1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <android/api-level.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <inttypes.h>
33 #include <pthread.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/mman.h>
38 #include <sys/param.h>
39 #include <unistd.h>
40
41 #include <new>
42 #include <string>
43 #include <unordered_map>
44 #include <vector>
45
46 // Private C library headers.
47 #include "private/bionic_globals.h"
48 #include "private/bionic_tls.h"
49 #include "private/KernelArgumentBlock.h"
50 #include "private/ScopedPthreadMutexLocker.h"
51 #include "private/ScopeGuard.h"
52
53 #include "linker.h"
54 #include "linker_block_allocator.h"
55 #include "linker_gdb_support.h"
56 #include "linker_debug.h"
57 #include "linker_dlwarning.h"
58 #include "linker_sleb128.h"
59 #include "linker_phdr.h"
60 #include "linker_relocs.h"
61 #include "linker_reloc_iterators.h"
62 #include "linker_utils.h"
63
64 #include "android-base/strings.h"
65 #include "ziparchive/zip_archive.h"
66
67 extern void __libc_init_globals(KernelArgumentBlock&);
68 extern void __libc_init_AT_SECURE(KernelArgumentBlock&);
69
70 extern "C" void _start();
71
72 // Override macros to use C++ style casts.
73 #undef ELF_ST_TYPE
74 #define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf)
75
76 struct android_namespace_t {
77 public:
android_namespace_tandroid_namespace_t78 android_namespace_t() : name_(nullptr), is_isolated_(false) {}
79
get_nameandroid_namespace_t80 const char* get_name() const { return name_; }
set_nameandroid_namespace_t81 void set_name(const char* name) { name_ = name; }
82
is_isolatedandroid_namespace_t83 bool is_isolated() const { return is_isolated_; }
set_isolatedandroid_namespace_t84 void set_isolated(bool isolated) { is_isolated_ = isolated; }
85
get_ld_library_pathsandroid_namespace_t86 const std::vector<std::string>& get_ld_library_paths() const {
87 return ld_library_paths_;
88 }
set_ld_library_pathsandroid_namespace_t89 void set_ld_library_paths(std::vector<std::string>&& library_paths) {
90 ld_library_paths_ = library_paths;
91 }
92
get_default_library_pathsandroid_namespace_t93 const std::vector<std::string>& get_default_library_paths() const {
94 return default_library_paths_;
95 }
set_default_library_pathsandroid_namespace_t96 void set_default_library_paths(std::vector<std::string>&& library_paths) {
97 default_library_paths_ = library_paths;
98 }
99
get_permitted_pathsandroid_namespace_t100 const std::vector<std::string>& get_permitted_paths() const {
101 return permitted_paths_;
102 }
set_permitted_pathsandroid_namespace_t103 void set_permitted_paths(std::vector<std::string>&& permitted_paths) {
104 permitted_paths_ = permitted_paths;
105 }
106
add_soinfoandroid_namespace_t107 void add_soinfo(soinfo* si) {
108 soinfo_list_.push_back(si);
109 }
110
add_soinfosandroid_namespace_t111 void add_soinfos(const soinfo::soinfo_list_t& soinfos) {
112 for (auto si : soinfos) {
113 add_soinfo(si);
114 si->add_secondary_namespace(this);
115 }
116 }
117
remove_soinfoandroid_namespace_t118 void remove_soinfo(soinfo* si) {
119 soinfo_list_.remove_if([&](soinfo* candidate) {
120 return si == candidate;
121 });
122 }
123
soinfo_listandroid_namespace_t124 const soinfo::soinfo_list_t& soinfo_list() const { return soinfo_list_; }
125
126 // For isolated namespaces - checks if the file is on the search path;
127 // always returns true for not isolated namespace.
128 bool is_accessible(const std::string& path);
129
130 private:
131 const char* name_;
132 bool is_isolated_;
133 std::vector<std::string> ld_library_paths_;
134 std::vector<std::string> default_library_paths_;
135 std::vector<std::string> permitted_paths_;
136 soinfo::soinfo_list_t soinfo_list_;
137
138 DISALLOW_COPY_AND_ASSIGN(android_namespace_t);
139 };
140
141 android_namespace_t g_default_namespace;
142
143 static std::unordered_map<uintptr_t, soinfo*> g_soinfo_handles_map;
144 static android_namespace_t* g_anonymous_namespace = &g_default_namespace;
145
146 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf);
147
148 static LinkerTypeAllocator<soinfo> g_soinfo_allocator;
149 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator;
150
151 static LinkerTypeAllocator<android_namespace_t> g_namespace_allocator;
152 static LinkerTypeAllocator<LinkedListEntry<android_namespace_t>> g_namespace_list_allocator;
153
154 static soinfo* solist;
155 static soinfo* sonext;
156 static soinfo* somain; // main process, always the one after libdl_info
157
158 #if defined(__LP64__)
159 static const char* const kSystemLibDir = "/system/lib64";
160 static const char* const kVendorLibDir = "/vendor/lib64";
161 static const char* const kAsanSystemLibDir = "/data/lib64";
162 static const char* const kAsanVendorLibDir = "/data/vendor/lib64";
163 #else
164 static const char* const kSystemLibDir = "/system/lib";
165 static const char* const kVendorLibDir = "/vendor/lib";
166 static const char* const kAsanSystemLibDir = "/data/lib";
167 static const char* const kAsanVendorLibDir = "/data/vendor/lib";
168 #endif
169
170 static const char* const kDefaultLdPaths[] = {
171 kSystemLibDir,
172 kVendorLibDir,
173 nullptr
174 };
175
176 static const char* const kAsanDefaultLdPaths[] = {
177 kAsanSystemLibDir,
178 kSystemLibDir,
179 kAsanVendorLibDir,
180 kVendorLibDir,
181 nullptr
182 };
183
184 // Is ASAN enabled?
185 static bool g_is_asan = false;
186
is_system_library(const std::string & realpath)187 static bool is_system_library(const std::string& realpath) {
188 for (const auto& dir : g_default_namespace.get_default_library_paths()) {
189 if (file_is_in_dir(realpath, dir)) {
190 return true;
191 }
192 }
193 return false;
194 }
195
196 // Checks if the file exists and not a directory.
file_exists(const char * path)197 static bool file_exists(const char* path) {
198 int fd = TEMP_FAILURE_RETRY(open(path, O_RDONLY | O_CLOEXEC));
199 if (fd == -1) {
200 return false;
201 } else {
202 close(fd);
203 return true;
204 }
205 }
206 static std::string dirname(const char *path);
207
208 // TODO(dimitry): The grey-list is a workaround for http://b/26394120 ---
209 // gradually remove libraries from this list until it is gone.
is_greylisted(const char * name,const soinfo * needed_by)210 static bool is_greylisted(const char* name, const soinfo* needed_by) {
211 static const char* const kLibraryGreyList[] = {
212 "libandroid_runtime.so",
213 "libbinder.so",
214 "libcrypto.so",
215 "libcutils.so",
216 "libexpat.so",
217 "libgui.so",
218 "libmedia.so",
219 "libnativehelper.so",
220 "libskia.so",
221 "libssl.so",
222 "libstagefright.so",
223 "libsqlite.so",
224 "libui.so",
225 "libutils.so",
226 "libvorbisidec.so",
227 nullptr
228 };
229
230 // limit greylisting to apps targeting sdk version 23 and below
231 if (get_application_target_sdk_version() > 23) {
232 return false;
233 }
234
235 // if the library needed by a system library - implicitly assume it
236 // is greylisted
237
238 if (needed_by != nullptr && is_system_library(needed_by->get_realpath())) {
239 return true;
240 }
241
242 // if this is an absolute path - make sure it points to /system/lib(64)
243 if (name[0] == '/' && dirname(name) == kSystemLibDir) {
244 // and reduce the path to basename
245 name = basename(name);
246 }
247
248 for (size_t i = 0; kLibraryGreyList[i] != nullptr; ++i) {
249 if (strcmp(name, kLibraryGreyList[i]) == 0) {
250 return true;
251 }
252 }
253
254 return false;
255 }
256 // END OF WORKAROUND
257
258 static const ElfW(Versym) kVersymNotNeeded = 0;
259 static const ElfW(Versym) kVersymGlobal = 1;
260
261 static const char* const* g_default_ld_paths;
262 static std::vector<std::string> g_ld_preload_names;
263
264 static std::vector<soinfo*> g_ld_preloads;
265
266 static bool g_public_namespace_initialized;
267 static soinfo::soinfo_list_t g_public_namespace;
268
269 __LIBC_HIDDEN__ int g_ld_debug_verbosity;
270
271 __LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd.
272
dirname(const char * path)273 static std::string dirname(const char *path) {
274 const char* last_slash = strrchr(path, '/');
275 if (last_slash == path) return "/";
276 else if (last_slash == nullptr) return ".";
277 else
278 return std::string(path, last_slash - path);
279 }
280
281 #if STATS
282 struct linker_stats_t {
283 int count[kRelocMax];
284 };
285
286 static linker_stats_t linker_stats;
287
count_relocation(RelocationKind kind)288 void count_relocation(RelocationKind kind) {
289 ++linker_stats.count[kind];
290 }
291 #else
count_relocation(RelocationKind)292 void count_relocation(RelocationKind) {
293 }
294 #endif
295
296 #if COUNT_PAGES
297 uint32_t bitmask[4096];
298 #endif
299
300 static char __linker_dl_err_buf[768];
301
linker_get_error_buffer()302 char* linker_get_error_buffer() {
303 return &__linker_dl_err_buf[0];
304 }
305
linker_get_error_buffer_size()306 size_t linker_get_error_buffer_size() {
307 return sizeof(__linker_dl_err_buf);
308 }
309
notify_gdb_of_load(soinfo * info)310 static void notify_gdb_of_load(soinfo* info) {
311 if (info->is_linker() || info->is_main_executable()) {
312 // gdb already knows about the linker and the main executable.
313 return;
314 }
315
316 link_map* map = &(info->link_map_head);
317
318 map->l_addr = info->load_bias;
319 // link_map l_name field is not const.
320 map->l_name = const_cast<char*>(info->get_realpath());
321 map->l_ld = info->dynamic;
322
323 CHECK(map->l_name != nullptr);
324 CHECK(map->l_name[0] != '\0');
325
326 notify_gdb_of_load(map);
327 }
328
notify_gdb_of_unload(soinfo * info)329 static void notify_gdb_of_unload(soinfo* info) {
330 notify_gdb_of_unload(&(info->link_map_head));
331 }
332
is_accessible(const std::string & file)333 bool android_namespace_t::is_accessible(const std::string& file) {
334 if (!is_isolated_) {
335 return true;
336 }
337
338 for (const auto& dir : ld_library_paths_) {
339 if (file_is_in_dir(file, dir)) {
340 return true;
341 }
342 }
343
344 for (const auto& dir : default_library_paths_) {
345 if (file_is_in_dir(file, dir)) {
346 return true;
347 }
348 }
349
350 for (const auto& dir : permitted_paths_) {
351 if (file_is_under_dir(file, dir)) {
352 return true;
353 }
354 }
355
356 return false;
357 }
358
alloc()359 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() {
360 return g_soinfo_links_allocator.alloc();
361 }
362
free(LinkedListEntry<soinfo> * entry)363 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) {
364 g_soinfo_links_allocator.free(entry);
365 }
366
alloc()367 LinkedListEntry<android_namespace_t>* NamespaceListAllocator::alloc() {
368 return g_namespace_list_allocator.alloc();
369 }
370
free(LinkedListEntry<android_namespace_t> * entry)371 void NamespaceListAllocator::free(LinkedListEntry<android_namespace_t>* entry) {
372 g_namespace_list_allocator.free(entry);
373 }
374
soinfo_alloc(android_namespace_t * ns,const char * name,struct stat * file_stat,off64_t file_offset,uint32_t rtld_flags)375 static soinfo* soinfo_alloc(android_namespace_t* ns, const char* name,
376 struct stat* file_stat, off64_t file_offset,
377 uint32_t rtld_flags) {
378 if (strlen(name) >= PATH_MAX) {
379 DL_ERR("library name \"%s\" too long", name);
380 return nullptr;
381 }
382
383 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(ns, name, file_stat,
384 file_offset, rtld_flags);
385
386 sonext->next = si;
387 sonext = si;
388
389 si->generate_handle();
390 ns->add_soinfo(si);
391
392 TRACE("name %s: allocated soinfo @ %p", name, si);
393 return si;
394 }
395
soinfo_free(soinfo * si)396 static void soinfo_free(soinfo* si) {
397 if (si == nullptr) {
398 return;
399 }
400
401 if (si->base != 0 && si->size != 0) {
402 if (!si->is_mapped_by_caller()) {
403 munmap(reinterpret_cast<void*>(si->base), si->size);
404 } else {
405 // remap the region as PROT_NONE, MAP_ANONYMOUS | MAP_NORESERVE
406 mmap(reinterpret_cast<void*>(si->base), si->size, PROT_NONE,
407 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
408 }
409 }
410
411 soinfo *prev = nullptr, *trav;
412
413 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si);
414
415 for (trav = solist; trav != nullptr; trav = trav->next) {
416 if (trav == si) {
417 break;
418 }
419 prev = trav;
420 }
421
422 if (trav == nullptr) {
423 // si was not in solist
424 DL_ERR("name \"%s\"@%p is not in solist!", si->get_realpath(), si);
425 return;
426 }
427
428 // clear links to/from si
429 si->remove_all_links();
430
431 // prev will never be null, because the first entry in solist is
432 // always the static libdl_info.
433 prev->next = si->next;
434 if (si == sonext) {
435 sonext = prev;
436 }
437
438 si->~soinfo();
439 g_soinfo_allocator.free(si);
440 }
441
442 // For every path element this function checks of it exists, and is a directory,
443 // and normalizes it:
444 // 1. For regular path it converts it to realpath()
445 // 2. For path in a zip file it uses realpath on the zipfile
446 // normalizes entry name by calling normalize_path function.
resolve_paths(std::vector<std::string> & paths,std::vector<std::string> * resolved_paths)447 static void resolve_paths(std::vector<std::string>& paths,
448 std::vector<std::string>* resolved_paths) {
449 resolved_paths->clear();
450 for (const auto& path : paths) {
451 char resolved_path[PATH_MAX];
452 const char* original_path = path.c_str();
453 if (realpath(original_path, resolved_path) != nullptr) {
454 struct stat s;
455 if (stat(resolved_path, &s) == 0) {
456 if (S_ISDIR(s.st_mode)) {
457 resolved_paths->push_back(resolved_path);
458 } else {
459 DL_WARN("Warning: \"%s\" is not a directory (excluding from path)", resolved_path);
460 continue;
461 }
462 } else {
463 DL_WARN("Warning: cannot stat file \"%s\": %s", resolved_path, strerror(errno));
464 continue;
465 }
466 } else {
467 std::string zip_path;
468 std::string entry_path;
469
470 std::string normalized_path;
471
472 if (!normalize_path(original_path, &normalized_path)) {
473 DL_WARN("Warning: unable to normalize \"%s\"", original_path);
474 continue;
475 }
476
477 if (parse_zip_path(normalized_path.c_str(), &zip_path, &entry_path)) {
478 if (realpath(zip_path.c_str(), resolved_path) == nullptr) {
479 DL_WARN("Warning: unable to resolve \"%s\": %s", zip_path.c_str(), strerror(errno));
480 continue;
481 }
482
483 resolved_paths->push_back(std::string(resolved_path) + kZipFileSeparator + entry_path);
484 }
485 }
486 }
487 }
488
split_path(const char * path,const char * delimiters,std::vector<std::string> * paths)489 static void split_path(const char* path, const char* delimiters,
490 std::vector<std::string>* paths) {
491 if (path != nullptr && path[0] != 0) {
492 *paths = android::base::Split(path, delimiters);
493 }
494 }
495
parse_path(const char * path,const char * delimiters,std::vector<std::string> * resolved_paths)496 static void parse_path(const char* path, const char* delimiters,
497 std::vector<std::string>* resolved_paths) {
498 std::vector<std::string> paths;
499 split_path(path, delimiters, &paths);
500 resolve_paths(paths, resolved_paths);
501 }
502
parse_LD_LIBRARY_PATH(const char * path)503 static void parse_LD_LIBRARY_PATH(const char* path) {
504 std::vector<std::string> ld_libary_paths;
505 parse_path(path, ":", &ld_libary_paths);
506 g_default_namespace.set_ld_library_paths(std::move(ld_libary_paths));
507 }
508
set_dt_runpath(const char * path)509 void soinfo::set_dt_runpath(const char* path) {
510 if (!has_min_version(3)) {
511 return;
512 }
513
514 std::vector<std::string> runpaths;
515
516 split_path(path, ":", &runpaths);
517
518 std::string origin = dirname(get_realpath());
519 // FIXME: add $LIB and $PLATFORM.
520 std::pair<std::string, std::string> substs[] = {{"ORIGIN", origin}};
521 for (auto&& s : runpaths) {
522 size_t pos = 0;
523 while (pos < s.size()) {
524 pos = s.find("$", pos);
525 if (pos == std::string::npos) break;
526 for (const auto& subst : substs) {
527 const std::string& token = subst.first;
528 const std::string& replacement = subst.second;
529 if (s.substr(pos + 1, token.size()) == token) {
530 s.replace(pos, token.size() + 1, replacement);
531 // -1 to compensate for the ++pos below.
532 pos += replacement.size() - 1;
533 break;
534 } else if (s.substr(pos + 1, token.size() + 2) == "{" + token + "}") {
535 s.replace(pos, token.size() + 3, replacement);
536 pos += replacement.size() - 1;
537 break;
538 }
539 }
540 // Skip $ in case it did not match any of the known substitutions.
541 ++pos;
542 }
543 }
544
545 resolve_paths(runpaths, &dt_runpath_);
546 }
547
parse_LD_PRELOAD(const char * path)548 static void parse_LD_PRELOAD(const char* path) {
549 g_ld_preload_names.clear();
550 if (path != nullptr) {
551 // We have historically supported ':' as well as ' ' in LD_PRELOAD.
552 g_ld_preload_names = android::base::Split(path, " :");
553 std::remove_if(g_ld_preload_names.begin(),
554 g_ld_preload_names.end(),
555 [] (const std::string& s) { return s.empty(); });
556 }
557 }
558
realpath_fd(int fd,std::string * realpath)559 static bool realpath_fd(int fd, std::string* realpath) {
560 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX);
561 __libc_format_buffer(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd);
562 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) {
563 PRINT("readlink(\"%s\") failed: %s [fd=%d]", &proc_self_fd[0], strerror(errno), fd);
564 return false;
565 }
566
567 *realpath = &buf[0];
568 return true;
569 }
570
571 #if defined(__arm__)
572
573 // For a given PC, find the .so that it belongs to.
574 // Returns the base address of the .ARM.exidx section
575 // for that .so, and the number of 8-byte entries
576 // in that section (via *pcount).
577 //
578 // Intended to be called by libc's __gnu_Unwind_Find_exidx().
579 //
580 // This function is exposed via dlfcn.cpp and libdl.so.
dl_unwind_find_exidx(_Unwind_Ptr pc,int * pcount)581 _Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) {
582 uintptr_t addr = reinterpret_cast<uintptr_t>(pc);
583
584 for (soinfo* si = solist; si != 0; si = si->next) {
585 if ((addr >= si->base) && (addr < (si->base + si->size))) {
586 *pcount = si->ARM_exidx_count;
587 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx);
588 }
589 }
590 *pcount = 0;
591 return nullptr;
592 }
593
594 #endif
595
596 // Here, we only have to provide a callback to iterate across all the
597 // loaded libraries. gcc_eh does the rest.
do_dl_iterate_phdr(int (* cb)(dl_phdr_info * info,size_t size,void * data),void * data)598 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) {
599 int rv = 0;
600 for (soinfo* si = solist; si != nullptr; si = si->next) {
601 dl_phdr_info dl_info;
602 dl_info.dlpi_addr = si->link_map_head.l_addr;
603 dl_info.dlpi_name = si->link_map_head.l_name;
604 dl_info.dlpi_phdr = si->phdr;
605 dl_info.dlpi_phnum = si->phnum;
606 rv = cb(&dl_info, sizeof(dl_phdr_info), data);
607 if (rv != 0) {
608 break;
609 }
610 }
611 return rv;
612 }
613
ElfW(Versym)614 const ElfW(Versym)* soinfo::get_versym(size_t n) const {
615 if (has_min_version(2) && versym_ != nullptr) {
616 return versym_ + n;
617 }
618
619 return nullptr;
620 }
621
ElfW(Addr)622 ElfW(Addr) soinfo::get_verneed_ptr() const {
623 if (has_min_version(2)) {
624 return verneed_ptr_;
625 }
626
627 return 0;
628 }
629
get_verneed_cnt() const630 size_t soinfo::get_verneed_cnt() const {
631 if (has_min_version(2)) {
632 return verneed_cnt_;
633 }
634
635 return 0;
636 }
637
ElfW(Addr)638 ElfW(Addr) soinfo::get_verdef_ptr() const {
639 if (has_min_version(2)) {
640 return verdef_ptr_;
641 }
642
643 return 0;
644 }
645
get_verdef_cnt() const646 size_t soinfo::get_verdef_cnt() const {
647 if (has_min_version(2)) {
648 return verdef_cnt_;
649 }
650
651 return 0;
652 }
653
654 template<typename F>
for_each_verdef(const soinfo * si,F functor)655 static bool for_each_verdef(const soinfo* si, F functor) {
656 if (!si->has_min_version(2)) {
657 return true;
658 }
659
660 uintptr_t verdef_ptr = si->get_verdef_ptr();
661 if (verdef_ptr == 0) {
662 return true;
663 }
664
665 size_t offset = 0;
666
667 size_t verdef_cnt = si->get_verdef_cnt();
668 for (size_t i = 0; i<verdef_cnt; ++i) {
669 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset);
670 size_t verdaux_offset = offset + verdef->vd_aux;
671 offset += verdef->vd_next;
672
673 if (verdef->vd_version != 1) {
674 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s",
675 i, verdef->vd_version, si->get_realpath());
676 return false;
677 }
678
679 if ((verdef->vd_flags & VER_FLG_BASE) != 0) {
680 // "this is the version of the file itself. It must not be used for
681 // matching a symbol. It can be used to match references."
682 //
683 // http://www.akkadia.org/drepper/symbol-versioning
684 continue;
685 }
686
687 if (verdef->vd_cnt == 0) {
688 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i);
689 return false;
690 }
691
692 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset);
693
694 if (functor(i, verdef, verdaux) == true) {
695 break;
696 }
697 }
698
699 return true;
700 }
701
find_verdef_version_index(const version_info * vi,ElfW (Versym)* versym) const702 bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const {
703 if (vi == nullptr) {
704 *versym = kVersymNotNeeded;
705 return true;
706 }
707
708 *versym = kVersymGlobal;
709
710 return for_each_verdef(this,
711 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) {
712 if (verdef->vd_hash == vi->elf_hash &&
713 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) {
714 *versym = verdef->vd_ndx;
715 return true;
716 }
717
718 return false;
719 }
720 );
721 }
722
find_symbol_by_name(SymbolName & symbol_name,const version_info * vi,const ElfW (Sym)** symbol) const723 bool soinfo::find_symbol_by_name(SymbolName& symbol_name,
724 const version_info* vi,
725 const ElfW(Sym)** symbol) const {
726 uint32_t symbol_index;
727 bool success =
728 is_gnu_hash() ?
729 gnu_lookup(symbol_name, vi, &symbol_index) :
730 elf_lookup(symbol_name, vi, &symbol_index);
731
732 if (success) {
733 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index;
734 }
735
736 return success;
737 }
738
is_symbol_global_and_defined(const soinfo * si,const ElfW (Sym)* s)739 static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) {
740 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL ||
741 ELF_ST_BIND(s->st_info) == STB_WEAK) {
742 return s->st_shndx != SHN_UNDEF;
743 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) {
744 DL_WARN("unexpected ST_BIND value: %d for \"%s\" in \"%s\"",
745 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_realpath());
746 }
747
748 return false;
749 }
750
751 static const ElfW(Versym) kVersymHiddenBit = 0x8000;
752
is_versym_hidden(const ElfW (Versym)* versym)753 static inline bool is_versym_hidden(const ElfW(Versym)* versym) {
754 // the symbol is hidden if bit 15 of versym is set.
755 return versym != nullptr && (*versym & kVersymHiddenBit) != 0;
756 }
757
check_symbol_version(const ElfW (Versym)verneed,const ElfW (Versym)* verdef)758 static inline bool check_symbol_version(const ElfW(Versym) verneed,
759 const ElfW(Versym)* verdef) {
760 return verneed == kVersymNotNeeded ||
761 verdef == nullptr ||
762 verneed == (*verdef & ~kVersymHiddenBit);
763 }
764
gnu_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const765 bool soinfo::gnu_lookup(SymbolName& symbol_name,
766 const version_info* vi,
767 uint32_t* symbol_index) const {
768 uint32_t hash = symbol_name.gnu_hash();
769 uint32_t h2 = hash >> gnu_shift2_;
770
771 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8;
772 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_;
773 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num];
774
775 *symbol_index = 0;
776
777 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)",
778 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base));
779
780 // test against bloom filter
781 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) {
782 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p",
783 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base));
784
785 return true;
786 }
787
788 // bloom test says "probably yes"...
789 uint32_t n = gnu_bucket_[hash % gnu_nbucket_];
790
791 if (n == 0) {
792 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p",
793 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base));
794
795 return true;
796 }
797
798 // lookup versym for the version definition in this library
799 // note the difference between "version is not requested" (vi == nullptr)
800 // and "version not found". In the first case verneed is kVersymNotNeeded
801 // which implies that the default version can be accepted; the second case results in
802 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols
803 // for this library and consider only *global* ones.
804 ElfW(Versym) verneed = 0;
805 if (!find_verdef_version_index(vi, &verneed)) {
806 return false;
807 }
808
809 do {
810 ElfW(Sym)* s = symtab_ + n;
811 const ElfW(Versym)* verdef = get_versym(n);
812 // skip hidden versions when verneed == kVersymNotNeeded (0)
813 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) {
814 continue;
815 }
816 if (((gnu_chain_[n] ^ hash) >> 1) == 0 &&
817 check_symbol_version(verneed, verdef) &&
818 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 &&
819 is_symbol_global_and_defined(this, s)) {
820 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd",
821 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(s->st_value),
822 static_cast<size_t>(s->st_size));
823 *symbol_index = n;
824 return true;
825 }
826 } while ((gnu_chain_[n++] & 1) == 0);
827
828 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p",
829 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base));
830
831 return true;
832 }
833
elf_lookup(SymbolName & symbol_name,const version_info * vi,uint32_t * symbol_index) const834 bool soinfo::elf_lookup(SymbolName& symbol_name,
835 const version_info* vi,
836 uint32_t* symbol_index) const {
837 uint32_t hash = symbol_name.elf_hash();
838
839 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd",
840 symbol_name.get_name(), get_realpath(),
841 reinterpret_cast<void*>(base), hash, hash % nbucket_);
842
843 ElfW(Versym) verneed = 0;
844 if (!find_verdef_version_index(vi, &verneed)) {
845 return false;
846 }
847
848 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) {
849 ElfW(Sym)* s = symtab_ + n;
850 const ElfW(Versym)* verdef = get_versym(n);
851
852 // skip hidden versions when verneed == 0
853 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) {
854 continue;
855 }
856
857 if (check_symbol_version(verneed, verdef) &&
858 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 &&
859 is_symbol_global_and_defined(this, s)) {
860 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd",
861 symbol_name.get_name(), get_realpath(),
862 reinterpret_cast<void*>(s->st_value),
863 static_cast<size_t>(s->st_size));
864 *symbol_index = n;
865 return true;
866 }
867 }
868
869 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd",
870 symbol_name.get_name(), get_realpath(),
871 reinterpret_cast<void*>(base), hash, hash % nbucket_);
872
873 *symbol_index = 0;
874 return true;
875 }
876
soinfo(android_namespace_t * ns,const char * realpath,const struct stat * file_stat,off64_t file_offset,int rtld_flags)877 soinfo::soinfo(android_namespace_t* ns, const char* realpath,
878 const struct stat* file_stat, off64_t file_offset,
879 int rtld_flags) {
880 memset(this, 0, sizeof(*this));
881
882 if (realpath != nullptr) {
883 realpath_ = realpath;
884 }
885
886 flags_ = FLAG_NEW_SOINFO;
887 version_ = SOINFO_VERSION;
888
889 if (file_stat != nullptr) {
890 this->st_dev_ = file_stat->st_dev;
891 this->st_ino_ = file_stat->st_ino;
892 this->file_offset_ = file_offset;
893 }
894
895 this->rtld_flags_ = rtld_flags;
896 this->primary_namespace_ = ns;
897 }
898
~soinfo()899 soinfo::~soinfo() {
900 g_soinfo_handles_map.erase(handle_);
901 }
902
calculate_elf_hash(const char * name)903 static uint32_t calculate_elf_hash(const char* name) {
904 const uint8_t* name_bytes = reinterpret_cast<const uint8_t*>(name);
905 uint32_t h = 0, g;
906
907 while (*name_bytes) {
908 h = (h << 4) + *name_bytes++;
909 g = h & 0xf0000000;
910 h ^= g;
911 h ^= g >> 24;
912 }
913
914 return h;
915 }
916
elf_hash()917 uint32_t SymbolName::elf_hash() {
918 if (!has_elf_hash_) {
919 elf_hash_ = calculate_elf_hash(name_);
920 has_elf_hash_ = true;
921 }
922
923 return elf_hash_;
924 }
925
gnu_hash()926 uint32_t SymbolName::gnu_hash() {
927 if (!has_gnu_hash_) {
928 uint32_t h = 5381;
929 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_);
930 while (*name != 0) {
931 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c
932 }
933
934 gnu_hash_ = h;
935 has_gnu_hash_ = true;
936 }
937
938 return gnu_hash_;
939 }
940
soinfo_do_lookup(soinfo * si_from,const char * name,const version_info * vi,soinfo ** si_found_in,const soinfo::soinfo_list_t & global_group,const soinfo::soinfo_list_t & local_group,const ElfW (Sym)** symbol)941 bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi,
942 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group,
943 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) {
944 SymbolName symbol_name(name);
945 const ElfW(Sym)* s = nullptr;
946
947 /* "This element's presence in a shared object library alters the dynamic linker's
948 * symbol resolution algorithm for references within the library. Instead of starting
949 * a symbol search with the executable file, the dynamic linker starts from the shared
950 * object itself. If the shared object fails to supply the referenced symbol, the
951 * dynamic linker then searches the executable file and other shared objects as usual."
952 *
953 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html
954 *
955 * Note that this is unlikely since static linker avoids generating
956 * relocations for -Bsymbolic linked dynamic executables.
957 */
958 if (si_from->has_DT_SYMBOLIC) {
959 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_realpath(), name);
960 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) {
961 return false;
962 }
963
964 if (s != nullptr) {
965 *si_found_in = si_from;
966 }
967 }
968
969 // 1. Look for it in global_group
970 if (s == nullptr) {
971 bool error = false;
972 global_group.visit([&](soinfo* global_si) {
973 DEBUG("%s: looking up %s in %s (from global group)",
974 si_from->get_realpath(), name, global_si->get_realpath());
975 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) {
976 error = true;
977 return false;
978 }
979
980 if (s != nullptr) {
981 *si_found_in = global_si;
982 return false;
983 }
984
985 return true;
986 });
987
988 if (error) {
989 return false;
990 }
991 }
992
993 // 2. Look for it in the local group
994 if (s == nullptr) {
995 bool error = false;
996 local_group.visit([&](soinfo* local_si) {
997 if (local_si == si_from && si_from->has_DT_SYMBOLIC) {
998 // we already did this - skip
999 return true;
1000 }
1001
1002 DEBUG("%s: looking up %s in %s (from local group)",
1003 si_from->get_realpath(), name, local_si->get_realpath());
1004 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) {
1005 error = true;
1006 return false;
1007 }
1008
1009 if (s != nullptr) {
1010 *si_found_in = local_si;
1011 return false;
1012 }
1013
1014 return true;
1015 });
1016
1017 if (error) {
1018 return false;
1019 }
1020 }
1021
1022 if (s != nullptr) {
1023 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, "
1024 "found in %s, base = %p, load bias = %p",
1025 si_from->get_realpath(), name, reinterpret_cast<void*>(s->st_value),
1026 (*si_found_in)->get_realpath(), reinterpret_cast<void*>((*si_found_in)->base),
1027 reinterpret_cast<void*>((*si_found_in)->load_bias));
1028 }
1029
1030 *symbol = s;
1031 return true;
1032 }
1033
1034 class ProtectedDataGuard {
1035 public:
ProtectedDataGuard()1036 ProtectedDataGuard() {
1037 if (ref_count_++ == 0) {
1038 protect_data(PROT_READ | PROT_WRITE);
1039 }
1040 }
1041
~ProtectedDataGuard()1042 ~ProtectedDataGuard() {
1043 if (ref_count_ == 0) { // overflow
1044 __libc_fatal("Too many nested calls to dlopen()");
1045 }
1046
1047 if (--ref_count_ == 0) {
1048 protect_data(PROT_READ);
1049 }
1050 }
1051 private:
protect_data(int protection)1052 void protect_data(int protection) {
1053 g_soinfo_allocator.protect_all(protection);
1054 g_soinfo_links_allocator.protect_all(protection);
1055 g_namespace_allocator.protect_all(protection);
1056 g_namespace_list_allocator.protect_all(protection);
1057 }
1058
1059 static size_t ref_count_;
1060 };
1061
1062 size_t ProtectedDataGuard::ref_count_ = 0;
1063
1064 // Each size has it's own allocator.
1065 template<size_t size>
1066 class SizeBasedAllocator {
1067 public:
alloc()1068 static void* alloc() {
1069 return allocator_.alloc();
1070 }
1071
free(void * ptr)1072 static void free(void* ptr) {
1073 allocator_.free(ptr);
1074 }
1075
1076 private:
1077 static LinkerBlockAllocator allocator_;
1078 };
1079
1080 template<size_t size>
1081 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size);
1082
1083 template<typename T>
1084 class TypeBasedAllocator {
1085 public:
alloc()1086 static T* alloc() {
1087 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc());
1088 }
1089
free(T * ptr)1090 static void free(T* ptr) {
1091 SizeBasedAllocator<sizeof(T)>::free(ptr);
1092 }
1093 };
1094
1095 class LoadTask {
1096 public:
1097 struct deleter_t {
operator ()LoadTask::deleter_t1098 void operator()(LoadTask* t) {
1099 t->~LoadTask();
1100 TypeBasedAllocator<LoadTask>::free(t);
1101 }
1102 };
1103
1104 static deleter_t deleter;
1105
create(const char * name,soinfo * needed_by,std::unordered_map<const soinfo *,ElfReader> * readers_map)1106 static LoadTask* create(const char* name, soinfo* needed_by,
1107 std::unordered_map<const soinfo*, ElfReader>* readers_map) {
1108 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc();
1109 return new (ptr) LoadTask(name, needed_by, readers_map);
1110 }
1111
get_name() const1112 const char* get_name() const {
1113 return name_;
1114 }
1115
get_needed_by() const1116 soinfo* get_needed_by() const {
1117 return needed_by_;
1118 }
1119
get_soinfo() const1120 soinfo* get_soinfo() const {
1121 return si_;
1122 }
1123
set_soinfo(soinfo * si)1124 void set_soinfo(soinfo* si) {
1125 si_ = si;
1126 }
1127
get_file_offset() const1128 off64_t get_file_offset() const {
1129 return file_offset_;
1130 }
1131
set_file_offset(off64_t offset)1132 void set_file_offset(off64_t offset) {
1133 file_offset_ = offset;
1134 }
1135
get_fd() const1136 int get_fd() const {
1137 return fd_;
1138 }
1139
set_fd(int fd,bool assume_ownership)1140 void set_fd(int fd, bool assume_ownership) {
1141 fd_ = fd;
1142 close_fd_ = assume_ownership;
1143 }
1144
get_extinfo() const1145 const android_dlextinfo* get_extinfo() const {
1146 return extinfo_;
1147 }
1148
set_extinfo(const android_dlextinfo * extinfo)1149 void set_extinfo(const android_dlextinfo* extinfo) {
1150 extinfo_ = extinfo;
1151 }
1152
is_dt_needed() const1153 bool is_dt_needed() const {
1154 return is_dt_needed_;
1155 }
1156
set_dt_needed(bool is_dt_needed)1157 void set_dt_needed(bool is_dt_needed) {
1158 is_dt_needed_ = is_dt_needed;
1159 }
1160
get_elf_reader() const1161 const ElfReader& get_elf_reader() const {
1162 CHECK(si_ != nullptr);
1163 return (*elf_readers_map_)[si_];
1164 }
1165
get_elf_reader()1166 ElfReader& get_elf_reader() {
1167 CHECK(si_ != nullptr);
1168 return (*elf_readers_map_)[si_];
1169 }
1170
get_readers_map()1171 std::unordered_map<const soinfo*, ElfReader>* get_readers_map() {
1172 return elf_readers_map_;
1173 }
1174
read(const char * realpath,off64_t file_size)1175 bool read(const char* realpath, off64_t file_size) {
1176 ElfReader& elf_reader = get_elf_reader();
1177 return elf_reader.Read(realpath, fd_, file_offset_, file_size);
1178 }
1179
load()1180 bool load() {
1181 ElfReader& elf_reader = get_elf_reader();
1182 if (!elf_reader.Load(extinfo_)) {
1183 return false;
1184 }
1185
1186 si_->base = elf_reader.load_start();
1187 si_->size = elf_reader.load_size();
1188 si_->set_mapped_by_caller(elf_reader.is_mapped_by_caller());
1189 si_->load_bias = elf_reader.load_bias();
1190 si_->phnum = elf_reader.phdr_count();
1191 si_->phdr = elf_reader.loaded_phdr();
1192
1193 return true;
1194 }
1195
1196 private:
LoadTask(const char * name,soinfo * needed_by,std::unordered_map<const soinfo *,ElfReader> * readers_map)1197 LoadTask(const char* name, soinfo* needed_by,
1198 std::unordered_map<const soinfo*, ElfReader>* readers_map)
1199 : name_(name), needed_by_(needed_by), si_(nullptr),
1200 fd_(-1), close_fd_(false), file_offset_(0), elf_readers_map_(readers_map),
1201 is_dt_needed_(false) {}
1202
~LoadTask()1203 ~LoadTask() {
1204 if (fd_ != -1 && close_fd_) {
1205 close(fd_);
1206 }
1207 }
1208
1209 const char* name_;
1210 soinfo* needed_by_;
1211 soinfo* si_;
1212 const android_dlextinfo* extinfo_;
1213 int fd_;
1214 bool close_fd_;
1215 off64_t file_offset_;
1216 std::unordered_map<const soinfo*, ElfReader>* elf_readers_map_;
1217 // TODO(dimitry): needed by workaround for http://b/26394120 (the grey-list)
1218 bool is_dt_needed_;
1219 // END OF WORKAROUND
1220
1221 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask);
1222 };
1223
1224 LoadTask::deleter_t LoadTask::deleter;
1225
1226 template <typename T>
1227 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>;
1228
1229 typedef linked_list_t<soinfo> SoinfoLinkedList;
1230 typedef linked_list_t<const char> StringLinkedList;
1231 typedef std::vector<LoadTask*> LoadTaskList;
1232
1233
1234 // This function walks down the tree of soinfo dependencies
1235 // in breadth-first order and
1236 // * calls action(soinfo* si) for each node, and
1237 // * terminates walk if action returns false.
1238 //
1239 // walk_dependencies_tree returns false if walk was terminated
1240 // by the action and true otherwise.
1241 template<typename F>
walk_dependencies_tree(soinfo * root_soinfos[],size_t root_soinfos_size,F action)1242 static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) {
1243 SoinfoLinkedList visit_list;
1244 SoinfoLinkedList visited;
1245
1246 for (size_t i = 0; i < root_soinfos_size; ++i) {
1247 visit_list.push_back(root_soinfos[i]);
1248 }
1249
1250 soinfo* si;
1251 while ((si = visit_list.pop_front()) != nullptr) {
1252 if (visited.contains(si)) {
1253 continue;
1254 }
1255
1256 if (!action(si)) {
1257 return false;
1258 }
1259
1260 visited.push_back(si);
1261
1262 si->get_children().for_each([&](soinfo* child) {
1263 visit_list.push_back(child);
1264 });
1265 }
1266
1267 return true;
1268 }
1269
1270
ElfW(Sym)1271 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* root, soinfo* skip_until,
1272 soinfo** found, SymbolName& symbol_name,
1273 const version_info* vi) {
1274 const ElfW(Sym)* result = nullptr;
1275 bool skip_lookup = skip_until != nullptr;
1276
1277 walk_dependencies_tree(&root, 1, [&](soinfo* current_soinfo) {
1278 if (skip_lookup) {
1279 skip_lookup = current_soinfo != skip_until;
1280 return true;
1281 }
1282
1283 if (!current_soinfo->find_symbol_by_name(symbol_name, vi, &result)) {
1284 result = nullptr;
1285 return false;
1286 }
1287
1288 if (result != nullptr) {
1289 *found = current_soinfo;
1290 return false;
1291 }
1292
1293 return true;
1294 });
1295
1296 return result;
1297 }
1298
1299 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns,
1300 const char* name,
1301 const version_info* vi,
1302 soinfo** found,
1303 soinfo* caller,
1304 void* handle);
1305
1306 // This is used by dlsym(3). It performs symbol lookup only within the
1307 // specified soinfo object and its dependencies in breadth first order.
ElfW(Sym)1308 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found,
1309 const char* name, const version_info* vi) {
1310 // According to man dlopen(3) and posix docs in the case when si is handle
1311 // of the main executable we need to search not only in the executable and its
1312 // dependencies but also in all libraries loaded with RTLD_GLOBAL.
1313 //
1314 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared
1315 // libraries and they are loaded in breath-first (correct) order we can just execute
1316 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup.
1317 if (si == somain) {
1318 return dlsym_linear_lookup(&g_default_namespace, name, vi, found, nullptr, RTLD_DEFAULT);
1319 }
1320
1321 SymbolName symbol_name(name);
1322 return dlsym_handle_lookup(si, nullptr, found, symbol_name, vi);
1323 }
1324
1325 /* This is used by dlsym(3) to performs a global symbol lookup. If the
1326 start value is null (for RTLD_DEFAULT), the search starts at the
1327 beginning of the global solist. Otherwise the search starts at the
1328 specified soinfo (for RTLD_NEXT).
1329 */
ElfW(Sym)1330 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns,
1331 const char* name,
1332 const version_info* vi,
1333 soinfo** found,
1334 soinfo* caller,
1335 void* handle) {
1336 SymbolName symbol_name(name);
1337
1338 auto& soinfo_list = ns->soinfo_list();
1339 auto start = soinfo_list.begin();
1340
1341 if (handle == RTLD_NEXT) {
1342 if (caller == nullptr) {
1343 return nullptr;
1344 } else {
1345 auto it = soinfo_list.find(caller);
1346 CHECK (it != soinfo_list.end());
1347 start = ++it;
1348 }
1349 }
1350
1351 const ElfW(Sym)* s = nullptr;
1352 for (auto it = start, end = soinfo_list.end(); it != end; ++it) {
1353 soinfo* si = *it;
1354 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...)
1355 // if the library is opened by application with target api level <= 22
1356 // See http://b/21565766
1357 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() > 22) {
1358 continue;
1359 }
1360
1361 if (!si->find_symbol_by_name(symbol_name, vi, &s)) {
1362 return nullptr;
1363 }
1364
1365 if (s != nullptr) {
1366 *found = si;
1367 break;
1368 }
1369 }
1370
1371 // If not found - use dlsym_handle_lookup for caller's
1372 // local_group unless it is part of the global group in which
1373 // case we already did it.
1374 if (s == nullptr && caller != nullptr &&
1375 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) {
1376 return dlsym_handle_lookup(caller->get_local_group_root(),
1377 (handle == RTLD_NEXT) ? caller : nullptr, found, symbol_name, vi);
1378 }
1379
1380 if (s != nullptr) {
1381 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p",
1382 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base));
1383 }
1384
1385 return s;
1386 }
1387
find_containing_library(const void * p)1388 soinfo* find_containing_library(const void* p) {
1389 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p);
1390 for (soinfo* si = solist; si != nullptr; si = si->next) {
1391 if (address >= si->base && address - si->base < si->size) {
1392 return si;
1393 }
1394 }
1395 return nullptr;
1396 }
1397
ElfW(Sym)1398 ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) {
1399 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr);
1400 }
1401
symbol_matches_soaddr(const ElfW (Sym)* sym,ElfW (Addr)soaddr)1402 static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) {
1403 return sym->st_shndx != SHN_UNDEF &&
1404 soaddr >= sym->st_value &&
1405 soaddr < sym->st_value + sym->st_size;
1406 }
1407
ElfW(Sym)1408 ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) {
1409 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias;
1410
1411 for (size_t i = 0; i < gnu_nbucket_; ++i) {
1412 uint32_t n = gnu_bucket_[i];
1413
1414 if (n == 0) {
1415 continue;
1416 }
1417
1418 do {
1419 ElfW(Sym)* sym = symtab_ + n;
1420 if (symbol_matches_soaddr(sym, soaddr)) {
1421 return sym;
1422 }
1423 } while ((gnu_chain_[n++] & 1) == 0);
1424 }
1425
1426 return nullptr;
1427 }
1428
ElfW(Sym)1429 ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) {
1430 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias;
1431
1432 // Search the library's symbol table for any defined symbol which
1433 // contains this address.
1434 for (size_t i = 0; i < nchain_; ++i) {
1435 ElfW(Sym)* sym = symtab_ + i;
1436 if (symbol_matches_soaddr(sym, soaddr)) {
1437 return sym;
1438 }
1439 }
1440
1441 return nullptr;
1442 }
1443
1444 class ZipArchiveCache {
1445 public:
ZipArchiveCache()1446 ZipArchiveCache() {}
1447 ~ZipArchiveCache();
1448
1449 bool get_or_open(const char* zip_path, ZipArchiveHandle* handle);
1450 private:
1451 DISALLOW_COPY_AND_ASSIGN(ZipArchiveCache);
1452
1453 std::unordered_map<std::string, ZipArchiveHandle> cache_;
1454 };
1455
get_or_open(const char * zip_path,ZipArchiveHandle * handle)1456 bool ZipArchiveCache::get_or_open(const char* zip_path, ZipArchiveHandle* handle) {
1457 std::string key(zip_path);
1458
1459 auto it = cache_.find(key);
1460 if (it != cache_.end()) {
1461 *handle = it->second;
1462 return true;
1463 }
1464
1465 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC));
1466 if (fd == -1) {
1467 return false;
1468 }
1469
1470 if (OpenArchiveFd(fd, "", handle) != 0) {
1471 // invalid zip-file (?)
1472 CloseArchive(handle);
1473 close(fd);
1474 return false;
1475 }
1476
1477 cache_[key] = *handle;
1478 return true;
1479 }
1480
~ZipArchiveCache()1481 ZipArchiveCache::~ZipArchiveCache() {
1482 for (const auto& it : cache_) {
1483 CloseArchive(it.second);
1484 }
1485 }
1486
open_library_in_zipfile(ZipArchiveCache * zip_archive_cache,const char * const input_path,off64_t * file_offset,std::string * realpath)1487 static int open_library_in_zipfile(ZipArchiveCache* zip_archive_cache,
1488 const char* const input_path,
1489 off64_t* file_offset, std::string* realpath) {
1490 std::string normalized_path;
1491 if (!normalize_path(input_path, &normalized_path)) {
1492 return -1;
1493 }
1494
1495 const char* const path = normalized_path.c_str();
1496 TRACE("Trying zip file open from path \"%s\" -> normalized \"%s\"", input_path, path);
1497
1498 // Treat an '!/' separator inside a path as the separator between the name
1499 // of the zip file on disk and the subdirectory to search within it.
1500 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for
1501 // "bar/bas/x.so" within "foo.zip".
1502 const char* const separator = strstr(path, kZipFileSeparator);
1503 if (separator == nullptr) {
1504 return -1;
1505 }
1506
1507 char buf[512];
1508 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) {
1509 PRINT("Warning: ignoring very long library path: %s", path);
1510 return -1;
1511 }
1512
1513 buf[separator - path] = '\0';
1514
1515 const char* zip_path = buf;
1516 const char* file_path = &buf[separator - path + 2];
1517 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC));
1518 if (fd == -1) {
1519 return -1;
1520 }
1521
1522 ZipArchiveHandle handle;
1523 if (!zip_archive_cache->get_or_open(zip_path, &handle)) {
1524 // invalid zip-file (?)
1525 close(fd);
1526 return -1;
1527 }
1528
1529 ZipEntry entry;
1530
1531 if (FindEntry(handle, ZipString(file_path), &entry) != 0) {
1532 // Entry was not found.
1533 close(fd);
1534 return -1;
1535 }
1536
1537 // Check if it is properly stored
1538 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) {
1539 close(fd);
1540 return -1;
1541 }
1542
1543 *file_offset = entry.offset;
1544
1545 if (realpath_fd(fd, realpath)) {
1546 *realpath += separator;
1547 } else {
1548 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.",
1549 normalized_path.c_str());
1550 *realpath = normalized_path;
1551 }
1552
1553 return fd;
1554 }
1555
format_path(char * buf,size_t buf_size,const char * path,const char * name)1556 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) {
1557 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name);
1558 if (n < 0 || n >= static_cast<int>(buf_size)) {
1559 PRINT("Warning: ignoring very long library path: %s/%s", path, name);
1560 return false;
1561 }
1562
1563 return true;
1564 }
1565
open_library_on_paths(ZipArchiveCache * zip_archive_cache,const char * name,off64_t * file_offset,const std::vector<std::string> & paths,std::string * realpath)1566 static int open_library_on_paths(ZipArchiveCache* zip_archive_cache,
1567 const char* name, off64_t* file_offset,
1568 const std::vector<std::string>& paths,
1569 std::string* realpath) {
1570 for (const auto& path : paths) {
1571 char buf[512];
1572 if (!format_path(buf, sizeof(buf), path.c_str(), name)) {
1573 continue;
1574 }
1575
1576 int fd = -1;
1577 if (strstr(buf, kZipFileSeparator) != nullptr) {
1578 fd = open_library_in_zipfile(zip_archive_cache, buf, file_offset, realpath);
1579 }
1580
1581 if (fd == -1) {
1582 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC));
1583 if (fd != -1) {
1584 *file_offset = 0;
1585 if (!realpath_fd(fd, realpath)) {
1586 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", buf);
1587 *realpath = buf;
1588 }
1589 }
1590 }
1591
1592 if (fd != -1) {
1593 return fd;
1594 }
1595 }
1596
1597 return -1;
1598 }
1599
open_library(android_namespace_t * ns,ZipArchiveCache * zip_archive_cache,const char * name,soinfo * needed_by,off64_t * file_offset,std::string * realpath)1600 static int open_library(android_namespace_t* ns,
1601 ZipArchiveCache* zip_archive_cache,
1602 const char* name, soinfo *needed_by,
1603 off64_t* file_offset, std::string* realpath) {
1604 TRACE("[ opening %s ]", name);
1605
1606 // If the name contains a slash, we should attempt to open it directly and not search the paths.
1607 if (strchr(name, '/') != nullptr) {
1608 int fd = -1;
1609
1610 if (strstr(name, kZipFileSeparator) != nullptr) {
1611 fd = open_library_in_zipfile(zip_archive_cache, name, file_offset, realpath);
1612 }
1613
1614 if (fd == -1) {
1615 fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC));
1616 if (fd != -1) {
1617 *file_offset = 0;
1618 if (!realpath_fd(fd, realpath)) {
1619 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", name);
1620 *realpath = name;
1621 }
1622 }
1623 }
1624
1625 return fd;
1626 }
1627
1628 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the default library path
1629 int fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_ld_library_paths(), realpath);
1630 if (fd == -1 && needed_by != nullptr) {
1631 fd = open_library_on_paths(zip_archive_cache, name, file_offset, needed_by->get_dt_runpath(), realpath);
1632 // Check if the library is accessible
1633 if (fd != -1 && !ns->is_accessible(*realpath)) {
1634 fd = -1;
1635 }
1636 }
1637
1638 if (fd == -1) {
1639 fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_default_library_paths(), realpath);
1640 }
1641
1642 // TODO(dimitry): workaround for http://b/26394120 (the grey-list)
1643 if (fd == -1 && ns != &g_default_namespace && is_greylisted(name, needed_by)) {
1644 // try searching for it on default_namespace default_library_path
1645 fd = open_library_on_paths(zip_archive_cache, name, file_offset,
1646 g_default_namespace.get_default_library_paths(), realpath);
1647 }
1648 // END OF WORKAROUND
1649
1650 return fd;
1651 }
1652
fix_dt_needed(const char * dt_needed,const char * sopath __unused)1653 static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) {
1654 #if !defined(__LP64__)
1655 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029
1656 if (get_application_target_sdk_version() <= 22) {
1657 const char* bname = basename(dt_needed);
1658 if (bname != dt_needed) {
1659 DL_WARN("library \"%s\" has invalid DT_NEEDED entry \"%s\"", sopath, dt_needed);
1660 add_dlwarning(sopath, "invalid DT_NEEDED entry", dt_needed);
1661 }
1662
1663 return bname;
1664 }
1665 #endif
1666 return dt_needed;
1667 }
1668
1669 template<typename F>
for_each_dt_needed(const soinfo * si,F action)1670 static void for_each_dt_needed(const soinfo* si, F action) {
1671 for (const ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) {
1672 if (d->d_tag == DT_NEEDED) {
1673 action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath()));
1674 }
1675 }
1676 }
1677
1678 template<typename F>
for_each_dt_needed(const ElfReader & elf_reader,F action)1679 static void for_each_dt_needed(const ElfReader& elf_reader, F action) {
1680 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) {
1681 if (d->d_tag == DT_NEEDED) {
1682 action(fix_dt_needed(elf_reader.get_string(d->d_un.d_val), elf_reader.name()));
1683 }
1684 }
1685 }
1686
load_library(android_namespace_t * ns,LoadTask * task,LoadTaskList * load_tasks,int rtld_flags,const std::string & realpath)1687 static bool load_library(android_namespace_t* ns,
1688 LoadTask* task,
1689 LoadTaskList* load_tasks,
1690 int rtld_flags,
1691 const std::string& realpath) {
1692 off64_t file_offset = task->get_file_offset();
1693 const char* name = task->get_name();
1694 const android_dlextinfo* extinfo = task->get_extinfo();
1695
1696 if ((file_offset % PAGE_SIZE) != 0) {
1697 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset);
1698 return false;
1699 }
1700 if (file_offset < 0) {
1701 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset);
1702 return false;
1703 }
1704
1705 struct stat file_stat;
1706 if (TEMP_FAILURE_RETRY(fstat(task->get_fd(), &file_stat)) != 0) {
1707 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno));
1708 return false;
1709 }
1710 if (file_offset >= file_stat.st_size) {
1711 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64,
1712 name, file_offset, file_stat.st_size);
1713 return false;
1714 }
1715
1716 // Check for symlink and other situations where
1717 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set
1718 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) {
1719 auto predicate = [&](soinfo* si) {
1720 return si->get_st_dev() != 0 &&
1721 si->get_st_ino() != 0 &&
1722 si->get_st_dev() == file_stat.st_dev &&
1723 si->get_st_ino() == file_stat.st_ino &&
1724 si->get_file_offset() == file_offset;
1725 };
1726
1727 soinfo* si = ns->soinfo_list().find_if(predicate);
1728
1729 // check public namespace
1730 if (si == nullptr) {
1731 si = g_public_namespace.find_if(predicate);
1732 if (si != nullptr) {
1733 ns->add_soinfo(si);
1734 }
1735 }
1736
1737 if (si != nullptr) {
1738 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - "
1739 "will return existing soinfo", name, si->get_realpath());
1740 task->set_soinfo(si);
1741 return true;
1742 }
1743 }
1744
1745 if ((rtld_flags & RTLD_NOLOAD) != 0) {
1746 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name);
1747 return false;
1748 }
1749
1750 if (!ns->is_accessible(realpath)) {
1751 // TODO(dimitry): workaround for http://b/26394120 - the grey-list
1752 const soinfo* needed_by = task->is_dt_needed() ? task->get_needed_by() : nullptr;
1753 if (is_greylisted(name, needed_by)) {
1754 // print warning only if needed by non-system library
1755 if (needed_by == nullptr || !is_system_library(needed_by->get_realpath())) {
1756 const soinfo* needed_or_dlopened_by = task->get_needed_by();
1757 const char* sopath = needed_or_dlopened_by == nullptr ? "(unknown)" :
1758 needed_or_dlopened_by->get_realpath();
1759 DL_WARN("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the namespace \"%s\""
1760 " - the access is temporarily granted as a workaround for http://b/26394120, note that the access"
1761 " will be removed in future releases of Android.",
1762 name, realpath.c_str(), sopath, ns->get_name());
1763 add_dlwarning(sopath, "unauthorized access to", name);
1764 }
1765 } else {
1766 // do not load libraries if they are not accessible for the specified namespace.
1767 const char* needed_or_dlopened_by = task->get_needed_by() == nullptr ?
1768 "(unknown)" :
1769 task->get_needed_by()->get_realpath();
1770
1771 DL_ERR("library \"%s\" needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"",
1772 name, needed_or_dlopened_by, ns->get_name());
1773
1774 PRINT("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the"
1775 " namespace: [name=\"%s\", ld_library_paths=\"%s\", default_library_paths=\"%s\","
1776 " permitted_paths=\"%s\"]",
1777 name, realpath.c_str(),
1778 needed_or_dlopened_by,
1779 ns->get_name(),
1780 android::base::Join(ns->get_ld_library_paths(), ':').c_str(),
1781 android::base::Join(ns->get_default_library_paths(), ':').c_str(),
1782 android::base::Join(ns->get_permitted_paths(), ':').c_str());
1783 return false;
1784 }
1785 }
1786
1787 soinfo* si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags);
1788 if (si == nullptr) {
1789 return false;
1790 }
1791
1792 task->set_soinfo(si);
1793
1794 // Read the ELF header and some of the segments.
1795 if (!task->read(realpath.c_str(), file_stat.st_size)) {
1796 soinfo_free(si);
1797 task->set_soinfo(nullptr);
1798 return false;
1799 }
1800
1801 // find and set DT_RUNPATH and dt_soname
1802 // Note that these field values are temporary and are
1803 // going to be overwritten on soinfo::prelink_image
1804 // with values from PT_LOAD segments.
1805 const ElfReader& elf_reader = task->get_elf_reader();
1806 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) {
1807 if (d->d_tag == DT_RUNPATH) {
1808 si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val));
1809 }
1810 if (d->d_tag == DT_SONAME) {
1811 si->set_soname(elf_reader.get_string(d->d_un.d_val));
1812 }
1813 }
1814
1815 for_each_dt_needed(task->get_elf_reader(), [&](const char* name) {
1816 load_tasks->push_back(LoadTask::create(name, si, task->get_readers_map()));
1817 });
1818
1819 return true;
1820 }
1821
load_library(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags)1822 static bool load_library(android_namespace_t* ns,
1823 LoadTask* task,
1824 ZipArchiveCache* zip_archive_cache,
1825 LoadTaskList* load_tasks,
1826 int rtld_flags) {
1827 const char* name = task->get_name();
1828 soinfo* needed_by = task->get_needed_by();
1829 const android_dlextinfo* extinfo = task->get_extinfo();
1830
1831 off64_t file_offset;
1832 std::string realpath;
1833 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) {
1834 file_offset = 0;
1835 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) {
1836 file_offset = extinfo->library_fd_offset;
1837 }
1838
1839 if (!realpath_fd(extinfo->library_fd, &realpath)) {
1840 PRINT("warning: unable to get realpath for the library \"%s\" by extinfo->library_fd. "
1841 "Will use given name.", name);
1842 realpath = name;
1843 }
1844
1845 task->set_fd(extinfo->library_fd, false);
1846 task->set_file_offset(file_offset);
1847 return load_library(ns, task, load_tasks, rtld_flags, realpath);
1848 }
1849
1850 // Open the file.
1851 int fd = open_library(ns, zip_archive_cache, name, needed_by, &file_offset, &realpath);
1852 if (fd == -1) {
1853 DL_ERR("library \"%s\" not found", name);
1854 return false;
1855 }
1856
1857 task->set_fd(fd, true);
1858 task->set_file_offset(file_offset);
1859
1860 return load_library(ns, task, load_tasks, rtld_flags, realpath);
1861 }
1862
1863 // Returns true if library was found and false in 2 cases
1864 // 1. (for default namespace only) The library was found but loaded under different
1865 // target_sdk_version (*candidate != nullptr)
1866 // 2. The library was not found by soname (*candidate is nullptr)
find_loaded_library_by_soname(android_namespace_t * ns,const char * name,soinfo ** candidate)1867 static bool find_loaded_library_by_soname(android_namespace_t* ns,
1868 const char* name, soinfo** candidate) {
1869 *candidate = nullptr;
1870
1871 // Ignore filename with path.
1872 if (strchr(name, '/') != nullptr) {
1873 return false;
1874 }
1875
1876 uint32_t target_sdk_version = get_application_target_sdk_version();
1877
1878 return !ns->soinfo_list().visit([&](soinfo* si) {
1879 const char* soname = si->get_soname();
1880 if (soname != nullptr && (strcmp(name, soname) == 0)) {
1881 // If the library was opened under different target sdk version
1882 // skip this step and try to reopen it. The exceptions are
1883 // "libdl.so" and global group. There is no point in skipping
1884 // them because relocation process is going to use them
1885 // in any case.
1886 bool is_libdl = si == solist;
1887 if (is_libdl || (si->get_dt_flags_1() & DF_1_GLOBAL) != 0 ||
1888 !si->is_linked() || si->get_target_sdk_version() == target_sdk_version ||
1889 ns != &g_default_namespace) {
1890 *candidate = si;
1891 return false;
1892 } else if (*candidate == nullptr) {
1893 // for the different sdk version in the default namespace
1894 // remember the first library.
1895 *candidate = si;
1896 }
1897 }
1898
1899 return true;
1900 });
1901 }
1902
find_library_internal(android_namespace_t * ns,LoadTask * task,ZipArchiveCache * zip_archive_cache,LoadTaskList * load_tasks,int rtld_flags)1903 static bool find_library_internal(android_namespace_t* ns,
1904 LoadTask* task,
1905 ZipArchiveCache* zip_archive_cache,
1906 LoadTaskList* load_tasks,
1907 int rtld_flags) {
1908 soinfo* candidate;
1909
1910 if (find_loaded_library_by_soname(ns, task->get_name(), &candidate)) {
1911 task->set_soinfo(candidate);
1912 return true;
1913 }
1914
1915 if (ns != &g_default_namespace) {
1916 // check public namespace
1917 candidate = g_public_namespace.find_if([&](soinfo* si) {
1918 return strcmp(task->get_name(), si->get_soname()) == 0;
1919 });
1920
1921 if (candidate != nullptr) {
1922 ns->add_soinfo(candidate);
1923 task->set_soinfo(candidate);
1924 return true;
1925 }
1926 }
1927
1928 // Library might still be loaded, the accurate detection
1929 // of this fact is done by load_library.
1930 TRACE("[ \"%s\" find_loaded_library_by_soname failed (*candidate=%s@%p). Trying harder...]",
1931 task->get_name(), candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate);
1932
1933 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags)) {
1934 return true;
1935 } else {
1936 // In case we were unable to load the library but there
1937 // is a candidate loaded under the same soname but different
1938 // sdk level - return it anyways.
1939 if (candidate != nullptr) {
1940 task->set_soinfo(candidate);
1941 return true;
1942 }
1943 }
1944
1945 return false;
1946 }
1947
1948 static void soinfo_unload(soinfo* si);
1949 static void soinfo_unload(soinfo* soinfos[], size_t count);
1950
1951 // TODO: this is slightly unusual way to construct
1952 // the global group for relocation. Not every RTLD_GLOBAL
1953 // library is included in this group for backwards-compatibility
1954 // reasons.
1955 //
1956 // This group consists of the main executable, LD_PRELOADs
1957 // and libraries with the DF_1_GLOBAL flag set.
make_global_group(android_namespace_t * ns)1958 static soinfo::soinfo_list_t make_global_group(android_namespace_t* ns) {
1959 soinfo::soinfo_list_t global_group;
1960 ns->soinfo_list().for_each([&](soinfo* si) {
1961 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) {
1962 global_group.push_back(si);
1963 }
1964 });
1965
1966 return global_group;
1967 }
1968
1969 // This function provides a list of libraries to be shared
1970 // by the namespace. For the default namespace this is the global
1971 // group (see make_global_group). For all others this is a group
1972 // of RTLD_GLOBAL libraries (which includes the global group from
1973 // the default namespace).
get_shared_group(android_namespace_t * ns)1974 static soinfo::soinfo_list_t get_shared_group(android_namespace_t* ns) {
1975 if (ns == &g_default_namespace) {
1976 return make_global_group(ns);
1977 }
1978
1979 soinfo::soinfo_list_t shared_group;
1980 ns->soinfo_list().for_each([&](soinfo* si) {
1981 if ((si->get_rtld_flags() & RTLD_GLOBAL) != 0) {
1982 shared_group.push_back(si);
1983 }
1984 });
1985
1986 return shared_group;
1987 }
1988
shuffle(std::vector<LoadTask * > * v)1989 static void shuffle(std::vector<LoadTask*>* v) {
1990 for (size_t i = 0, size = v->size(); i < size; ++i) {
1991 size_t n = size - i;
1992 size_t r = arc4random_uniform(n);
1993 std::swap((*v)[n-1], (*v)[r]);
1994 }
1995 }
1996
1997 // add_as_children - add first-level loaded libraries (i.e. library_names[], but
1998 // not their transitive dependencies) as children of the start_with library.
1999 // This is false when find_libraries is called for dlopen(), when newly loaded
2000 // libraries must form a disjoint tree.
find_libraries(android_namespace_t * ns,soinfo * start_with,const char * const library_names[],size_t library_names_count,soinfo * soinfos[],std::vector<soinfo * > * ld_preloads,size_t ld_preloads_count,int rtld_flags,const android_dlextinfo * extinfo,bool add_as_children)2001 static bool find_libraries(android_namespace_t* ns,
2002 soinfo* start_with,
2003 const char* const library_names[],
2004 size_t library_names_count, soinfo* soinfos[],
2005 std::vector<soinfo*>* ld_preloads,
2006 size_t ld_preloads_count, int rtld_flags,
2007 const android_dlextinfo* extinfo,
2008 bool add_as_children) {
2009 // Step 0: prepare.
2010 LoadTaskList load_tasks;
2011 std::unordered_map<const soinfo*, ElfReader> readers_map;
2012
2013 for (size_t i = 0; i < library_names_count; ++i) {
2014 const char* name = library_names[i];
2015 load_tasks.push_back(LoadTask::create(name, start_with, &readers_map));
2016 }
2017
2018 // Construct global_group.
2019 soinfo::soinfo_list_t global_group = make_global_group(ns);
2020
2021 // If soinfos array is null allocate one on stack.
2022 // The array is needed in case of failure; for example
2023 // when library_names[] = {libone.so, libtwo.so} and libone.so
2024 // is loaded correctly but libtwo.so failed for some reason.
2025 // In this case libone.so should be unloaded on return.
2026 // See also implementation of failure_guard below.
2027
2028 if (soinfos == nullptr) {
2029 size_t soinfos_size = sizeof(soinfo*)*library_names_count;
2030 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size));
2031 memset(soinfos, 0, soinfos_size);
2032 }
2033
2034 // list of libraries to link - see step 2.
2035 size_t soinfos_count = 0;
2036
2037 auto scope_guard = make_scope_guard([&]() {
2038 for (LoadTask* t : load_tasks) {
2039 LoadTask::deleter(t);
2040 }
2041 });
2042
2043 auto failure_guard = make_scope_guard([&]() {
2044 // Housekeeping
2045 soinfo_unload(soinfos, soinfos_count);
2046 });
2047
2048 ZipArchiveCache zip_archive_cache;
2049
2050 // Step 1: expand the list of load_tasks to include
2051 // all DT_NEEDED libraries (do not load them just yet)
2052 for (size_t i = 0; i<load_tasks.size(); ++i) {
2053 LoadTask* task = load_tasks[i];
2054 soinfo* needed_by = task->get_needed_by();
2055
2056 bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children);
2057 task->set_extinfo(is_dt_needed ? nullptr : extinfo);
2058 task->set_dt_needed(is_dt_needed);
2059
2060 if(!find_library_internal(ns, task, &zip_archive_cache, &load_tasks, rtld_flags)) {
2061 return false;
2062 }
2063
2064 soinfo* si = task->get_soinfo();
2065
2066 if (is_dt_needed) {
2067 needed_by->add_child(si);
2068 }
2069
2070 if (si->is_linked()) {
2071 si->increment_ref_count();
2072 }
2073
2074 // When ld_preloads is not null, the first
2075 // ld_preloads_count libs are in fact ld_preloads.
2076 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) {
2077 ld_preloads->push_back(si);
2078 }
2079
2080 if (soinfos_count < library_names_count) {
2081 soinfos[soinfos_count++] = si;
2082 }
2083 }
2084
2085 // Step 2: Load libraries in random order (see b/24047022)
2086 LoadTaskList load_list;
2087 for (auto&& task : load_tasks) {
2088 soinfo* si = task->get_soinfo();
2089 auto pred = [&](const LoadTask* t) {
2090 return t->get_soinfo() == si;
2091 };
2092
2093 if (!si->is_linked() &&
2094 std::find_if(load_list.begin(), load_list.end(), pred) == load_list.end() ) {
2095 load_list.push_back(task);
2096 }
2097 }
2098 shuffle(&load_list);
2099
2100 for (auto&& task : load_list) {
2101 if (!task->load()) {
2102 return false;
2103 }
2104 }
2105
2106 // Step 3: pre-link all DT_NEEDED libraries in breadth first order.
2107 for (auto&& task : load_tasks) {
2108 soinfo* si = task->get_soinfo();
2109 if (!si->is_linked() && !si->prelink_image()) {
2110 return false;
2111 }
2112 }
2113
2114 // Step 4: Add LD_PRELOADed libraries to the global group for
2115 // future runs. There is no need to explicitly add them to
2116 // the global group for this run because they are going to
2117 // appear in the local group in the correct order.
2118 if (ld_preloads != nullptr) {
2119 for (auto&& si : *ld_preloads) {
2120 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL);
2121 }
2122 }
2123
2124
2125 // Step 5: link libraries.
2126 soinfo::soinfo_list_t local_group;
2127 walk_dependencies_tree(
2128 (start_with != nullptr && add_as_children) ? &start_with : soinfos,
2129 (start_with != nullptr && add_as_children) ? 1 : soinfos_count,
2130 [&] (soinfo* si) {
2131 local_group.push_back(si);
2132 return true;
2133 });
2134
2135 // We need to increment ref_count in case
2136 // the root of the local group was not linked.
2137 bool was_local_group_root_linked = local_group.front()->is_linked();
2138
2139 bool linked = local_group.visit([&](soinfo* si) {
2140 if (!si->is_linked()) {
2141 if (!si->link_image(global_group, local_group, extinfo)) {
2142 return false;
2143 }
2144 }
2145
2146 return true;
2147 });
2148
2149 if (linked) {
2150 local_group.for_each([](soinfo* si) {
2151 if (!si->is_linked()) {
2152 si->set_linked();
2153 }
2154 });
2155
2156 failure_guard.disable();
2157 }
2158
2159 if (!was_local_group_root_linked) {
2160 local_group.front()->increment_ref_count();
2161 }
2162
2163 return linked;
2164 }
2165
find_library(android_namespace_t * ns,const char * name,int rtld_flags,const android_dlextinfo * extinfo,soinfo * needed_by)2166 static soinfo* find_library(android_namespace_t* ns,
2167 const char* name, int rtld_flags,
2168 const android_dlextinfo* extinfo,
2169 soinfo* needed_by) {
2170 soinfo* si;
2171
2172 if (name == nullptr) {
2173 si = somain;
2174 } else if (!find_libraries(ns, needed_by, &name, 1, &si, nullptr, 0, rtld_flags,
2175 extinfo, /* add_as_children */ false)) {
2176 return nullptr;
2177 }
2178
2179 return si;
2180 }
2181
soinfo_unload(soinfo * root)2182 static void soinfo_unload(soinfo* root) {
2183 if (root->is_linked()) {
2184 root = root->get_local_group_root();
2185 }
2186
2187 if (!root->can_unload()) {
2188 TRACE("not unloading \"%s\" - the binary is flagged with NODELETE", root->get_realpath());
2189 return;
2190 }
2191
2192 soinfo_unload(&root, 1);
2193 }
2194
soinfo_unload(soinfo * soinfos[],size_t count)2195 static void soinfo_unload(soinfo* soinfos[], size_t count) {
2196 // Note that the library can be loaded but not linked;
2197 // in which case there is no root but we still need
2198 // to walk the tree and unload soinfos involved.
2199 //
2200 // This happens on unsuccessful dlopen, when one of
2201 // the DT_NEEDED libraries could not be linked/found.
2202 if (count == 0) {
2203 return;
2204 }
2205
2206 soinfo::soinfo_list_t unload_list;
2207 for (size_t i = 0; i < count; ++i) {
2208 soinfo* si = soinfos[i];
2209
2210 if (si->can_unload()) {
2211 size_t ref_count = si->is_linked() ? si->decrement_ref_count() : 0;
2212 if (ref_count == 0) {
2213 unload_list.push_back(si);
2214 } else {
2215 TRACE("not unloading '%s' group, decrementing ref_count to %zd",
2216 si->get_realpath(), ref_count);
2217 }
2218 } else {
2219 TRACE("not unloading '%s' - the binary is flagged with NODELETE", si->get_realpath());
2220 return;
2221 }
2222 }
2223
2224 // This is used to identify soinfos outside of the load-group
2225 // note that we cannot have > 1 in the array and have any of them
2226 // linked. This is why we can safely use the first one.
2227 soinfo* root = soinfos[0];
2228
2229 soinfo::soinfo_list_t local_unload_list;
2230 soinfo::soinfo_list_t external_unload_list;
2231 soinfo* si = nullptr;
2232
2233 while ((si = unload_list.pop_front()) != nullptr) {
2234 if (local_unload_list.contains(si)) {
2235 continue;
2236 }
2237
2238 local_unload_list.push_back(si);
2239
2240 if (si->has_min_version(0)) {
2241 soinfo* child = nullptr;
2242 while ((child = si->get_children().pop_front()) != nullptr) {
2243 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si,
2244 child->get_realpath(), child);
2245
2246 if (local_unload_list.contains(child)) {
2247 continue;
2248 } else if (child->is_linked() && child->get_local_group_root() != root) {
2249 external_unload_list.push_back(child);
2250 } else {
2251 unload_list.push_front(child);
2252 }
2253 }
2254 } else {
2255 #if !defined(__work_around_b_24465209__)
2256 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si);
2257 #else
2258 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_realpath(), si);
2259 for_each_dt_needed(si, [&] (const char* library_name) {
2260 TRACE("deprecated (old format of soinfo): %s needs to unload %s",
2261 si->get_realpath(), library_name);
2262
2263 soinfo* needed = find_library(si->get_primary_namespace(),
2264 library_name, RTLD_NOLOAD, nullptr, nullptr);
2265
2266 if (needed != nullptr) {
2267 // Not found: for example if symlink was deleted between dlopen and dlclose
2268 // Since we cannot really handle errors at this point - print and continue.
2269 PRINT("warning: couldn't find %s needed by %s on unload.",
2270 library_name, si->get_realpath());
2271 return;
2272 } else if (local_unload_list.contains(needed)) {
2273 // already visited
2274 return;
2275 } else if (needed->is_linked() && needed->get_local_group_root() != root) {
2276 // external group
2277 external_unload_list.push_back(needed);
2278 } else {
2279 // local group
2280 unload_list.push_front(needed);
2281 }
2282 });
2283 #endif
2284 }
2285 }
2286
2287 local_unload_list.for_each([](soinfo* si) {
2288 si->call_destructors();
2289 });
2290
2291 while ((si = local_unload_list.pop_front()) != nullptr) {
2292 notify_gdb_of_unload(si);
2293 soinfo_free(si);
2294 }
2295
2296 while ((si = external_unload_list.pop_front()) != nullptr) {
2297 soinfo_unload(si);
2298 }
2299 }
2300
symbol_display_name(const char * sym_name,const char * sym_ver)2301 static std::string symbol_display_name(const char* sym_name, const char* sym_ver) {
2302 if (sym_ver == nullptr) {
2303 return sym_name;
2304 }
2305
2306 return std::string(sym_name) + ", version " + sym_ver;
2307 }
2308
get_caller_namespace(soinfo * caller)2309 static android_namespace_t* get_caller_namespace(soinfo* caller) {
2310 return caller != nullptr ? caller->get_primary_namespace() : g_anonymous_namespace;
2311 }
2312
do_android_get_LD_LIBRARY_PATH(char * buffer,size_t buffer_size)2313 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) {
2314 // Use basic string manipulation calls to avoid snprintf.
2315 // snprintf indirectly calls pthread_getspecific to get the size of a buffer.
2316 // When debug malloc is enabled, this call returns 0. This in turn causes
2317 // snprintf to do nothing, which causes libraries to fail to load.
2318 // See b/17302493 for further details.
2319 // Once the above bug is fixed, this code can be modified to use
2320 // snprintf again.
2321 size_t required_len = 0;
2322 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) {
2323 required_len += strlen(g_default_ld_paths[i]) + 1;
2324 }
2325 if (buffer_size < required_len) {
2326 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: "
2327 "buffer len %zu, required len %zu", buffer_size, required_len);
2328 }
2329 char* end = buffer;
2330 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) {
2331 if (i > 0) *end++ = ':';
2332 end = stpcpy(end, g_default_ld_paths[i]);
2333 }
2334 }
2335
do_android_update_LD_LIBRARY_PATH(const char * ld_library_path)2336 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) {
2337 parse_LD_LIBRARY_PATH(ld_library_path);
2338 }
2339
do_dlopen(const char * name,int flags,const android_dlextinfo * extinfo,void * caller_addr)2340 void* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo,
2341 void* caller_addr) {
2342 soinfo* const caller = find_containing_library(caller_addr);
2343
2344 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) {
2345 DL_ERR("invalid flags to dlopen: %x", flags);
2346 return nullptr;
2347 }
2348
2349 android_namespace_t* ns = get_caller_namespace(caller);
2350
2351 if (extinfo != nullptr) {
2352 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) {
2353 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags);
2354 return nullptr;
2355 }
2356
2357 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 &&
2358 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) {
2359 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without "
2360 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags);
2361 return nullptr;
2362 }
2363
2364 if ((extinfo->flags & ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS) != 0 &&
2365 (extinfo->flags & (ANDROID_DLEXT_RESERVED_ADDRESS | ANDROID_DLEXT_RESERVED_ADDRESS_HINT)) != 0) {
2366 DL_ERR("invalid extended flag combination: ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS is not "
2367 "compatible with ANDROID_DLEXT_RESERVED_ADDRESS/ANDROID_DLEXT_RESERVED_ADDRESS_HINT");
2368 return nullptr;
2369 }
2370
2371 if ((extinfo->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0) {
2372 if (extinfo->library_namespace == nullptr) {
2373 DL_ERR("ANDROID_DLEXT_USE_NAMESPACE is set but extinfo->library_namespace is null");
2374 return nullptr;
2375 }
2376 ns = extinfo->library_namespace;
2377 }
2378 }
2379
2380 std::string asan_name_holder;
2381
2382 const char* translated_name = name;
2383 if (g_is_asan) {
2384 if (file_is_in_dir(name, kSystemLibDir)) {
2385 asan_name_holder = std::string(kAsanSystemLibDir) + "/" + basename(name);
2386 if (file_exists(asan_name_holder.c_str())) {
2387 translated_name = asan_name_holder.c_str();
2388 PRINT("linker_asan dlopen translating \"%s\" -> \"%s\"", name, translated_name);
2389 }
2390 } else if (file_is_in_dir(name, kVendorLibDir)) {
2391 asan_name_holder = std::string(kAsanVendorLibDir) + "/" + basename(name);
2392 if (file_exists(asan_name_holder.c_str())) {
2393 translated_name = asan_name_holder.c_str();
2394 PRINT("linker_asan dlopen translating \"%s\" -> \"%s\"", name, translated_name);
2395 }
2396 }
2397 }
2398
2399 ProtectedDataGuard guard;
2400 soinfo* si = find_library(ns, translated_name, flags, extinfo, caller);
2401 if (si != nullptr) {
2402 si->call_constructors();
2403 return si->to_handle();
2404 }
2405
2406 return nullptr;
2407 }
2408
do_dladdr(const void * addr,Dl_info * info)2409 int do_dladdr(const void* addr, Dl_info* info) {
2410 // Determine if this address can be found in any library currently mapped.
2411 soinfo* si = find_containing_library(addr);
2412 if (si == nullptr) {
2413 return 0;
2414 }
2415
2416 memset(info, 0, sizeof(Dl_info));
2417
2418 info->dli_fname = si->get_realpath();
2419 // Address at which the shared object is loaded.
2420 info->dli_fbase = reinterpret_cast<void*>(si->base);
2421
2422 // Determine if any symbol in the library contains the specified address.
2423 ElfW(Sym)* sym = si->find_symbol_by_address(addr);
2424 if (sym != nullptr) {
2425 info->dli_sname = si->get_string(sym->st_name);
2426 info->dli_saddr = reinterpret_cast<void*>(si->resolve_symbol_address(sym));
2427 }
2428
2429 return 1;
2430 }
2431
soinfo_from_handle(void * handle)2432 static soinfo* soinfo_from_handle(void* handle) {
2433 if ((reinterpret_cast<uintptr_t>(handle) & 1) != 0) {
2434 auto it = g_soinfo_handles_map.find(reinterpret_cast<uintptr_t>(handle));
2435 if (it == g_soinfo_handles_map.end()) {
2436 return nullptr;
2437 } else {
2438 return it->second;
2439 }
2440 }
2441
2442 return static_cast<soinfo*>(handle);
2443 }
2444
do_dlsym(void * handle,const char * sym_name,const char * sym_ver,void * caller_addr,void ** symbol)2445 bool do_dlsym(void* handle, const char* sym_name, const char* sym_ver,
2446 void* caller_addr, void** symbol) {
2447 #if !defined(__LP64__)
2448 if (handle == nullptr) {
2449 DL_ERR("dlsym failed: library handle is null");
2450 return false;
2451 }
2452 #endif
2453
2454 if (sym_name == nullptr) {
2455 DL_ERR("dlsym failed: symbol name is null");
2456 return false;
2457 }
2458
2459 soinfo* found = nullptr;
2460 const ElfW(Sym)* sym = nullptr;
2461 soinfo* caller = find_containing_library(caller_addr);
2462 android_namespace_t* ns = get_caller_namespace(caller);
2463
2464 version_info vi_instance;
2465 version_info* vi = nullptr;
2466
2467 if (sym_ver != nullptr) {
2468 vi_instance.name = sym_ver;
2469 vi_instance.elf_hash = calculate_elf_hash(sym_ver);
2470 vi = &vi_instance;
2471 }
2472
2473 if (handle == RTLD_DEFAULT || handle == RTLD_NEXT) {
2474 sym = dlsym_linear_lookup(ns, sym_name, vi, &found, caller, handle);
2475 } else {
2476 soinfo* si = soinfo_from_handle(handle);
2477 if (si == nullptr) {
2478 DL_ERR("dlsym failed: invalid handle: %p", handle);
2479 return false;
2480 }
2481 sym = dlsym_handle_lookup(si, &found, sym_name, vi);
2482 }
2483
2484 if (sym != nullptr) {
2485 uint32_t bind = ELF_ST_BIND(sym->st_info);
2486
2487 if ((bind == STB_GLOBAL || bind == STB_WEAK) && sym->st_shndx != 0) {
2488 *symbol = reinterpret_cast<void*>(found->resolve_symbol_address(sym));
2489 return true;
2490 }
2491
2492 DL_ERR("symbol \"%s\" found but not global", symbol_display_name(sym_name, sym_ver).c_str());
2493 return false;
2494 }
2495
2496 DL_ERR("undefined symbol: %s", symbol_display_name(sym_name, sym_ver).c_str());
2497 return false;
2498 }
2499
do_dlclose(void * handle)2500 int do_dlclose(void* handle) {
2501 ProtectedDataGuard guard;
2502 soinfo* si = soinfo_from_handle(handle);
2503 if (si == nullptr) {
2504 DL_ERR("invalid handle: %p", handle);
2505 return -1;
2506 }
2507
2508 soinfo_unload(si);
2509 return 0;
2510 }
2511
init_namespaces(const char * public_ns_sonames,const char * anon_ns_library_path)2512 bool init_namespaces(const char* public_ns_sonames, const char* anon_ns_library_path) {
2513 CHECK(public_ns_sonames != nullptr);
2514 if (g_public_namespace_initialized) {
2515 DL_ERR("public namespace has already been initialized.");
2516 return false;
2517 }
2518
2519 std::vector<std::string> sonames = android::base::Split(public_ns_sonames, ":");
2520
2521 ProtectedDataGuard guard;
2522
2523 auto failure_guard = make_scope_guard([&]() {
2524 g_public_namespace.clear();
2525 });
2526
2527 for (const auto& soname : sonames) {
2528 soinfo* candidate = nullptr;
2529
2530 find_loaded_library_by_soname(&g_default_namespace, soname.c_str(), &candidate);
2531
2532 if (candidate == nullptr) {
2533 DL_ERR("error initializing public namespace: a library with soname \"%s\""
2534 " was not found in the default namespace", soname.c_str());
2535 return false;
2536 }
2537
2538 candidate->set_nodelete();
2539 g_public_namespace.push_back(candidate);
2540 }
2541
2542 g_public_namespace_initialized = true;
2543
2544 // create anonymous namespace
2545 // When the caller is nullptr - create_namespace will take global group
2546 // from the anonymous namespace, which is fine because anonymous namespace
2547 // is still pointing to the default one.
2548 android_namespace_t* anon_ns =
2549 create_namespace(nullptr, "(anonymous)", nullptr, anon_ns_library_path,
2550 ANDROID_NAMESPACE_TYPE_REGULAR, nullptr, &g_default_namespace);
2551
2552 if (anon_ns == nullptr) {
2553 g_public_namespace_initialized = false;
2554 return false;
2555 }
2556 g_anonymous_namespace = anon_ns;
2557 failure_guard.disable();
2558 return true;
2559 }
2560
create_namespace(const void * caller_addr,const char * name,const char * ld_library_path,const char * default_library_path,uint64_t type,const char * permitted_when_isolated_path,android_namespace_t * parent_namespace)2561 android_namespace_t* create_namespace(const void* caller_addr,
2562 const char* name,
2563 const char* ld_library_path,
2564 const char* default_library_path,
2565 uint64_t type,
2566 const char* permitted_when_isolated_path,
2567 android_namespace_t* parent_namespace) {
2568 if (!g_public_namespace_initialized) {
2569 DL_ERR("cannot create namespace: public namespace is not initialized.");
2570 return nullptr;
2571 }
2572
2573 if (parent_namespace == nullptr) {
2574 // if parent_namespace is nullptr -> set it to the caller namespace
2575 soinfo* caller_soinfo = find_containing_library(caller_addr);
2576
2577 parent_namespace = caller_soinfo != nullptr ?
2578 caller_soinfo->get_primary_namespace() :
2579 g_anonymous_namespace;
2580 }
2581
2582 ProtectedDataGuard guard;
2583 std::vector<std::string> ld_library_paths;
2584 std::vector<std::string> default_library_paths;
2585 std::vector<std::string> permitted_paths;
2586
2587 parse_path(ld_library_path, ":", &ld_library_paths);
2588 parse_path(default_library_path, ":", &default_library_paths);
2589 parse_path(permitted_when_isolated_path, ":", &permitted_paths);
2590
2591 android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t();
2592 ns->set_name(name);
2593 ns->set_isolated((type & ANDROID_NAMESPACE_TYPE_ISOLATED) != 0);
2594 ns->set_ld_library_paths(std::move(ld_library_paths));
2595 ns->set_default_library_paths(std::move(default_library_paths));
2596 ns->set_permitted_paths(std::move(permitted_paths));
2597
2598 if ((type & ANDROID_NAMESPACE_TYPE_SHARED) != 0) {
2599 // If shared - clone the parent namespace
2600 ns->add_soinfos(parent_namespace->soinfo_list());
2601 } else {
2602 // If not shared - copy only the shared group
2603 ns->add_soinfos(get_shared_group(parent_namespace));
2604 }
2605
2606 return ns;
2607 }
2608
call_ifunc_resolver(ElfW (Addr)resolver_addr)2609 static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) {
2610 typedef ElfW(Addr) (*ifunc_resolver_t)(void);
2611 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr);
2612 ElfW(Addr) ifunc_addr = ifunc_resolver();
2613 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p",
2614 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr));
2615
2616 return ifunc_addr;
2617 }
2618
get_version_info(ElfW (Versym)source_symver) const2619 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const {
2620 if (source_symver < 2 ||
2621 source_symver >= version_infos.size() ||
2622 version_infos[source_symver].name == nullptr) {
2623 return nullptr;
2624 }
2625
2626 return &version_infos[source_symver];
2627 }
2628
add_version_info(size_t source_index,ElfW (Word)elf_hash,const char * ver_name,const soinfo * target_si)2629 void VersionTracker::add_version_info(size_t source_index,
2630 ElfW(Word) elf_hash,
2631 const char* ver_name,
2632 const soinfo* target_si) {
2633 if (source_index >= version_infos.size()) {
2634 version_infos.resize(source_index+1);
2635 }
2636
2637 version_infos[source_index].elf_hash = elf_hash;
2638 version_infos[source_index].name = ver_name;
2639 version_infos[source_index].target_si = target_si;
2640 }
2641
init_verneed(const soinfo * si_from)2642 bool VersionTracker::init_verneed(const soinfo* si_from) {
2643 uintptr_t verneed_ptr = si_from->get_verneed_ptr();
2644
2645 if (verneed_ptr == 0) {
2646 return true;
2647 }
2648
2649 size_t verneed_cnt = si_from->get_verneed_cnt();
2650
2651 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) {
2652 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset);
2653 size_t vernaux_offset = offset + verneed->vn_aux;
2654 offset += verneed->vn_next;
2655
2656 if (verneed->vn_version != 1) {
2657 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version);
2658 return false;
2659 }
2660
2661 const char* target_soname = si_from->get_string(verneed->vn_file);
2662 // find it in dependencies
2663 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) {
2664 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0;
2665 });
2666
2667 if (target_si == nullptr) {
2668 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"",
2669 target_soname, i, si_from->get_realpath());
2670 return false;
2671 }
2672
2673 for (size_t j = 0; j<verneed->vn_cnt; ++j) {
2674 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset);
2675 vernaux_offset += vernaux->vna_next;
2676
2677 const ElfW(Word) elf_hash = vernaux->vna_hash;
2678 const char* ver_name = si_from->get_string(vernaux->vna_name);
2679 ElfW(Half) source_index = vernaux->vna_other;
2680
2681 add_version_info(source_index, elf_hash, ver_name, target_si);
2682 }
2683 }
2684
2685 return true;
2686 }
2687
init_verdef(const soinfo * si_from)2688 bool VersionTracker::init_verdef(const soinfo* si_from) {
2689 return for_each_verdef(si_from,
2690 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) {
2691 add_version_info(verdef->vd_ndx, verdef->vd_hash,
2692 si_from->get_string(verdaux->vda_name), si_from);
2693 return false;
2694 }
2695 );
2696 }
2697
init(const soinfo * si_from)2698 bool VersionTracker::init(const soinfo* si_from) {
2699 if (!si_from->has_min_version(2)) {
2700 return true;
2701 }
2702
2703 return init_verneed(si_from) && init_verdef(si_from);
2704 }
2705
lookup_version_info(const VersionTracker & version_tracker,ElfW (Word)sym,const char * sym_name,const version_info ** vi)2706 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym,
2707 const char* sym_name, const version_info** vi) {
2708 const ElfW(Versym)* sym_ver_ptr = get_versym(sym);
2709 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr;
2710
2711 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) {
2712 *vi = version_tracker.get_version_info(sym_ver);
2713
2714 if (*vi == nullptr) {
2715 DL_ERR("cannot find verneed/verdef for version index=%d "
2716 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath());
2717 return false;
2718 }
2719 } else {
2720 // there is no version info
2721 *vi = nullptr;
2722 }
2723
2724 return true;
2725 }
2726
2727 #if !defined(__mips__)
2728 #if defined(USE_RELA)
get_addend(ElfW (Rela)* rela,ElfW (Addr)reloc_addr __unused)2729 static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) {
2730 return rela->r_addend;
2731 }
2732 #else
get_addend(ElfW (Rel)* rel,ElfW (Addr)reloc_addr)2733 static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) {
2734 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE ||
2735 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) {
2736 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr);
2737 }
2738 return 0;
2739 }
2740 #endif
2741
2742 template<typename ElfRelIteratorT>
relocate(const VersionTracker & version_tracker,ElfRelIteratorT && rel_iterator,const soinfo_list_t & global_group,const soinfo_list_t & local_group)2743 bool soinfo::relocate(const VersionTracker& version_tracker, ElfRelIteratorT&& rel_iterator,
2744 const soinfo_list_t& global_group, const soinfo_list_t& local_group) {
2745 for (size_t idx = 0; rel_iterator.has_next(); ++idx) {
2746 const auto rel = rel_iterator.next();
2747 if (rel == nullptr) {
2748 return false;
2749 }
2750
2751 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info);
2752 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info);
2753
2754 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias);
2755 ElfW(Addr) sym_addr = 0;
2756 const char* sym_name = nullptr;
2757 ElfW(Addr) addend = get_addend(rel, reloc);
2758
2759 DEBUG("Processing \"%s\" relocation at index %zd", get_realpath(), idx);
2760 if (type == R_GENERIC_NONE) {
2761 continue;
2762 }
2763
2764 const ElfW(Sym)* s = nullptr;
2765 soinfo* lsi = nullptr;
2766
2767 if (sym != 0) {
2768 sym_name = get_string(symtab_[sym].st_name);
2769 const version_info* vi = nullptr;
2770
2771 if (!lookup_version_info(version_tracker, sym, sym_name, &vi)) {
2772 return false;
2773 }
2774
2775 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) {
2776 return false;
2777 }
2778
2779 if (s == nullptr) {
2780 // We only allow an undefined symbol if this is a weak reference...
2781 s = &symtab_[sym];
2782 if (ELF_ST_BIND(s->st_info) != STB_WEAK) {
2783 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_realpath());
2784 return false;
2785 }
2786
2787 /* IHI0044C AAELF 4.5.1.1:
2788
2789 Libraries are not searched to resolve weak references.
2790 It is not an error for a weak reference to remain unsatisfied.
2791
2792 During linking, the value of an undefined weak reference is:
2793 - Zero if the relocation type is absolute
2794 - The address of the place if the relocation is pc-relative
2795 - The address of nominal base address if the relocation
2796 type is base-relative.
2797 */
2798
2799 switch (type) {
2800 case R_GENERIC_JUMP_SLOT:
2801 case R_GENERIC_GLOB_DAT:
2802 case R_GENERIC_RELATIVE:
2803 case R_GENERIC_IRELATIVE:
2804 #if defined(__aarch64__)
2805 case R_AARCH64_ABS64:
2806 case R_AARCH64_ABS32:
2807 case R_AARCH64_ABS16:
2808 #elif defined(__x86_64__)
2809 case R_X86_64_32:
2810 case R_X86_64_64:
2811 #elif defined(__arm__)
2812 case R_ARM_ABS32:
2813 #elif defined(__i386__)
2814 case R_386_32:
2815 #endif
2816 /*
2817 * The sym_addr was initialized to be zero above, or the relocation
2818 * code below does not care about value of sym_addr.
2819 * No need to do anything.
2820 */
2821 break;
2822 #if defined(__x86_64__)
2823 case R_X86_64_PC32:
2824 sym_addr = reloc;
2825 break;
2826 #elif defined(__i386__)
2827 case R_386_PC32:
2828 sym_addr = reloc;
2829 break;
2830 #endif
2831 default:
2832 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx);
2833 return false;
2834 }
2835 } else { // We got a definition.
2836 #if !defined(__LP64__)
2837 // When relocating dso with text_relocation .text segment is
2838 // not executable. We need to restore elf flags before resolving
2839 // STT_GNU_IFUNC symbol.
2840 bool protect_segments = has_text_relocations &&
2841 lsi == this &&
2842 ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC;
2843 if (protect_segments) {
2844 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) {
2845 DL_ERR("can't protect segments for \"%s\": %s",
2846 get_realpath(), strerror(errno));
2847 return false;
2848 }
2849 }
2850 #endif
2851 sym_addr = lsi->resolve_symbol_address(s);
2852 #if !defined(__LP64__)
2853 if (protect_segments) {
2854 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) {
2855 DL_ERR("can't unprotect loadable segments for \"%s\": %s",
2856 get_realpath(), strerror(errno));
2857 return false;
2858 }
2859 }
2860 #endif
2861 }
2862 count_relocation(kRelocSymbol);
2863 }
2864
2865 switch (type) {
2866 case R_GENERIC_JUMP_SLOT:
2867 count_relocation(kRelocAbsolute);
2868 MARK(rel->r_offset);
2869 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n",
2870 reinterpret_cast<void*>(reloc),
2871 reinterpret_cast<void*>(sym_addr + addend), sym_name);
2872
2873 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend);
2874 break;
2875 case R_GENERIC_GLOB_DAT:
2876 count_relocation(kRelocAbsolute);
2877 MARK(rel->r_offset);
2878 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n",
2879 reinterpret_cast<void*>(reloc),
2880 reinterpret_cast<void*>(sym_addr + addend), sym_name);
2881 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend);
2882 break;
2883 case R_GENERIC_RELATIVE:
2884 count_relocation(kRelocRelative);
2885 MARK(rel->r_offset);
2886 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n",
2887 reinterpret_cast<void*>(reloc),
2888 reinterpret_cast<void*>(load_bias + addend));
2889 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend);
2890 break;
2891 case R_GENERIC_IRELATIVE:
2892 count_relocation(kRelocRelative);
2893 MARK(rel->r_offset);
2894 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n",
2895 reinterpret_cast<void*>(reloc),
2896 reinterpret_cast<void*>(load_bias + addend));
2897 {
2898 #if !defined(__LP64__)
2899 // When relocating dso with text_relocation .text segment is
2900 // not executable. We need to restore elf flags for this
2901 // particular call.
2902 if (has_text_relocations) {
2903 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) {
2904 DL_ERR("can't protect segments for \"%s\": %s",
2905 get_realpath(), strerror(errno));
2906 return false;
2907 }
2908 }
2909 #endif
2910 ElfW(Addr) ifunc_addr = call_ifunc_resolver(load_bias + addend);
2911 #if !defined(__LP64__)
2912 // Unprotect it afterwards...
2913 if (has_text_relocations) {
2914 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) {
2915 DL_ERR("can't unprotect loadable segments for \"%s\": %s",
2916 get_realpath(), strerror(errno));
2917 return false;
2918 }
2919 }
2920 #endif
2921 *reinterpret_cast<ElfW(Addr)*>(reloc) = ifunc_addr;
2922 }
2923 break;
2924
2925 #if defined(__aarch64__)
2926 case R_AARCH64_ABS64:
2927 count_relocation(kRelocAbsolute);
2928 MARK(rel->r_offset);
2929 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n",
2930 reloc, sym_addr + addend, sym_name);
2931 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend;
2932 break;
2933 case R_AARCH64_ABS32:
2934 count_relocation(kRelocAbsolute);
2935 MARK(rel->r_offset);
2936 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n",
2937 reloc, sym_addr + addend, sym_name);
2938 {
2939 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN);
2940 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX);
2941 if ((min_value <= (sym_addr + addend)) &&
2942 ((sym_addr + addend) <= max_value)) {
2943 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend;
2944 } else {
2945 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx",
2946 sym_addr + addend, min_value, max_value);
2947 return false;
2948 }
2949 }
2950 break;
2951 case R_AARCH64_ABS16:
2952 count_relocation(kRelocAbsolute);
2953 MARK(rel->r_offset);
2954 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n",
2955 reloc, sym_addr + addend, sym_name);
2956 {
2957 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN);
2958 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX);
2959 if ((min_value <= (sym_addr + addend)) &&
2960 ((sym_addr + addend) <= max_value)) {
2961 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend);
2962 } else {
2963 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx",
2964 sym_addr + addend, min_value, max_value);
2965 return false;
2966 }
2967 }
2968 break;
2969 case R_AARCH64_PREL64:
2970 count_relocation(kRelocRelative);
2971 MARK(rel->r_offset);
2972 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n",
2973 reloc, sym_addr + addend, rel->r_offset, sym_name);
2974 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset;
2975 break;
2976 case R_AARCH64_PREL32:
2977 count_relocation(kRelocRelative);
2978 MARK(rel->r_offset);
2979 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n",
2980 reloc, sym_addr + addend, rel->r_offset, sym_name);
2981 {
2982 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN);
2983 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX);
2984 if ((min_value <= (sym_addr + addend - rel->r_offset)) &&
2985 ((sym_addr + addend - rel->r_offset) <= max_value)) {
2986 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset;
2987 } else {
2988 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx",
2989 sym_addr + addend - rel->r_offset, min_value, max_value);
2990 return false;
2991 }
2992 }
2993 break;
2994 case R_AARCH64_PREL16:
2995 count_relocation(kRelocRelative);
2996 MARK(rel->r_offset);
2997 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n",
2998 reloc, sym_addr + addend, rel->r_offset, sym_name);
2999 {
3000 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN);
3001 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX);
3002 if ((min_value <= (sym_addr + addend - rel->r_offset)) &&
3003 ((sym_addr + addend - rel->r_offset) <= max_value)) {
3004 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset;
3005 } else {
3006 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx",
3007 sym_addr + addend - rel->r_offset, min_value, max_value);
3008 return false;
3009 }
3010 }
3011 break;
3012
3013 case R_AARCH64_COPY:
3014 /*
3015 * ET_EXEC is not supported so this should not happen.
3016 *
3017 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf
3018 *
3019 * Section 4.6.11 "Dynamic relocations"
3020 * R_AARCH64_COPY may only appear in executable objects where e_type is
3021 * set to ET_EXEC.
3022 */
3023 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_realpath());
3024 return false;
3025 case R_AARCH64_TLS_TPREL64:
3026 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n",
3027 reloc, (sym_addr + addend), rel->r_offset);
3028 break;
3029 case R_AARCH64_TLS_DTPREL32:
3030 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n",
3031 reloc, (sym_addr + addend), rel->r_offset);
3032 break;
3033 #elif defined(__x86_64__)
3034 case R_X86_64_32:
3035 count_relocation(kRelocRelative);
3036 MARK(rel->r_offset);
3037 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc),
3038 static_cast<size_t>(sym_addr), sym_name);
3039 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend;
3040 break;
3041 case R_X86_64_64:
3042 count_relocation(kRelocRelative);
3043 MARK(rel->r_offset);
3044 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc),
3045 static_cast<size_t>(sym_addr), sym_name);
3046 *reinterpret_cast<Elf64_Addr*>(reloc) = sym_addr + addend;
3047 break;
3048 case R_X86_64_PC32:
3049 count_relocation(kRelocRelative);
3050 MARK(rel->r_offset);
3051 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s",
3052 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc),
3053 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name);
3054 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend - reloc;
3055 break;
3056 #elif defined(__arm__)
3057 case R_ARM_ABS32:
3058 count_relocation(kRelocAbsolute);
3059 MARK(rel->r_offset);
3060 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name);
3061 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr;
3062 break;
3063 case R_ARM_REL32:
3064 count_relocation(kRelocRelative);
3065 MARK(rel->r_offset);
3066 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s",
3067 reloc, sym_addr, rel->r_offset, sym_name);
3068 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset;
3069 break;
3070 case R_ARM_COPY:
3071 /*
3072 * ET_EXEC is not supported so this should not happen.
3073 *
3074 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf
3075 *
3076 * Section 4.6.1.10 "Dynamic relocations"
3077 * R_ARM_COPY may only appear in executable objects where e_type is
3078 * set to ET_EXEC.
3079 */
3080 DL_ERR("%s R_ARM_COPY relocations are not supported", get_realpath());
3081 return false;
3082 #elif defined(__i386__)
3083 case R_386_32:
3084 count_relocation(kRelocRelative);
3085 MARK(rel->r_offset);
3086 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name);
3087 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr;
3088 break;
3089 case R_386_PC32:
3090 count_relocation(kRelocRelative);
3091 MARK(rel->r_offset);
3092 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s",
3093 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name);
3094 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc);
3095 break;
3096 #endif
3097 default:
3098 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx);
3099 return false;
3100 }
3101 }
3102 return true;
3103 }
3104 #endif // !defined(__mips__)
3105
call_array(const char * array_name __unused,linker_function_t * functions,size_t count,bool reverse)3106 void soinfo::call_array(const char* array_name __unused, linker_function_t* functions,
3107 size_t count, bool reverse) {
3108 if (functions == nullptr) {
3109 return;
3110 }
3111
3112 TRACE("[ Calling %s (size %zd) @ %p for \"%s\" ]", array_name, count, functions, get_realpath());
3113
3114 int begin = reverse ? (count - 1) : 0;
3115 int end = reverse ? -1 : count;
3116 int step = reverse ? -1 : 1;
3117
3118 for (int i = begin; i != end; i += step) {
3119 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]);
3120 call_function("function", functions[i]);
3121 }
3122
3123 TRACE("[ Done calling %s for \"%s\" ]", array_name, get_realpath());
3124 }
3125
call_function(const char * function_name __unused,linker_function_t function)3126 void soinfo::call_function(const char* function_name __unused, linker_function_t function) {
3127 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) {
3128 return;
3129 }
3130
3131 TRACE("[ Calling %s @ %p for \"%s\" ]", function_name, function, get_realpath());
3132 function();
3133 TRACE("[ Done calling %s @ %p for \"%s\" ]", function_name, function, get_realpath());
3134 }
3135
call_pre_init_constructors()3136 void soinfo::call_pre_init_constructors() {
3137 // DT_PREINIT_ARRAY functions are called before any other constructors for executables,
3138 // but ignored in a shared library.
3139 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false);
3140 }
3141
call_constructors()3142 void soinfo::call_constructors() {
3143 if (constructors_called) {
3144 return;
3145 }
3146
3147 // We set constructors_called before actually calling the constructors, otherwise it doesn't
3148 // protect against recursive constructor calls. One simple example of constructor recursion
3149 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so:
3150 // 1. The program depends on libc, so libc's constructor is called here.
3151 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so.
3152 // 3. dlopen() calls the constructors on the newly created
3153 // soinfo for libc_malloc_debug_leak.so.
3154 // 4. The debug .so depends on libc, so CallConstructors is
3155 // called again with the libc soinfo. If it doesn't trigger the early-
3156 // out above, the libc constructor will be called again (recursively!).
3157 constructors_called = true;
3158
3159 if (!is_main_executable() && preinit_array_ != nullptr) {
3160 // The GNU dynamic linker silently ignores these, but we warn the developer.
3161 PRINT("\"%s\": ignoring DT_PREINIT_ARRAY in shared library!", get_realpath());
3162 }
3163
3164 get_children().for_each([] (soinfo* si) {
3165 si->call_constructors();
3166 });
3167
3168 TRACE("\"%s\": calling constructors", get_realpath());
3169
3170 // DT_INIT should be called before DT_INIT_ARRAY if both are present.
3171 call_function("DT_INIT", init_func_);
3172 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false);
3173 }
3174
call_destructors()3175 void soinfo::call_destructors() {
3176 if (!constructors_called) {
3177 return;
3178 }
3179 TRACE("\"%s\": calling destructors", get_realpath());
3180
3181 // DT_FINI_ARRAY must be parsed in reverse order.
3182 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true);
3183
3184 // DT_FINI should be called after DT_FINI_ARRAY if both are present.
3185 call_function("DT_FINI", fini_func_);
3186
3187 // This is needed on second call to dlopen
3188 // after library has been unloaded with RTLD_NODELETE
3189 constructors_called = false;
3190 }
3191
add_child(soinfo * child)3192 void soinfo::add_child(soinfo* child) {
3193 if (has_min_version(0)) {
3194 child->parents_.push_back(this);
3195 this->children_.push_back(child);
3196 }
3197 }
3198
remove_all_links()3199 void soinfo::remove_all_links() {
3200 if (!has_min_version(0)) {
3201 return;
3202 }
3203
3204 // 1. Untie connected soinfos from 'this'.
3205 children_.for_each([&] (soinfo* child) {
3206 child->parents_.remove_if([&] (const soinfo* parent) {
3207 return parent == this;
3208 });
3209 });
3210
3211 parents_.for_each([&] (soinfo* parent) {
3212 parent->children_.remove_if([&] (const soinfo* child) {
3213 return child == this;
3214 });
3215 });
3216
3217 // 2. Remove from the primary namespace
3218 primary_namespace_->remove_soinfo(this);
3219 primary_namespace_ = nullptr;
3220
3221 // 3. Remove from secondary namespaces
3222 secondary_namespaces_.for_each([&](android_namespace_t* ns) {
3223 ns->remove_soinfo(this);
3224 });
3225
3226
3227 // 4. Once everything untied - clear local lists.
3228 parents_.clear();
3229 children_.clear();
3230 secondary_namespaces_.clear();
3231 }
3232
get_st_dev() const3233 dev_t soinfo::get_st_dev() const {
3234 if (has_min_version(0)) {
3235 return st_dev_;
3236 }
3237
3238 return 0;
3239 };
3240
get_st_ino() const3241 ino_t soinfo::get_st_ino() const {
3242 if (has_min_version(0)) {
3243 return st_ino_;
3244 }
3245
3246 return 0;
3247 }
3248
get_file_offset() const3249 off64_t soinfo::get_file_offset() const {
3250 if (has_min_version(1)) {
3251 return file_offset_;
3252 }
3253
3254 return 0;
3255 }
3256
get_rtld_flags() const3257 uint32_t soinfo::get_rtld_flags() const {
3258 if (has_min_version(1)) {
3259 return rtld_flags_;
3260 }
3261
3262 return 0;
3263 }
3264
get_dt_flags_1() const3265 uint32_t soinfo::get_dt_flags_1() const {
3266 if (has_min_version(1)) {
3267 return dt_flags_1_;
3268 }
3269
3270 return 0;
3271 }
3272
set_dt_flags_1(uint32_t dt_flags_1)3273 void soinfo::set_dt_flags_1(uint32_t dt_flags_1) {
3274 if (has_min_version(1)) {
3275 if ((dt_flags_1 & DF_1_GLOBAL) != 0) {
3276 rtld_flags_ |= RTLD_GLOBAL;
3277 }
3278
3279 if ((dt_flags_1 & DF_1_NODELETE) != 0) {
3280 rtld_flags_ |= RTLD_NODELETE;
3281 }
3282
3283 dt_flags_1_ = dt_flags_1;
3284 }
3285 }
3286
set_nodelete()3287 void soinfo::set_nodelete() {
3288 rtld_flags_ |= RTLD_NODELETE;
3289 }
3290
get_realpath() const3291 const char* soinfo::get_realpath() const {
3292 #if defined(__work_around_b_24465209__)
3293 if (has_min_version(2)) {
3294 return realpath_.c_str();
3295 } else {
3296 return old_name_;
3297 }
3298 #else
3299 return realpath_.c_str();
3300 #endif
3301 }
3302
set_soname(const char * soname)3303 void soinfo::set_soname(const char* soname) {
3304 #if defined(__work_around_b_24465209__)
3305 if (has_min_version(2)) {
3306 soname_ = soname;
3307 }
3308 strlcpy(old_name_, soname_, sizeof(old_name_));
3309 #else
3310 soname_ = soname;
3311 #endif
3312 }
3313
get_soname() const3314 const char* soinfo::get_soname() const {
3315 #if defined(__work_around_b_24465209__)
3316 if (has_min_version(2)) {
3317 return soname_;
3318 } else {
3319 return old_name_;
3320 }
3321 #else
3322 return soname_;
3323 #endif
3324 }
3325
3326 // This is a return on get_children()/get_parents() if
3327 // 'this->flags' does not have FLAG_NEW_SOINFO set.
3328 static soinfo::soinfo_list_t g_empty_list;
3329
get_children()3330 soinfo::soinfo_list_t& soinfo::get_children() {
3331 if (has_min_version(0)) {
3332 return children_;
3333 }
3334
3335 return g_empty_list;
3336 }
3337
get_children() const3338 const soinfo::soinfo_list_t& soinfo::get_children() const {
3339 if (has_min_version(0)) {
3340 return children_;
3341 }
3342
3343 return g_empty_list;
3344 }
3345
get_parents()3346 soinfo::soinfo_list_t& soinfo::get_parents() {
3347 if (has_min_version(0)) {
3348 return parents_;
3349 }
3350
3351 return g_empty_list;
3352 }
3353
3354 static std::vector<std::string> g_empty_runpath;
3355
get_dt_runpath() const3356 const std::vector<std::string>& soinfo::get_dt_runpath() const {
3357 if (has_min_version(3)) {
3358 return dt_runpath_;
3359 }
3360
3361 return g_empty_runpath;
3362 }
3363
get_primary_namespace()3364 android_namespace_t* soinfo::get_primary_namespace() {
3365 if (has_min_version(3)) {
3366 return primary_namespace_;
3367 }
3368
3369 return &g_default_namespace;
3370 }
3371
add_secondary_namespace(android_namespace_t * secondary_ns)3372 void soinfo::add_secondary_namespace(android_namespace_t* secondary_ns) {
3373 CHECK(has_min_version(3));
3374 secondary_namespaces_.push_back(secondary_ns);
3375 }
3376
ElfW(Addr)3377 ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const {
3378 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) {
3379 return call_ifunc_resolver(s->st_value + load_bias);
3380 }
3381
3382 return static_cast<ElfW(Addr)>(s->st_value + load_bias);
3383 }
3384
get_string(ElfW (Word)index) const3385 const char* soinfo::get_string(ElfW(Word) index) const {
3386 if (has_min_version(1) && (index >= strtab_size_)) {
3387 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d",
3388 get_realpath(), strtab_size_, index);
3389 }
3390
3391 return strtab_ + index;
3392 }
3393
is_gnu_hash() const3394 bool soinfo::is_gnu_hash() const {
3395 return (flags_ & FLAG_GNU_HASH) != 0;
3396 }
3397
can_unload() const3398 bool soinfo::can_unload() const {
3399 return !is_linked() || ((get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0);
3400 }
3401
is_linked() const3402 bool soinfo::is_linked() const {
3403 return (flags_ & FLAG_LINKED) != 0;
3404 }
3405
is_main_executable() const3406 bool soinfo::is_main_executable() const {
3407 return (flags_ & FLAG_EXE) != 0;
3408 }
3409
is_linker() const3410 bool soinfo::is_linker() const {
3411 return (flags_ & FLAG_LINKER) != 0;
3412 }
3413
set_linked()3414 void soinfo::set_linked() {
3415 flags_ |= FLAG_LINKED;
3416 }
3417
set_linker_flag()3418 void soinfo::set_linker_flag() {
3419 flags_ |= FLAG_LINKER;
3420 }
3421
set_main_executable()3422 void soinfo::set_main_executable() {
3423 flags_ |= FLAG_EXE;
3424 }
3425
increment_ref_count()3426 void soinfo::increment_ref_count() {
3427 local_group_root_->ref_count_++;
3428 }
3429
decrement_ref_count()3430 size_t soinfo::decrement_ref_count() {
3431 return --local_group_root_->ref_count_;
3432 }
3433
get_local_group_root() const3434 soinfo* soinfo::get_local_group_root() const {
3435 return local_group_root_;
3436 }
3437
3438
set_mapped_by_caller(bool mapped_by_caller)3439 void soinfo::set_mapped_by_caller(bool mapped_by_caller) {
3440 if (mapped_by_caller) {
3441 flags_ |= FLAG_MAPPED_BY_CALLER;
3442 } else {
3443 flags_ &= ~FLAG_MAPPED_BY_CALLER;
3444 }
3445 }
3446
is_mapped_by_caller() const3447 bool soinfo::is_mapped_by_caller() const {
3448 return (flags_ & FLAG_MAPPED_BY_CALLER) != 0;
3449 }
3450
3451 // This function returns api-level at the time of
3452 // dlopen/load. Note that libraries opened by system
3453 // will always have 'current' api level.
get_target_sdk_version() const3454 uint32_t soinfo::get_target_sdk_version() const {
3455 if (!has_min_version(2)) {
3456 return __ANDROID_API__;
3457 }
3458
3459 return local_group_root_->target_sdk_version_;
3460 }
3461
get_handle() const3462 uintptr_t soinfo::get_handle() const {
3463 CHECK(has_min_version(3));
3464 CHECK(handle_ != 0);
3465 return handle_;
3466 }
3467
to_handle()3468 void* soinfo::to_handle() {
3469 if (get_application_target_sdk_version() <= 23 || !has_min_version(3)) {
3470 return this;
3471 }
3472
3473 return reinterpret_cast<void*>(get_handle());
3474 }
3475
generate_handle()3476 void soinfo::generate_handle() {
3477 CHECK(has_min_version(3));
3478 CHECK(handle_ == 0); // Make sure this is the first call
3479
3480 // Make sure the handle is unique and does not collide
3481 // with special values which are RTLD_DEFAULT and RTLD_NEXT.
3482 do {
3483 arc4random_buf(&handle_, sizeof(handle_));
3484 // the least significant bit for the handle is always 1
3485 // making it easy to test the type of handle passed to
3486 // dl* functions.
3487 handle_ = handle_ | 1;
3488 } while (handle_ == reinterpret_cast<uintptr_t>(RTLD_DEFAULT) ||
3489 handle_ == reinterpret_cast<uintptr_t>(RTLD_NEXT) ||
3490 g_soinfo_handles_map.find(handle_) != g_soinfo_handles_map.end());
3491
3492 g_soinfo_handles_map[handle_] = this;
3493 }
3494
prelink_image()3495 bool soinfo::prelink_image() {
3496 /* Extract dynamic section */
3497 ElfW(Word) dynamic_flags = 0;
3498 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags);
3499
3500 /* We can't log anything until the linker is relocated */
3501 bool relocating_linker = (flags_ & FLAG_LINKER) != 0;
3502 if (!relocating_linker) {
3503 INFO("[ Linking \"%s\" ]", get_realpath());
3504 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_);
3505 }
3506
3507 if (dynamic == nullptr) {
3508 if (!relocating_linker) {
3509 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath());
3510 }
3511 return false;
3512 } else {
3513 if (!relocating_linker) {
3514 DEBUG("dynamic = %p", dynamic);
3515 }
3516 }
3517
3518 #if defined(__arm__)
3519 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias,
3520 &ARM_exidx, &ARM_exidx_count);
3521 #endif
3522
3523 // Extract useful information from dynamic section.
3524 // Note that: "Except for the DT_NULL element at the end of the array,
3525 // and the relative order of DT_NEEDED elements, entries may appear in any order."
3526 //
3527 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html
3528 uint32_t needed_count = 0;
3529 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) {
3530 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p",
3531 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val));
3532 switch (d->d_tag) {
3533 case DT_SONAME:
3534 // this is parsed after we have strtab initialized (see below).
3535 break;
3536
3537 case DT_HASH:
3538 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0];
3539 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1];
3540 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8);
3541 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4);
3542 break;
3543
3544 case DT_GNU_HASH:
3545 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0];
3546 // skip symndx
3547 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2];
3548 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3];
3549
3550 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16);
3551 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_);
3552 // amend chain for symndx = header[1]
3553 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ -
3554 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1];
3555
3556 if (!powerof2(gnu_maskwords_)) {
3557 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two",
3558 gnu_maskwords_, get_realpath());
3559 return false;
3560 }
3561 --gnu_maskwords_;
3562
3563 flags_ |= FLAG_GNU_HASH;
3564 break;
3565
3566 case DT_STRTAB:
3567 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr);
3568 break;
3569
3570 case DT_STRSZ:
3571 strtab_size_ = d->d_un.d_val;
3572 break;
3573
3574 case DT_SYMTAB:
3575 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr);
3576 break;
3577
3578 case DT_SYMENT:
3579 if (d->d_un.d_val != sizeof(ElfW(Sym))) {
3580 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"",
3581 static_cast<size_t>(d->d_un.d_val), get_realpath());
3582 return false;
3583 }
3584 break;
3585
3586 case DT_PLTREL:
3587 #if defined(USE_RELA)
3588 if (d->d_un.d_val != DT_RELA) {
3589 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath());
3590 return false;
3591 }
3592 #else
3593 if (d->d_un.d_val != DT_REL) {
3594 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath());
3595 return false;
3596 }
3597 #endif
3598 break;
3599
3600 case DT_JMPREL:
3601 #if defined(USE_RELA)
3602 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr);
3603 #else
3604 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr);
3605 #endif
3606 break;
3607
3608 case DT_PLTRELSZ:
3609 #if defined(USE_RELA)
3610 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela));
3611 #else
3612 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel));
3613 #endif
3614 break;
3615
3616 case DT_PLTGOT:
3617 #if defined(__mips__)
3618 // Used by mips and mips64.
3619 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr);
3620 #endif
3621 // Ignore for other platforms... (because RTLD_LAZY is not supported)
3622 break;
3623
3624 case DT_DEBUG:
3625 // Set the DT_DEBUG entry to the address of _r_debug for GDB
3626 // if the dynamic table is writable
3627 // FIXME: not working currently for N64
3628 // The flags for the LOAD and DYNAMIC program headers do not agree.
3629 // The LOAD section containing the dynamic table has been mapped as
3630 // read-only, but the DYNAMIC header claims it is writable.
3631 #if !(defined(__mips__) && defined(__LP64__))
3632 if ((dynamic_flags & PF_W) != 0) {
3633 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug);
3634 }
3635 #endif
3636 break;
3637 #if defined(USE_RELA)
3638 case DT_RELA:
3639 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr);
3640 break;
3641
3642 case DT_RELASZ:
3643 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela));
3644 break;
3645
3646 case DT_ANDROID_RELA:
3647 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr);
3648 break;
3649
3650 case DT_ANDROID_RELASZ:
3651 android_relocs_size_ = d->d_un.d_val;
3652 break;
3653
3654 case DT_ANDROID_REL:
3655 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath());
3656 return false;
3657
3658 case DT_ANDROID_RELSZ:
3659 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath());
3660 return false;
3661
3662 case DT_RELAENT:
3663 if (d->d_un.d_val != sizeof(ElfW(Rela))) {
3664 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val));
3665 return false;
3666 }
3667 break;
3668
3669 // ignored (see DT_RELCOUNT comments for details)
3670 case DT_RELACOUNT:
3671 break;
3672
3673 case DT_REL:
3674 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath());
3675 return false;
3676
3677 case DT_RELSZ:
3678 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath());
3679 return false;
3680
3681 #else
3682 case DT_REL:
3683 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr);
3684 break;
3685
3686 case DT_RELSZ:
3687 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel));
3688 break;
3689
3690 case DT_RELENT:
3691 if (d->d_un.d_val != sizeof(ElfW(Rel))) {
3692 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val));
3693 return false;
3694 }
3695 break;
3696
3697 case DT_ANDROID_REL:
3698 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr);
3699 break;
3700
3701 case DT_ANDROID_RELSZ:
3702 android_relocs_size_ = d->d_un.d_val;
3703 break;
3704
3705 case DT_ANDROID_RELA:
3706 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath());
3707 return false;
3708
3709 case DT_ANDROID_RELASZ:
3710 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath());
3711 return false;
3712
3713 // "Indicates that all RELATIVE relocations have been concatenated together,
3714 // and specifies the RELATIVE relocation count."
3715 //
3716 // TODO: Spec also mentions that this can be used to optimize relocation process;
3717 // Not currently used by bionic linker - ignored.
3718 case DT_RELCOUNT:
3719 break;
3720
3721 case DT_RELA:
3722 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath());
3723 return false;
3724
3725 case DT_RELASZ:
3726 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath());
3727 return false;
3728
3729 #endif
3730 case DT_INIT:
3731 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr);
3732 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_);
3733 break;
3734
3735 case DT_FINI:
3736 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr);
3737 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_);
3738 break;
3739
3740 case DT_INIT_ARRAY:
3741 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr);
3742 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_);
3743 break;
3744
3745 case DT_INIT_ARRAYSZ:
3746 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3747 break;
3748
3749 case DT_FINI_ARRAY:
3750 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr);
3751 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_);
3752 break;
3753
3754 case DT_FINI_ARRAYSZ:
3755 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3756 break;
3757
3758 case DT_PREINIT_ARRAY:
3759 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr);
3760 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_);
3761 break;
3762
3763 case DT_PREINIT_ARRAYSZ:
3764 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr));
3765 break;
3766
3767 case DT_TEXTREL:
3768 #if defined(__LP64__)
3769 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath());
3770 return false;
3771 #else
3772 has_text_relocations = true;
3773 break;
3774 #endif
3775
3776 case DT_SYMBOLIC:
3777 has_DT_SYMBOLIC = true;
3778 break;
3779
3780 case DT_NEEDED:
3781 ++needed_count;
3782 break;
3783
3784 case DT_FLAGS:
3785 if (d->d_un.d_val & DF_TEXTREL) {
3786 #if defined(__LP64__)
3787 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath());
3788 return false;
3789 #else
3790 has_text_relocations = true;
3791 #endif
3792 }
3793 if (d->d_un.d_val & DF_SYMBOLIC) {
3794 has_DT_SYMBOLIC = true;
3795 }
3796 break;
3797
3798 case DT_FLAGS_1:
3799 set_dt_flags_1(d->d_un.d_val);
3800
3801 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) {
3802 DL_WARN("%s: unsupported flags DT_FLAGS_1=%p", get_realpath(), reinterpret_cast<void*>(d->d_un.d_val));
3803 }
3804 break;
3805 #if defined(__mips__)
3806 case DT_MIPS_RLD_MAP:
3807 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB.
3808 {
3809 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr);
3810 *dp = &_r_debug;
3811 }
3812 break;
3813 case DT_MIPS_RLD_MAP2:
3814 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB.
3815 {
3816 r_debug** dp = reinterpret_cast<r_debug**>(
3817 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val);
3818 *dp = &_r_debug;
3819 }
3820 break;
3821
3822 case DT_MIPS_RLD_VERSION:
3823 case DT_MIPS_FLAGS:
3824 case DT_MIPS_BASE_ADDRESS:
3825 case DT_MIPS_UNREFEXTNO:
3826 break;
3827
3828 case DT_MIPS_SYMTABNO:
3829 mips_symtabno_ = d->d_un.d_val;
3830 break;
3831
3832 case DT_MIPS_LOCAL_GOTNO:
3833 mips_local_gotno_ = d->d_un.d_val;
3834 break;
3835
3836 case DT_MIPS_GOTSYM:
3837 mips_gotsym_ = d->d_un.d_val;
3838 break;
3839 #endif
3840 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag"
3841 case DT_BIND_NOW:
3842 break;
3843
3844 case DT_VERSYM:
3845 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr);
3846 break;
3847
3848 case DT_VERDEF:
3849 verdef_ptr_ = load_bias + d->d_un.d_ptr;
3850 break;
3851 case DT_VERDEFNUM:
3852 verdef_cnt_ = d->d_un.d_val;
3853 break;
3854
3855 case DT_VERNEED:
3856 verneed_ptr_ = load_bias + d->d_un.d_ptr;
3857 break;
3858
3859 case DT_VERNEEDNUM:
3860 verneed_cnt_ = d->d_un.d_val;
3861 break;
3862
3863 case DT_RUNPATH:
3864 // this is parsed after we have strtab initialized (see below).
3865 break;
3866
3867 default:
3868 if (!relocating_linker) {
3869 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(),
3870 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val));
3871 }
3872 break;
3873 }
3874 }
3875
3876 #if defined(__mips__) && !defined(__LP64__)
3877 if (!mips_check_and_adjust_fp_modes()) {
3878 return false;
3879 }
3880 #endif
3881
3882 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p",
3883 reinterpret_cast<void*>(base), strtab_, symtab_);
3884
3885 // Sanity checks.
3886 if (relocating_linker && needed_count != 0) {
3887 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries");
3888 return false;
3889 }
3890 if (nbucket_ == 0 && gnu_nbucket_ == 0) {
3891 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" "
3892 "(new hash type from the future?)", get_realpath());
3893 return false;
3894 }
3895 if (strtab_ == 0) {
3896 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath());
3897 return false;
3898 }
3899 if (symtab_ == 0) {
3900 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath());
3901 return false;
3902 }
3903
3904 // second pass - parse entries relying on strtab
3905 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) {
3906 switch (d->d_tag) {
3907 case DT_SONAME:
3908 set_soname(get_string(d->d_un.d_val));
3909 break;
3910 case DT_RUNPATH:
3911 set_dt_runpath(get_string(d->d_un.d_val));
3912 break;
3913 }
3914 }
3915
3916 // Before M release linker was using basename in place of soname.
3917 // In the case when dt_soname is absent some apps stop working
3918 // because they can't find dt_needed library by soname.
3919 // This workaround should keep them working. (applies only
3920 // for apps targeting sdk version <=22). Make an exception for
3921 // the main executable and linker; they do not need to have dt_soname
3922 if (soname_ == nullptr && this != somain && (flags_ & FLAG_LINKER) == 0 &&
3923 get_application_target_sdk_version() <= 22) {
3924 soname_ = basename(realpath_.c_str());
3925 DL_WARN("%s: is missing DT_SONAME will use basename as a replacement: \"%s\"",
3926 get_realpath(), soname_);
3927 // Don't call add_dlwarning because a missing DT_SONAME isn't important enough to show in the UI
3928 }
3929 return true;
3930 }
3931
link_image(const soinfo_list_t & global_group,const soinfo_list_t & local_group,const android_dlextinfo * extinfo)3932 bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group,
3933 const android_dlextinfo* extinfo) {
3934
3935 local_group_root_ = local_group.front();
3936 if (local_group_root_ == nullptr) {
3937 local_group_root_ = this;
3938 }
3939
3940 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) {
3941 target_sdk_version_ = get_application_target_sdk_version();
3942 }
3943
3944 VersionTracker version_tracker;
3945
3946 if (!version_tracker.init(this)) {
3947 return false;
3948 }
3949
3950 #if !defined(__LP64__)
3951 if (has_text_relocations) {
3952 // Fail if app is targeting sdk version > 22
3953 if (get_application_target_sdk_version() > 22) {
3954 PRINT("%s: has text relocations", get_realpath());
3955 DL_ERR("%s: has text relocations", get_realpath());
3956 return false;
3957 }
3958 // Make segments writable to allow text relocations to work properly. We will later call
3959 // phdr_table_protect_segments() after all of them are applied.
3960 DL_WARN("%s has text relocations. This is wasting memory and prevents "
3961 "security hardening. Please fix.", get_realpath());
3962 add_dlwarning(get_realpath(), "text relocations");
3963 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) {
3964 DL_ERR("can't unprotect loadable segments for \"%s\": %s",
3965 get_realpath(), strerror(errno));
3966 return false;
3967 }
3968 }
3969 #endif
3970
3971 if (android_relocs_ != nullptr) {
3972 // check signature
3973 if (android_relocs_size_ > 3 &&
3974 android_relocs_[0] == 'A' &&
3975 android_relocs_[1] == 'P' &&
3976 android_relocs_[2] == 'S' &&
3977 android_relocs_[3] == '2') {
3978 DEBUG("[ android relocating %s ]", get_realpath());
3979
3980 bool relocated = false;
3981 const uint8_t* packed_relocs = android_relocs_ + 4;
3982 const size_t packed_relocs_size = android_relocs_size_ - 4;
3983
3984 relocated = relocate(
3985 version_tracker,
3986 packed_reloc_iterator<sleb128_decoder>(
3987 sleb128_decoder(packed_relocs, packed_relocs_size)),
3988 global_group, local_group);
3989
3990 if (!relocated) {
3991 return false;
3992 }
3993 } else {
3994 DL_ERR("bad android relocation header.");
3995 return false;
3996 }
3997 }
3998
3999 #if defined(USE_RELA)
4000 if (rela_ != nullptr) {
4001 DEBUG("[ relocating %s ]", get_realpath());
4002 if (!relocate(version_tracker,
4003 plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) {
4004 return false;
4005 }
4006 }
4007 if (plt_rela_ != nullptr) {
4008 DEBUG("[ relocating %s plt ]", get_realpath());
4009 if (!relocate(version_tracker,
4010 plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) {
4011 return false;
4012 }
4013 }
4014 #else
4015 if (rel_ != nullptr) {
4016 DEBUG("[ relocating %s ]", get_realpath());
4017 if (!relocate(version_tracker,
4018 plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) {
4019 return false;
4020 }
4021 }
4022 if (plt_rel_ != nullptr) {
4023 DEBUG("[ relocating %s plt ]", get_realpath());
4024 if (!relocate(version_tracker,
4025 plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) {
4026 return false;
4027 }
4028 }
4029 #endif
4030
4031 #if defined(__mips__)
4032 if (!mips_relocate_got(version_tracker, global_group, local_group)) {
4033 return false;
4034 }
4035 #endif
4036
4037 DEBUG("[ finished linking %s ]", get_realpath());
4038
4039 #if !defined(__LP64__)
4040 if (has_text_relocations) {
4041 // All relocations are done, we can protect our segments back to read-only.
4042 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) {
4043 DL_ERR("can't protect segments for \"%s\": %s",
4044 get_realpath(), strerror(errno));
4045 return false;
4046 }
4047 }
4048 #endif
4049
4050 // We can also turn on GNU RELRO protection if we're not linking the dynamic linker
4051 // itself --- it can't make system calls yet, and will have to call protect_relro later.
4052 if (!is_linker() && !protect_relro()) {
4053 return false;
4054 }
4055
4056 /* Handle serializing/sharing the RELRO segment */
4057 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) {
4058 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias,
4059 extinfo->relro_fd) < 0) {
4060 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s",
4061 get_realpath(), strerror(errno));
4062 return false;
4063 }
4064 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) {
4065 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias,
4066 extinfo->relro_fd) < 0) {
4067 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s",
4068 get_realpath(), strerror(errno));
4069 return false;
4070 }
4071 }
4072
4073 notify_gdb_of_load(this);
4074 return true;
4075 }
4076
protect_relro()4077 bool soinfo::protect_relro() {
4078 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) {
4079 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s",
4080 get_realpath(), strerror(errno));
4081 return false;
4082 }
4083 return true;
4084 }
4085
4086 /*
4087 * This function add vdso to internal dso list.
4088 * It helps to stack unwinding through signal handlers.
4089 * Also, it makes bionic more like glibc.
4090 */
add_vdso(KernelArgumentBlock & args __unused)4091 static void add_vdso(KernelArgumentBlock& args __unused) {
4092 #if defined(AT_SYSINFO_EHDR)
4093 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR));
4094 if (ehdr_vdso == nullptr) {
4095 return;
4096 }
4097
4098 soinfo* si = soinfo_alloc(&g_default_namespace, "[vdso]", nullptr, 0, 0);
4099
4100 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff);
4101 si->phnum = ehdr_vdso->e_phnum;
4102 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso);
4103 si->size = phdr_table_get_load_size(si->phdr, si->phnum);
4104 si->load_bias = get_elf_exec_load_bias(ehdr_vdso);
4105
4106 si->prelink_image();
4107 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr);
4108 #endif
4109 }
4110
4111 /* gdb expects the linker to be in the debug shared object list.
4112 * Without this, gdb has trouble locating the linker's ".text"
4113 * and ".plt" sections. Gdb could also potentially use this to
4114 * relocate the offset of our exported 'rtld_db_dlactivity' symbol.
4115 * Note that the linker shouldn't be on the soinfo list.
4116 */
init_linker_info_for_gdb(ElfW (Addr)linker_base)4117 static void init_linker_info_for_gdb(ElfW(Addr) linker_base) {
4118 static link_map linker_link_map_for_gdb;
4119 #if defined(__LP64__)
4120 static char kLinkerPath[] = "/system/bin/linker64";
4121 #else
4122 static char kLinkerPath[] = "/system/bin/linker";
4123 #endif
4124
4125 linker_link_map_for_gdb.l_addr = linker_base;
4126 linker_link_map_for_gdb.l_name = kLinkerPath;
4127
4128 /*
4129 * Set the dynamic field in the link map otherwise gdb will complain with
4130 * the following:
4131 * warning: .dynamic section for "/system/bin/linker" is not at the
4132 * expected address (wrong library or version mismatch?)
4133 */
4134 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base);
4135 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff);
4136 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base,
4137 &linker_link_map_for_gdb.l_ld, nullptr);
4138
4139 insert_link_map_into_debug_map(&linker_link_map_for_gdb);
4140 }
4141
init_default_namespace()4142 static void init_default_namespace() {
4143 g_default_namespace.set_name("(default)");
4144 g_default_namespace.set_isolated(false);
4145
4146 const char *interp = phdr_table_get_interpreter_name(somain->phdr, somain->phnum,
4147 somain->load_bias);
4148 const char* bname = basename(interp);
4149 if (bname && (strcmp(bname, "linker_asan") == 0 || strcmp(bname, "linker_asan64") == 0)) {
4150 g_default_ld_paths = kAsanDefaultLdPaths;
4151 g_is_asan = true;
4152 } else {
4153 g_default_ld_paths = kDefaultLdPaths;
4154 }
4155
4156 std::vector<std::string> ld_default_paths;
4157 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) {
4158 ld_default_paths.push_back(g_default_ld_paths[i]);
4159 }
4160
4161 g_default_namespace.set_default_library_paths(std::move(ld_default_paths));
4162 };
4163
4164 extern "C" int __system_properties_init(void);
4165
get_executable_path()4166 static const char* get_executable_path() {
4167 static std::string executable_path;
4168 if (executable_path.empty()) {
4169 char path[PATH_MAX];
4170 ssize_t path_len = readlink("/proc/self/exe", path, sizeof(path));
4171 if (path_len == -1 || path_len >= static_cast<ssize_t>(sizeof(path))) {
4172 __libc_fatal("readlink('/proc/self/exe') failed: %s", strerror(errno));
4173 }
4174 executable_path = std::string(path, path_len);
4175 }
4176
4177 return executable_path.c_str();
4178 }
4179
4180 /*
4181 * This code is called after the linker has linked itself and
4182 * fixed it's own GOT. It is safe to make references to externs
4183 * and other non-local data at this point.
4184 */
__linker_init_post_relocation(KernelArgumentBlock & args,ElfW (Addr)linker_base)4185 static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) {
4186 #if TIMING
4187 struct timeval t0, t1;
4188 gettimeofday(&t0, 0);
4189 #endif
4190
4191 // Sanitize the environment.
4192 __libc_init_AT_SECURE(args);
4193
4194 // Initialize system properties
4195 __system_properties_init(); // may use 'environ'
4196
4197 debuggerd_init();
4198
4199 // Get a few environment variables.
4200 const char* LD_DEBUG = getenv("LD_DEBUG");
4201 if (LD_DEBUG != nullptr) {
4202 g_ld_debug_verbosity = atoi(LD_DEBUG);
4203 }
4204
4205 #if defined(__LP64__)
4206 INFO("[ Android dynamic linker (64-bit) ]");
4207 #else
4208 INFO("[ Android dynamic linker (32-bit) ]");
4209 #endif
4210
4211 // These should have been sanitized by __libc_init_AT_SECURE, but the test
4212 // doesn't cost us anything.
4213 const char* ldpath_env = nullptr;
4214 const char* ldpreload_env = nullptr;
4215 if (!getauxval(AT_SECURE)) {
4216 ldpath_env = getenv("LD_LIBRARY_PATH");
4217 if (ldpath_env != nullptr) {
4218 INFO("[ LD_LIBRARY_PATH set to \"%s\" ]", ldpath_env);
4219 }
4220 ldpreload_env = getenv("LD_PRELOAD");
4221 if (ldpreload_env != nullptr) {
4222 INFO("[ LD_PRELOAD set to \"%s\" ]", ldpreload_env);
4223 }
4224 }
4225
4226 struct stat file_stat;
4227 // Stat "/proc/self/exe" instead of executable_path because
4228 // the executable could be unlinked by this point and it should
4229 // not cause a crash (see http://b/31084669)
4230 if (TEMP_FAILURE_RETRY(stat("/proc/self/exe", &file_stat)) != 0) {
4231 __libc_fatal("unable to stat \"/proc/self/exe\": %s", strerror(errno));
4232 }
4233
4234 const char* executable_path = get_executable_path();
4235 soinfo* si = soinfo_alloc(&g_default_namespace, executable_path, &file_stat, 0, RTLD_GLOBAL);
4236 if (si == nullptr) {
4237 __libc_fatal("Couldn't allocate soinfo: out of memory?");
4238 }
4239
4240 /* bootstrap the link map, the main exe always needs to be first */
4241 si->set_main_executable();
4242 link_map* map = &(si->link_map_head);
4243
4244 // Register the main executable and the linker upfront to have
4245 // gdb aware of them before loading the rest of the dependency
4246 // tree.
4247 map->l_addr = 0;
4248 map->l_name = const_cast<char*>(executable_path);
4249 insert_link_map_into_debug_map(map);
4250 init_linker_info_for_gdb(linker_base);
4251
4252 // Extract information passed from the kernel.
4253 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR));
4254 si->phnum = args.getauxval(AT_PHNUM);
4255 si->entry = args.getauxval(AT_ENTRY);
4256
4257 /* Compute the value of si->base. We can't rely on the fact that
4258 * the first entry is the PHDR because this will not be true
4259 * for certain executables (e.g. some in the NDK unit test suite)
4260 */
4261 si->base = 0;
4262 si->size = phdr_table_get_load_size(si->phdr, si->phnum);
4263 si->load_bias = 0;
4264 for (size_t i = 0; i < si->phnum; ++i) {
4265 if (si->phdr[i].p_type == PT_PHDR) {
4266 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr;
4267 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset;
4268 break;
4269 }
4270 }
4271 si->dynamic = nullptr;
4272
4273 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base);
4274 if (elf_hdr->e_type != ET_DYN) {
4275 __libc_fatal("\"%s\": error: only position independent executables (PIE) are supported.",
4276 args.argv[0]);
4277 }
4278
4279 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid).
4280 parse_LD_LIBRARY_PATH(ldpath_env);
4281 parse_LD_PRELOAD(ldpreload_env);
4282
4283 somain = si;
4284
4285 init_default_namespace();
4286
4287 if (!si->prelink_image()) {
4288 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer());
4289 }
4290
4291 // add somain to global group
4292 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL);
4293
4294 // Load ld_preloads and dependencies.
4295 StringLinkedList needed_library_name_list;
4296 size_t needed_libraries_count = 0;
4297 size_t ld_preloads_count = 0;
4298
4299 for (const auto& ld_preload_name : g_ld_preload_names) {
4300 needed_library_name_list.push_back(ld_preload_name.c_str());
4301 ++needed_libraries_count;
4302 ++ld_preloads_count;
4303 }
4304
4305 for_each_dt_needed(si, [&](const char* name) {
4306 needed_library_name_list.push_back(name);
4307 ++needed_libraries_count;
4308 });
4309
4310 const char* needed_library_names[needed_libraries_count];
4311
4312 memset(needed_library_names, 0, sizeof(needed_library_names));
4313 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count);
4314
4315 if (needed_libraries_count > 0 &&
4316 !find_libraries(&g_default_namespace, si, needed_library_names, needed_libraries_count,
4317 nullptr, &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr,
4318 /* add_as_children */ true)) {
4319 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer());
4320 } else if (needed_libraries_count == 0) {
4321 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) {
4322 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer());
4323 }
4324 si->increment_ref_count();
4325 }
4326
4327 add_vdso(args);
4328
4329 {
4330 ProtectedDataGuard guard;
4331
4332 si->call_pre_init_constructors();
4333
4334 /* After the prelink_image, the si->load_bias is initialized.
4335 * For so lib, the map->l_addr will be updated in notify_gdb_of_load.
4336 * We need to update this value for so exe here. So Unwind_Backtrace
4337 * for some arch like x86 could work correctly within so exe.
4338 */
4339 map->l_addr = si->load_bias;
4340 si->call_constructors();
4341 }
4342
4343 #if TIMING
4344 gettimeofday(&t1, nullptr);
4345 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) (
4346 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) -
4347 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec)));
4348 #endif
4349 #if STATS
4350 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0],
4351 linker_stats.count[kRelocAbsolute],
4352 linker_stats.count[kRelocRelative],
4353 linker_stats.count[kRelocCopy],
4354 linker_stats.count[kRelocSymbol]);
4355 #endif
4356 #if COUNT_PAGES
4357 {
4358 unsigned n;
4359 unsigned i;
4360 unsigned count = 0;
4361 for (n = 0; n < 4096; n++) {
4362 if (bitmask[n]) {
4363 unsigned x = bitmask[n];
4364 #if defined(__LP64__)
4365 for (i = 0; i < 32; i++) {
4366 #else
4367 for (i = 0; i < 8; i++) {
4368 #endif
4369 if (x & 1) {
4370 count++;
4371 }
4372 x >>= 1;
4373 }
4374 }
4375 }
4376 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4);
4377 }
4378 #endif
4379
4380 #if TIMING || STATS || COUNT_PAGES
4381 fflush(stdout);
4382 #endif
4383
4384 TRACE("[ Ready to execute \"%s\" @ %p ]", si->get_realpath(), reinterpret_cast<void*>(si->entry));
4385 return si->entry;
4386 }
4387
4388 /* Compute the load-bias of an existing executable. This shall only
4389 * be used to compute the load bias of an executable or shared library
4390 * that was loaded by the kernel itself.
4391 *
4392 * Input:
4393 * elf -> address of ELF header, assumed to be at the start of the file.
4394 * Return:
4395 * load bias, i.e. add the value of any p_vaddr in the file to get
4396 * the corresponding address in memory.
4397 */
4398 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) {
4399 ElfW(Addr) offset = elf->e_phoff;
4400 const ElfW(Phdr)* phdr_table =
4401 reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset);
4402 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum;
4403
4404 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) {
4405 if (phdr->p_type == PT_LOAD) {
4406 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr;
4407 }
4408 }
4409 return 0;
4410 }
4411
4412 static void __linker_cannot_link(KernelArgumentBlock& args) {
4413 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer());
4414 }
4415
4416 /*
4417 * This is the entry point for the linker, called from begin.S. This
4418 * method is responsible for fixing the linker's own relocations, and
4419 * then calling __linker_init_post_relocation().
4420 *
4421 * Because this method is called before the linker has fixed it's own
4422 * relocations, any attempt to reference an extern variable, extern
4423 * function, or other GOT reference will generate a segfault.
4424 */
4425 extern "C" ElfW(Addr) __linker_init(void* raw_args) {
4426 KernelArgumentBlock args(raw_args);
4427
4428 ElfW(Addr) linker_addr = args.getauxval(AT_BASE);
4429 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY);
4430 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr);
4431 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff);
4432
4433 soinfo linker_so(nullptr, nullptr, nullptr, 0, 0);
4434
4435 // If the linker is not acting as PT_INTERP entry_point is equal to
4436 // _start. Which means that the linker is running as an executable and
4437 // already linked by PT_INTERP.
4438 //
4439 // This happens when user tries to run 'adb shell /system/bin/linker'
4440 // see also https://code.google.com/p/android/issues/detail?id=63174
4441 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) {
4442 __libc_format_fd(STDOUT_FILENO,
4443 "This is %s, the helper program for shared library executables.\n",
4444 args.argv[0]);
4445 exit(0);
4446 }
4447
4448 linker_so.base = linker_addr;
4449 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum);
4450 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr);
4451 linker_so.dynamic = nullptr;
4452 linker_so.phdr = phdr;
4453 linker_so.phnum = elf_hdr->e_phnum;
4454 linker_so.set_linker_flag();
4455
4456 // Prelink the linker so we can access linker globals.
4457 if (!linker_so.prelink_image()) __linker_cannot_link(args);
4458
4459 // This might not be obvious... The reasons why we pass g_empty_list
4460 // in place of local_group here are (1) we do not really need it, because
4461 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against
4462 // itself without having to look into local_group and (2) allocators
4463 // are not yet initialized, and therefore we cannot use linked_list.push_*
4464 // functions at this point.
4465 if (!linker_so.link_image(g_empty_list, g_empty_list, nullptr)) __linker_cannot_link(args);
4466
4467 #if defined(__i386__)
4468 // On x86, we can't make system calls before this point.
4469 // We can't move this up because this needs to assign to a global.
4470 // Note that until we call __libc_init_main_thread below we have
4471 // no TLS, so you shouldn't make a system call that can fail, because
4472 // it will SEGV when it tries to set errno.
4473 __libc_init_sysinfo(args);
4474 #endif
4475
4476 // Initialize the main thread (including TLS, so system calls really work).
4477 __libc_init_main_thread(args);
4478
4479 // We didn't protect the linker's RELRO pages in link_image because we
4480 // couldn't make system calls on x86 at that point, but we can now...
4481 if (!linker_so.protect_relro()) __linker_cannot_link(args);
4482
4483 // Initialize the linker's static libc's globals
4484 __libc_init_globals(args);
4485
4486 // Initialize the linker's own global variables
4487 linker_so.call_constructors();
4488
4489 // Initialize static variables. Note that in order to
4490 // get correct libdl_info we need to call constructors
4491 // before get_libdl_info().
4492 solist = get_libdl_info();
4493 sonext = get_libdl_info();
4494 g_default_namespace.add_soinfo(get_libdl_info());
4495
4496 // We have successfully fixed our own relocations. It's safe to run
4497 // the main part of the linker now.
4498 args.abort_message_ptr = &g_abort_message;
4499 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr);
4500
4501 INFO("[ Jumping to _start (%p)... ]", reinterpret_cast<void*>(start_address));
4502
4503 // Return the address that the calling assembly stub should jump to.
4504 return start_address;
4505 }
4506