc, so libc's constructor is called here. 3125 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 3126 // 3. dlopen() calls the constructors on the newly created 3127 // soinfo for libc_malloc_debug_leak.so. 3128 // 4. The debug .so depends on libc, so CallConstructors is 3129 // called again with the libc soinfo. If it doesn't trigger the early- 3130 // out above, the libc constructor will be called again (recursively!). 3131 constructors_called = true; 3132 3133 if (!is_main_executable() && preinit_array_ != nullptr) { 3134 // The GNU dynamic linker silently ignores these, but we warn the developer. 3135 PRINT("\"%s\": ignoring DT_PREINIT_ARRAY in shared library!", get_realpath()); 3136 } 3137 3138 get_children().for_each([] (soinfo* si) { 3139 si->call_constructors(); 3140 }); 3141 3142 TRACE("\"%s\": calling constructors", get_realpath()); 3143 3144 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 3145 call_function("DT_INIT", init_func_); 3146 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 3147 } 3148 call_destructors()3149 void soinfo::call_destructors() { 3150 if (!constructors_called) { 3151 return; 3152 } 3153 TRACE("\"%s\": calling destructors", get_realpath()); 3154 3155 // DT_FINI_ARRAY must be parsed in reverse order. 3156 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 3157 3158 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 3159 call_function("DT_FINI", fini_func_); 3160 3161 // This is needed on second call to dlopen 3162 // after library has been unloaded with RTLD_NODELETE 3163 constructors_called = false; 3164 } 3165 add_child(soinfo * child)3166 void soinfo::add_child(soinfo* child) { 3167 if (has_min_version(0)) { 3168 child->parents_.push_back(this); 3169 this->children_.push_back(child); 3170 } 3171 } 3172 remove_all_links()3173 void soinfo::remove_all_links() { 3174 if (!has_min_version(0)) { 3175 return; 3176 } 3177 3178 // 1. Untie connected soinfos from 'this'. 3179 children_.for_each([&] (soinfo* child) { 3180 child->parents_.remove_if([&] (const soinfo* parent) { 3181 return parent == this; 3182 }); 3183 }); 3184 3185 parents_.for_each([&] (soinfo* parent) { 3186 parent->children_.remove_if([&] (const soinfo* child) { 3187 return child == this; 3188 }); 3189 }); 3190 3191 // 2. Remove from the primary namespace 3192 primary_namespace_->remove_soinfo(this); 3193 primary_namespace_ = nullptr; 3194 3195 // 3. Remove from secondary namespaces 3196 secondary_namespaces_.for_each([&](android_namespace_t* ns) { 3197 ns->remove_soinfo(this); 3198 }); 3199 3200 3201 // 4. Once everything untied - clear local lists. 3202 parents_.clear(); 3203 children_.clear(); 3204 secondary_namespaces_.clear(); 3205 } 3206 get_st_dev() const3207 dev_t soinfo::get_st_dev() const { 3208 if (has_min_version(0)) { 3209 return st_dev_; 3210 } 3211 3212 return 0; 3213 }; 3214 get_st_ino() const3215 ino_t soinfo::get_st_ino() const { 3216 if (has_min_version(0)) { 3217 return st_ino_; 3218 } 3219 3220 return 0; 3221 } 3222 get_file_offset() const3223 off64_t soinfo::get_file_offset() const { 3224 if (has_min_version(1)) { 3225 return file_offset_; 3226 } 3227 3228 return 0; 3229 } 3230 get_rtld_flags() const3231 uint32_t soinfo::get_rtld_flags() const { 3232 if (has_min_version(1)) { 3233 return rtld_flags_; 3234 } 3235 3236 return 0; 3237 } 3238 get_dt_flags_1() const3239 uint32_t soinfo::get_dt_flags_1() const { 3240 if (has_min_version(1)) { 3241 return dt_flags_1_; 3242 } 3243 3244 return 0; 3245 } 3246 set_dt_flags_1(uint32_t dt_flags_1)3247 void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 3248 if (has_min_version(1)) { 3249 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 3250 rtld_flags_ |= RTLD_GLOBAL; 3251 } 3252 3253 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 3254 rtld_flags_ |= RTLD_NODELETE; 3255 } 3256 3257 dt_flags_1_ = dt_flags_1; 3258 } 3259 } 3260 set_nodelete()3261 void soinfo::set_nodelete() { 3262 rtld_flags_ |= RTLD_NODELETE; 3263 } 3264 get_realpath() const3265 const char* soinfo::get_realpath() const { 3266 #if defined(__work_around_b_24465209__) 3267 if (has_min_version(2)) { 3268 return realpath_.c_str(); 3269 } else { 3270 return old_name_; 3271 } 3272 #else 3273 return realpath_.c_str(); 3274 #endif 3275 } 3276 set_soname(const char * soname)3277 void soinfo::set_soname(const char* soname) { 3278 #if defined(__work_around_b_24465209__) 3279 if (has_min_version(2)) { 3280 soname_ = soname; 3281 } 3282 strlcpy(old_name_, soname_, sizeof(old_name_)); 3283 #else 3284 soname_ = soname; 3285 #endif 3286 } 3287 get_soname() const3288 const char* soinfo::get_soname() const { 3289 #if defined(__work_around_b_24465209__) 3290 if (has_min_version(2)) { 3291 return soname_; 3292 } else { 3293 return old_name_; 3294 } 3295 #else 3296 return soname_; 3297 #endif 3298 } 3299 3300 // This is a return on get_children()/get_parents() if 3301 // 'this->flags' does not have FLAG_NEW_SOINFO set. 3302 static soinfo::soinfo_list_t g_empty_list; 3303 get_children()3304 soinfo::soinfo_list_t& soinfo::get_children() { 3305 if (has_min_version(0)) { 3306 return children_; 3307 } 3308 3309 return g_empty_list; 3310 } 3311 get_children() const3312 const soinfo::soinfo_list_t& soinfo::get_children() const { 3313 if (has_min_version(0)) { 3314 return children_; 3315 } 3316 3317 return g_empty_list; 3318 } 3319 get_parents()3320 soinfo::soinfo_list_t& soinfo::get_parents() { 3321 if (has_min_version(0)) { 3322 return parents_; 3323 } 3324 3325 return g_empty_list; 3326 } 3327 3328 static std::vector<std::string> g_empty_runpath; 3329 get_dt_runpath() const3330 const std::vector<std::string>& soinfo::get_dt_runpath() const { 3331 if (has_min_version(3)) { 3332 return dt_runpath_; 3333 } 3334 3335 return g_empty_runpath; 3336 } 3337 get_primary_namespace()3338 android_namespace_t* soinfo::get_primary_namespace() { 3339 if (has_min_version(3)) { 3340 return primary_namespace_; 3341 } 3342 3343 return &g_default_namespace; 3344 } 3345 add_secondary_namespace(android_namespace_t * secondary_ns)3346 void soinfo::add_secondary_namespace(android_namespace_t* secondary_ns) { 3347 CHECK(has_min_version(3)); 3348 secondary_namespaces_.push_back(secondary_ns); 3349 } 3350 ElfW(Addr)3351 ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const { 3352 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 3353 return call_ifunc_resolver(s->st_value + load_bias); 3354 } 3355 3356 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 3357 } 3358 get_string(ElfW (Word)index) const3359 const char* soinfo::get_string(ElfW(Word) index) const { 3360 if (has_min_version(1) && (index >= strtab_size_)) { 3361 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", 3362 get_realpath(), strtab_size_, index); 3363 } 3364 3365 return strtab_ + index; 3366 } 3367 is_gnu_hash() const3368 bool soinfo::is_gnu_hash() const { 3369 return (flags_ & FLAG_GNU_HASH) != 0; 3370 } 3371 can_unload() const3372 bool soinfo::can_unload() const { 3373 return !is_linked() || ((get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0); 3374 } 3375 is_linked() const3376 bool soinfo::is_linked() const { 3377 return (flags_ & FLAG_LINKED) != 0; 3378 } 3379 is_main_executable() const3380 bool soinfo::is_main_executable() const { 3381 return (flags_ & FLAG_EXE) != 0; 3382 } 3383 is_linker() const3384 bool soinfo::is_linker() const { 3385 return (flags_ & FLAG_LINKER) != 0; 3386 } 3387 set_linked()3388 void soinfo::set_linked() { 3389 flags_ |= FLAG_LINKED; 3390 } 3391 set_linker_flag()3392 void soinfo::set_linker_flag() { 3393 flags_ |= FLAG_LINKER; 3394 } 3395 set_main_executable()3396 void soinfo::set_main_executable() { 3397 flags_ |= FLAG_EXE; 3398 } 3399 increment_ref_count()3400 void soinfo::increment_ref_count() { 3401 local_group_root_->ref_count_++; 3402 } 3403 decrement_ref_count()3404 size_t soinfo::decrement_ref_count() { 3405 return --local_group_root_->ref_count_; 3406 } 3407 get_local_group_root() const3408 soinfo* soinfo::get_local_group_root() const { 3409 return local_group_root_; 3410 } 3411 3412 set_mapped_by_caller(bool mapped_by_caller)3413 void soinfo::set_mapped_by_caller(bool mapped_by_caller) { 3414 if (mapped_by_caller) { 3415 flags_ |= FLAG_MAPPED_BY_CALLER; 3416 } else { 3417 flags_ &= ~FLAG_MAPPED_BY_CALLER; 3418 } 3419 } 3420 is_mapped_by_caller() const3421 bool soinfo::is_mapped_by_caller() const { 3422 return (flags_ & FLAG_MAPPED_BY_CALLER) != 0; 3423 } 3424 3425 // This function returns api-level at the time of 3426 // dlopen/load. Note that libraries opened by system 3427 // will always have 'current' api level. get_target_sdk_version() const3428 uint32_t soinfo::get_target_sdk_version() const { 3429 if (!has_min_version(2)) { 3430 return __ANDROID_API__; 3431 } 3432 3433 return local_group_root_->target_sdk_version_; 3434 } 3435 get_handle() const3436 uintptr_t soinfo::get_handle() const { 3437 CHECK(has_min_version(3)); 3438 CHECK(handle_ != 0); 3439 return handle_; 3440 } 3441 to_handle()3442 void* soinfo::to_handle() { 3443 if (get_application_target_sdk_version() <= 23 || !has_min_version(3)) { 3444 return this; 3445 } 3446 3447 return reinterpret_cast<void*>(get_handle()); 3448 } 3449 generate_handle()3450 void soinfo::generate_handle() { 3451 CHECK(has_min_version(3)); 3452 CHECK(handle_ == 0); // Make sure this is the first call 3453 3454 // Make sure the handle is unique and does not collide 3455 // with special values which are RTLD_DEFAULT and RTLD_NEXT. 3456 do { 3457 arc4random_buf(&handle_, sizeof(handle_)); 3458 // the least significant bit for the handle is always 1 3459 // making it easy to test the type of handle passed to 3460 // dl* functions. 3461 handle_ = handle_ | 1; 3462 } while (handle_ == reinterpret_cast<uintptr_t>(RTLD_DEFAULT) || 3463 handle_ == reinterpret_cast<uintptr_t>(RTLD_NEXT) || 3464 g_soinfo_handles_map.find(handle_) != g_soinfo_handles_map.end()); 3465 3466 g_soinfo_handles_map[handle_] = this; 3467 } 3468 prelink_image()3469 bool soinfo::prelink_image() { 3470 /* Extract dynamic section */ 3471 ElfW(Word) dynamic_flags = 0; 3472 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 3473 3474 /* We can't log anything until the linker is relocated */ 3475 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 3476 if (!relocating_linker) { 3477 INFO("[ Linking \"%s\" ]", get_realpath()); 3478 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 3479 } 3480 3481 if (dynamic == nullptr) { 3482 if (!relocating_linker) { 3483 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath()); 3484 } 3485 return false; 3486 } else { 3487 if (!relocating_linker) { 3488 DEBUG("dynamic = %p", dynamic); 3489 } 3490 } 3491 3492 #if defined(__arm__) 3493 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 3494 &ARM_exidx, &ARM_exidx_count); 3495 #endif 3496 3497 // Extract useful information from dynamic section. 3498 // Note that: "Except for the DT_NULL element at the end of the array, 3499 // and the relative order of DT_NEEDED elements, entries may appear in any order." 3500 // 3501 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html 3502 uint32_t needed_count = 0; 3503 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 3504 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 3505 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 3506 switch (d->d_tag) { 3507 case DT_SONAME: 3508 // this is parsed after we have strtab initialized (see below). 3509 break; 3510 3511 case DT_HASH: 3512 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 3513 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 3514 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 3515 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 3516 break; 3517 3518 case DT_GNU_HASH: 3519 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 3520 // skip symndx 3521 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 3522 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 3523 3524 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 3525 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 3526 // amend chain for symndx = header[1] 3527 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - 3528 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 3529 3530 if (!powerof2(gnu_maskwords_)) { 3531 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", 3532 gnu_maskwords_, get_realpath()); 3533 return false; 3534 } 3535 --gnu_maskwords_; 3536 3537 flags_ |= FLAG_GNU_HASH; 3538 break; 3539 3540 case DT_STRTAB: 3541 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 3542 break; 3543 3544 case DT_STRSZ: 3545 strtab_size_ = d->d_un.d_val; 3546 break; 3547 3548 case DT_SYMTAB: 3549 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 3550 break; 3551 3552 case DT_SYMENT: 3553 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 3554 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", 3555 static_cast<size_t>(d->d_un.d_val), get_realpath()); 3556 return false; 3557 } 3558 break; 3559 3560 case DT_PLTREL: 3561 #if defined(USE_RELA) 3562 if (d->d_un.d_val != DT_RELA) { 3563 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath()); 3564 return false; 3565 } 3566 #else 3567 if (d->d_un.d_val != DT_REL) { 3568 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath()); 3569 return false; 3570 } 3571 #endif 3572 break; 3573 3574 case DT_JMPREL: 3575 #if defined(USE_RELA) 3576 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 3577 #else 3578 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 3579 #endif 3580 break; 3581 3582 case DT_PLTRELSZ: 3583 #if defined(USE_RELA) 3584 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 3585 #else 3586 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 3587 #endif 3588 break; 3589 3590 case DT_PLTGOT: 3591 #if defined(__mips__) 3592 // Used by mips and mips64. 3593 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 3594 #endif 3595 // Ignore for other platforms... (because RTLD_LAZY is not supported) 3596 break; 3597 3598 case DT_DEBUG: 3599 // Set the DT_DEBUG entry to the address of _r_debug for GDB 3600 // if the dynamic table is writable 3601 // FIXME: not working currently for N64 3602 // The flags for the LOAD and DYNAMIC program headers do not agree. 3603 // The LOAD section containing the dynamic table has been mapped as 3604 // read-only, but the DYNAMIC header claims it is writable. 3605 #if !(defined(__mips__) && defined(__LP64__)) 3606 if ((dynamic_flags & PF_W) != 0) { 3607 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 3608 } 3609 #endif 3610 break; 3611 #if defined(USE_RELA) 3612 case DT_RELA: 3613 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 3614 break; 3615 3616 case DT_RELASZ: 3617 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 3618 break; 3619 3620 case DT_ANDROID_RELA: 3621 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 3622 break; 3623 3624 case DT_ANDROID_RELASZ: 3625 android_relocs_size_ = d->d_un.d_val; 3626 break; 3627 3628 case DT_ANDROID_REL: 3629 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath()); 3630 return false; 3631 3632 case DT_ANDROID_RELSZ: 3633 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath()); 3634 return false; 3635 3636 case DT_RELAENT: 3637 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 3638 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 3639 return false; 3640 } 3641 break; 3642 3643 // ignored (see DT_RELCOUNT comments for details) 3644 case DT_RELACOUNT: 3645 break; 3646 3647 case DT_REL: 3648 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath()); 3649 return false; 3650 3651 case DT_RELSZ: 3652 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath()); 3653 return false; 3654 3655 #else 3656 case DT_REL: 3657 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 3658 break; 3659 3660 case DT_RELSZ: 3661 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 3662 break; 3663 3664 case DT_RELENT: 3665 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 3666 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 3667 return false; 3668 } 3669 break; 3670 3671 case DT_ANDROID_REL: 3672 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 3673 break; 3674 3675 case DT_ANDROID_RELSZ: 3676 android_relocs_size_ = d->d_un.d_val; 3677 break; 3678 3679 case DT_ANDROID_RELA: 3680 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath()); 3681 return false; 3682 3683 case DT_ANDROID_RELASZ: 3684 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath()); 3685 return false; 3686 3687 // "Indicates that all RELATIVE relocations have been concatenated together, 3688 // and specifies the RELATIVE relocation count." 3689 // 3690 // TODO: Spec also mentions that this can be used to optimize relocation process; 3691 // Not currently used by bionic linker - ignored. 3692 case DT_RELCOUNT: 3693 break; 3694 3695 case DT_RELA: 3696 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath()); 3697 return false; 3698 3699 case DT_RELASZ: 3700 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath()); 3701 return false; 3702 3703 #endif 3704 case DT_INIT: 3705 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 3706 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); 3707 break; 3708 3709 case DT_FINI: 3710 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 3711 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); 3712 break; 3713 3714 case DT_INIT_ARRAY: 3715 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3716 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); 3717 break; 3718 3719 case DT_INIT_ARRAYSZ: 3720 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3721 break; 3722 3723 case DT_FINI_ARRAY: 3724 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3725 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); 3726 break; 3727 3728 case DT_FINI_ARRAYSZ: 3729 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3730 break; 3731 3732 case DT_PREINIT_ARRAY: 3733 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3734 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_); 3735 break; 3736 3737 case DT_PREINIT_ARRAYSZ: 3738 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3739 break; 3740 3741 case DT_TEXTREL: 3742 #if defined(__LP64__) 3743 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 3744 return false; 3745 #else 3746 has_text_relocations = true; 3747 break; 3748 #endif 3749 3750 case DT_SYMBOLIC: 3751 has_DT_SYMBOLIC = true; 3752 break; 3753 3754 case DT_NEEDED: 3755 ++needed_count; 3756 break; 3757 3758 case DT_FLAGS: 3759 if (d->d_un.d_val & DF_TEXTREL) { 3760 #if defined(__LP64__) 3761 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 3762 return false; 3763 #else 3764 has_text_relocations = true; 3765 #endif 3766 } 3767 if (d->d_un.d_val & DF_SYMBOLIC) { 3768 has_DT_SYMBOLIC = true; 3769 } 3770 break; 3771 3772 case DT_FLAGS_1: 3773 set_dt_flags_1(d->d_un.d_val); 3774 3775 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 3776 DL_WARN("%s: unsupported flags DT_FLAGS_1=%p", get_realpath(), reinterpret_cast<void*>(d->d_un.d_val)); 3777 } 3778 break; 3779 #if defined(__mips__) 3780 case DT_MIPS_RLD_MAP: 3781 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 3782 { 3783 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 3784 *dp = &_r_debug; 3785 } 3786 break; 3787 case DT_MIPS_RLD_MAP2: 3788 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 3789 { 3790 r_debug** dp = reinterpret_cast<r_debug**>( 3791 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 3792 *dp = &_r_debug; 3793 } 3794 break; 3795 3796 case DT_MIPS_RLD_VERSION: 3797 case DT_MIPS_FLAGS: 3798 case DT_MIPS_BASE_ADDRESS: 3799 case DT_MIPS_UNREFEXTNO: 3800 break; 3801 3802 case DT_MIPS_SYMTABNO: 3803 mips_symtabno_ = d->d_un.d_val; 3804 break; 3805 3806 case DT_MIPS_LOCAL_GOTNO: 3807 mips_local_gotno_ = d->d_un.d_val; 3808 break; 3809 3810 case DT_MIPS_GOTSYM: 3811 mips_gotsym_ = d->d_un.d_val; 3812 break; 3813 #endif 3814 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 3815 case DT_BIND_NOW: 3816 break; 3817 3818 case DT_VERSYM: 3819 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr); 3820 break; 3821 3822 case DT_VERDEF: 3823 verdef_ptr_ = load_bias + d->d_un.d_ptr; 3824 break; 3825 case DT_VERDEFNUM: 3826 verdef_cnt_ = d->d_un.d_val; 3827 break; 3828 3829 case DT_VERNEED: 3830 verneed_ptr_ = load_bias + d->d_un.d_ptr; 3831 break; 3832 3833 case DT_VERNEEDNUM: 3834 verneed_cnt_ = d->d_un.d_val; 3835 break; 3836 3837 case DT_RUNPATH: 3838 // this is parsed after we have strtab initialized (see below). 3839 break; 3840 3841 default: 3842 if (!relocating_linker) { 3843 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(), 3844 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 3845 } 3846 break; 3847 } 3848 } 3849 3850 #if defined(__mips__) && !defined(__LP64__) 3851 if (!mips_check_and_adjust_fp_modes()) { 3852 return false; 3853 } 3854 #endif 3855 3856 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 3857 reinterpret_cast<void*>(base), strtab_, symtab_); 3858 3859 // Sanity checks. 3860 if (relocating_linker && needed_count != 0) { 3861 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 3862 return false; 3863 } 3864 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 3865 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" " 3866 "(new hash type from the future?)", get_realpath()); 3867 return false; 3868 } 3869 if (strtab_ == 0) { 3870 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath()); 3871 return false; 3872 } 3873 if (symtab_ == 0) { 3874 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath()); 3875 return false; 3876 } 3877 3878 // second pass - parse entries relying on strtab 3879 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 3880 switch (d->d_tag) { 3881 case DT_SONAME: 3882 set_soname(get_string(d->d_un.d_val)); 3883 break; 3884 case DT_RUNPATH: 3885 set_dt_runpath(get_string(d->d_un.d_val)); 3886 break; 3887 } 3888 } 3889 3890 // Before M release linker was using basename in place of soname. 3891 // In the case when dt_soname is absent some apps stop working 3892 // because they can't find dt_needed library by soname. 3893 // This workaround should keep them working. (applies only 3894 // for apps targeting sdk version <=22). Make an exception for 3895 // the main executable and linker; they do not need to have dt_soname 3896 if (soname_ == nullptr && this != somain && (flags_ & FLAG_LINKER) == 0 && 3897 get_application_target_sdk_version() <= 22) { 3898 soname_ = basename(realpath_.c_str()); 3899 DL_WARN("%s: is missing DT_SONAME will use basename as a replacement: \"%s\"", 3900 get_realpath(), soname_); 3901 // Don't call add_dlwarning because a missing DT_SONAME isn't important enough to show in the UI 3902 } 3903 return true; 3904 } 3905 link_image(const soinfo_list_t & global_group,const soinfo_list_t & local_group,const android_dlextinfo * extinfo)3906 bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 3907 const android_dlextinfo* extinfo) { 3908 3909 local_group_root_ = local_group.front(); 3910 if (local_group_root_ == nullptr) { 3911 local_group_root_ = this; 3912 } 3913 3914 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) { 3915 target_sdk_version_ = get_application_target_sdk_version(); 3916 } 3917 3918 VersionTracker version_tracker; 3919 3920 if (!version_tracker.init(this)) { 3921 return false; 3922 } 3923 3924 #if !defined(__LP64__) 3925 if (has_text_relocations) { 3926 // Fail if app is targeting sdk version > 22 3927 if (get_application_target_sdk_version() > 22) { 3928 PRINT("%s: has text relocations", get_realpath()); 3929 DL_ERR("%s: has text relocations", get_realpath()); 3930 return false; 3931 } 3932 // Make segments writable to allow text relocations to work properly. We will later call 3933 // phdr_table_protect_segments() after all of them are applied. 3934 DL_WARN("%s has text relocations. This is wasting memory and prevents " 3935 "security hardening. Please fix.", get_realpath()); 3936 add_dlwarning(get_realpath(), "text relocations"); 3937 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 3938 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 3939 get_realpath(), strerror(errno)); 3940 return false; 3941 } 3942 } 3943 #endif 3944 3945 if (android_relocs_ != nullptr) { 3946 // check signature 3947 if (android_relocs_size_ > 3 && 3948 android_relocs_[0] == 'A' && 3949 android_relocs_[1] == 'P' && 3950 android_relocs_[2] == 'S' && 3951 android_relocs_[3] == '2') { 3952 DEBUG("[ android relocating %s ]", get_realpath()); 3953 3954 bool relocated = false; 3955 const uint8_t* packed_relocs = android_relocs_ + 4; 3956 const size_t packed_relocs_size = android_relocs_size_ - 4; 3957 3958 relocated = relocate( 3959 version_tracker, 3960 packed_reloc_iterator<sleb128_decoder>( 3961 sleb128_decoder(packed_relocs, packed_relocs_size)), 3962 global_group, local_group); 3963 3964 if (!relocated) { 3965 return false; 3966 } 3967 } else { 3968 DL_ERR("bad android relocation header."); 3969 return false; 3970 } 3971 } 3972 3973 #if defined(USE_RELA) 3974 if (rela_ != nullptr) { 3975 DEBUG("[ relocating %s ]", get_realpath()); 3976 if (!relocate(version_tracker, 3977 plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 3978 return false; 3979 } 3980 } 3981 if (plt_rela_ != nullptr) { 3982 DEBUG("[ relocating %s plt ]", get_realpath()); 3983 if (!relocate(version_tracker, 3984 plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 3985 return false; 3986 } 3987 } 3988 #else 3989 if (rel_ != nullptr) { 3990 DEBUG("[ relocating %s ]", get_realpath()); 3991 if (!relocate(version_tracker, 3992 plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 3993 return false; 3994 } 3995 } 3996 if (plt_rel_ != nullptr) { 3997 DEBUG("[ relocating %s plt ]", get_realpath()); 3998 if (!relocate(version_tracker, 3999 plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 4000 return false; 4001 } 4002 } 4003 #endif 4004 4005 #if defined(__mips__) 4006 if (!mips_relocate_got(version_tracker, global_group, local_group)) { 4007 return false; 4008 } 4009 #endif 4010 4011 DEBUG("[ finished linking %s ]", get_realpath()); 4012 4013 #if !defined(__LP64__) 4014 if (has_text_relocations) { 4015 // All relocations are done, we can protect our segments back to read-only. 4016 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 4017 DL_ERR("can't protect segments for \"%s\": %s", 4018 get_realpath(), strerror(errno)); 4019 return false; 4020 } 4021 } 4022 #endif 4023 4024 // We can also turn on GNU RELRO protection if we're not linking the dynamic linker 4025 // itself --- it can't make system calls yet, and will have to call protect_relro later. 4026 if (!is_linker() && !protect_relro()) { 4027 return false; 4028 } 4029 4030 /* Handle serializing/sharing the RELRO segment */ 4031 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 4032 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 4033 extinfo->relro_fd) < 0) { 4034 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 4035 get_realpath(), strerror(errno)); 4036 return false; 4037 } 4038 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 4039 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 4040 extinfo->relro_fd) < 0) { 4041 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 4042 get_realpath(), strerror(errno)); 4043 return false; 4044 } 4045 } 4046 4047 notify_gdb_of_load(this); 4048 return true; 4049 } 4050 protect_relro()4051 bool soinfo::protect_relro() { 4052 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 4053 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 4054 get_realpath(), strerror(errno)); 4055 return false; 4056 } 4057 return true; 4058 } 4059 4060 /* 4061 * This function add vdso to internal dso list. 4062 * It helps to stack unwinding through signal handlers. 4063 * Also, it makes bionic more like glibc. 4064 */ add_vdso(KernelArgumentBlock & args __unused)4065 static void add_vdso(KernelArgumentBlock& args __unused) { 4066 #if defined(AT_SYSINFO_EHDR) 4067 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 4068 if (ehdr_vdso == nullptr) { 4069 return; 4070 } 4071 4072 soinfo* si = soinfo_alloc(&g_default_namespace, "[vdso]", nullptr, 0, 0); 4073 4074 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 4075 si->phnum = ehdr_vdso->e_phnum; 4076 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 4077 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 4078 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 4079 4080 si->prelink_image(); 4081 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 4082 #endif 4083 } 4084 4085 /* gdb expects the linker to be in the debug shared object list. 4086 * Without this, gdb has trouble locating the linker's ".text" 4087 * and ".plt" sections. Gdb could also potentially use this to 4088 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 4089 * Note that the linker shouldn't be on the soinfo list. 4090 */ init_linker_info_for_gdb(ElfW (Addr)linker_base)4091 static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 4092 static link_map linker_link_map_for_gdb; 4093 #if defined(__LP64__) 4094 static char kLinkerPath[] = "/system/bin/linker64"; 4095 #else 4096 static char kLinkerPath[] = "/system/bin/linker"; 4097 #endif 4098 4099 linker_link_map_for_gdb.l_addr = linker_base; 4100 linker_link_map_for_gdb.l_name = kLinkerPath; 4101 4102 /* 4103 * Set the dynamic field in the link map otherwise gdb will complain with 4104 * the following: 4105 * warning: .dynamic section for "/system/bin/linker" is not at the 4106 * expected address (wrong library or version mismatch?) 4107 */ 4108 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 4109 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 4110 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 4111 &linker_link_map_for_gdb.l_ld, nullptr); 4112 4113 insert_link_map_into_debug_map(&linker_link_map_for_gdb); 4114 } 4115 init_default_namespace()4116 static void init_default_namespace() { 4117 g_default_namespace.set_name("(default)"); 4118 g_default_namespace.set_isolated(false); 4119 4120 const char *interp = phdr_table_get_interpreter_name(somain->phdr, somain->phnum, 4121 somain->load_bias); 4122 const char* bname = basename(interp); 4123 if (bname && (strcmp(bname, "linker_asan") == 0 || strcmp(bname, "linker_asan64") == 0)) { 4124 g_default_ld_paths = kAsanDefaultLdPaths; 4125 } else { 4126 g_default_ld_paths = kDefaultLdPaths; 4127 } 4128 4129 std::vector<std::string> ld_default_paths; 4130 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 4131 ld_default_paths.push_back(g_default_ld_paths[i]); 4132 } 4133 4134 g_default_namespace.set_default_library_paths(std::move(ld_default_paths)); 4135 }; 4136 4137 extern "C" int __system_properties_init(void); 4138 get_executable_path()4139 static const char* get_executable_path() { 4140 static std::string executable_path; 4141 if (executable_path.empty()) { 4142 char path[PATH_MAX]; 4143 ssize_t path_len = readlink("/proc/self/exe", path, sizeof(path)); 4144 if (path_len == -1 || path_len >= static_cast<ssize_t>(sizeof(path))) { 4145 __libc_fatal("readlink('/proc/self/exe') failed: %s", strerror(errno)); 4146 } 4147 executable_path = std::string(path, path_len); 4148 } 4149 4150 return executable_path.c_str(); 4151 } 4152 4153 /* 4154 * This code is called after the linker has linked itself and 4155 * fixed it's own GOT. It is safe to make references to externs 4156 * and other non-local data at this point. 4157 */ __linker_init_post_relocation(KernelArgumentBlock & args,ElfW (Addr)linker_base)4158 static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 4159 #if TIMING 4160 struct timeval t0, t1; 4161 gettimeofday(&t0, 0); 4162 #endif 4163 4164 // Sanitize the environment. 4165 __libc_init_AT_SECURE(args); 4166 4167 // Initialize system properties 4168 __system_properties_init(); // may use 'environ' 4169 4170 debuggerd_init(); 4171 4172 // Get a few environment variables. 4173 const char* LD_DEBUG = getenv("LD_DEBUG"); 4174 if (LD_DEBUG != nullptr) { 4175 g_ld_debug_verbosity = atoi(LD_DEBUG); 4176 } 4177 4178 #if defined(__LP64__) 4179 INFO("[ Android dynamic linker (64-bit) ]"); 4180 #else 4181 INFO("[ Android dynamic linker (32-bit) ]"); 4182 #endif 4183 4184 // These should have been sanitized by __libc_init_AT_SECURE, but the test 4185 // doesn't cost us anything. 4186 const char* ldpath_env = nullptr; 4187 const char* ldpreload_env = nullptr; 4188 if (!getauxval(AT_SECURE)) { 4189 ldpath_env = getenv("LD_LIBRARY_PATH"); 4190 if (ldpath_env != nullptr) { 4191 INFO("[ LD_LIBRARY_PATH set to \"%s\" ]", ldpath_env); 4192 } 4193 ldpreload_env = getenv("LD_PRELOAD"); 4194 if (ldpreload_env != nullptr) { 4195 INFO("[ LD_PRELOAD set to \"%s\" ]", ldpreload_env); 4196 } 4197 } 4198 4199 const char* executable_path = get_executable_path(); 4200 struct stat file_stat; 4201 if (TEMP_FAILURE_RETRY(stat(executable_path, &file_stat)) != 0) { 4202 __libc_fatal("unable to stat file for the executable \"%s\": %s", executable_path, strerror(errno)); 4203 } 4204 4205 soinfo* si = soinfo_alloc(&g_default_namespace, executable_path, &file_stat, 0, RTLD_GLOBAL); 4206 if (si == nullptr) { 4207 __libc_fatal("Couldn't allocate soinfo: out of memory?"); 4208 } 4209 4210 /* bootstrap the link map, the main exe always needs to be first */ 4211 si->set_main_executable(); 4212 link_map* map = &(si->link_map_head); 4213 4214 // Register the main executable and the linker upfront to have 4215 // gdb aware of them before loading the rest of the dependency 4216 // tree. 4217 map->l_addr = 0; 4218 map->l_name = const_cast<char*>(executable_path); 4219 insert_link_map_into_debug_map(map); 4220 init_linker_info_for_gdb(linker_base); 4221 4222 // Extract information passed from the kernel. 4223 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 4224 si->phnum = args.getauxval(AT_PHNUM); 4225 si->entry = args.getauxval(AT_ENTRY); 4226 4227 /* Compute the value of si->base. We can't rely on the fact that 4228 * the first entry is the PHDR because this will not be true 4229 * for certain executables (e.g. some in the NDK unit test suite) 4230 */ 4231 si->base = 0; 4232 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 4233 si->load_bias = 0; 4234 for (size_t i = 0; i < si->phnum; ++i) { 4235 if (si->phdr[i].p_type == PT_PHDR) { 4236 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 4237 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 4238 break; 4239 } 4240 } 4241 si->dynamic = nullptr; 4242 4243 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 4244 if (elf_hdr->e_type != ET_DYN) { 4245 __libc_fatal("\"%s\": error: only position independent executables (PIE) are supported.", 4246 args.argv[0]); 4247 } 4248 4249 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 4250 parse_LD_LIBRARY_PATH(ldpath_env); 4251 parse_LD_PRELOAD(ldpreload_env); 4252 4253 somain = si; 4254 4255 init_default_namespace(); 4256 4257 if (!si->prelink_image()) { 4258 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4259 } 4260 4261 // add somain to global group 4262 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 4263 4264 // Load ld_preloads and dependencies. 4265 StringLinkedList needed_library_name_list; 4266 size_t needed_libraries_count = 0; 4267 size_t ld_preloads_count = 0; 4268 4269 for (const auto& ld_preload_name : g_ld_preload_names) { 4270 needed_library_name_list.push_back(ld_preload_name.c_str()); 4271 ++needed_libraries_count; 4272 ++ld_preloads_count; 4273 } 4274 4275 for_each_dt_needed(si, [&](const char* name) { 4276 needed_library_name_list.push_back(name); 4277 ++needed_libraries_count; 4278 }); 4279 4280 const char* needed_library_names[needed_libraries_count]; 4281 4282 memset(needed_library_names, 0, sizeof(needed_library_names)); 4283 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 4284 4285 if (needed_libraries_count > 0 && 4286 !find_libraries(&g_default_namespace, si, needed_library_names, needed_libraries_count, 4287 nullptr, &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr, 4288 /* add_as_children */ true)) { 4289 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4290 } else if (needed_libraries_count == 0) { 4291 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 4292 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4293 } 4294 si->increment_ref_count(); 4295 } 4296 4297 add_vdso(args); 4298 4299 { 4300 ProtectedDataGuard guard; 4301 4302 si->call_pre_init_constructors(); 4303 4304 /* After the prelink_image, the si->load_bias is initialized. 4305 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 4306 * We need to update this value for so exe here. So Unwind_Backtrace 4307 * for some arch like x86 could work correctly within so exe. 4308 */ 4309 map->l_addr = si->load_bias; 4310 si->call_constructors(); 4311 } 4312 4313 #if TIMING 4314 gettimeofday(&t1, nullptr); 4315 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 4316 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 4317 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 4318 #endif 4319 #if STATS 4320 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 4321 linker_stats.count[kRelocAbsolute], 4322 linker_stats.count[kRelocRelative], 4323 linker_stats.count[kRelocCopy], 4324 linker_stats.count[kRelocSymbol]); 4325 #endif 4326 #if COUNT_PAGES 4327 { 4328 unsigned n; 4329 unsigned i; 4330 unsigned count = 0; 4331 for (n = 0; n < 4096; n++) { 4332 if (bitmask[n]) { 4333 unsigned x = bitmask[n]; 4334 #if defined(__LP64__) 4335 for (i = 0; i < 32; i++) { 4336 #else 4337 for (i = 0; i < 8; i++) { 4338 #endif 4339 if (x & 1) { 4340 count++; 4341 } 4342 x >>= 1; 4343 } 4344 } 4345 } 4346 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 4347 } 4348 #endif 4349 4350 #if TIMING || STATS || COUNT_PAGES 4351 fflush(stdout); 4352 #endif 4353 4354 TRACE("[ Ready to execute \"%s\" @ %p ]", si->get_realpath(), reinterpret_cast<void*>(si->entry)); 4355 return si->entry; 4356 } 4357 4358 /* Compute the load-bias of an existing executable. This shall only 4359 * be used to compute the load bias of an executable or shared library 4360 * that was loaded by the kernel itself. 4361 * 4362 * Input: 4363 * elf -> address of ELF header, assumed to be at the start of the file. 4364 * Return: 4365 * load bias, i.e. add the value of any p_vaddr in the file to get 4366 * the corresponding address in memory. 4367 */ 4368 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 4369 ElfW(Addr) offset = elf->e_phoff; 4370 const ElfW(Phdr)* phdr_table = 4371 reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 4372 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 4373 4374 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 4375 if (phdr->p_type == PT_LOAD) { 4376 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 4377 } 4378 } 4379 return 0; 4380 } 4381 4382 static void __linker_cannot_link(KernelArgumentBlock& args) { 4383 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4384 } 4385 4386 /* 4387 * This is the entry point for the linker, called from begin.S. This 4388 * method is responsible for fixing the linker's own relocations, and 4389 * then calling __linker_init_post_relocation(). 4390 * 4391 * Because this method is called before the linker has fixed it's own 4392 * relocations, any attempt to reference an extern variable, extern 4393 * function, or other GOT reference will generate a segfault. 4394 */ 4395 extern "C" ElfW(Addr) __linker_init(void* raw_args) { 4396 KernelArgumentBlock args(raw_args); 4397 4398 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 4399 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 4400 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 4401 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 4402 4403 soinfo linker_so(nullptr, nullptr, nullptr, 0, 0); 4404 4405 // If the linker is not acting as PT_INTERP entry_point is equal to 4406 // _start. Which means that the linker is running as an executable and 4407 // already linked by PT_INTERP. 4408 // 4409 // This happens when user tries to run 'adb shell /system/bin/linker' 4410 // see also https://code.google.com/p/android/issues/detail?id=63174 4411 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 4412 __libc_format_fd(STDOUT_FILENO, 4413 "This is %s, the helper program for shared library executables.\n", 4414 args.argv[0]); 4415 exit(0); 4416 } 4417 4418 linker_so.base = linker_addr; 4419 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 4420 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 4421 linker_so.dynamic = nullptr; 4422 linker_so.phdr = phdr; 4423 linker_so.phnum = elf_hdr->e_phnum; 4424 linker_so.set_linker_flag(); 4425 4426 // Prelink the linker so we can access linker globals. 4427 if (!linker_so.prelink_image()) __linker_cannot_link(args); 4428 4429 // This might not be obvious... The reasons why we pass g_empty_list 4430 // in place of local_group here are (1) we do not really need it, because 4431 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 4432 // itself without having to look into local_group and (2) allocators 4433 // are not yet initialized, and therefore we cannot use linked_list.push_* 4434 // functions at this point. 4435 if (!linker_so.link_image(g_empty_list, g_empty_list, nullptr)) __linker_cannot_link(args); 4436 4437 #if defined(__i386__) 4438 // On x86, we can't make system calls before this point. 4439 // We can't move this up because this needs to assign to a global. 4440 // Note that until we call __libc_init_main_thread below we have 4441 // no TLS, so you shouldn't make a system call that can fail, because 4442 // it will SEGV when it tries to set errno. 4443 __libc_init_sysinfo(args); 4444 #endif 4445 4446 // Initialize the main thread (including TLS, so system calls really work). 4447 __libc_init_main_thread(args); 4448 4449 // We didn't protect the linker's RELRO pages in link_image because we 4450 // couldn't make system calls on x86 at that point, but we can now... 4451 if (!linker_so.protect_relro()) __linker_cannot_link(args); 4452 4453 // Initialize the linker's static libc's globals 4454 __libc_init_globals(args); 4455 4456 // Initialize the linker's own global variables 4457 linker_so.call_constructors(); 4458 4459 // Initialize static variables. Note that in order to 4460 // get correct libdl_info we need to call constructors 4461 // before get_libdl_info(). 4462 solist = get_libdl_info(); 4463 sonext = get_libdl_info(); 4464 g_default_namespace.add_soinfo(get_libdl_info()); 4465 4466 // We have successfully fixed our own relocations. It's safe to run 4467 // the main part of the linker now. 4468 args.abort_message_ptr = &g_abort_message; 4469 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 4470 4471 INFO("[ Jumping to _start (%p)... ]", reinterpret_cast<void*>(start_address)); 4472 4473 // Return the address that the calling assembly stub should jump to. 4474 return start_address; 4475 } 4476