1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <android/api-level.h> 30 #include <dlfcn.h> 31 #include <errno.h> 32 #include <fcntl.h> 33 #include <inttypes.h> 34 #include <pthread.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 #include <sys/mman.h> 39 #include <sys/param.h> 40 #include <unistd.h> 41 42 #include <new> 43 #include <string> 44 #include <vector> 45 46 // Private C library headers. 47 #include "private/bionic_tls.h" 48 #include "private/KernelArgumentBlock.h" 49 #include "private/ScopedPthreadMutexLocker.h" 50 #include "private/ScopeGuard.h" 51 #include "private/UniquePtr.h" 52 53 #include "linker.h" 54 #include "linker_block_allocator.h" 55 #include "linker_debug.h" 56 #include "linker_sleb128.h" 57 #include "linker_phdr.h" 58 #include "linker_relocs.h" 59 #include "linker_reloc_iterators.h" 60 #include "ziparchive/zip_archive.h" 61 62 extern void __libc_init_AT_SECURE(KernelArgumentBlock&); 63 64 // Override macros to use C++ style casts. 65 #undef ELF_ST_TYPE 66 #define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 67 68 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 69 70 static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 71 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 72 73 static soinfo* solist; 74 static soinfo* sonext; 75 static soinfo* somain; // main process, always the one after libdl_info 76 77 static const char* const kDefaultLdPaths[] = { 78 #if defined(__LP64__) 79 "/vendor/lib64", 80 "/system/lib64", 81 #else 82 "/vendor/lib", 83 "/system/lib", 84 #endif 85 nullptr 86 }; 87 88 static const ElfW(Versym) kVersymNotNeeded = 0; 89 static const ElfW(Versym) kVersymGlobal = 1; 90 91 static std::vector<std::string> g_ld_library_paths; 92 static std::vector<std::string> g_ld_preload_names; 93 94 static std::vector<soinfo*> g_ld_preloads; 95 96 __LIBC_HIDDEN__ int g_ld_debug_verbosity; 97 98 __LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 99 100 #if STATS 101 struct linker_stats_t { 102 int count[kRelocMax]; 103 }; 104 105 static linker_stats_t linker_stats; 106 107 void count_relocation(RelocationKind kind) { 108 ++linker_stats.count[kind]; 109 } 110 #else 111 void count_relocation(RelocationKind) { 112 } 113 #endif 114 115 #if COUNT_PAGES 116 uint32_t bitmask[4096]; 117 #endif 118 119 static char __linker_dl_err_buf[768]; 120 121 char* linker_get_error_buffer() { 122 return &__linker_dl_err_buf[0]; 123 } 124 125 size_t linker_get_error_buffer_size() { 126 return sizeof(__linker_dl_err_buf); 127 } 128 129 // This function is an empty stub where GDB locates a breakpoint to get notified 130 // about linker activity. 131 extern "C" 132 void __attribute__((noinline)) __attribute__((visibility("default"))) rtld_db_dlactivity(); 133 134 static pthread_mutex_t g__r_debug_mutex = PTHREAD_MUTEX_INITIALIZER; 135 static r_debug _r_debug = 136 {1, nullptr, reinterpret_cast<uintptr_t>(&rtld_db_dlactivity), r_debug::RT_CONSISTENT, 0}; 137 138 static link_map* r_debug_tail = 0; 139 140 static void insert_soinfo_into_debug_map(soinfo* info) { 141 // Copy the necessary fields into the debug structure. 142 link_map* map = &(info->link_map_head); 143 map->l_addr = info->load_bias; 144 // link_map l_name field is not const. 145 map->l_name = const_cast<char*>(info->get_realpath()); 146 map->l_ld = info->dynamic; 147 148 // Stick the new library at the end of the list. 149 // gdb tends to care more about libc than it does 150 // about leaf libraries, and ordering it this way 151 // reduces the back-and-forth over the wire. 152 if (r_debug_tail) { 153 r_debug_tail->l_next = map; 154 map->l_prev = r_debug_tail; 155 map->l_next = 0; 156 } else { 157 _r_debug.r_map = map; 158 map->l_prev = 0; 159 map->l_next = 0; 160 } 161 r_debug_tail = map; 162 } 163 164 static void remove_soinfo_from_debug_map(soinfo* info) { 165 link_map* map = &(info->link_map_head); 166 167 if (r_debug_tail == map) { 168 r_debug_tail = map->l_prev; 169 } 170 171 if (map->l_prev) { 172 map->l_prev->l_next = map->l_next; 173 } 174 if (map->l_next) { 175 map->l_next->l_prev = map->l_prev; 176 } 177 } 178 179 static void notify_gdb_of_load(soinfo* info) { 180 if (info->is_main_executable()) { 181 // GDB already knows about the main executable 182 return; 183 } 184 185 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 186 187 _r_debug.r_state = r_debug::RT_ADD; 188 rtld_db_dlactivity(); 189 190 insert_soinfo_into_debug_map(info); 191 192 _r_debug.r_state = r_debug::RT_CONSISTENT; 193 rtld_db_dlactivity(); 194 } 195 196 static void notify_gdb_of_unload(soinfo* info) { 197 if (info->is_main_executable()) { 198 // GDB already knows about the main executable 199 return; 200 } 201 202 ScopedPthreadMutexLocker locker(&g__r_debug_mutex); 203 204 _r_debug.r_state = r_debug::RT_DELETE; 205 rtld_db_dlactivity(); 206 207 remove_soinfo_from_debug_map(info); 208 209 _r_debug.r_state = r_debug::RT_CONSISTENT; 210 rtld_db_dlactivity(); 211 } 212 213 void notify_gdb_of_libraries() { 214 _r_debug.r_state = r_debug::RT_ADD; 215 rtld_db_dlactivity(); 216 _r_debug.r_state = r_debug::RT_CONSISTENT; 217 rtld_db_dlactivity(); 218 } 219 220 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 221 return g_soinfo_links_allocator.alloc(); 222 } 223 224 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 225 g_soinfo_links_allocator.free(entry); 226 } 227 228 static soinfo* soinfo_alloc(const char* name, struct stat* file_stat, 229 off64_t file_offset, uint32_t rtld_flags) { 230 if (strlen(name) >= PATH_MAX) { 231 DL_ERR("library name \"%s\" too long", name); 232 return nullptr; 233 } 234 235 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(name, file_stat, file_offset, rtld_flags); 236 237 sonext->next = si; 238 sonext = si; 239 240 TRACE("name %s: allocated soinfo @ %p", name, si); 241 return si; 242 } 243 244 static void soinfo_free(soinfo* si) { 245 if (si == nullptr) { 246 return; 247 } 248 249 if (si->base != 0 && si->size != 0) { 250 munmap(reinterpret_cast<void*>(si->base), si->size); 251 } 252 253 soinfo *prev = nullptr, *trav; 254 255 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si); 256 257 for (trav = solist; trav != nullptr; trav = trav->next) { 258 if (trav == si) { 259 break; 260 } 261 prev = trav; 262 } 263 264 if (trav == nullptr) { 265 // si was not in solist 266 DL_ERR("name \"%s\"@%p is not in solist!", si->get_realpath(), si); 267 return; 268 } 269 270 // clear links to/from si 271 si->remove_all_links(); 272 273 // prev will never be null, because the first entry in solist is 274 // always the static libdl_info. 275 prev->next = si->next; 276 if (si == sonext) { 277 sonext = prev; 278 } 279 280 si->~soinfo(); 281 g_soinfo_allocator.free(si); 282 } 283 284 static void parse_path(const char* path, const char* delimiters, 285 std::vector<std::string>* paths) { 286 if (path == nullptr) { 287 return; 288 } 289 290 paths->clear(); 291 292 for (const char *p = path; ; ++p) { 293 size_t len = strcspn(p, delimiters); 294 // skip empty tokens 295 if (len == 0) { 296 continue; 297 } 298 299 paths->push_back(std::string(p, len)); 300 p += len; 301 302 if (*p == '\0') { 303 break; 304 } 305 } 306 } 307 308 static void parse_LD_LIBRARY_PATH(const char* path) { 309 parse_path(path, ":", &g_ld_library_paths); 310 } 311 312 static void parse_LD_PRELOAD(const char* path) { 313 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 314 parse_path(path, " :", &g_ld_preload_names); 315 } 316 317 static bool realpath_fd(int fd, std::string* realpath) { 318 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX); 319 snprintf(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd); 320 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) { 321 PRINT("readlink('%s') failed: %s [fd=%d]", &proc_self_fd[0], strerror(errno), fd); 322 return false; 323 } 324 325 *realpath = std::string(&buf[0]); 326 return true; 327 } 328 329 #if defined(__arm__) 330 331 // For a given PC, find the .so that it belongs to. 332 // Returns the base address of the .ARM.exidx section 333 // for that .so, and the number of 8-byte entries 334 // in that section (via *pcount). 335 // 336 // Intended to be called by libc's __gnu_Unwind_Find_exidx(). 337 // 338 // This function is exposed via dlfcn.cpp and libdl.so. 339 _Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 340 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 341 342 for (soinfo* si = solist; si != 0; si = si->next) { 343 if ((addr >= si->base) && (addr < (si->base + si->size))) { 344 *pcount = si->ARM_exidx_count; 345 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 346 } 347 } 348 *pcount = 0; 349 return nullptr; 350 } 351 352 #endif 353 354 // Here, we only have to provide a callback to iterate across all the 355 // loaded libraries. gcc_eh does the rest. 356 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 357 int rv = 0; 358 for (soinfo* si = solist; si != nullptr; si = si->next) { 359 dl_phdr_info dl_info; 360 dl_info.dlpi_addr = si->link_map_head.l_addr; 361 dl_info.dlpi_name = si->link_map_head.l_name; 362 dl_info.dlpi_phdr = si->phdr; 363 dl_info.dlpi_phnum = si->phnum; 364 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 365 if (rv != 0) { 366 break; 367 } 368 } 369 return rv; 370 } 371 372 const ElfW(Versym)* soinfo::get_versym(size_t n) const { 373 if (has_min_version(2) && versym_ != nullptr) { 374 return versym_ + n; 375 } 376 377 return nullptr; 378 } 379 380 ElfW(Addr) soinfo::get_verneed_ptr() const { 381 if (has_min_version(2)) { 382 return verneed_ptr_; 383 } 384 385 return 0; 386 } 387 388 size_t soinfo::get_verneed_cnt() const { 389 if (has_min_version(2)) { 390 return verneed_cnt_; 391 } 392 393 return 0; 394 } 395 396 ElfW(Addr) soinfo::get_verdef_ptr() const { 397 if (has_min_version(2)) { 398 return verdef_ptr_; 399 } 400 401 return 0; 402 } 403 404 size_t soinfo::get_verdef_cnt() const { 405 if (has_min_version(2)) { 406 return verdef_cnt_; 407 } 408 409 return 0; 410 } 411 412 template<typename F> 413 static bool for_each_verdef(const soinfo* si, F functor) { 414 if (!si->has_min_version(2)) { 415 return true; 416 } 417 418 uintptr_t verdef_ptr = si->get_verdef_ptr(); 419 if (verdef_ptr == 0) { 420 return true; 421 } 422 423 size_t offset = 0; 424 425 size_t verdef_cnt = si->get_verdef_cnt(); 426 for (size_t i = 0; i<verdef_cnt; ++i) { 427 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset); 428 size_t verdaux_offset = offset + verdef->vd_aux; 429 offset += verdef->vd_next; 430 431 if (verdef->vd_version != 1) { 432 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s", 433 i, verdef->vd_version, si->get_realpath()); 434 return false; 435 } 436 437 if ((verdef->vd_flags & VER_FLG_BASE) != 0) { 438 // "this is the version of the file itself. It must not be used for 439 // matching a symbol. It can be used to match references." 440 // 441 // http://www.akkadia.org/drepper/symbol-versioning 442 continue; 443 } 444 445 if (verdef->vd_cnt == 0) { 446 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i); 447 return false; 448 } 449 450 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset); 451 452 if (functor(i, verdef, verdaux) == true) { 453 break; 454 } 455 } 456 457 return true; 458 } 459 460 bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const { 461 if (vi == nullptr) { 462 *versym = kVersymNotNeeded; 463 return true; 464 } 465 466 *versym = kVersymGlobal; 467 468 return for_each_verdef(this, 469 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 470 if (verdef->vd_hash == vi->elf_hash && 471 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) { 472 *versym = verdef->vd_ndx; 473 return true; 474 } 475 476 return false; 477 } 478 ); 479 } 480 481 bool soinfo::find_symbol_by_name(SymbolName& symbol_name, 482 const version_info* vi, 483 const ElfW(Sym)** symbol) const { 484 uint32_t symbol_index; 485 bool success = 486 is_gnu_hash() ? 487 gnu_lookup(symbol_name, vi, &symbol_index) : 488 elf_lookup(symbol_name, vi, &symbol_index); 489 490 if (success) { 491 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index; 492 } 493 494 return success; 495 } 496 497 static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 498 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 499 ELF_ST_BIND(s->st_info) == STB_WEAK) { 500 return s->st_shndx != SHN_UNDEF; 501 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 502 DL_WARN("unexpected ST_BIND value: %d for '%s' in '%s'", 503 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_realpath()); 504 } 505 506 return false; 507 } 508 509 static const ElfW(Versym) kVersymHiddenBit = 0x8000; 510 511 static inline bool is_versym_hidden(const ElfW(Versym)* versym) { 512 // the symbol is hidden if bit 15 of versym is set. 513 return versym != nullptr && (*versym & kVersymHiddenBit) != 0; 514 } 515 516 static inline bool check_symbol_version(const ElfW(Versym) verneed, 517 const ElfW(Versym)* verdef) { 518 return verneed == kVersymNotNeeded || 519 verdef == nullptr || 520 verneed == (*verdef & ~kVersymHiddenBit); 521 } 522 523 bool soinfo::gnu_lookup(SymbolName& symbol_name, 524 const version_info* vi, 525 uint32_t* symbol_index) const { 526 uint32_t hash = symbol_name.gnu_hash(); 527 uint32_t h2 = hash >> gnu_shift2_; 528 529 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 530 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 531 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 532 533 *symbol_index = 0; 534 535 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 536 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 537 538 // test against bloom filter 539 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 540 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 541 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 542 543 return true; 544 } 545 546 // bloom test says "probably yes"... 547 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 548 549 if (n == 0) { 550 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 551 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 552 553 return true; 554 } 555 556 // lookup versym for the version definition in this library 557 // note the difference between "version is not requested" (vi == nullptr) 558 // and "version not found". In the first case verneed is kVersymNotNeeded 559 // which implies that the default version can be accepted; the second case results in 560 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols 561 // for this library and consider only *global* ones. 562 ElfW(Versym) verneed = 0; 563 if (!find_verdef_version_index(vi, &verneed)) { 564 return false; 565 } 566 567 do { 568 ElfW(Sym)* s = symtab_ + n; 569 const ElfW(Versym)* verdef = get_versym(n); 570 // skip hidden versions when verneed == kVersymNotNeeded (0) 571 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 572 continue; 573 } 574 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 575 check_symbol_version(verneed, verdef) && 576 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 577 is_symbol_global_and_defined(this, s)) { 578 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 579 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(s->st_value), 580 static_cast<size_t>(s->st_size)); 581 *symbol_index = n; 582 return true; 583 } 584 } while ((gnu_chain_[n++] & 1) == 0); 585 586 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 587 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 588 589 return true; 590 } 591 592 bool soinfo::elf_lookup(SymbolName& symbol_name, 593 const version_info* vi, 594 uint32_t* symbol_index) const { 595 uint32_t hash = symbol_name.elf_hash(); 596 597 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 598 symbol_name.get_name(), get_realpath(), 599 reinterpret_cast<void*>(base), hash, hash % nbucket_); 600 601 ElfW(Versym) verneed = 0; 602 if (!find_verdef_version_index(vi, &verneed)) { 603 return false; 604 } 605 606 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 607 ElfW(Sym)* s = symtab_ + n; 608 const ElfW(Versym)* verdef = get_versym(n); 609 610 // skip hidden versions when verneed == 0 611 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 612 continue; 613 } 614 615 if (check_symbol_version(verneed, verdef) && 616 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 617 is_symbol_global_and_defined(this, s)) { 618 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 619 symbol_name.get_name(), get_realpath(), 620 reinterpret_cast<void*>(s->st_value), 621 static_cast<size_t>(s->st_size)); 622 *symbol_index = n; 623 return true; 624 } 625 } 626 627 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 628 symbol_name.get_name(), get_realpath(), 629 reinterpret_cast<void*>(base), hash, hash % nbucket_); 630 631 *symbol_index = 0; 632 return true; 633 } 634 635 soinfo::soinfo(const char* realpath, const struct stat* file_stat, 636 off64_t file_offset, int rtld_flags) { 637 memset(this, 0, sizeof(*this)); 638 639 if (realpath != nullptr) { 640 realpath_ = realpath; 641 } 642 643 flags_ = FLAG_NEW_SOINFO; 644 version_ = SOINFO_VERSION; 645 646 if (file_stat != nullptr) { 647 this->st_dev_ = file_stat->st_dev; 648 this->st_ino_ = file_stat->st_ino; 649 this->file_offset_ = file_offset; 650 } 651 652 this->rtld_flags_ = rtld_flags; 653 } 654 655 656 uint32_t SymbolName::elf_hash() { 657 if (!has_elf_hash_) { 658 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 659 uint32_t h = 0, g; 660 661 while (*name) { 662 h = (h << 4) + *name++; 663 g = h & 0xf0000000; 664 h ^= g; 665 h ^= g >> 24; 666 } 667 668 elf_hash_ = h; 669 has_elf_hash_ = true; 670 } 671 672 return elf_hash_; 673 } 674 675 uint32_t SymbolName::gnu_hash() { 676 if (!has_gnu_hash_) { 677 uint32_t h = 5381; 678 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 679 while (*name != 0) { 680 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 681 } 682 683 gnu_hash_ = h; 684 has_gnu_hash_ = true; 685 } 686 687 return gnu_hash_; 688 } 689 690 bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi, 691 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group, 692 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) { 693 SymbolName symbol_name(name); 694 const ElfW(Sym)* s = nullptr; 695 696 /* "This element's presence in a shared object library alters the dynamic linker's 697 * symbol resolution algorithm for references within the library. Instead of starting 698 * a symbol search with the executable file, the dynamic linker starts from the shared 699 * object itself. If the shared object fails to supply the referenced symbol, the 700 * dynamic linker then searches the executable file and other shared objects as usual." 701 * 702 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 703 * 704 * Note that this is unlikely since static linker avoids generating 705 * relocations for -Bsymbolic linked dynamic executables. 706 */ 707 if (si_from->has_DT_SYMBOLIC) { 708 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_realpath(), name); 709 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) { 710 return false; 711 } 712 713 if (s != nullptr) { 714 *si_found_in = si_from; 715 } 716 } 717 718 // 1. Look for it in global_group 719 if (s == nullptr) { 720 bool error = false; 721 global_group.visit([&](soinfo* global_si) { 722 DEBUG("%s: looking up %s in %s (from global group)", 723 si_from->get_realpath(), name, global_si->get_realpath()); 724 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) { 725 error = true; 726 return false; 727 } 728 729 if (s != nullptr) { 730 *si_found_in = global_si; 731 return false; 732 } 733 734 return true; 735 }); 736 737 if (error) { 738 return false; 739 } 740 } 741 742 // 2. Look for it in the local group 743 if (s == nullptr) { 744 bool error = false; 745 local_group.visit([&](soinfo* local_si) { 746 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 747 // we already did this - skip 748 return true; 749 } 750 751 DEBUG("%s: looking up %s in %s (from local group)", 752 si_from->get_realpath(), name, local_si->get_realpath()); 753 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) { 754 error = true; 755 return false; 756 } 757 758 if (s != nullptr) { 759 *si_found_in = local_si; 760 return false; 761 } 762 763 return true; 764 }); 765 766 if (error) { 767 return false; 768 } 769 } 770 771 if (s != nullptr) { 772 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 773 "found in %s, base = %p, load bias = %p", 774 si_from->get_realpath(), name, reinterpret_cast<void*>(s->st_value), 775 (*si_found_in)->get_realpath(), reinterpret_cast<void*>((*si_found_in)->base), 776 reinterpret_cast<void*>((*si_found_in)->load_bias)); 777 } 778 779 *symbol = s; 780 return true; 781 } 782 783 class ProtectedDataGuard { 784 public: 785 ProtectedDataGuard() { 786 if (ref_count_++ == 0) { 787 protect_data(PROT_READ | PROT_WRITE); 788 } 789 } 790 791 ~ProtectedDataGuard() { 792 if (ref_count_ == 0) { // overflow 793 __libc_fatal("Too many nested calls to dlopen()"); 794 } 795 796 if (--ref_count_ == 0) { 797 protect_data(PROT_READ); 798 } 799 } 800 private: 801 void protect_data(int protection) { 802 g_soinfo_allocator.protect_all(protection); 803 g_soinfo_links_allocator.protect_all(protection); 804 } 805 806 static size_t ref_count_; 807 }; 808 809 size_t ProtectedDataGuard::ref_count_ = 0; 810 811 // Each size has it's own allocator. 812 template<size_t size> 813 class SizeBasedAllocator { 814 public: 815 static void* alloc() { 816 return allocator_.alloc(); 817 } 818 819 static void free(void* ptr) { 820 allocator_.free(ptr); 821 } 822 823 private: 824 static LinkerBlockAllocator allocator_; 825 }; 826 827 template<size_t size> 828 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 829 830 template<typename T> 831 class TypeBasedAllocator { 832 public: 833 static T* alloc() { 834 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 835 } 836 837 static void free(T* ptr) { 838 SizeBasedAllocator<sizeof(T)>::free(ptr); 839 } 840 }; 841 842 class LoadTask { 843 public: 844 struct deleter_t { 845 void operator()(LoadTask* t) { 846 TypeBasedAllocator<LoadTask>::free(t); 847 } 848 }; 849 850 typedef UniquePtr<LoadTask, deleter_t> unique_ptr; 851 852 static deleter_t deleter; 853 854 static LoadTask* create(const char* name, soinfo* needed_by) { 855 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 856 return new (ptr) LoadTask(name, needed_by); 857 } 858 859 const char* get_name() const { 860 return name_; 861 } 862 863 soinfo* get_needed_by() const { 864 return needed_by_; 865 } 866 private: 867 LoadTask(const char* name, soinfo* needed_by) 868 : name_(name), needed_by_(needed_by) {} 869 870 const char* name_; 871 soinfo* needed_by_; 872 873 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 874 }; 875 876 LoadTask::deleter_t LoadTask::deleter; 877 878 template <typename T> 879 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 880 881 typedef linked_list_t<soinfo> SoinfoLinkedList; 882 typedef linked_list_t<const char> StringLinkedList; 883 typedef linked_list_t<LoadTask> LoadTaskList; 884 885 886 // This function walks down the tree of soinfo dependencies 887 // in breadth-first order and 888 // * calls action(soinfo* si) for each node, and 889 // * terminates walk if action returns false. 890 // 891 // walk_dependencies_tree returns false if walk was terminated 892 // by the action and true otherwise. 893 template<typename F> 894 static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 895 SoinfoLinkedList visit_list; 896 SoinfoLinkedList visited; 897 898 for (size_t i = 0; i < root_soinfos_size; ++i) { 899 visit_list.push_back(root_soinfos[i]); 900 } 901 902 soinfo* si; 903 while ((si = visit_list.pop_front()) != nullptr) { 904 if (visited.contains(si)) { 905 continue; 906 } 907 908 if (!action(si)) { 909 return false; 910 } 911 912 visited.push_back(si); 913 914 si->get_children().for_each([&](soinfo* child) { 915 visit_list.push_back(child); 916 }); 917 } 918 919 return true; 920 } 921 922 923 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* root, soinfo* skip_until, 924 soinfo** found, SymbolName& symbol_name) { 925 const ElfW(Sym)* result = nullptr; 926 bool skip_lookup = skip_until != nullptr; 927 928 walk_dependencies_tree(&root, 1, [&](soinfo* current_soinfo) { 929 if (skip_lookup) { 930 skip_lookup = current_soinfo != skip_until; 931 return true; 932 } 933 934 if (!current_soinfo->find_symbol_by_name(symbol_name, nullptr, &result)) { 935 result = nullptr; 936 return false; 937 } 938 939 if (result != nullptr) { 940 *found = current_soinfo; 941 return false; 942 } 943 944 return true; 945 }); 946 947 return result; 948 } 949 950 // This is used by dlsym(3). It performs symbol lookup only within the 951 // specified soinfo object and its dependencies in breadth first order. 952 const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, const char* name) { 953 // According to man dlopen(3) and posix docs in the case when si is handle 954 // of the main executable we need to search not only in the executable and its 955 // dependencies but also in all libraries loaded with RTLD_GLOBAL. 956 // 957 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared 958 // libraries and they are loaded in breath-first (correct) order we can just execute 959 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup. 960 if (si == somain) { 961 return dlsym_linear_lookup(name, found, nullptr, RTLD_DEFAULT); 962 } 963 964 SymbolName symbol_name(name); 965 return dlsym_handle_lookup(si, nullptr, found, symbol_name); 966 } 967 968 /* This is used by dlsym(3) to performs a global symbol lookup. If the 969 start value is null (for RTLD_DEFAULT), the search starts at the 970 beginning of the global solist. Otherwise the search starts at the 971 specified soinfo (for RTLD_NEXT). 972 */ 973 const ElfW(Sym)* dlsym_linear_lookup(const char* name, 974 soinfo** found, 975 soinfo* caller, 976 void* handle) { 977 SymbolName symbol_name(name); 978 979 soinfo* start = solist; 980 981 if (handle == RTLD_NEXT) { 982 if (caller == nullptr) { 983 return nullptr; 984 } else { 985 start = caller->next; 986 } 987 } 988 989 const ElfW(Sym)* s = nullptr; 990 for (soinfo* si = start; si != nullptr; si = si->next) { 991 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...) 992 // if the library is opened by application with target api level <= 22 993 // See http://b/21565766 994 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() > 22) { 995 continue; 996 } 997 998 if (!si->find_symbol_by_name(symbol_name, nullptr, &s)) { 999 return nullptr; 1000 } 1001 1002 if (s != nullptr) { 1003 *found = si; 1004 break; 1005 } 1006 } 1007 1008 // If not found - use dlsym_handle_lookup for caller's 1009 // local_group unless it is part of the global group in which 1010 // case we already did it. 1011 if (s == nullptr && caller != nullptr && 1012 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) { 1013 return dlsym_handle_lookup(caller->get_local_group_root(), 1014 (handle == RTLD_NEXT) ? caller : nullptr, found, symbol_name); 1015 } 1016 1017 if (s != nullptr) { 1018 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 1019 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 1020 } 1021 1022 return s; 1023 } 1024 1025 soinfo* find_containing_library(const void* p) { 1026 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 1027 for (soinfo* si = solist; si != nullptr; si = si->next) { 1028 if (address >= si->base && address - si->base < si->size) { 1029 return si; 1030 } 1031 } 1032 return nullptr; 1033 } 1034 1035 ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 1036 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 1037 } 1038 1039 static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 1040 return sym->st_shndx != SHN_UNDEF && 1041 soaddr >= sym->st_value && 1042 soaddr < sym->st_value + sym->st_size; 1043 } 1044 1045 ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 1046 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1047 1048 for (size_t i = 0; i < gnu_nbucket_; ++i) { 1049 uint32_t n = gnu_bucket_[i]; 1050 1051 if (n == 0) { 1052 continue; 1053 } 1054 1055 do { 1056 ElfW(Sym)* sym = symtab_ + n; 1057 if (symbol_matches_soaddr(sym, soaddr)) { 1058 return sym; 1059 } 1060 } while ((gnu_chain_[n++] & 1) == 0); 1061 } 1062 1063 return nullptr; 1064 } 1065 1066 ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 1067 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1068 1069 // Search the library's symbol table for any defined symbol which 1070 // contains this address. 1071 for (size_t i = 0; i < nchain_; ++i) { 1072 ElfW(Sym)* sym = symtab_ + i; 1073 if (symbol_matches_soaddr(sym, soaddr)) { 1074 return sym; 1075 } 1076 } 1077 1078 return nullptr; 1079 } 1080 1081 static int open_library_in_zipfile(const char* const path, 1082 off64_t* file_offset) { 1083 TRACE("Trying zip file open from path '%s'", path); 1084 1085 // Treat an '!/' separator inside a path as the separator between the name 1086 // of the zip file on disk and the subdirectory to search within it. 1087 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for 1088 // "bar/bas/x.so" within "foo.zip". 1089 const char* separator = strstr(path, "!/"); 1090 if (separator == nullptr) { 1091 return -1; 1092 } 1093 1094 char buf[512]; 1095 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) { 1096 PRINT("Warning: ignoring very long library path: %s", path); 1097 return -1; 1098 } 1099 1100 buf[separator - path] = '\0'; 1101 1102 const char* zip_path = buf; 1103 const char* file_path = &buf[separator - path + 2]; 1104 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1105 if (fd == -1) { 1106 return -1; 1107 } 1108 1109 ZipArchiveHandle handle; 1110 if (OpenArchiveFd(fd, "", &handle, false) != 0) { 1111 // invalid zip-file (?) 1112 close(fd); 1113 return -1; 1114 } 1115 1116 auto archive_guard = make_scope_guard([&]() { 1117 CloseArchive(handle); 1118 }); 1119 1120 ZipEntry entry; 1121 1122 if (FindEntry(handle, ZipEntryName(file_path), &entry) != 0) { 1123 // Entry was not found. 1124 close(fd); 1125 return -1; 1126 } 1127 1128 // Check if it is properly stored 1129 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) { 1130 close(fd); 1131 return -1; 1132 } 1133 1134 *file_offset = entry.offset; 1135 return fd; 1136 } 1137 1138 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) { 1139 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name); 1140 if (n < 0 || n >= static_cast<int>(buf_size)) { 1141 PRINT("Warning: ignoring very long library path: %s/%s", path, name); 1142 return false; 1143 } 1144 1145 return true; 1146 } 1147 1148 static int open_library_on_default_path(const char* name, off64_t* file_offset) { 1149 for (size_t i = 0; kDefaultLdPaths[i] != nullptr; ++i) { 1150 char buf[512]; 1151 if (!format_path(buf, sizeof(buf), kDefaultLdPaths[i], name)) { 1152 continue; 1153 } 1154 1155 int fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1156 if (fd != -1) { 1157 *file_offset = 0; 1158 return fd; 1159 } 1160 } 1161 1162 return -1; 1163 } 1164 1165 static int open_library_on_ld_library_path(const char* name, off64_t* file_offset) { 1166 for (const auto& path_str : g_ld_library_paths) { 1167 char buf[512]; 1168 const char* const path = path_str.c_str(); 1169 if (!format_path(buf, sizeof(buf), path, name)) { 1170 continue; 1171 } 1172 1173 int fd = -1; 1174 if (strchr(buf, '!') != nullptr) { 1175 fd = open_library_in_zipfile(buf, file_offset); 1176 } 1177 1178 if (fd == -1) { 1179 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1180 if (fd != -1) { 1181 *file_offset = 0; 1182 } 1183 } 1184 1185 if (fd != -1) { 1186 return fd; 1187 } 1188 } 1189 1190 return -1; 1191 } 1192 1193 static int open_library(const char* name, off64_t* file_offset) { 1194 TRACE("[ opening %s ]", name); 1195 1196 // If the name contains a slash, we should attempt to open it directly and not search the paths. 1197 if (strchr(name, '/') != nullptr) { 1198 if (strchr(name, '!') != nullptr) { 1199 int fd = open_library_in_zipfile(name, file_offset); 1200 if (fd != -1) { 1201 return fd; 1202 } 1203 } 1204 1205 int fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 1206 if (fd != -1) { 1207 *file_offset = 0; 1208 } 1209 return fd; 1210 } 1211 1212 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the built-in well known paths. 1213 int fd = open_library_on_ld_library_path(name, file_offset); 1214 if (fd == -1) { 1215 fd = open_library_on_default_path(name, file_offset); 1216 } 1217 return fd; 1218 } 1219 1220 static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) { 1221 #if !defined(__LP64__) 1222 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029 1223 if (get_application_target_sdk_version() <= 22) { 1224 const char* bname = basename(dt_needed); 1225 if (bname != dt_needed) { 1226 DL_WARN("'%s' library has invalid DT_NEEDED entry '%s'", sopath, dt_needed); 1227 } 1228 1229 return bname; 1230 } 1231 #endif 1232 return dt_needed; 1233 } 1234 1235 template<typename F> 1236 static void for_each_dt_needed(const soinfo* si, F action) { 1237 for (ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1238 if (d->d_tag == DT_NEEDED) { 1239 action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath())); 1240 } 1241 } 1242 } 1243 1244 static soinfo* load_library(int fd, off64_t file_offset, 1245 LoadTaskList& load_tasks, 1246 const char* name, int rtld_flags, 1247 const android_dlextinfo* extinfo) { 1248 if ((file_offset % PAGE_SIZE) != 0) { 1249 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 1250 return nullptr; 1251 } 1252 if (file_offset < 0) { 1253 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 1254 return nullptr; 1255 } 1256 1257 struct stat file_stat; 1258 if (TEMP_FAILURE_RETRY(fstat(fd, &file_stat)) != 0) { 1259 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 1260 return nullptr; 1261 } 1262 if (file_offset >= file_stat.st_size) { 1263 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, 1264 name, file_offset, file_stat.st_size); 1265 return nullptr; 1266 } 1267 1268 // Check for symlink and other situations where 1269 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set 1270 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) { 1271 for (soinfo* si = solist; si != nullptr; si = si->next) { 1272 if (si->get_st_dev() != 0 && 1273 si->get_st_ino() != 0 && 1274 si->get_st_dev() == file_stat.st_dev && 1275 si->get_st_ino() == file_stat.st_ino && 1276 si->get_file_offset() == file_offset) { 1277 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - " 1278 "will return existing soinfo", name, si->get_realpath()); 1279 return si; 1280 } 1281 } 1282 } 1283 1284 if ((rtld_flags & RTLD_NOLOAD) != 0) { 1285 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 1286 return nullptr; 1287 } 1288 1289 std::string realpath = name; 1290 if (!realpath_fd(fd, &realpath)) { 1291 PRINT("warning: unable to get realpath for the library \"%s\". Will use given name.", name); 1292 realpath = name; 1293 } 1294 1295 // Read the ELF header and load the segments. 1296 ElfReader elf_reader(realpath.c_str(), fd, file_offset, file_stat.st_size); 1297 if (!elf_reader.Load(extinfo)) { 1298 return nullptr; 1299 } 1300 1301 soinfo* si = soinfo_alloc(realpath.c_str(), &file_stat, file_offset, rtld_flags); 1302 if (si == nullptr) { 1303 return nullptr; 1304 } 1305 si->base = elf_reader.load_start(); 1306 si->size = elf_reader.load_size(); 1307 si->load_bias = elf_reader.load_bias(); 1308 si->phnum = elf_reader.phdr_count(); 1309 si->phdr = elf_reader.loaded_phdr(); 1310 1311 if (!si->prelink_image()) { 1312 soinfo_free(si); 1313 return nullptr; 1314 } 1315 1316 for_each_dt_needed(si, [&] (const char* name) { 1317 load_tasks.push_back(LoadTask::create(name, si)); 1318 }); 1319 1320 return si; 1321 } 1322 1323 static soinfo* load_library(LoadTaskList& load_tasks, 1324 const char* name, int rtld_flags, 1325 const android_dlextinfo* extinfo) { 1326 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 1327 off64_t file_offset = 0; 1328 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1329 file_offset = extinfo->library_fd_offset; 1330 } 1331 return load_library(extinfo->library_fd, file_offset, load_tasks, name, rtld_flags, extinfo); 1332 } 1333 1334 // Open the file. 1335 off64_t file_offset; 1336 int fd = open_library(name, &file_offset); 1337 if (fd == -1) { 1338 DL_ERR("library \"%s\" not found", name); 1339 return nullptr; 1340 } 1341 soinfo* result = load_library(fd, file_offset, load_tasks, name, rtld_flags, extinfo); 1342 close(fd); 1343 return result; 1344 } 1345 1346 // Returns true if library was found and false in 2 cases 1347 // 1. The library was found but loaded under different target_sdk_version 1348 // (*candidate != nullptr) 1349 // 2. The library was not found by soname (*candidate is nullptr) 1350 static bool find_loaded_library_by_soname(const char* name, soinfo** candidate) { 1351 *candidate = nullptr; 1352 1353 // Ignore filename with path. 1354 if (strchr(name, '/') != nullptr) { 1355 return false; 1356 } 1357 1358 uint32_t target_sdk_version = get_application_target_sdk_version(); 1359 1360 for (soinfo* si = solist; si != nullptr; si = si->next) { 1361 const char* soname = si->get_soname(); 1362 if (soname != nullptr && (strcmp(name, soname) == 0)) { 1363 // If the library was opened under different target sdk version 1364 // skip this step and try to reopen it. The exceptions are 1365 // "libdl.so" and global group. There is no point in skipping 1366 // them because relocation process is going to use them 1367 // in any case. 1368 bool is_libdl = si == solist; 1369 if (is_libdl || (si->get_dt_flags_1() & DF_1_GLOBAL) != 0 || 1370 !si->is_linked() || si->get_target_sdk_version() == target_sdk_version) { 1371 *candidate = si; 1372 return true; 1373 } else if (*candidate == nullptr) { 1374 // for the different sdk version - remember the first library. 1375 *candidate = si; 1376 } 1377 } 1378 } 1379 1380 return false; 1381 } 1382 1383 static soinfo* find_library_internal(LoadTaskList& load_tasks, const char* name, 1384 int rtld_flags, const android_dlextinfo* extinfo) { 1385 soinfo* candidate; 1386 1387 if (find_loaded_library_by_soname(name, &candidate)) { 1388 return candidate; 1389 } 1390 1391 // Library might still be loaded, the accurate detection 1392 // of this fact is done by load_library. 1393 TRACE("[ '%s' find_loaded_library_by_soname returned false (*candidate=%s@%p). Trying harder...]", 1394 name, candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate); 1395 1396 soinfo* si = load_library(load_tasks, name, rtld_flags, extinfo); 1397 1398 // In case we were unable to load the library but there 1399 // is a candidate loaded under the same soname but different 1400 // sdk level - return it anyways. 1401 if (si == nullptr && candidate != nullptr) { 1402 si = candidate; 1403 } 1404 1405 return si; 1406 } 1407 1408 static void soinfo_unload(soinfo* si); 1409 1410 // TODO: this is slightly unusual way to construct 1411 // the global group for relocation. Not every RTLD_GLOBAL 1412 // library is included in this group for backwards-compatibility 1413 // reasons. 1414 // 1415 // This group consists of the main executable, LD_PRELOADs 1416 // and libraries with the DF_1_GLOBAL flag set. 1417 static soinfo::soinfo_list_t make_global_group() { 1418 soinfo::soinfo_list_t global_group; 1419 for (soinfo* si = somain; si != nullptr; si = si->next) { 1420 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1421 global_group.push_back(si); 1422 } 1423 } 1424 1425 return global_group; 1426 } 1427 1428 static bool find_libraries(soinfo* start_with, const char* const library_names[], 1429 size_t library_names_count, soinfo* soinfos[], std::vector<soinfo*>* ld_preloads, 1430 size_t ld_preloads_count, int rtld_flags, const android_dlextinfo* extinfo) { 1431 // Step 0: prepare. 1432 LoadTaskList load_tasks; 1433 for (size_t i = 0; i < library_names_count; ++i) { 1434 const char* name = library_names[i]; 1435 load_tasks.push_back(LoadTask::create(name, start_with)); 1436 } 1437 1438 // Construct global_group. 1439 soinfo::soinfo_list_t global_group = make_global_group(); 1440 1441 // If soinfos array is null allocate one on stack. 1442 // The array is needed in case of failure; for example 1443 // when library_names[] = {libone.so, libtwo.so} and libone.so 1444 // is loaded correctly but libtwo.so failed for some reason. 1445 // In this case libone.so should be unloaded on return. 1446 // See also implementation of failure_guard below. 1447 1448 if (soinfos == nullptr) { 1449 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 1450 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 1451 memset(soinfos, 0, soinfos_size); 1452 } 1453 1454 // list of libraries to link - see step 2. 1455 size_t soinfos_count = 0; 1456 1457 auto failure_guard = make_scope_guard([&]() { 1458 // Housekeeping 1459 load_tasks.for_each([] (LoadTask* t) { 1460 LoadTask::deleter(t); 1461 }); 1462 1463 for (size_t i = 0; i<soinfos_count; ++i) { 1464 soinfo_unload(soinfos[i]); 1465 } 1466 }); 1467 1468 // Step 1: load and pre-link all DT_NEEDED libraries in breadth first order. 1469 for (LoadTask::unique_ptr task(load_tasks.pop_front()); 1470 task.get() != nullptr; task.reset(load_tasks.pop_front())) { 1471 soinfo* si = find_library_internal(load_tasks, task->get_name(), rtld_flags, extinfo); 1472 if (si == nullptr) { 1473 return false; 1474 } 1475 1476 soinfo* needed_by = task->get_needed_by(); 1477 1478 if (needed_by != nullptr) { 1479 needed_by->add_child(si); 1480 } 1481 1482 if (si->is_linked()) { 1483 si->increment_ref_count(); 1484 } 1485 1486 // When ld_preloads is not null, the first 1487 // ld_preloads_count libs are in fact ld_preloads. 1488 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 1489 // Add LD_PRELOADed libraries to the global group for future runs. 1490 // There is no need to explicitly add them to the global group 1491 // for this run because they are going to appear in the local 1492 // group in the correct order. 1493 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 1494 ld_preloads->push_back(si); 1495 } 1496 1497 if (soinfos_count < library_names_count) { 1498 soinfos[soinfos_count++] = si; 1499 } 1500 } 1501 1502 // Step 2: link libraries. 1503 soinfo::soinfo_list_t local_group; 1504 walk_dependencies_tree( 1505 start_with == nullptr ? soinfos : &start_with, 1506 start_with == nullptr ? soinfos_count : 1, 1507 [&] (soinfo* si) { 1508 local_group.push_back(si); 1509 return true; 1510 }); 1511 1512 // We need to increment ref_count in case 1513 // the root of the local group was not linked. 1514 bool was_local_group_root_linked = local_group.front()->is_linked(); 1515 1516 bool linked = local_group.visit([&](soinfo* si) { 1517 if (!si->is_linked()) { 1518 if (!si->link_image(global_group, local_group, extinfo)) { 1519 return false; 1520 } 1521 si->set_linked(); 1522 } 1523 1524 return true; 1525 }); 1526 1527 if (linked) { 1528 failure_guard.disable(); 1529 } 1530 1531 if (!was_local_group_root_linked) { 1532 local_group.front()->increment_ref_count(); 1533 } 1534 1535 return linked; 1536 } 1537 1538 static soinfo* find_library(const char* name, int rtld_flags, const android_dlextinfo* extinfo) { 1539 soinfo* si; 1540 1541 if (name == nullptr) { 1542 si = somain; 1543 } else if (!find_libraries(nullptr, &name, 1, &si, nullptr, 0, rtld_flags, extinfo)) { 1544 return nullptr; 1545 } 1546 1547 return si; 1548 } 1549 1550 static void soinfo_unload(soinfo* root) { 1551 // Note that the library can be loaded but not linked; 1552 // in which case there is no root but we still need 1553 // to walk the tree and unload soinfos involved. 1554 // 1555 // This happens on unsuccessful dlopen, when one of 1556 // the DT_NEEDED libraries could not be linked/found. 1557 if (root->is_linked()) { 1558 root = root->get_local_group_root(); 1559 } 1560 1561 if (!root->can_unload()) { 1562 TRACE("not unloading '%s' - the binary is flagged with NODELETE", root->get_realpath()); 1563 return; 1564 } 1565 1566 size_t ref_count = root->is_linked() ? root->decrement_ref_count() : 0; 1567 1568 if (ref_count == 0) { 1569 soinfo::soinfo_list_t local_unload_list; 1570 soinfo::soinfo_list_t external_unload_list; 1571 soinfo::soinfo_list_t depth_first_list; 1572 depth_first_list.push_back(root); 1573 soinfo* si = nullptr; 1574 1575 while ((si = depth_first_list.pop_front()) != nullptr) { 1576 if (local_unload_list.contains(si)) { 1577 continue; 1578 } 1579 1580 local_unload_list.push_back(si); 1581 1582 if (si->has_min_version(0)) { 1583 soinfo* child = nullptr; 1584 while ((child = si->get_children().pop_front()) != nullptr) { 1585 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si, 1586 child->get_realpath(), child); 1587 1588 if (local_unload_list.contains(child)) { 1589 continue; 1590 } else if (child->is_linked() && child->get_local_group_root() != root) { 1591 external_unload_list.push_back(child); 1592 } else { 1593 depth_first_list.push_front(child); 1594 } 1595 } 1596 } else { 1597 #if !defined(__work_around_b_19059885__) 1598 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 1599 #else 1600 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 1601 for_each_dt_needed(si, [&] (const char* library_name) { 1602 TRACE("deprecated (old format of soinfo): %s needs to unload %s", 1603 si->get_realpath(), library_name); 1604 1605 soinfo* needed = find_library(library_name, RTLD_NOLOAD, nullptr); 1606 if (needed != nullptr) { 1607 // Not found: for example if symlink was deleted between dlopen and dlclose 1608 // Since we cannot really handle errors at this point - print and continue. 1609 PRINT("warning: couldn't find %s needed by %s on unload.", 1610 library_name, si->get_realpath()); 1611 return; 1612 } else if (local_unload_list.contains(needed)) { 1613 // already visited 1614 return; 1615 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 1616 // external group 1617 external_unload_list.push_back(needed); 1618 } else { 1619 // local group 1620 depth_first_list.push_front(needed); 1621 } 1622 }); 1623 #endif 1624 } 1625 } 1626 1627 local_unload_list.for_each([](soinfo* si) { 1628 si->call_destructors(); 1629 }); 1630 1631 while ((si = local_unload_list.pop_front()) != nullptr) { 1632 notify_gdb_of_unload(si); 1633 soinfo_free(si); 1634 } 1635 1636 while ((si = external_unload_list.pop_front()) != nullptr) { 1637 soinfo_unload(si); 1638 } 1639 } else { 1640 TRACE("not unloading '%s' group, decrementing ref_count to %zd", 1641 root->get_realpath(), ref_count); 1642 } 1643 } 1644 1645 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 1646 // Use basic string manipulation calls to avoid snprintf. 1647 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 1648 // When debug malloc is enabled, this call returns 0. This in turn causes 1649 // snprintf to do nothing, which causes libraries to fail to load. 1650 // See b/17302493 for further details. 1651 // Once the above bug is fixed, this code can be modified to use 1652 // snprintf again. 1653 size_t required_len = strlen(kDefaultLdPaths[0]) + strlen(kDefaultLdPaths[1]) + 2; 1654 if (buffer_size < required_len) { 1655 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: " 1656 "buffer len %zu, required len %zu", buffer_size, required_len); 1657 } 1658 char* end = stpcpy(buffer, kDefaultLdPaths[0]); 1659 *end = ':'; 1660 strcpy(end + 1, kDefaultLdPaths[1]); 1661 } 1662 1663 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 1664 parse_LD_LIBRARY_PATH(ld_library_path); 1665 } 1666 1667 soinfo* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo) { 1668 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 1669 DL_ERR("invalid flags to dlopen: %x", flags); 1670 return nullptr; 1671 } 1672 if (extinfo != nullptr) { 1673 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 1674 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 1675 return nullptr; 1676 } 1677 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 1678 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1679 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without " 1680 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 1681 return nullptr; 1682 } 1683 } 1684 1685 ProtectedDataGuard guard; 1686 soinfo* si = find_library(name, flags, extinfo); 1687 if (si != nullptr) { 1688 si->call_constructors(); 1689 } 1690 return si; 1691 } 1692 1693 void do_dlclose(soinfo* si) { 1694 ProtectedDataGuard guard; 1695 soinfo_unload(si); 1696 } 1697 1698 static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 1699 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 1700 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 1701 ElfW(Addr) ifunc_addr = ifunc_resolver(); 1702 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", 1703 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 1704 1705 return ifunc_addr; 1706 } 1707 1708 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const { 1709 if (source_symver < 2 || 1710 source_symver >= version_infos.size() || 1711 version_infos[source_symver].name == nullptr) { 1712 return nullptr; 1713 } 1714 1715 return &version_infos[source_symver]; 1716 } 1717 1718 void VersionTracker::add_version_info(size_t source_index, 1719 ElfW(Word) elf_hash, 1720 const char* ver_name, 1721 const soinfo* target_si) { 1722 if (source_index >= version_infos.size()) { 1723 version_infos.resize(source_index+1); 1724 } 1725 1726 version_infos[source_index].elf_hash = elf_hash; 1727 version_infos[source_index].name = ver_name; 1728 version_infos[source_index].target_si = target_si; 1729 } 1730 1731 bool VersionTracker::init_verneed(const soinfo* si_from) { 1732 uintptr_t verneed_ptr = si_from->get_verneed_ptr(); 1733 1734 if (verneed_ptr == 0) { 1735 return true; 1736 } 1737 1738 size_t verneed_cnt = si_from->get_verneed_cnt(); 1739 1740 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) { 1741 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset); 1742 size_t vernaux_offset = offset + verneed->vn_aux; 1743 offset += verneed->vn_next; 1744 1745 if (verneed->vn_version != 1) { 1746 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version); 1747 return false; 1748 } 1749 1750 const char* target_soname = si_from->get_string(verneed->vn_file); 1751 // find it in dependencies 1752 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) { 1753 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0; 1754 }); 1755 1756 if (target_si == nullptr) { 1757 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"", 1758 target_soname, i, si_from->get_realpath()); 1759 return false; 1760 } 1761 1762 for (size_t j = 0; j<verneed->vn_cnt; ++j) { 1763 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset); 1764 vernaux_offset += vernaux->vna_next; 1765 1766 const ElfW(Word) elf_hash = vernaux->vna_hash; 1767 const char* ver_name = si_from->get_string(vernaux->vna_name); 1768 ElfW(Half) source_index = vernaux->vna_other; 1769 1770 add_version_info(source_index, elf_hash, ver_name, target_si); 1771 } 1772 } 1773 1774 return true; 1775 } 1776 1777 bool VersionTracker::init_verdef(const soinfo* si_from) { 1778 return for_each_verdef(si_from, 1779 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 1780 add_version_info(verdef->vd_ndx, verdef->vd_hash, 1781 si_from->get_string(verdaux->vda_name), si_from); 1782 return false; 1783 } 1784 ); 1785 } 1786 1787 bool VersionTracker::init(const soinfo* si_from) { 1788 if (!si_from->has_min_version(2)) { 1789 return true; 1790 } 1791 1792 return init_verneed(si_from) && init_verdef(si_from); 1793 } 1794 1795 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym, 1796 const char* sym_name, const version_info** vi) { 1797 const ElfW(Versym)* sym_ver_ptr = get_versym(sym); 1798 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr; 1799 1800 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) { 1801 *vi = version_tracker.get_version_info(sym_ver); 1802 1803 if (*vi == nullptr) { 1804 DL_ERR("cannot find verneed/verdef for version index=%d " 1805 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath()); 1806 return false; 1807 } 1808 } else { 1809 // there is no version info 1810 *vi = nullptr; 1811 } 1812 1813 return true; 1814 } 1815 1816 #if !defined(__mips__) 1817 #if defined(USE_RELA) 1818 static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 1819 return rela->r_addend; 1820 } 1821 #else 1822 static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 1823 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || 1824 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 1825 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 1826 } 1827 return 0; 1828 } 1829 #endif 1830 1831 template<typename ElfRelIteratorT> 1832 bool soinfo::relocate(const VersionTracker& version_tracker, ElfRelIteratorT&& rel_iterator, 1833 const soinfo_list_t& global_group, const soinfo_list_t& local_group) { 1834 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 1835 const auto rel = rel_iterator.next(); 1836 if (rel == nullptr) { 1837 return false; 1838 } 1839 1840 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 1841 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 1842 1843 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 1844 ElfW(Addr) sym_addr = 0; 1845 const char* sym_name = nullptr; 1846 ElfW(Addr) addend = get_addend(rel, reloc); 1847 1848 DEBUG("Processing '%s' relocation at index %zd", get_realpath(), idx); 1849 if (type == R_GENERIC_NONE) { 1850 continue; 1851 } 1852 1853 const ElfW(Sym)* s = nullptr; 1854 soinfo* lsi = nullptr; 1855 1856 if (sym != 0) { 1857 sym_name = get_string(symtab_[sym].st_name); 1858 const version_info* vi = nullptr; 1859 1860 if (!lookup_version_info(version_tracker, sym, sym_name, &vi)) { 1861 return false; 1862 } 1863 1864 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) { 1865 return false; 1866 } 1867 1868 if (s == nullptr) { 1869 // We only allow an undefined symbol if this is a weak reference... 1870 s = &symtab_[sym]; 1871 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 1872 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_realpath()); 1873 return false; 1874 } 1875 1876 /* IHI0044C AAELF 4.5.1.1: 1877 1878 Libraries are not searched to resolve weak references. 1879 It is not an error for a weak reference to remain unsatisfied. 1880 1881 During linking, the value of an undefined weak reference is: 1882 - Zero if the relocation type is absolute 1883 - The address of the place if the relocation is pc-relative 1884 - The address of nominal base address if the relocation 1885 type is base-relative. 1886 */ 1887 1888 switch (type) { 1889 case R_GENERIC_JUMP_SLOT: 1890 case R_GENERIC_GLOB_DAT: 1891 case R_GENERIC_RELATIVE: 1892 case R_GENERIC_IRELATIVE: 1893 #if defined(__aarch64__) 1894 case R_AARCH64_ABS64: 1895 case R_AARCH64_ABS32: 1896 case R_AARCH64_ABS16: 1897 #elif defined(__x86_64__) 1898 case R_X86_64_32: 1899 case R_X86_64_64: 1900 #elif defined(__arm__) 1901 case R_ARM_ABS32: 1902 #elif defined(__i386__) 1903 case R_386_32: 1904 #endif 1905 /* 1906 * The sym_addr was initialized to be zero above, or the relocation 1907 * code below does not care about value of sym_addr. 1908 * No need to do anything. 1909 */ 1910 break; 1911 #if defined(__x86_64__) 1912 case R_X86_64_PC32: 1913 sym_addr = reloc; 1914 break; 1915 #elif defined(__i386__) 1916 case R_386_PC32: 1917 sym_addr = reloc; 1918 break; 1919 #endif 1920 default: 1921 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 1922 return false; 1923 } 1924 } else { // We got a definition. 1925 #if !defined(__LP64__) 1926 // When relocating dso with text_relocation .text segment is 1927 // not executable. We need to restore elf flags before resolving 1928 // STT_GNU_IFUNC symbol. 1929 bool protect_segments = has_text_relocations && 1930 lsi == this && 1931 ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC; 1932 if (protect_segments) { 1933 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 1934 DL_ERR("can't protect segments for \"%s\": %s", 1935 get_realpath(), strerror(errno)); 1936 return false; 1937 } 1938 } 1939 #endif 1940 sym_addr = lsi->resolve_symbol_address(s); 1941 #if !defined(__LP64__) 1942 if (protect_segments) { 1943 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 1944 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 1945 get_realpath(), strerror(errno)); 1946 return false; 1947 } 1948 } 1949 #endif 1950 } 1951 count_relocation(kRelocSymbol); 1952 } 1953 1954 switch (type) { 1955 case R_GENERIC_JUMP_SLOT: 1956 count_relocation(kRelocAbsolute); 1957 MARK(rel->r_offset); 1958 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 1959 reinterpret_cast<void*>(reloc), 1960 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1961 1962 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1963 break; 1964 case R_GENERIC_GLOB_DAT: 1965 count_relocation(kRelocAbsolute); 1966 MARK(rel->r_offset); 1967 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 1968 reinterpret_cast<void*>(reloc), 1969 reinterpret_cast<void*>(sym_addr + addend), sym_name); 1970 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 1971 break; 1972 case R_GENERIC_RELATIVE: 1973 count_relocation(kRelocRelative); 1974 MARK(rel->r_offset); 1975 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 1976 reinterpret_cast<void*>(reloc), 1977 reinterpret_cast<void*>(load_bias + addend)); 1978 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 1979 break; 1980 case R_GENERIC_IRELATIVE: 1981 count_relocation(kRelocRelative); 1982 MARK(rel->r_offset); 1983 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 1984 reinterpret_cast<void*>(reloc), 1985 reinterpret_cast<void*>(load_bias + addend)); 1986 { 1987 #if !defined(__LP64__) 1988 // When relocating dso with text_relocation .text segment is 1989 // not executable. We need to restore elf flags for this 1990 // particular call. 1991 if (has_text_relocations) { 1992 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 1993 DL_ERR("can't protect segments for \"%s\": %s", 1994 get_realpath(), strerror(errno)); 1995 return false; 1996 } 1997 } 1998 #endif 1999 ElfW(Addr) ifunc_addr = call_ifunc_resolver(load_bias + addend); 2000 #if !defined(__LP64__) 2001 // Unprotect it afterwards... 2002 if (has_text_relocations) { 2003 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2004 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2005 get_realpath(), strerror(errno)); 2006 return false; 2007 } 2008 } 2009 #endif 2010 *reinterpret_cast<ElfW(Addr)*>(reloc) = ifunc_addr; 2011 } 2012 break; 2013 2014 #if defined(__aarch64__) 2015 case R_AARCH64_ABS64: 2016 count_relocation(kRelocAbsolute); 2017 MARK(rel->r_offset); 2018 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 2019 reloc, (sym_addr + addend), sym_name); 2020 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2021 break; 2022 case R_AARCH64_ABS32: 2023 count_relocation(kRelocAbsolute); 2024 MARK(rel->r_offset); 2025 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 2026 reloc, (sym_addr + addend), sym_name); 2027 { 2028 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2029 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2030 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2031 if ((min_value <= (reloc_value + (sym_addr + addend))) && 2032 ((reloc_value + (sym_addr + addend)) <= max_value)) { 2033 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2034 } else { 2035 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2036 (reloc_value + (sym_addr + addend)), min_value, max_value); 2037 return false; 2038 } 2039 } 2040 break; 2041 case R_AARCH64_ABS16: 2042 count_relocation(kRelocAbsolute); 2043 MARK(rel->r_offset); 2044 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 2045 reloc, (sym_addr + addend), sym_name); 2046 { 2047 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2048 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2049 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2050 if ((min_value <= (reloc_value + (sym_addr + addend))) && 2051 ((reloc_value + (sym_addr + addend)) <= max_value)) { 2052 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend); 2053 } else { 2054 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2055 reloc_value + (sym_addr + addend), min_value, max_value); 2056 return false; 2057 } 2058 } 2059 break; 2060 case R_AARCH64_PREL64: 2061 count_relocation(kRelocRelative); 2062 MARK(rel->r_offset); 2063 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 2064 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2065 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr + addend) - rel->r_offset; 2066 break; 2067 case R_AARCH64_PREL32: 2068 count_relocation(kRelocRelative); 2069 MARK(rel->r_offset); 2070 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 2071 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2072 { 2073 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2074 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2075 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2076 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 2077 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 2078 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 2079 } else { 2080 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2081 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 2082 return false; 2083 } 2084 } 2085 break; 2086 case R_AARCH64_PREL16: 2087 count_relocation(kRelocRelative); 2088 MARK(rel->r_offset); 2089 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 2090 reloc, (sym_addr + addend), rel->r_offset, sym_name); 2091 { 2092 const ElfW(Addr) reloc_value = *reinterpret_cast<ElfW(Addr)*>(reloc); 2093 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2094 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2095 if ((min_value <= (reloc_value + ((sym_addr + addend) - rel->r_offset))) && 2096 ((reloc_value + ((sym_addr + addend) - rel->r_offset)) <= max_value)) { 2097 *reinterpret_cast<ElfW(Addr)*>(reloc) += ((sym_addr + addend) - rel->r_offset); 2098 } else { 2099 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2100 reloc_value + ((sym_addr + addend) - rel->r_offset), min_value, max_value); 2101 return false; 2102 } 2103 } 2104 break; 2105 2106 case R_AARCH64_COPY: 2107 /* 2108 * ET_EXEC is not supported so this should not happen. 2109 * 2110 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf 2111 * 2112 * Section 4.6.11 "Dynamic relocations" 2113 * R_AARCH64_COPY may only appear in executable objects where e_type is 2114 * set to ET_EXEC. 2115 */ 2116 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_realpath()); 2117 return false; 2118 case R_AARCH64_TLS_TPREL64: 2119 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 2120 reloc, (sym_addr + addend), rel->r_offset); 2121 break; 2122 case R_AARCH64_TLS_DTPREL32: 2123 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 2124 reloc, (sym_addr + addend), rel->r_offset); 2125 break; 2126 #elif defined(__x86_64__) 2127 case R_X86_64_32: 2128 count_relocation(kRelocRelative); 2129 MARK(rel->r_offset); 2130 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2131 static_cast<size_t>(sym_addr), sym_name); 2132 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2133 break; 2134 case R_X86_64_64: 2135 count_relocation(kRelocRelative); 2136 MARK(rel->r_offset); 2137 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 2138 static_cast<size_t>(sym_addr), sym_name); 2139 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2140 break; 2141 case R_X86_64_PC32: 2142 count_relocation(kRelocRelative); 2143 MARK(rel->r_offset); 2144 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 2145 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 2146 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 2147 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - reloc; 2148 break; 2149 #elif defined(__arm__) 2150 case R_ARM_ABS32: 2151 count_relocation(kRelocAbsolute); 2152 MARK(rel->r_offset); 2153 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 2154 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2155 break; 2156 case R_ARM_REL32: 2157 count_relocation(kRelocRelative); 2158 MARK(rel->r_offset); 2159 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 2160 reloc, sym_addr, rel->r_offset, sym_name); 2161 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 2162 break; 2163 case R_ARM_COPY: 2164 /* 2165 * ET_EXEC is not supported so this should not happen. 2166 * 2167 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 2168 * 2169 * Section 4.6.1.10 "Dynamic relocations" 2170 * R_ARM_COPY may only appear in executable objects where e_type is 2171 * set to ET_EXEC. 2172 */ 2173 DL_ERR("%s R_ARM_COPY relocations are not supported", get_realpath()); 2174 return false; 2175 #elif defined(__i386__) 2176 case R_386_32: 2177 count_relocation(kRelocRelative); 2178 MARK(rel->r_offset); 2179 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 2180 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 2181 break; 2182 case R_386_PC32: 2183 count_relocation(kRelocRelative); 2184 MARK(rel->r_offset); 2185 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 2186 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 2187 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 2188 break; 2189 #endif 2190 default: 2191 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 2192 return false; 2193 } 2194 } 2195 return true; 2196 } 2197 #endif // !defined(__mips__) 2198 2199 void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, 2200 size_t count, bool reverse) { 2201 if (functions == nullptr) { 2202 return; 2203 } 2204 2205 TRACE("[ Calling %s (size %zd) @ %p for '%s' ]", array_name, count, functions, get_realpath()); 2206 2207 int begin = reverse ? (count - 1) : 0; 2208 int end = reverse ? -1 : count; 2209 int step = reverse ? -1 : 1; 2210 2211 for (int i = begin; i != end; i += step) { 2212 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 2213 call_function("function", functions[i]); 2214 } 2215 2216 TRACE("[ Done calling %s for '%s' ]", array_name, get_realpath()); 2217 } 2218 2219 void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 2220 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 2221 return; 2222 } 2223 2224 TRACE("[ Calling %s @ %p for '%s' ]", function_name, function, get_realpath()); 2225 function(); 2226 TRACE("[ Done calling %s @ %p for '%s' ]", function_name, function, get_realpath()); 2227 } 2228 2229 void soinfo::call_pre_init_constructors() { 2230 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 2231 // but ignored in a shared library. 2232 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 2233 } 2234 2235 void soinfo::call_constructors() { 2236 if (constructors_called) { 2237 return; 2238 } 2239 2240 // We set constructors_called before actually calling the constructors, otherwise it doesn't 2241 // protect against recursive constructor calls. One simple example of constructor recursion 2242 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 2243 // 1. The program depends on libc, so libc's constructor is called here. 2244 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 2245 // 3. dlopen() calls the constructors on the newly created 2246 // soinfo for libc_malloc_debug_leak.so. 2247 // 4. The debug .so depends on libc, so CallConstructors is 2248 // called again with the libc soinfo. If it doesn't trigger the early- 2249 // out above, the libc constructor will be called again (recursively!). 2250 constructors_called = true; 2251 2252 if (!is_main_executable() && preinit_array_ != nullptr) { 2253 // The GNU dynamic linker silently ignores these, but we warn the developer. 2254 PRINT("\"%s\": ignoring %zd-entry DT_PREINIT_ARRAY in shared library!", 2255 get_realpath(), preinit_array_count_); 2256 } 2257 2258 get_children().for_each([] (soinfo* si) { 2259 si->call_constructors(); 2260 }); 2261 2262 TRACE("\"%s\": calling constructors", get_realpath()); 2263 2264 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 2265 call_function("DT_INIT", init_func_); 2266 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 2267 } 2268 2269 void soinfo::call_destructors() { 2270 if (!constructors_called) { 2271 return; 2272 } 2273 TRACE("\"%s\": calling destructors", get_realpath()); 2274 2275 // DT_FINI_ARRAY must be parsed in reverse order. 2276 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 2277 2278 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 2279 call_function("DT_FINI", fini_func_); 2280 2281 // This is needed on second call to dlopen 2282 // after library has been unloaded with RTLD_NODELETE 2283 constructors_called = false; 2284 } 2285 2286 void soinfo::add_child(soinfo* child) { 2287 if (has_min_version(0)) { 2288 child->parents_.push_back(this); 2289 this->children_.push_back(child); 2290 } 2291 } 2292 2293 void soinfo::remove_all_links() { 2294 if (!has_min_version(0)) { 2295 return; 2296 } 2297 2298 // 1. Untie connected soinfos from 'this'. 2299 children_.for_each([&] (soinfo* child) { 2300 child->parents_.remove_if([&] (const soinfo* parent) { 2301 return parent == this; 2302 }); 2303 }); 2304 2305 parents_.for_each([&] (soinfo* parent) { 2306 parent->children_.remove_if([&] (const soinfo* child) { 2307 return child == this; 2308 }); 2309 }); 2310 2311 // 2. Once everything untied - clear local lists. 2312 parents_.clear(); 2313 children_.clear(); 2314 } 2315 2316 dev_t soinfo::get_st_dev() const { 2317 if (has_min_version(0)) { 2318 return st_dev_; 2319 } 2320 2321 return 0; 2322 }; 2323 2324 ino_t soinfo::get_st_ino() const { 2325 if (has_min_version(0)) { 2326 return st_ino_; 2327 } 2328 2329 return 0; 2330 } 2331 2332 off64_t soinfo::get_file_offset() const { 2333 if (has_min_version(1)) { 2334 return file_offset_; 2335 } 2336 2337 return 0; 2338 } 2339 2340 uint32_t soinfo::get_rtld_flags() const { 2341 if (has_min_version(1)) { 2342 return rtld_flags_; 2343 } 2344 2345 return 0; 2346 } 2347 2348 uint32_t soinfo::get_dt_flags_1() const { 2349 if (has_min_version(1)) { 2350 return dt_flags_1_; 2351 } 2352 2353 return 0; 2354 } 2355 2356 void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 2357 if (has_min_version(1)) { 2358 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 2359 rtld_flags_ |= RTLD_GLOBAL; 2360 } 2361 2362 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 2363 rtld_flags_ |= RTLD_NODELETE; 2364 } 2365 2366 dt_flags_1_ = dt_flags_1; 2367 } 2368 } 2369 2370 const char* soinfo::get_realpath() const { 2371 #if defined(__work_around_b_19059885__) 2372 if (has_min_version(2)) { 2373 return realpath_.c_str(); 2374 } else { 2375 return old_name_; 2376 } 2377 #else 2378 return realpath_.c_str(); 2379 #endif 2380 } 2381 2382 const char* soinfo::get_soname() const { 2383 #if defined(__work_around_b_19059885__) 2384 if (has_min_version(2)) { 2385 return soname_; 2386 } else { 2387 return old_name_; 2388 } 2389 #else 2390 return soname_; 2391 #endif 2392 } 2393 2394 // This is a return on get_children()/get_parents() if 2395 // 'this->flags' does not have FLAG_NEW_SOINFO set. 2396 static soinfo::soinfo_list_t g_empty_list; 2397 2398 soinfo::soinfo_list_t& soinfo::get_children() { 2399 if (has_min_version(0)) { 2400 return children_; 2401 } 2402 2403 return g_empty_list; 2404 } 2405 2406 const soinfo::soinfo_list_t& soinfo::get_children() const { 2407 if (has_min_version(0)) { 2408 return children_; 2409 } 2410 2411 return g_empty_list; 2412 } 2413 2414 soinfo::soinfo_list_t& soinfo::get_parents() { 2415 if (has_min_version(0)) { 2416 return parents_; 2417 } 2418 2419 return g_empty_list; 2420 } 2421 2422 ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const { 2423 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 2424 return call_ifunc_resolver(s->st_value + load_bias); 2425 } 2426 2427 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 2428 } 2429 2430 const char* soinfo::get_string(ElfW(Word) index) const { 2431 if (has_min_version(1) && (index >= strtab_size_)) { 2432 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", 2433 get_realpath(), strtab_size_, index); 2434 } 2435 2436 return strtab_ + index; 2437 } 2438 2439 bool soinfo::is_gnu_hash() const { 2440 return (flags_ & FLAG_GNU_HASH) != 0; 2441 } 2442 2443 bool soinfo::can_unload() const { 2444 return (get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0; 2445 } 2446 2447 bool soinfo::is_linked() const { 2448 return (flags_ & FLAG_LINKED) != 0; 2449 } 2450 2451 bool soinfo::is_main_executable() const { 2452 return (flags_ & FLAG_EXE) != 0; 2453 } 2454 2455 void soinfo::set_linked() { 2456 flags_ |= FLAG_LINKED; 2457 } 2458 2459 void soinfo::set_linker_flag() { 2460 flags_ |= FLAG_LINKER; 2461 } 2462 2463 void soinfo::set_main_executable() { 2464 flags_ |= FLAG_EXE; 2465 } 2466 2467 void soinfo::increment_ref_count() { 2468 local_group_root_->ref_count_++; 2469 } 2470 2471 size_t soinfo::decrement_ref_count() { 2472 return --local_group_root_->ref_count_; 2473 } 2474 2475 soinfo* soinfo::get_local_group_root() const { 2476 return local_group_root_; 2477 } 2478 2479 // This function returns api-level at the time of 2480 // dlopen/load. Note that libraries opened by system 2481 // will always have 'current' api level. 2482 uint32_t soinfo::get_target_sdk_version() const { 2483 if (!has_min_version(2)) { 2484 return __ANDROID_API__; 2485 } 2486 2487 return local_group_root_->target_sdk_version_; 2488 } 2489 2490 bool soinfo::prelink_image() { 2491 /* Extract dynamic section */ 2492 ElfW(Word) dynamic_flags = 0; 2493 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 2494 2495 /* We can't log anything until the linker is relocated */ 2496 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 2497 if (!relocating_linker) { 2498 INFO("[ linking %s ]", get_realpath()); 2499 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 2500 } 2501 2502 if (dynamic == nullptr) { 2503 if (!relocating_linker) { 2504 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath()); 2505 } 2506 return false; 2507 } else { 2508 if (!relocating_linker) { 2509 DEBUG("dynamic = %p", dynamic); 2510 } 2511 } 2512 2513 #if defined(__arm__) 2514 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 2515 &ARM_exidx, &ARM_exidx_count); 2516 #endif 2517 2518 // Extract useful information from dynamic section. 2519 // Note that: "Except for the DT_NULL element at the end of the array, 2520 // and the relative order of DT_NEEDED elements, entries may appear in any order." 2521 // 2522 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html 2523 uint32_t needed_count = 0; 2524 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2525 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 2526 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2527 switch (d->d_tag) { 2528 case DT_SONAME: 2529 // this is parsed after we have strtab initialized (see below). 2530 break; 2531 2532 case DT_HASH: 2533 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2534 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2535 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 2536 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 2537 break; 2538 2539 case DT_GNU_HASH: 2540 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 2541 // skip symndx 2542 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 2543 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 2544 2545 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 2546 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 2547 // amend chain for symndx = header[1] 2548 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - 2549 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 2550 2551 if (!powerof2(gnu_maskwords_)) { 2552 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", 2553 gnu_maskwords_, get_realpath()); 2554 return false; 2555 } 2556 --gnu_maskwords_; 2557 2558 flags_ |= FLAG_GNU_HASH; 2559 break; 2560 2561 case DT_STRTAB: 2562 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 2563 break; 2564 2565 case DT_STRSZ: 2566 strtab_size_ = d->d_un.d_val; 2567 break; 2568 2569 case DT_SYMTAB: 2570 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 2571 break; 2572 2573 case DT_SYMENT: 2574 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 2575 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", 2576 static_cast<size_t>(d->d_un.d_val), get_realpath()); 2577 return false; 2578 } 2579 break; 2580 2581 case DT_PLTREL: 2582 #if defined(USE_RELA) 2583 if (d->d_un.d_val != DT_RELA) { 2584 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath()); 2585 return false; 2586 } 2587 #else 2588 if (d->d_un.d_val != DT_REL) { 2589 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath()); 2590 return false; 2591 } 2592 #endif 2593 break; 2594 2595 case DT_JMPREL: 2596 #if defined(USE_RELA) 2597 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2598 #else 2599 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2600 #endif 2601 break; 2602 2603 case DT_PLTRELSZ: 2604 #if defined(USE_RELA) 2605 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2606 #else 2607 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2608 #endif 2609 break; 2610 2611 case DT_PLTGOT: 2612 #if defined(__mips__) 2613 // Used by mips and mips64. 2614 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 2615 #endif 2616 // Ignore for other platforms... (because RTLD_LAZY is not supported) 2617 break; 2618 2619 case DT_DEBUG: 2620 // Set the DT_DEBUG entry to the address of _r_debug for GDB 2621 // if the dynamic table is writable 2622 // FIXME: not working currently for N64 2623 // The flags for the LOAD and DYNAMIC program headers do not agree. 2624 // The LOAD section containing the dynamic table has been mapped as 2625 // read-only, but the DYNAMIC header claims it is writable. 2626 #if !(defined(__mips__) && defined(__LP64__)) 2627 if ((dynamic_flags & PF_W) != 0) { 2628 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 2629 } 2630 #endif 2631 break; 2632 #if defined(USE_RELA) 2633 case DT_RELA: 2634 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 2635 break; 2636 2637 case DT_RELASZ: 2638 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 2639 break; 2640 2641 case DT_ANDROID_RELA: 2642 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2643 break; 2644 2645 case DT_ANDROID_RELASZ: 2646 android_relocs_size_ = d->d_un.d_val; 2647 break; 2648 2649 case DT_ANDROID_REL: 2650 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath()); 2651 return false; 2652 2653 case DT_ANDROID_RELSZ: 2654 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath()); 2655 return false; 2656 2657 case DT_RELAENT: 2658 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 2659 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2660 return false; 2661 } 2662 break; 2663 2664 // ignored (see DT_RELCOUNT comments for details) 2665 case DT_RELACOUNT: 2666 break; 2667 2668 case DT_REL: 2669 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath()); 2670 return false; 2671 2672 case DT_RELSZ: 2673 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath()); 2674 return false; 2675 2676 #else 2677 case DT_REL: 2678 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 2679 break; 2680 2681 case DT_RELSZ: 2682 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 2683 break; 2684 2685 case DT_RELENT: 2686 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 2687 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 2688 return false; 2689 } 2690 break; 2691 2692 case DT_ANDROID_REL: 2693 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 2694 break; 2695 2696 case DT_ANDROID_RELSZ: 2697 android_relocs_size_ = d->d_un.d_val; 2698 break; 2699 2700 case DT_ANDROID_RELA: 2701 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath()); 2702 return false; 2703 2704 case DT_ANDROID_RELASZ: 2705 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath()); 2706 return false; 2707 2708 // "Indicates that all RELATIVE relocations have been concatenated together, 2709 // and specifies the RELATIVE relocation count." 2710 // 2711 // TODO: Spec also mentions that this can be used to optimize relocation process; 2712 // Not currently used by bionic linker - ignored. 2713 case DT_RELCOUNT: 2714 break; 2715 2716 case DT_RELA: 2717 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath()); 2718 return false; 2719 2720 case DT_RELASZ: 2721 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath()); 2722 return false; 2723 2724 #endif 2725 case DT_INIT: 2726 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2727 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); 2728 break; 2729 2730 case DT_FINI: 2731 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 2732 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); 2733 break; 2734 2735 case DT_INIT_ARRAY: 2736 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2737 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); 2738 break; 2739 2740 case DT_INIT_ARRAYSZ: 2741 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2742 break; 2743 2744 case DT_FINI_ARRAY: 2745 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2746 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); 2747 break; 2748 2749 case DT_FINI_ARRAYSZ: 2750 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2751 break; 2752 2753 case DT_PREINIT_ARRAY: 2754 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 2755 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_); 2756 break; 2757 2758 case DT_PREINIT_ARRAYSZ: 2759 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 2760 break; 2761 2762 case DT_TEXTREL: 2763 #if defined(__LP64__) 2764 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2765 return false; 2766 #else 2767 has_text_relocations = true; 2768 break; 2769 #endif 2770 2771 case DT_SYMBOLIC: 2772 has_DT_SYMBOLIC = true; 2773 break; 2774 2775 case DT_NEEDED: 2776 ++needed_count; 2777 break; 2778 2779 case DT_FLAGS: 2780 if (d->d_un.d_val & DF_TEXTREL) { 2781 #if defined(__LP64__) 2782 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 2783 return false; 2784 #else 2785 has_text_relocations = true; 2786 #endif 2787 } 2788 if (d->d_un.d_val & DF_SYMBOLIC) { 2789 has_DT_SYMBOLIC = true; 2790 } 2791 break; 2792 2793 case DT_FLAGS_1: 2794 set_dt_flags_1(d->d_un.d_val); 2795 2796 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 2797 DL_WARN("%s: unsupported flags DT_FLAGS_1=%p", get_realpath(), reinterpret_cast<void*>(d->d_un.d_val)); 2798 } 2799 break; 2800 #if defined(__mips__) 2801 case DT_MIPS_RLD_MAP: 2802 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 2803 { 2804 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 2805 *dp = &_r_debug; 2806 } 2807 break; 2808 case DT_MIPS_RLD_MAP2: 2809 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 2810 { 2811 r_debug** dp = reinterpret_cast<r_debug**>( 2812 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 2813 *dp = &_r_debug; 2814 } 2815 break; 2816 2817 case DT_MIPS_RLD_VERSION: 2818 case DT_MIPS_FLAGS: 2819 case DT_MIPS_BASE_ADDRESS: 2820 case DT_MIPS_UNREFEXTNO: 2821 break; 2822 2823 case DT_MIPS_SYMTABNO: 2824 mips_symtabno_ = d->d_un.d_val; 2825 break; 2826 2827 case DT_MIPS_LOCAL_GOTNO: 2828 mips_local_gotno_ = d->d_un.d_val; 2829 break; 2830 2831 case DT_MIPS_GOTSYM: 2832 mips_gotsym_ = d->d_un.d_val; 2833 break; 2834 #endif 2835 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 2836 case DT_BIND_NOW: 2837 break; 2838 2839 case DT_VERSYM: 2840 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr); 2841 break; 2842 2843 case DT_VERDEF: 2844 verdef_ptr_ = load_bias + d->d_un.d_ptr; 2845 break; 2846 case DT_VERDEFNUM: 2847 verdef_cnt_ = d->d_un.d_val; 2848 break; 2849 2850 case DT_VERNEED: 2851 verneed_ptr_ = load_bias + d->d_un.d_ptr; 2852 break; 2853 2854 case DT_VERNEEDNUM: 2855 verneed_cnt_ = d->d_un.d_val; 2856 break; 2857 2858 default: 2859 if (!relocating_linker) { 2860 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(), 2861 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 2862 } 2863 break; 2864 } 2865 } 2866 2867 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 2868 reinterpret_cast<void*>(base), strtab_, symtab_); 2869 2870 // Sanity checks. 2871 if (relocating_linker && needed_count != 0) { 2872 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 2873 return false; 2874 } 2875 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 2876 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" " 2877 "(new hash type from the future?)", get_realpath()); 2878 return false; 2879 } 2880 if (strtab_ == 0) { 2881 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath()); 2882 return false; 2883 } 2884 if (symtab_ == 0) { 2885 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath()); 2886 return false; 2887 } 2888 2889 // second pass - parse entries relying on strtab 2890 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 2891 if (d->d_tag == DT_SONAME) { 2892 soname_ = get_string(d->d_un.d_val); 2893 #if defined(__work_around_b_19059885__) 2894 strlcpy(old_name_, soname_, sizeof(old_name_)); 2895 #endif 2896 break; 2897 } 2898 } 2899 2900 // Before M release linker was using basename in place of soname. 2901 // In the case when dt_soname is absent some apps stop working 2902 // because they can't find dt_needed library by soname. 2903 // This workaround should keep them working. (applies only 2904 // for apps targeting sdk version <=22). Make an exception for 2905 // the main executable and linker; they do not need to have dt_soname 2906 if (soname_ == nullptr && this != somain && (flags_ & FLAG_LINKER) == 0 && 2907 get_application_target_sdk_version() <= 22) { 2908 soname_ = basename(realpath_.c_str()); 2909 DL_WARN("%s: is missing DT_SONAME will use basename as a replacement: \"%s\"", 2910 get_realpath(), soname_); 2911 } 2912 return true; 2913 } 2914 2915 bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 2916 const android_dlextinfo* extinfo) { 2917 2918 local_group_root_ = local_group.front(); 2919 if (local_group_root_ == nullptr) { 2920 local_group_root_ = this; 2921 } 2922 2923 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) { 2924 target_sdk_version_ = get_application_target_sdk_version(); 2925 } 2926 2927 VersionTracker version_tracker; 2928 2929 if (!version_tracker.init(this)) { 2930 return false; 2931 } 2932 2933 #if !defined(__LP64__) 2934 if (has_text_relocations) { 2935 // Fail if app is targeting sdk version > 22 2936 // TODO (dimitry): remove != __ANDROID_API__ check once http://b/20020312 is fixed 2937 if (get_application_target_sdk_version() != __ANDROID_API__ 2938 && get_application_target_sdk_version() > 22) { 2939 DL_ERR("%s: has text relocations", get_realpath()); 2940 return false; 2941 } 2942 // Make segments writable to allow text relocations to work properly. We will later call 2943 // phdr_table_protect_segments() after all of them are applied and all constructors are run. 2944 DL_WARN("%s has text relocations. This is wasting memory and prevents " 2945 "security hardening. Please fix.", get_realpath()); 2946 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2947 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2948 get_realpath(), strerror(errno)); 2949 return false; 2950 } 2951 } 2952 #endif 2953 2954 if (android_relocs_ != nullptr) { 2955 // check signature 2956 if (android_relocs_size_ > 3 && 2957 android_relocs_[0] == 'A' && 2958 android_relocs_[1] == 'P' && 2959 android_relocs_[2] == 'S' && 2960 android_relocs_[3] == '2') { 2961 DEBUG("[ android relocating %s ]", get_realpath()); 2962 2963 bool relocated = false; 2964 const uint8_t* packed_relocs = android_relocs_ + 4; 2965 const size_t packed_relocs_size = android_relocs_size_ - 4; 2966 2967 relocated = relocate( 2968 version_tracker, 2969 packed_reloc_iterator<sleb128_decoder>( 2970 sleb128_decoder(packed_relocs, packed_relocs_size)), 2971 global_group, local_group); 2972 2973 if (!relocated) { 2974 return false; 2975 } 2976 } else { 2977 DL_ERR("bad android relocation header."); 2978 return false; 2979 } 2980 } 2981 2982 #if defined(USE_RELA) 2983 if (rela_ != nullptr) { 2984 DEBUG("[ relocating %s ]", get_realpath()); 2985 if (!relocate(version_tracker, 2986 plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 2987 return false; 2988 } 2989 } 2990 if (plt_rela_ != nullptr) { 2991 DEBUG("[ relocating %s plt ]", get_realpath()); 2992 if (!relocate(version_tracker, 2993 plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 2994 return false; 2995 } 2996 } 2997 #else 2998 if (rel_ != nullptr) { 2999 DEBUG("[ relocating %s ]", get_realpath()); 3000 if (!relocate(version_tracker, 3001 plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 3002 return false; 3003 } 3004 } 3005 if (plt_rel_ != nullptr) { 3006 DEBUG("[ relocating %s plt ]", get_realpath()); 3007 if (!relocate(version_tracker, 3008 plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 3009 return false; 3010 } 3011 } 3012 #endif 3013 3014 #if defined(__mips__) 3015 if (!mips_relocate_got(version_tracker, global_group, local_group)) { 3016 return false; 3017 } 3018 #endif 3019 3020 DEBUG("[ finished linking %s ]", get_realpath()); 3021 3022 #if !defined(__LP64__) 3023 if (has_text_relocations) { 3024 // All relocations are done, we can protect our segments back to read-only. 3025 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 3026 DL_ERR("can't protect segments for \"%s\": %s", 3027 get_realpath(), strerror(errno)); 3028 return false; 3029 } 3030 } 3031 #endif 3032 3033 /* We can also turn on GNU RELRO protection */ 3034 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 3035 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 3036 get_realpath(), strerror(errno)); 3037 return false; 3038 } 3039 3040 /* Handle serializing/sharing the RELRO segment */ 3041 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 3042 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 3043 extinfo->relro_fd) < 0) { 3044 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 3045 get_realpath(), strerror(errno)); 3046 return false; 3047 } 3048 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 3049 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 3050 extinfo->relro_fd) < 0) { 3051 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 3052 get_realpath(), strerror(errno)); 3053 return false; 3054 } 3055 } 3056 3057 notify_gdb_of_load(this); 3058 return true; 3059 } 3060 3061 /* 3062 * This function add vdso to internal dso list. 3063 * It helps to stack unwinding through signal handlers. 3064 * Also, it makes bionic more like glibc. 3065 */ 3066 static void add_vdso(KernelArgumentBlock& args __unused) { 3067 #if defined(AT_SYSINFO_EHDR) 3068 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 3069 if (ehdr_vdso == nullptr) { 3070 return; 3071 } 3072 3073 soinfo* si = soinfo_alloc("[vdso]", nullptr, 0, 0); 3074 3075 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 3076 si->phnum = ehdr_vdso->e_phnum; 3077 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 3078 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 3079 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 3080 3081 si->prelink_image(); 3082 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 3083 #endif 3084 } 3085 3086 /* 3087 * This is linker soinfo for GDB. See details below. 3088 */ 3089 #if defined(__LP64__) 3090 #define LINKER_PATH "/system/bin/linker64" 3091 #else 3092 #define LINKER_PATH "/system/bin/linker" 3093 #endif 3094 3095 // This is done to avoid calling c-tor prematurely 3096 // because soinfo c-tor needs memory allocator 3097 // which might be initialized after global variables. 3098 static uint8_t linker_soinfo_for_gdb_buf[sizeof(soinfo)] __attribute__((aligned(8))); 3099 static soinfo* linker_soinfo_for_gdb = nullptr; 3100 3101 /* gdb expects the linker to be in the debug shared object list. 3102 * Without this, gdb has trouble locating the linker's ".text" 3103 * and ".plt" sections. Gdb could also potentially use this to 3104 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 3105 * Don't use soinfo_alloc(), because the linker shouldn't 3106 * be on the soinfo list. 3107 */ 3108 static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 3109 linker_soinfo_for_gdb = new (linker_soinfo_for_gdb_buf) soinfo(LINKER_PATH, nullptr, 0, 0); 3110 3111 linker_soinfo_for_gdb->load_bias = linker_base; 3112 3113 /* 3114 * Set the dynamic field in the link map otherwise gdb will complain with 3115 * the following: 3116 * warning: .dynamic section for "/system/bin/linker" is not at the 3117 * expected address (wrong library or version mismatch?) 3118 */ 3119 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 3120 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 3121 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 3122 &linker_soinfo_for_gdb->dynamic, nullptr); 3123 insert_soinfo_into_debug_map(linker_soinfo_for_gdb); 3124 } 3125 3126 extern "C" int __system_properties_init(void); 3127 3128 /* 3129 * This code is called after the linker has linked itself and 3130 * fixed it's own GOT. It is safe to make references to externs 3131 * and other non-local data at this point. 3132 */ 3133 static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 3134 #if TIMING 3135 struct timeval t0, t1; 3136 gettimeofday(&t0, 0); 3137 #endif 3138 3139 // Sanitize the environment. 3140 __libc_init_AT_SECURE(args); 3141 3142 // Initialize system properties 3143 __system_properties_init(); // may use 'environ' 3144 3145 debuggerd_init(); 3146 3147 // Get a few environment variables. 3148 const char* LD_DEBUG = getenv("LD_DEBUG"); 3149 if (LD_DEBUG != nullptr) { 3150 g_ld_debug_verbosity = atoi(LD_DEBUG); 3151 } 3152 3153 // These should have been sanitized by __libc_init_AT_SECURE, but the test 3154 // doesn't cost us anything. 3155 const char* ldpath_env = nullptr; 3156 const char* ldpreload_env = nullptr; 3157 if (!getauxval(AT_SECURE)) { 3158 ldpath_env = getenv("LD_LIBRARY_PATH"); 3159 ldpreload_env = getenv("LD_PRELOAD"); 3160 } 3161 3162 INFO("[ android linker & debugger ]"); 3163 3164 soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); 3165 if (si == nullptr) { 3166 exit(EXIT_FAILURE); 3167 } 3168 3169 /* bootstrap the link map, the main exe always needs to be first */ 3170 si->set_main_executable(); 3171 link_map* map = &(si->link_map_head); 3172 3173 map->l_addr = 0; 3174 map->l_name = args.argv[0]; 3175 map->l_prev = nullptr; 3176 map->l_next = nullptr; 3177 3178 _r_debug.r_map = map; 3179 r_debug_tail = map; 3180 3181 init_linker_info_for_gdb(linker_base); 3182 3183 // Extract information passed from the kernel. 3184 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 3185 si->phnum = args.getauxval(AT_PHNUM); 3186 si->entry = args.getauxval(AT_ENTRY); 3187 3188 /* Compute the value of si->base. We can't rely on the fact that 3189 * the first entry is the PHDR because this will not be true 3190 * for certain executables (e.g. some in the NDK unit test suite) 3191 */ 3192 si->base = 0; 3193 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 3194 si->load_bias = 0; 3195 for (size_t i = 0; i < si->phnum; ++i) { 3196 if (si->phdr[i].p_type == PT_PHDR) { 3197 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 3198 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 3199 break; 3200 } 3201 } 3202 si->dynamic = nullptr; 3203 3204 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 3205 if (elf_hdr->e_type != ET_DYN) { 3206 __libc_format_fd(2, "error: only position independent executables (PIE) are supported.\n"); 3207 exit(EXIT_FAILURE); 3208 } 3209 3210 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 3211 parse_LD_LIBRARY_PATH(ldpath_env); 3212 parse_LD_PRELOAD(ldpreload_env); 3213 3214 somain = si; 3215 3216 if (!si->prelink_image()) { 3217 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3218 exit(EXIT_FAILURE); 3219 } 3220 3221 // add somain to global group 3222 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 3223 3224 // Load ld_preloads and dependencies. 3225 StringLinkedList needed_library_name_list; 3226 size_t needed_libraries_count = 0; 3227 size_t ld_preloads_count = 0; 3228 3229 for (const auto& ld_preload_name : g_ld_preload_names) { 3230 needed_library_name_list.push_back(ld_preload_name.c_str()); 3231 ++needed_libraries_count; 3232 ++ld_preloads_count; 3233 } 3234 3235 for_each_dt_needed(si, [&](const char* name) { 3236 needed_library_name_list.push_back(name); 3237 ++needed_libraries_count; 3238 }); 3239 3240 const char* needed_library_names[needed_libraries_count]; 3241 3242 memset(needed_library_names, 0, sizeof(needed_library_names)); 3243 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 3244 3245 if (needed_libraries_count > 0 && 3246 !find_libraries(si, needed_library_names, needed_libraries_count, nullptr, 3247 &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr)) { 3248 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3249 exit(EXIT_FAILURE); 3250 } else if (needed_libraries_count == 0) { 3251 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 3252 __libc_format_fd(2, "CANNOT LINK EXECUTABLE: %s\n", linker_get_error_buffer()); 3253 exit(EXIT_FAILURE); 3254 } 3255 si->increment_ref_count(); 3256 } 3257 3258 add_vdso(args); 3259 3260 { 3261 ProtectedDataGuard guard; 3262 3263 si->call_pre_init_constructors(); 3264 3265 /* After the prelink_image, the si->load_bias is initialized. 3266 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 3267 * We need to update this value for so exe here. So Unwind_Backtrace 3268 * for some arch like x86 could work correctly within so exe. 3269 */ 3270 map->l_addr = si->load_bias; 3271 si->call_constructors(); 3272 } 3273 3274 #if TIMING 3275 gettimeofday(&t1, nullptr); 3276 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 3277 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 3278 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 3279 #endif 3280 #if STATS 3281 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 3282 linker_stats.count[kRelocAbsolute], 3283 linker_stats.count[kRelocRelative], 3284 linker_stats.count[kRelocCopy], 3285 linker_stats.count[kRelocSymbol]); 3286 #endif 3287 #if COUNT_PAGES 3288 { 3289 unsigned n; 3290 unsigned i; 3291 unsigned count = 0; 3292 for (n = 0; n < 4096; n++) { 3293 if (bitmask[n]) { 3294 unsigned x = bitmask[n]; 3295 #if defined(__LP64__) 3296 for (i = 0; i < 32; i++) { 3297 #else 3298 for (i = 0; i < 8; i++) { 3299 #endif 3300 if (x & 1) { 3301 count++; 3302 } 3303 x >>= 1; 3304 } 3305 } 3306 } 3307 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 3308 } 3309 #endif 3310 3311 #if TIMING || STATS || COUNT_PAGES 3312 fflush(stdout); 3313 #endif 3314 3315 TRACE("[ Ready to execute '%s' @ %p ]", si->get_realpath(), reinterpret_cast<void*>(si->entry)); 3316 return si->entry; 3317 } 3318 3319 /* Compute the load-bias of an existing executable. This shall only 3320 * be used to compute the load bias of an executable or shared library 3321 * that was loaded by the kernel itself. 3322 * 3323 * Input: 3324 * elf -> address of ELF header, assumed to be at the start of the file. 3325 * Return: 3326 * load bias, i.e. add the value of any p_vaddr in the file to get 3327 * the corresponding address in memory. 3328 */ 3329 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 3330 ElfW(Addr) offset = elf->e_phoff; 3331 const ElfW(Phdr)* phdr_table = 3332 reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 3333 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 3334 3335 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 3336 if (phdr->p_type == PT_LOAD) { 3337 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 3338 } 3339 } 3340 return 0; 3341 } 3342 3343 extern "C" void _start(); 3344 3345 /* 3346 * This is the entry point for the linker, called from begin.S. This 3347 * method is responsible for fixing the linker's own relocations, and 3348 * then calling __linker_init_post_relocation(). 3349 * 3350 * Because this method is called before the linker has fixed it's own 3351 * relocations, any attempt to reference an extern variable, extern 3352 * function, or other GOT reference will generate a segfault. 3353 */ 3354 extern "C" ElfW(Addr) __linker_init(void* raw_args) { 3355 KernelArgumentBlock args(raw_args); 3356 3357 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 3358 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 3359 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 3360 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 3361 3362 soinfo linker_so(nullptr, nullptr, 0, 0); 3363 3364 // If the linker is not acting as PT_INTERP entry_point is equal to 3365 // _start. Which means that the linker is running as an executable and 3366 // already linked by PT_INTERP. 3367 // 3368 // This happens when user tries to run 'adb shell /system/bin/linker' 3369 // see also https://code.google.com/p/android/issues/detail?id=63174 3370 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 3371 __libc_fatal("This is %s, the helper program for shared library executables.\n", args.argv[0]); 3372 } 3373 3374 linker_so.base = linker_addr; 3375 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 3376 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 3377 linker_so.dynamic = nullptr; 3378 linker_so.phdr = phdr; 3379 linker_so.phnum = elf_hdr->e_phnum; 3380 linker_so.set_linker_flag(); 3381 3382 // This might not be obvious... The reasons why we pass g_empty_list 3383 // in place of local_group here are (1) we do not really need it, because 3384 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 3385 // itself without having to look into local_group and (2) allocators 3386 // are not yet initialized, and therefore we cannot use linked_list.push_* 3387 // functions at this point. 3388 if (!(linker_so.prelink_image() && linker_so.link_image(g_empty_list, g_empty_list, nullptr))) { 3389 // It would be nice to print an error message, but if the linker 3390 // can't link itself, there's no guarantee that we'll be able to 3391 // call write() (because it involves a GOT reference). We may as 3392 // well try though... 3393 const char* msg = "CANNOT LINK EXECUTABLE: "; 3394 write(2, msg, strlen(msg)); 3395 write(2, __linker_dl_err_buf, strlen(__linker_dl_err_buf)); 3396 write(2, "\n", 1); 3397 _exit(EXIT_FAILURE); 3398 } 3399 3400 __libc_init_tls(args); 3401 3402 // Initialize the linker's own global variables 3403 linker_so.call_constructors(); 3404 3405 // Initialize static variables. Note that in order to 3406 // get correct libdl_info we need to call constructors 3407 // before get_libdl_info(). 3408 solist = get_libdl_info(); 3409 sonext = get_libdl_info(); 3410 3411 // We have successfully fixed our own relocations. It's safe to run 3412 // the main part of the linker now. 3413 args.abort_message_ptr = &g_abort_message; 3414 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 3415 3416 INFO("[ jumping to _start ]"); 3417 3418 // Return the address that the calling assembly stub should jump to. 3419 return start_address; 3420 } 3421
