1 /* Report modules by examining dynamic linker data structures. 2 Copyright (C) 2008-2016 Red Hat, Inc. 3 This file is part of elfutils. 4 5 This file is free software; you can redistribute it and/or modify 6 it under the terms of either 7 8 * the GNU Lesser General Public License as published by the Free 9 Software Foundation; either version 3 of the License, or (at 10 your option) any later version 11 12 or 13 14 * the GNU General Public License as published by the Free 15 Software Foundation; either version 2 of the License, or (at 16 your option) any later version 17 18 or both in parallel, as here. 19 20 elfutils is distributed in the hope that it will be useful, but 21 WITHOUT ANY WARRANTY; without even the implied warranty of 22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 General Public License for more details. 24 25 You should have received copies of the GNU General Public License and 26 the GNU Lesser General Public License along with this program. If 27 not, see <http://www.gnu.org/licenses/>. */ 28 29 #include <config.h> 30 #include "libdwflP.h" 31 #include "../libdw/memory-access.h" 32 #include "system.h" 33 34 #include <byteswap.h> 35 #include <endian.h> 36 #include <fcntl.h> 37 38 /* This element is always provided and always has a constant value. 39 This makes it an easy thing to scan for to discern the format. */ 40 #define PROBE_TYPE AT_PHENT 41 #define PROBE_VAL32 sizeof (Elf32_Phdr) 42 #define PROBE_VAL64 sizeof (Elf64_Phdr) 43 44 45 static inline bool 46 do_check64 (const char *a64, uint_fast8_t *elfdata) 47 { 48 /* The AUXV pointer might not even be naturally aligned for 64-bit 49 data, because note payloads in a core file are not aligned. */ 50 const char *typep = a64 + offsetof (Elf64_auxv_t, a_type); 51 uint64_t type = read_8ubyte_unaligned_noncvt (typep); 52 const char *valp = a64 + offsetof (Elf64_auxv_t, a_un.a_val); 53 uint64_t val = read_8ubyte_unaligned_noncvt (valp); 54 55 if (type == BE64 (PROBE_TYPE) 56 && val == BE64 (PROBE_VAL64)) 57 { 58 *elfdata = ELFDATA2MSB; 59 return true; 60 } 61 62 if (type == LE64 (PROBE_TYPE) 63 && val == LE64 (PROBE_VAL64)) 64 { 65 *elfdata = ELFDATA2LSB; 66 return true; 67 } 68 69 return false; 70 } 71 72 static inline bool 73 do_check32 (const char *a32, uint_fast8_t *elfdata) 74 { 75 /* The AUXV pointer might not even be naturally aligned for 32-bit 76 data, because note payloads in a core file are not aligned. */ 77 const char *typep = a32 + offsetof (Elf32_auxv_t, a_type); 78 uint32_t type = read_4ubyte_unaligned_noncvt (typep); 79 const char *valp = a32 + offsetof (Elf32_auxv_t, a_un.a_val); 80 uint32_t val = read_4ubyte_unaligned_noncvt (valp); 81 82 if (type == BE32 (PROBE_TYPE) 83 && val == BE32 (PROBE_VAL32)) 84 { 85 *elfdata = ELFDATA2MSB; 86 return true; 87 } 88 89 if (type == LE32 (PROBE_TYPE) 90 && val == LE32 (PROBE_VAL32)) 91 { 92 *elfdata = ELFDATA2LSB; 93 return true; 94 } 95 96 return false; 97 } 98 99 /* Examine an auxv data block and determine its format. 100 Return true iff we figured it out. */ 101 static bool 102 auxv_format_probe (const void *auxv, size_t size, 103 uint_fast8_t *elfclass, uint_fast8_t *elfdata) 104 { 105 for (size_t i = 0; i < size / sizeof (Elf64_auxv_t); ++i) 106 { 107 if (do_check64 (auxv + i * sizeof (Elf64_auxv_t), elfdata)) 108 { 109 *elfclass = ELFCLASS64; 110 return true; 111 } 112 113 if (do_check32 (auxv + (i * 2) * sizeof (Elf32_auxv_t), elfdata) 114 || do_check32 (auxv + (i * 2 + 1) * sizeof (Elf32_auxv_t), elfdata)) 115 { 116 *elfclass = ELFCLASS32; 117 return true; 118 } 119 } 120 121 return false; 122 } 123 124 /* This is a Dwfl_Memory_Callback that wraps another memory callback. 126 If the underlying callback cannot fill the data, then this will 127 fall back to fetching data from module files. */ 128 129 struct integrated_memory_callback 130 { 131 Dwfl_Memory_Callback *memory_callback; 132 void *memory_callback_arg; 133 void *buffer; 134 }; 135 136 static bool 137 integrated_memory_callback (Dwfl *dwfl, int ndx, 138 void **buffer, size_t *buffer_available, 139 GElf_Addr vaddr, 140 size_t minread, 141 void *arg) 142 { 143 struct integrated_memory_callback *info = arg; 144 145 if (ndx == -1) 146 { 147 /* Called for cleanup. */ 148 if (info->buffer != NULL) 149 { 150 /* The last probe buffer came from the underlying callback. 151 Let it do its cleanup. */ 152 assert (*buffer == info->buffer); /* XXX */ 153 *buffer = info->buffer; 154 info->buffer = NULL; 155 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available, 156 vaddr, minread, 157 info->memory_callback_arg); 158 } 159 *buffer = NULL; 160 *buffer_available = 0; 161 return false; 162 } 163 164 if (*buffer != NULL) 165 /* For a final-read request, we only use the underlying callback. */ 166 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available, 167 vaddr, minread, info->memory_callback_arg); 168 169 /* Let the underlying callback try to fill this request. */ 170 if ((*info->memory_callback) (dwfl, ndx, &info->buffer, buffer_available, 171 vaddr, minread, info->memory_callback_arg)) 172 { 173 *buffer = info->buffer; 174 return true; 175 } 176 177 /* Now look for module text covering this address. */ 178 179 Dwfl_Module *mod; 180 (void) INTUSE(dwfl_addrsegment) (dwfl, vaddr, &mod); 181 if (mod == NULL) 182 return false; 183 184 Dwarf_Addr bias; 185 Elf_Scn *scn = INTUSE(dwfl_module_address_section) (mod, &vaddr, &bias); 186 if (unlikely (scn == NULL)) 187 { 188 #if 0 // XXX would have to handle ndx=-1 cleanup calls passed down. 189 /* If we have no sections we can try to fill it from the module file 190 based on its phdr mappings. */ 191 if (likely (mod->e_type != ET_REL) && mod->main.elf != NULL) 192 return INTUSE(dwfl_elf_phdr_memory_callback) 193 (dwfl, 0, buffer, buffer_available, 194 vaddr - mod->main.bias, minread, mod->main.elf); 195 #endif 196 return false; 197 } 198 199 Elf_Data *data = elf_rawdata (scn, NULL); 200 if (unlikely (data == NULL)) 201 // XXX throw error? 202 return false; 203 204 if (unlikely (data->d_size < vaddr)) 205 return false; 206 207 /* Provide as much data as we have. */ 208 void *contents = data->d_buf + vaddr; 209 size_t avail = data->d_size - vaddr; 210 if (unlikely (avail < minread)) 211 return false; 212 213 /* If probing for a string, make sure it's terminated. */ 214 if (minread == 0 && unlikely (memchr (contents, '\0', avail) == NULL)) 215 return false; 216 217 /* We have it! */ 218 *buffer = contents; 219 *buffer_available = avail; 220 return true; 221 } 222 223 static size_t 225 addrsize (uint_fast8_t elfclass) 226 { 227 return elfclass * 4; 228 } 229 230 /* Report a module for each struct link_map in the linked list at r_map 231 in the struct r_debug at R_DEBUG_VADDR. For r_debug_info description 232 see dwfl_link_map_report in libdwflP.h. If R_DEBUG_INFO is not NULL then no 233 modules get added to DWFL, caller has to add them from filled in 234 R_DEBUG_INFO. 235 236 For each link_map entry, if an existing module resides at its address, 237 this just modifies that module's name and suggested file name. If 238 no such module exists, this calls dwfl_report_elf on the l_name string. 239 240 Returns the number of modules found, or -1 for errors. */ 241 242 static int 243 report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata, 244 Dwfl *dwfl, GElf_Addr r_debug_vaddr, 245 Dwfl_Memory_Callback *memory_callback, 246 void *memory_callback_arg, 247 struct r_debug_info *r_debug_info) 248 { 249 /* Skip r_version, to aligned r_map field. */ 250 GElf_Addr read_vaddr = r_debug_vaddr + addrsize (elfclass); 251 252 void *buffer = NULL; 253 size_t buffer_available = 0; 254 inline int release_buffer (int result) 255 { 256 if (buffer != NULL) 257 (void) (*memory_callback) (dwfl, -1, &buffer, &buffer_available, 0, 0, 258 memory_callback_arg); 259 return result; 260 } 261 262 GElf_Addr addrs[4]; 263 inline bool read_addrs (GElf_Addr vaddr, size_t n) 264 { 265 size_t nb = n * addrsize (elfclass); /* Address words -> bytes to read. */ 266 267 /* Read a new buffer if the old one doesn't cover these words. */ 268 if (buffer == NULL 269 || vaddr < read_vaddr 270 || vaddr - read_vaddr + nb > buffer_available) 271 { 272 release_buffer (0); 273 274 read_vaddr = vaddr; 275 int segndx = INTUSE(dwfl_addrsegment) (dwfl, vaddr, NULL); 276 if (unlikely (segndx < 0) 277 || unlikely (! (*memory_callback) (dwfl, segndx, 278 &buffer, &buffer_available, 279 vaddr, nb, memory_callback_arg))) 280 return true; 281 } 282 283 Elf32_Addr (*a32)[n] = vaddr - read_vaddr + buffer; 284 Elf64_Addr (*a64)[n] = (void *) a32; 285 286 if (elfclass == ELFCLASS32) 287 { 288 if (elfdata == ELFDATA2MSB) 289 for (size_t i = 0; i < n; ++i) 290 addrs[i] = BE32 (read_4ubyte_unaligned_noncvt (&(*a32)[i])); 291 else 292 for (size_t i = 0; i < n; ++i) 293 addrs[i] = LE32 (read_4ubyte_unaligned_noncvt (&(*a32)[i])); 294 } 295 else 296 { 297 if (elfdata == ELFDATA2MSB) 298 for (size_t i = 0; i < n; ++i) 299 addrs[i] = BE64 (read_8ubyte_unaligned_noncvt (&(*a64)[i])); 300 else 301 for (size_t i = 0; i < n; ++i) 302 addrs[i] = LE64 (read_8ubyte_unaligned_noncvt (&(*a64)[i])); 303 } 304 305 return false; 306 } 307 308 if (unlikely (read_addrs (read_vaddr, 1))) 309 return release_buffer (-1); 310 311 GElf_Addr next = addrs[0]; 312 313 Dwfl_Module **lastmodp = &dwfl->modulelist; 314 int result = 0; 315 316 /* There can't be more elements in the link_map list than there are 317 segments. DWFL->lookup_elts is probably twice that number, so it 318 is certainly above the upper bound. If we iterate too many times, 319 there must be a loop in the pointers due to link_map clobberation. */ 320 size_t iterations = 0; 321 while (next != 0 && ++iterations < dwfl->lookup_elts) 322 { 323 if (read_addrs (next, 4)) 324 return release_buffer (-1); 325 326 /* Unused: l_addr is the difference between the address in memory 327 and the ELF file when the core was created. We need to 328 recalculate the difference below because the ELF file we use 329 might be differently pre-linked. */ 330 // GElf_Addr l_addr = addrs[0]; 331 GElf_Addr l_name = addrs[1]; 332 GElf_Addr l_ld = addrs[2]; 333 next = addrs[3]; 334 335 /* If a clobbered or truncated memory image has no useful pointer, 336 just skip this element. */ 337 if (l_ld == 0) 338 continue; 339 340 /* Fetch the string at the l_name address. */ 341 const char *name = NULL; 342 if (buffer != NULL 343 && read_vaddr <= l_name 344 && l_name + 1 - read_vaddr < buffer_available 345 && memchr (l_name - read_vaddr + buffer, '\0', 346 buffer_available - (l_name - read_vaddr)) != NULL) 347 name = l_name - read_vaddr + buffer; 348 else 349 { 350 release_buffer (0); 351 read_vaddr = l_name; 352 int segndx = INTUSE(dwfl_addrsegment) (dwfl, l_name, NULL); 353 if (likely (segndx >= 0) 354 && (*memory_callback) (dwfl, segndx, 355 &buffer, &buffer_available, 356 l_name, 0, memory_callback_arg)) 357 name = buffer; 358 } 359 360 if (name != NULL && name[0] == '\0') 361 name = NULL; 362 363 if (iterations == 1 364 && dwfl->user_core != NULL 365 && dwfl->user_core->executable_for_core != NULL) 366 name = dwfl->user_core->executable_for_core; 367 368 struct r_debug_info_module *r_debug_info_module = NULL; 369 if (r_debug_info != NULL) 370 { 371 /* Save link map information about valid shared library (or 372 executable) which has not been found on disk. */ 373 const char *name1 = name == NULL ? "" : name; 374 r_debug_info_module = malloc (sizeof (*r_debug_info_module) 375 + strlen (name1) + 1); 376 if (unlikely (r_debug_info_module == NULL)) 377 return release_buffer (result); 378 r_debug_info_module->fd = -1; 379 r_debug_info_module->elf = NULL; 380 r_debug_info_module->l_ld = l_ld; 381 r_debug_info_module->start = 0; 382 r_debug_info_module->end = 0; 383 r_debug_info_module->disk_file_has_build_id = false; 384 strcpy (r_debug_info_module->name, name1); 385 r_debug_info_module->next = r_debug_info->module; 386 r_debug_info->module = r_debug_info_module; 387 } 388 389 Dwfl_Module *mod = NULL; 390 if (name != NULL) 391 { 392 /* This code is mostly inlined dwfl_report_elf. */ 393 // XXX hook for sysroot 394 int fd = open (name, O_RDONLY); 395 if (fd >= 0) 396 { 397 Elf *elf; 398 Dwfl_Error error = __libdw_open_file (&fd, &elf, true, false); 399 GElf_Addr elf_dynamic_vaddr; 400 if (error == DWFL_E_NOERROR 401 && __libdwfl_dynamic_vaddr_get (elf, &elf_dynamic_vaddr)) 402 { 403 const void *build_id_bits; 404 GElf_Addr build_id_elfaddr; 405 int build_id_len; 406 bool valid = true; 407 408 if (__libdwfl_find_elf_build_id (NULL, elf, &build_id_bits, 409 &build_id_elfaddr, 410 &build_id_len) > 0 411 && build_id_elfaddr != 0) 412 { 413 if (r_debug_info_module != NULL) 414 r_debug_info_module->disk_file_has_build_id = true; 415 GElf_Addr build_id_vaddr = (build_id_elfaddr 416 - elf_dynamic_vaddr + l_ld); 417 418 release_buffer (0); 419 int segndx = INTUSE(dwfl_addrsegment) (dwfl, 420 build_id_vaddr, 421 NULL); 422 if (! (*memory_callback) (dwfl, segndx, 423 &buffer, &buffer_available, 424 build_id_vaddr, build_id_len, 425 memory_callback_arg)) 426 { 427 /* File has valid build-id which cannot be read from 428 memory. This happens for core files without bit 4 429 (0x10) set in Linux /proc/PID/coredump_filter. */ 430 } 431 else 432 { 433 if (memcmp (build_id_bits, buffer, build_id_len) != 0) 434 /* File has valid build-id which does not match 435 the one in memory. */ 436 valid = false; 437 release_buffer (0); 438 } 439 } 440 441 if (valid) 442 { 443 // It is like l_addr but it handles differently prelinked 444 // files at core dumping vs. core loading time. 445 GElf_Addr base = l_ld - elf_dynamic_vaddr; 446 if (r_debug_info_module == NULL) 447 { 448 // XXX hook for sysroot 449 mod = __libdwfl_report_elf (dwfl, basename (name), 450 name, fd, elf, base, 451 true, true); 452 if (mod != NULL) 453 { 454 elf = NULL; 455 fd = -1; 456 } 457 } 458 else if (__libdwfl_elf_address_range (elf, base, true, 459 true, NULL, NULL, 460 &r_debug_info_module->start, 461 &r_debug_info_module->end, 462 NULL, NULL)) 463 { 464 r_debug_info_module->elf = elf; 465 r_debug_info_module->fd = fd; 466 elf = NULL; 467 fd = -1; 468 } 469 } 470 if (elf != NULL) 471 elf_end (elf); 472 if (fd != -1) 473 close (fd); 474 } 475 } 476 } 477 478 if (mod != NULL) 479 { 480 ++result; 481 482 /* Move this module to the end of the list, so that we end 483 up with a list in the same order as the link_map chain. */ 484 if (mod->next != NULL) 485 { 486 if (*lastmodp != mod) 487 { 488 lastmodp = &dwfl->modulelist; 489 while (*lastmodp != mod) 490 lastmodp = &(*lastmodp)->next; 491 } 492 *lastmodp = mod->next; 493 mod->next = NULL; 494 while (*lastmodp != NULL) 495 lastmodp = &(*lastmodp)->next; 496 *lastmodp = mod; 497 } 498 499 lastmodp = &mod->next; 500 } 501 } 502 503 return release_buffer (result); 504 } 505 506 static GElf_Addr 508 consider_executable (Dwfl_Module *mod, GElf_Addr at_phdr, GElf_Addr at_entry, 509 uint_fast8_t *elfclass, uint_fast8_t *elfdata, 510 Dwfl_Memory_Callback *memory_callback, 511 void *memory_callback_arg) 512 { 513 GElf_Ehdr ehdr; 514 if (unlikely (gelf_getehdr (mod->main.elf, &ehdr) == NULL)) 515 return 0; 516 517 if (at_entry != 0) 518 { 519 /* If we have an AT_ENTRY value, reject this executable if 520 its entry point address could not have supplied that. */ 521 522 if (ehdr.e_entry == 0) 523 return 0; 524 525 if (mod->e_type == ET_EXEC) 526 { 527 if (ehdr.e_entry != at_entry) 528 return 0; 529 } 530 else 531 { 532 /* It could be a PIE. */ 533 } 534 } 535 536 // XXX this could be saved in the file cache: phdr vaddr, DT_DEBUG d_val vaddr 537 /* Find the vaddr of the DT_DEBUG's d_ptr. This is the memory 538 address where &r_debug was written at runtime. */ 539 GElf_Xword align = mod->dwfl->segment_align; 540 GElf_Addr d_val_vaddr = 0; 541 size_t phnum; 542 if (elf_getphdrnum (mod->main.elf, &phnum) != 0) 543 return 0; 544 545 for (size_t i = 0; i < phnum; ++i) 546 { 547 GElf_Phdr phdr_mem; 548 GElf_Phdr *phdr = gelf_getphdr (mod->main.elf, i, &phdr_mem); 549 if (phdr == NULL) 550 break; 551 552 if (phdr->p_align > 1 && (align == 0 || phdr->p_align < align)) 553 align = phdr->p_align; 554 555 if (at_phdr != 0 556 && phdr->p_type == PT_LOAD 557 && (phdr->p_offset & -align) == (ehdr.e_phoff & -align)) 558 { 559 /* This is the segment that would map the phdrs. 560 If we have an AT_PHDR value, reject this executable 561 if its phdr mapping could not have supplied that. */ 562 if (mod->e_type == ET_EXEC) 563 { 564 if (ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr != at_phdr) 565 return 0; 566 } 567 else 568 { 569 /* It could be a PIE. If the AT_PHDR value and our 570 phdr address don't match modulo ALIGN, then this 571 could not have been the right PIE. */ 572 if (((ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr) & -align) 573 != (at_phdr & -align)) 574 return 0; 575 576 /* Calculate the bias applied to the PIE's p_vaddr values. */ 577 GElf_Addr bias = (at_phdr - (ehdr.e_phoff - phdr->p_offset 578 + phdr->p_vaddr)); 579 580 /* Final sanity check: if we have an AT_ENTRY value, 581 reject this PIE unless its biased e_entry matches. */ 582 if (at_entry != 0 && at_entry != ehdr.e_entry + bias) 583 return 0; 584 585 /* If we're changing the module's address range, 586 we've just invalidated the module lookup table. */ 587 GElf_Addr mod_bias = dwfl_adjusted_address (mod, 0); 588 if (bias != mod_bias) 589 { 590 mod->low_addr -= mod_bias; 591 mod->high_addr -= mod_bias; 592 mod->low_addr += bias; 593 mod->high_addr += bias; 594 595 free (mod->dwfl->lookup_module); 596 mod->dwfl->lookup_module = NULL; 597 } 598 } 599 } 600 601 if (phdr->p_type == PT_DYNAMIC) 602 { 603 Elf_Data *data = elf_getdata_rawchunk (mod->main.elf, phdr->p_offset, 604 phdr->p_filesz, ELF_T_DYN); 605 if (data == NULL) 606 continue; 607 const size_t entsize = gelf_fsize (mod->main.elf, 608 ELF_T_DYN, 1, EV_CURRENT); 609 const size_t n = data->d_size / entsize; 610 for (size_t j = 0; j < n; ++j) 611 { 612 GElf_Dyn dyn_mem; 613 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem); 614 if (dyn != NULL && dyn->d_tag == DT_DEBUG) 615 { 616 d_val_vaddr = phdr->p_vaddr + entsize * j + entsize / 2; 617 break; 618 } 619 } 620 } 621 } 622 623 if (d_val_vaddr != 0) 624 { 625 /* Now we have the final address from which to read &r_debug. */ 626 d_val_vaddr = dwfl_adjusted_address (mod, d_val_vaddr); 627 628 void *buffer = NULL; 629 size_t buffer_available = addrsize (ehdr.e_ident[EI_CLASS]); 630 631 int segndx = INTUSE(dwfl_addrsegment) (mod->dwfl, d_val_vaddr, NULL); 632 633 if ((*memory_callback) (mod->dwfl, segndx, 634 &buffer, &buffer_available, 635 d_val_vaddr, buffer_available, 636 memory_callback_arg)) 637 { 638 const union 639 { 640 Elf32_Addr a32; 641 Elf64_Addr a64; 642 } *u = buffer; 643 644 GElf_Addr vaddr; 645 if (ehdr.e_ident[EI_CLASS] == ELFCLASS32) 646 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB 647 ? BE32 (u->a32) : LE32 (u->a32)); 648 else 649 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB 650 ? BE64 (u->a64) : LE64 (u->a64)); 651 652 (*memory_callback) (mod->dwfl, -1, &buffer, &buffer_available, 0, 0, 653 memory_callback_arg); 654 655 if (*elfclass == ELFCLASSNONE) 656 *elfclass = ehdr.e_ident[EI_CLASS]; 657 else if (*elfclass != ehdr.e_ident[EI_CLASS]) 658 return 0; 659 660 if (*elfdata == ELFDATANONE) 661 *elfdata = ehdr.e_ident[EI_DATA]; 662 else if (*elfdata != ehdr.e_ident[EI_DATA]) 663 return 0; 664 665 return vaddr; 666 } 667 } 668 669 return 0; 670 } 671 672 /* Try to find an existing executable module with a DT_DEBUG. */ 673 static GElf_Addr 674 find_executable (Dwfl *dwfl, GElf_Addr at_phdr, GElf_Addr at_entry, 675 uint_fast8_t *elfclass, uint_fast8_t *elfdata, 676 Dwfl_Memory_Callback *memory_callback, 677 void *memory_callback_arg) 678 { 679 for (Dwfl_Module *mod = dwfl->modulelist; mod != NULL; mod = mod->next) 680 if (mod->main.elf != NULL) 681 { 682 GElf_Addr r_debug_vaddr = consider_executable (mod, at_phdr, at_entry, 683 elfclass, elfdata, 684 memory_callback, 685 memory_callback_arg); 686 if (r_debug_vaddr != 0) 687 return r_debug_vaddr; 688 } 689 690 return 0; 691 } 692 693 695 int 696 dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size, 697 Dwfl_Memory_Callback *memory_callback, 698 void *memory_callback_arg, 699 struct r_debug_info *r_debug_info) 700 { 701 GElf_Addr r_debug_vaddr = 0; 702 703 uint_fast8_t elfclass = ELFCLASSNONE; 704 uint_fast8_t elfdata = ELFDATANONE; 705 if (likely (auxv != NULL) 706 && likely (auxv_format_probe (auxv, auxv_size, &elfclass, &elfdata))) 707 { 708 GElf_Addr entry = 0; 709 GElf_Addr phdr = 0; 710 GElf_Xword phent = 0; 711 GElf_Xword phnum = 0; 712 713 #define READ_AUXV32(ptr) read_4ubyte_unaligned_noncvt (ptr) 714 #define READ_AUXV64(ptr) read_8ubyte_unaligned_noncvt (ptr) 715 #define AUXV_SCAN(NN, BL) do \ 716 { \ 717 const Elf##NN##_auxv_t *av = auxv; \ 718 for (size_t i = 0; i < auxv_size / sizeof av[0]; ++i) \ 719 { \ 720 const char *typep = auxv + i * sizeof (Elf##NN##_auxv_t); \ 721 typep += offsetof (Elf##NN##_auxv_t, a_type); \ 722 uint##NN##_t type = READ_AUXV##NN (typep); \ 723 const char *valp = auxv + i * sizeof (Elf##NN##_auxv_t); \ 724 valp += offsetof (Elf##NN##_auxv_t, a_un.a_val); \ 725 uint##NN##_t val = BL##NN (READ_AUXV##NN (valp)); \ 726 if (type == BL##NN (AT_ENTRY)) \ 727 entry = val; \ 728 else if (type == BL##NN (AT_PHDR)) \ 729 phdr = val; \ 730 else if (type == BL##NN (AT_PHNUM)) \ 731 phnum = val; \ 732 else if (type == BL##NN (AT_PHENT)) \ 733 phent = val; \ 734 else if (type == BL##NN (AT_PAGESZ)) \ 735 { \ 736 if (val > 1 \ 737 && (dwfl->segment_align == 0 \ 738 || val < dwfl->segment_align)) \ 739 dwfl->segment_align = val; \ 740 } \ 741 } \ 742 } \ 743 while (0) 744 745 if (elfclass == ELFCLASS32) 746 { 747 if (elfdata == ELFDATA2MSB) 748 AUXV_SCAN (32, BE); 749 else 750 AUXV_SCAN (32, LE); 751 } 752 else 753 { 754 if (elfdata == ELFDATA2MSB) 755 AUXV_SCAN (64, BE); 756 else 757 AUXV_SCAN (64, LE); 758 } 759 760 /* If we found the phdr dimensions, search phdrs for PT_DYNAMIC. */ 761 GElf_Addr dyn_vaddr = 0; 762 GElf_Xword dyn_filesz = 0; 763 GElf_Addr dyn_bias = (GElf_Addr) -1; 764 765 inline bool consider_phdr (GElf_Word type, 766 GElf_Addr vaddr, GElf_Xword filesz) 767 { 768 switch (type) 769 { 770 case PT_PHDR: 771 if (dyn_bias == (GElf_Addr) -1 772 /* Do a sanity check on the putative address. */ 773 && ((vaddr & (dwfl->segment_align - 1)) 774 == (phdr & (dwfl->segment_align - 1)))) 775 { 776 dyn_bias = phdr - vaddr; 777 return dyn_vaddr != 0; 778 } 779 break; 780 781 case PT_DYNAMIC: 782 dyn_vaddr = vaddr; 783 dyn_filesz = filesz; 784 return dyn_bias != (GElf_Addr) -1; 785 } 786 787 return false; 788 } 789 790 if (phdr != 0 && phnum != 0) 791 { 792 Dwfl_Module *phdr_mod; 793 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod); 794 Elf_Data in = 795 { 796 .d_type = ELF_T_PHDR, 797 .d_version = EV_CURRENT, 798 .d_size = phnum * phent, 799 .d_buf = NULL 800 }; 801 bool in_ok = (*memory_callback) (dwfl, phdr_segndx, &in.d_buf, 802 &in.d_size, phdr, phnum * phent, 803 memory_callback_arg); 804 bool in_from_exec = false; 805 if (! in_ok 806 && dwfl->user_core != NULL 807 && dwfl->user_core->executable_for_core != NULL) 808 { 809 /* AUXV -> PHDR -> DYNAMIC 810 Both AUXV and DYNAMIC should be always present in a core file. 811 PHDR may be missing in core file, try to read it from 812 EXECUTABLE_FOR_CORE to find where DYNAMIC is located in the 813 core file. */ 814 815 int fd = open (dwfl->user_core->executable_for_core, O_RDONLY); 816 Elf *elf; 817 Dwfl_Error error = DWFL_E_ERRNO; 818 if (fd != -1) 819 error = __libdw_open_file (&fd, &elf, true, false); 820 if (error != DWFL_E_NOERROR) 821 { 822 __libdwfl_seterrno (error); 823 return false; 824 } 825 GElf_Ehdr ehdr_mem, *ehdr = gelf_getehdr (elf, &ehdr_mem); 826 if (ehdr == NULL) 827 { 828 elf_end (elf); 829 close (fd); 830 __libdwfl_seterrno (DWFL_E_LIBELF); 831 return false; 832 } 833 size_t e_phnum; 834 if (elf_getphdrnum (elf, &e_phnum) != 0) 835 { 836 elf_end (elf); 837 close (fd); 838 __libdwfl_seterrno (DWFL_E_LIBELF); 839 return false; 840 } 841 if (e_phnum != phnum || ehdr->e_phentsize != phent) 842 { 843 elf_end (elf); 844 close (fd); 845 __libdwfl_seterrno (DWFL_E_BADELF); 846 return false; 847 } 848 off_t off = ehdr->e_phoff; 849 assert (in.d_buf == NULL); 850 /* Note this in the !in_ok path. That means memory_callback 851 failed. But the callback might still have reset the d_size 852 value (to zero). So explicitly set it here again. */ 853 in.d_size = phnum * phent; 854 in.d_buf = malloc (in.d_size); 855 if (unlikely (in.d_buf == NULL)) 856 { 857 elf_end (elf); 858 close (fd); 859 __libdwfl_seterrno (DWFL_E_NOMEM); 860 return false; 861 } 862 ssize_t nread = pread_retry (fd, in.d_buf, in.d_size, off); 863 elf_end (elf); 864 close (fd); 865 if (nread != (ssize_t) in.d_size) 866 { 867 free (in.d_buf); 868 __libdwfl_seterrno (DWFL_E_ERRNO); 869 return false; 870 } 871 in_ok = true; 872 in_from_exec = true; 873 } 874 if (in_ok) 875 { 876 if (unlikely (phnum > SIZE_MAX / phent)) 877 { 878 __libdwfl_seterrno (DWFL_E_NOMEM); 879 return false; 880 } 881 size_t nbytes = phnum * phent; 882 void *buf = malloc (nbytes); 883 Elf32_Phdr (*p32)[phnum] = buf; 884 Elf64_Phdr (*p64)[phnum] = buf; 885 if (unlikely (buf == NULL)) 886 { 887 __libdwfl_seterrno (DWFL_E_NOMEM); 888 return false; 889 } 890 Elf_Data out = 891 { 892 .d_type = ELF_T_PHDR, 893 .d_version = EV_CURRENT, 894 .d_size = phnum * phent, 895 .d_buf = buf 896 }; 897 in.d_size = out.d_size; 898 if (likely ((elfclass == ELFCLASS32 899 ? elf32_xlatetom : elf64_xlatetom) 900 (&out, &in, elfdata) != NULL)) 901 { 902 /* We are looking for PT_DYNAMIC. */ 903 if (elfclass == ELFCLASS32) 904 { 905 for (size_t i = 0; i < phnum; ++i) 906 if (consider_phdr ((*p32)[i].p_type, 907 (*p32)[i].p_vaddr, 908 (*p32)[i].p_filesz)) 909 break; 910 } 911 else 912 { 913 for (size_t i = 0; i < phnum; ++i) 914 if (consider_phdr ((*p64)[i].p_type, 915 (*p64)[i].p_vaddr, 916 (*p64)[i].p_filesz)) 917 break; 918 } 919 } 920 921 if (in_from_exec) 922 free (in.d_buf); 923 else 924 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0, 925 memory_callback_arg); 926 free (buf); 927 } 928 else 929 /* We could not read the executable's phdrs from the 930 memory image. If we have a presupplied executable, 931 we can still use the AT_PHDR and AT_ENTRY values to 932 verify it, and to adjust its bias if it's a PIE. 933 934 If there was an ET_EXEC module presupplied that contains 935 the AT_PHDR address, then we only consider that one. 936 We'll either accept it if its phdr location and e_entry 937 make sense or reject it if they don't. If there is no 938 presupplied ET_EXEC, then look for a presupplied module, 939 which might be a PIE (ET_DYN) that needs its bias adjusted. */ 940 r_debug_vaddr = ((phdr_mod == NULL 941 || phdr_mod->main.elf == NULL 942 || phdr_mod->e_type != ET_EXEC) 943 ? find_executable (dwfl, phdr, entry, 944 &elfclass, &elfdata, 945 memory_callback, 946 memory_callback_arg) 947 : consider_executable (phdr_mod, phdr, entry, 948 &elfclass, &elfdata, 949 memory_callback, 950 memory_callback_arg)); 951 } 952 953 /* If we found PT_DYNAMIC, search it for DT_DEBUG. */ 954 if (dyn_filesz != 0) 955 { 956 if (dyn_bias != (GElf_Addr) -1) 957 dyn_vaddr += dyn_bias; 958 959 Elf_Data in = 960 { 961 .d_type = ELF_T_DYN, 962 .d_version = EV_CURRENT, 963 .d_size = dyn_filesz, 964 .d_buf = NULL 965 }; 966 int dyn_segndx = dwfl_addrsegment (dwfl, dyn_vaddr, NULL); 967 if ((*memory_callback) (dwfl, dyn_segndx, &in.d_buf, &in.d_size, 968 dyn_vaddr, dyn_filesz, memory_callback_arg)) 969 { 970 void *buf = malloc (dyn_filesz); 971 Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = buf; 972 Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = buf; 973 if (unlikely (buf == NULL)) 974 { 975 __libdwfl_seterrno (DWFL_E_NOMEM); 976 return false; 977 } 978 Elf_Data out = 979 { 980 .d_type = ELF_T_DYN, 981 .d_version = EV_CURRENT, 982 .d_size = dyn_filesz, 983 .d_buf = buf 984 }; 985 in.d_size = out.d_size; 986 if (likely ((elfclass == ELFCLASS32 987 ? elf32_xlatetom : elf64_xlatetom) 988 (&out, &in, elfdata) != NULL)) 989 { 990 /* We are looking for DT_DEBUG. */ 991 if (elfclass == ELFCLASS32) 992 { 993 size_t n = dyn_filesz / sizeof (Elf32_Dyn); 994 for (size_t i = 0; i < n; ++i) 995 if ((*d32)[i].d_tag == DT_DEBUG) 996 { 997 r_debug_vaddr = (*d32)[i].d_un.d_val; 998 break; 999 } 1000 } 1001 else 1002 { 1003 size_t n = dyn_filesz / sizeof (Elf64_Dyn); 1004 for (size_t i = 0; i < n; ++i) 1005 if ((*d64)[i].d_tag == DT_DEBUG) 1006 { 1007 r_debug_vaddr = (*d64)[i].d_un.d_val; 1008 break; 1009 } 1010 } 1011 } 1012 1013 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0, 1014 memory_callback_arg); 1015 free (buf); 1016 } 1017 } 1018 } 1019 else 1020 /* We have to look for a presupplied executable file to determine 1021 the vaddr of its dynamic section and DT_DEBUG therein. */ 1022 r_debug_vaddr = find_executable (dwfl, 0, 0, &elfclass, &elfdata, 1023 memory_callback, memory_callback_arg); 1024 1025 if (r_debug_vaddr == 0) 1026 return 0; 1027 1028 /* For following pointers from struct link_map, we will use an 1029 integrated memory access callback that can consult module text 1030 elided from the core file. This is necessary when the l_name 1031 pointer for the dynamic linker's own entry is a pointer into the 1032 executable's .interp section. */ 1033 struct integrated_memory_callback mcb = 1034 { 1035 .memory_callback = memory_callback, 1036 .memory_callback_arg = memory_callback_arg 1037 }; 1038 1039 /* Now we can follow the dynamic linker's library list. */ 1040 return report_r_debug (elfclass, elfdata, dwfl, r_debug_vaddr, 1041 &integrated_memory_callback, &mcb, r_debug_info); 1042 } 1043 INTDEF (dwfl_link_map_report) 1044