1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <android/api-level.h> 30 #include <errno.h> 31 #include <fcntl.h> 32 #include <inttypes.h> 33 #include <pthread.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <sys/mman.h> 38 #include <sys/param.h> 39 #include <unistd.h> 40 41 #include <new> 42 #include <string> 43 #include <unordered_map> 44 #include <vector> 45 46 // Private C library headers. 47 #include "private/bionic_globals.h" 48 #include "private/bionic_tls.h" 49 #include "private/KernelArgumentBlock.h" 50 #include "private/ScopedPthreadMutexLocker.h" 51 #include "private/ScopeGuard.h" 52 53 #include "linker.h" 54 #include "linker_block_allocator.h" 55 #include "linker_gdb_support.h" 56 #include "linker_debug.h" 57 #include "linker_dlwarning.h" 58 #include "linker_sleb128.h" 59 #include "linker_phdr.h" 60 #include "linker_relocs.h" 61 #include "linker_reloc_iterators.h" 62 #include "linker_utils.h" 63 64 #include "android-base/strings.h" 65 #include "ziparchive/zip_archive.h" 66 67 extern void __libc_init_globals(KernelArgumentBlock&); 68 extern void __libc_init_AT_SECURE(KernelArgumentBlock&); 69 70 extern "C" void _start(); 71 72 // Override macros to use C++ style casts. 73 #undef ELF_ST_TYPE 74 #define ELF_ST_TYPE(x) (static_cast<uint32_t>(x) & 0xf) 75 76 struct android_namespace_t { 77 public: 78 android_namespace_t() : name_(nullptr), is_isolated_(false) {} 79 80 const char* get_name() const { return name_; } 81 void set_name(const char* name) { name_ = name; } 82 83 bool is_isolated() const { return is_isolated_; } 84 void set_isolated(bool isolated) { is_isolated_ = isolated; } 85 86 const std::vector<std::string>& get_ld_library_paths() const { 87 return ld_library_paths_; 88 } 89 void set_ld_library_paths(std::vector<std::string>&& library_paths) { 90 ld_library_paths_ = library_paths; 91 } 92 93 const std::vector<std::string>& get_default_library_paths() const { 94 return default_library_paths_; 95 } 96 void set_default_library_paths(std::vector<std::string>&& library_paths) { 97 default_library_paths_ = library_paths; 98 } 99 100 const std::vector<std::string>& get_permitted_paths() const { 101 return permitted_paths_; 102 } 103 void set_permitted_paths(std::vector<std::string>&& permitted_paths) { 104 permitted_paths_ = permitted_paths; 105 } 106 107 void add_soinfo(soinfo* si) { 108 soinfo_list_.push_back(si); 109 } 110 111 void add_soinfos(const soinfo::soinfo_list_t& soinfos) { 112 for (auto si : soinfos) { 113 add_soinfo(si); 114 si->add_secondary_namespace(this); 115 } 116 } 117 118 void remove_soinfo(soinfo* si) { 119 soinfo_list_.remove_if([&](soinfo* candidate) { 120 return si == candidate; 121 }); 122 } 123 124 const soinfo::soinfo_list_t& soinfo_list() const { return soinfo_list_; } 125 126 // For isolated namespaces - checks if the file is on the search path; 127 // always returns true for not isolated namespace. 128 bool is_accessible(const std::string& path); 129 130 private: 131 const char* name_; 132 bool is_isolated_; 133 std::vector<std::string> ld_library_paths_; 134 std::vector<std::string> default_library_paths_; 135 std::vector<std::string> permitted_paths_; 136 soinfo::soinfo_list_t soinfo_list_; 137 138 DISALLOW_COPY_AND_ASSIGN(android_namespace_t); 139 }; 140 141 android_namespace_t g_default_namespace; 142 143 static std::unordered_map<uintptr_t, soinfo*> g_soinfo_handles_map; 144 static android_namespace_t* g_anonymous_namespace = &g_default_namespace; 145 146 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf); 147 148 static LinkerTypeAllocator<soinfo> g_soinfo_allocator; 149 static LinkerTypeAllocator<LinkedListEntry<soinfo>> g_soinfo_links_allocator; 150 151 static LinkerTypeAllocator<android_namespace_t> g_namespace_allocator; 152 static LinkerTypeAllocator<LinkedListEntry<android_namespace_t>> g_namespace_list_allocator; 153 154 static soinfo* solist; 155 static soinfo* sonext; 156 static soinfo* somain; // main process, always the one after libdl_info 157 158 #if defined(__LP64__) 159 static const char* const kSystemLibDir = "/system/lib64"; 160 static const char* const kVendorLibDir = "/vendor/lib64"; 161 static const char* const kAsanSystemLibDir = "/data/lib64"; 162 static const char* const kAsanVendorLibDir = "/data/vendor/lib64"; 163 #else 164 static const char* const kSystemLibDir = "/system/lib"; 165 static const char* const kVendorLibDir = "/vendor/lib"; 166 static const char* const kAsanSystemLibDir = "/data/lib"; 167 static const char* const kAsanVendorLibDir = "/data/vendor/lib"; 168 #endif 169 170 static const char* const kDefaultLdPaths[] = { 171 kSystemLibDir, 172 kVendorLibDir, 173 nullptr 174 }; 175 176 static const char* const kAsanDefaultLdPaths[] = { 177 kAsanSystemLibDir, 178 kSystemLibDir, 179 kAsanVendorLibDir, 180 kVendorLibDir, 181 nullptr 182 }; 183 184 // Is ASAN enabled? 185 static bool g_is_asan = false; 186 187 static bool is_system_library(const std::string& realpath) { 188 for (const auto& dir : g_default_namespace.get_default_library_paths()) { 189 if (file_is_in_dir(realpath, dir)) { 190 return true; 191 } 192 } 193 return false; 194 } 195 196 // Checks if the file exists and not a directory. 197 static bool file_exists(const char* path) { 198 int fd = TEMP_FAILURE_RETRY(open(path, O_RDONLY | O_CLOEXEC)); 199 if (fd == -1) { 200 return false; 201 } else { 202 close(fd); 203 return true; 204 } 205 } 206 static std::string dirname(const char *path); 207 208 // TODO(dimitry): The grey-list is a workaround for http://b/26394120 --- 209 // gradually remove libraries from this list until it is gone. 210 static bool is_greylisted(const char* name, const soinfo* needed_by) { 211 static const char* const kLibraryGreyList[] = { 212 "libandroid_runtime.so", 213 "libbinder.so", 214 "libcrypto.so", 215 "libcutils.so", 216 "libexpat.so", 217 "libgui.so", 218 "libmedia.so", 219 "libnativehelper.so", 220 "libskia.so", 221 "libssl.so", 222 "libstagefright.so", 223 "libsqlite.so", 224 "libui.so", 225 "libutils.so", 226 "libvorbisidec.so", 227 nullptr 228 }; 229 230 // limit greylisting to apps targeting sdk version 23 and below 231 if (get_application_target_sdk_version() > 23) { 232 return false; 233 } 234 235 // if the library needed by a system library - implicitly assume it 236 // is greylisted 237 238 if (needed_by != nullptr && is_system_library(needed_by->get_realpath())) { 239 return true; 240 } 241 242 // if this is an absolute path - make sure it points to /system/lib(64) 243 if (name[0] == '/' && dirname(name) == kSystemLibDir) { 244 // and reduce the path to basename 245 name = basename(name); 246 } 247 248 for (size_t i = 0; kLibraryGreyList[i] != nullptr; ++i) { 249 if (strcmp(name, kLibraryGreyList[i]) == 0) { 250 return true; 251 } 252 } 253 254 return false; 255 } 256 // END OF WORKAROUND 257 258 static const ElfW(Versym) kVersymNotNeeded = 0; 259 static const ElfW(Versym) kVersymGlobal = 1; 260 261 static const char* const* g_default_ld_paths; 262 static std::vector<std::string> g_ld_preload_names; 263 264 static std::vector<soinfo*> g_ld_preloads; 265 266 static bool g_public_namespace_initialized; 267 static soinfo::soinfo_list_t g_public_namespace; 268 269 __LIBC_HIDDEN__ int g_ld_debug_verbosity; 270 271 __LIBC_HIDDEN__ abort_msg_t* g_abort_message = nullptr; // For debuggerd. 272 273 static std::string dirname(const char *path) { 274 const char* last_slash = strrchr(path, '/'); 275 if (last_slash == path) return "/"; 276 else if (last_slash == nullptr) return "."; 277 else 278 return std::string(path, last_slash - path); 279 } 280 281 #if STATS 282 struct linker_stats_t { 283 int count[kRelocMax]; 284 }; 285 286 static linker_stats_t linker_stats; 287 288 void count_relocation(RelocationKind kind) { 289 ++linker_stats.count[kind]; 290 } 291 #else 292 void count_relocation(RelocationKind) { 293 } 294 #endif 295 296 #if COUNT_PAGES 297 uint32_t bitmask[4096]; 298 #endif 299 300 static char __linker_dl_err_buf[768]; 301 302 char* linker_get_error_buffer() { 303 return &__linker_dl_err_buf[0]; 304 } 305 306 size_t linker_get_error_buffer_size() { 307 return sizeof(__linker_dl_err_buf); 308 } 309 310 static void notify_gdb_of_load(soinfo* info) { 311 if (info->is_linker() || info->is_main_executable()) { 312 // gdb already knows about the linker and the main executable. 313 return; 314 } 315 316 link_map* map = &(info->link_map_head); 317 318 map->l_addr = info->load_bias; 319 // link_map l_name field is not const. 320 map->l_name = const_cast<char*>(info->get_realpath()); 321 map->l_ld = info->dynamic; 322 323 CHECK(map->l_name != nullptr); 324 CHECK(map->l_name[0] != '\0'); 325 326 notify_gdb_of_load(map); 327 } 328 329 static void notify_gdb_of_unload(soinfo* info) { 330 notify_gdb_of_unload(&(info->link_map_head)); 331 } 332 333 bool android_namespace_t::is_accessible(const std::string& file) { 334 if (!is_isolated_) { 335 return true; 336 } 337 338 for (const auto& dir : ld_library_paths_) { 339 if (file_is_in_dir(file, dir)) { 340 return true; 341 } 342 } 343 344 for (const auto& dir : default_library_paths_) { 345 if (file_is_in_dir(file, dir)) { 346 return true; 347 } 348 } 349 350 for (const auto& dir : permitted_paths_) { 351 if (file_is_under_dir(file, dir)) { 352 return true; 353 } 354 } 355 356 return false; 357 } 358 359 LinkedListEntry<soinfo>* SoinfoListAllocator::alloc() { 360 return g_soinfo_links_allocator.alloc(); 361 } 362 363 void SoinfoListAllocator::free(LinkedListEntry<soinfo>* entry) { 364 g_soinfo_links_allocator.free(entry); 365 } 366 367 LinkedListEntry<android_namespace_t>* NamespaceListAllocator::alloc() { 368 return g_namespace_list_allocator.alloc(); 369 } 370 371 void NamespaceListAllocator::free(LinkedListEntry<android_namespace_t>* entry) { 372 g_namespace_list_allocator.free(entry); 373 } 374 375 static soinfo* soinfo_alloc(android_namespace_t* ns, const char* name, 376 struct stat* file_stat, off64_t file_offset, 377 uint32_t rtld_flags) { 378 if (strlen(name) >= PATH_MAX) { 379 DL_ERR("library name \"%s\" too long", name); 380 return nullptr; 381 } 382 383 soinfo* si = new (g_soinfo_allocator.alloc()) soinfo(ns, name, file_stat, 384 file_offset, rtld_flags); 385 386 sonext->next = si; 387 sonext = si; 388 389 si->generate_handle(); 390 ns->add_soinfo(si); 391 392 TRACE("name %s: allocated soinfo @ %p", name, si); 393 return si; 394 } 395 396 static void soinfo_free(soinfo* si) { 397 if (si == nullptr) { 398 return; 399 } 400 401 if (si->base != 0 && si->size != 0) { 402 if (!si->is_mapped_by_caller()) { 403 munmap(reinterpret_cast<void*>(si->base), si->size); 404 } else { 405 // remap the region as PROT_NONE, MAP_ANONYMOUS | MAP_NORESERVE 406 mmap(reinterpret_cast<void*>(si->base), si->size, PROT_NONE, 407 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0); 408 } 409 } 410 411 soinfo *prev = nullptr, *trav; 412 413 TRACE("name %s: freeing soinfo @ %p", si->get_realpath(), si); 414 415 for (trav = solist; trav != nullptr; trav = trav->next) { 416 if (trav == si) { 417 break; 418 } 419 prev = trav; 420 } 421 422 if (trav == nullptr) { 423 // si was not in solist 424 DL_ERR("name \"%s\"@%p is not in solist!", si->get_realpath(), si); 425 return; 426 } 427 428 // clear links to/from si 429 si->remove_all_links(); 430 431 // prev will never be null, because the first entry in solist is 432 // always the static libdl_info. 433 prev->next = si->next; 434 if (si == sonext) { 435 sonext = prev; 436 } 437 438 si->~soinfo(); 439 g_soinfo_allocator.free(si); 440 } 441 442 // For every path element this function checks of it exists, and is a directory, 443 // and normalizes it: 444 // 1. For regular path it converts it to realpath() 445 // 2. For path in a zip file it uses realpath on the zipfile 446 // normalizes entry name by calling normalize_path function. 447 static void resolve_paths(std::vector<std::string>& paths, 448 std::vector<std::string>* resolved_paths) { 449 resolved_paths->clear(); 450 for (const auto& path : paths) { 451 char resolved_path[PATH_MAX]; 452 const char* original_path = path.c_str(); 453 if (realpath(original_path, resolved_path) != nullptr) { 454 struct stat s; 455 if (stat(resolved_path, &s) == 0) { 456 if (S_ISDIR(s.st_mode)) { 457 resolved_paths->push_back(resolved_path); 458 } else { 459 DL_WARN("Warning: \"%s\" is not a directory (excluding from path)", resolved_path); 460 continue; 461 } 462 } else { 463 DL_WARN("Warning: cannot stat file \"%s\": %s", resolved_path, strerror(errno)); 464 continue; 465 } 466 } else { 467 std::string zip_path; 468 std::string entry_path; 469 470 std::string normalized_path; 471 472 if (!normalize_path(original_path, &normalized_path)) { 473 DL_WARN("Warning: unable to normalize \"%s\"", original_path); 474 continue; 475 } 476 477 if (parse_zip_path(normalized_path.c_str(), &zip_path, &entry_path)) { 478 if (realpath(zip_path.c_str(), resolved_path) == nullptr) { 479 DL_WARN("Warning: unable to resolve \"%s\": %s", zip_path.c_str(), strerror(errno)); 480 continue; 481 } 482 483 resolved_paths->push_back(std::string(resolved_path) + kZipFileSeparator + entry_path); 484 } 485 } 486 } 487 } 488 489 static void split_path(const char* path, const char* delimiters, 490 std::vector<std::string>* paths) { 491 if (path != nullptr && path[0] != 0) { 492 *paths = android::base::Split(path, delimiters); 493 } 494 } 495 496 static void parse_path(const char* path, const char* delimiters, 497 std::vector<std::string>* resolved_paths) { 498 std::vector<std::string> paths; 499 split_path(path, delimiters, &paths); 500 resolve_paths(paths, resolved_paths); 501 } 502 503 static void parse_LD_LIBRARY_PATH(const char* path) { 504 std::vector<std::string> ld_libary_paths; 505 parse_path(path, ":", &ld_libary_paths); 506 g_default_namespace.set_ld_library_paths(std::move(ld_libary_paths)); 507 } 508 509 void soinfo::set_dt_runpath(const char* path) { 510 if (!has_min_version(3)) { 511 return; 512 } 513 514 std::vector<std::string> runpaths; 515 516 split_path(path, ":", &runpaths); 517 518 std::string origin = dirname(get_realpath()); 519 // FIXME: add $LIB and $PLATFORM. 520 std::pair<std::string, std::string> substs[] = {{"ORIGIN", origin}}; 521 for (auto&& s : runpaths) { 522 size_t pos = 0; 523 while (pos < s.size()) { 524 pos = s.find("$", pos); 525 if (pos == std::string::npos) break; 526 for (const auto& subst : substs) { 527 const std::string& token = subst.first; 528 const std::string& replacement = subst.second; 529 if (s.substr(pos + 1, token.size()) == token) { 530 s.replace(pos, token.size() + 1, replacement); 531 // -1 to compensate for the ++pos below. 532 pos += replacement.size() - 1; 533 break; 534 } else if (s.substr(pos + 1, token.size() + 2) == "{" + token + "}") { 535 s.replace(pos, token.size() + 3, replacement); 536 pos += replacement.size() - 1; 537 break; 538 } 539 } 540 // Skip $ in case it did not match any of the known substitutions. 541 ++pos; 542 } 543 } 544 545 resolve_paths(runpaths, &dt_runpath_); 546 } 547 548 static void parse_LD_PRELOAD(const char* path) { 549 g_ld_preload_names.clear(); 550 if (path != nullptr) { 551 // We have historically supported ':' as well as ' ' in LD_PRELOAD. 552 g_ld_preload_names = android::base::Split(path, " :"); 553 std::remove_if(g_ld_preload_names.begin(), 554 g_ld_preload_names.end(), 555 [] (const std::string& s) { return s.empty(); }); 556 } 557 } 558 559 static bool realpath_fd(int fd, std::string* realpath) { 560 std::vector<char> buf(PATH_MAX), proc_self_fd(PATH_MAX); 561 __libc_format_buffer(&proc_self_fd[0], proc_self_fd.size(), "/proc/self/fd/%d", fd); 562 if (readlink(&proc_self_fd[0], &buf[0], buf.size()) == -1) { 563 PRINT("readlink(\"%s\") failed: %s [fd=%d]", &proc_self_fd[0], strerror(errno), fd); 564 return false; 565 } 566 567 *realpath = &buf[0]; 568 return true; 569 } 570 571 #if defined(__arm__) 572 573 // For a given PC, find the .so that it belongs to. 574 // Returns the base address of the .ARM.exidx section 575 // for that .so, and the number of 8-byte entries 576 // in that section (via *pcount). 577 // 578 // Intended to be called by libc's __gnu_Unwind_Find_exidx(). 579 // 580 // This function is exposed via dlfcn.cpp and libdl.so. 581 _Unwind_Ptr dl_unwind_find_exidx(_Unwind_Ptr pc, int* pcount) { 582 uintptr_t addr = reinterpret_cast<uintptr_t>(pc); 583 584 for (soinfo* si = solist; si != 0; si = si->next) { 585 if ((addr >= si->base) && (addr < (si->base + si->size))) { 586 *pcount = si->ARM_exidx_count; 587 return reinterpret_cast<_Unwind_Ptr>(si->ARM_exidx); 588 } 589 } 590 *pcount = 0; 591 return nullptr; 592 } 593 594 #endif 595 596 // Here, we only have to provide a callback to iterate across all the 597 // loaded libraries. gcc_eh does the rest. 598 int do_dl_iterate_phdr(int (*cb)(dl_phdr_info* info, size_t size, void* data), void* data) { 599 int rv = 0; 600 for (soinfo* si = solist; si != nullptr; si = si->next) { 601 dl_phdr_info dl_info; 602 dl_info.dlpi_addr = si->link_map_head.l_addr; 603 dl_info.dlpi_name = si->link_map_head.l_name; 604 dl_info.dlpi_phdr = si->phdr; 605 dl_info.dlpi_phnum = si->phnum; 606 rv = cb(&dl_info, sizeof(dl_phdr_info), data); 607 if (rv != 0) { 608 break; 609 } 610 } 611 return rv; 612 } 613 614 const ElfW(Versym)* soinfo::get_versym(size_t n) const { 615 if (has_min_version(2) && versym_ != nullptr) { 616 return versym_ + n; 617 } 618 619 return nullptr; 620 } 621 622 ElfW(Addr) soinfo::get_verneed_ptr() const { 623 if (has_min_version(2)) { 624 return verneed_ptr_; 625 } 626 627 return 0; 628 } 629 630 size_t soinfo::get_verneed_cnt() const { 631 if (has_min_version(2)) { 632 return verneed_cnt_; 633 } 634 635 return 0; 636 } 637 638 ElfW(Addr) soinfo::get_verdef_ptr() const { 639 if (has_min_version(2)) { 640 return verdef_ptr_; 641 } 642 643 return 0; 644 } 645 646 size_t soinfo::get_verdef_cnt() const { 647 if (has_min_version(2)) { 648 return verdef_cnt_; 649 } 650 651 return 0; 652 } 653 654 template<typename F> 655 static bool for_each_verdef(const soinfo* si, F functor) { 656 if (!si->has_min_version(2)) { 657 return true; 658 } 659 660 uintptr_t verdef_ptr = si->get_verdef_ptr(); 661 if (verdef_ptr == 0) { 662 return true; 663 } 664 665 size_t offset = 0; 666 667 size_t verdef_cnt = si->get_verdef_cnt(); 668 for (size_t i = 0; i<verdef_cnt; ++i) { 669 const ElfW(Verdef)* verdef = reinterpret_cast<ElfW(Verdef)*>(verdef_ptr + offset); 670 size_t verdaux_offset = offset + verdef->vd_aux; 671 offset += verdef->vd_next; 672 673 if (verdef->vd_version != 1) { 674 DL_ERR("unsupported verdef[%zd] vd_version: %d (expected 1) library: %s", 675 i, verdef->vd_version, si->get_realpath()); 676 return false; 677 } 678 679 if ((verdef->vd_flags & VER_FLG_BASE) != 0) { 680 // "this is the version of the file itself. It must not be used for 681 // matching a symbol. It can be used to match references." 682 // 683 // http://www.akkadia.org/drepper/symbol-versioning 684 continue; 685 } 686 687 if (verdef->vd_cnt == 0) { 688 DL_ERR("invalid verdef[%zd] vd_cnt == 0 (version without a name)", i); 689 return false; 690 } 691 692 const ElfW(Verdaux)* verdaux = reinterpret_cast<ElfW(Verdaux)*>(verdef_ptr + verdaux_offset); 693 694 if (functor(i, verdef, verdaux) == true) { 695 break; 696 } 697 } 698 699 return true; 700 } 701 702 bool soinfo::find_verdef_version_index(const version_info* vi, ElfW(Versym)* versym) const { 703 if (vi == nullptr) { 704 *versym = kVersymNotNeeded; 705 return true; 706 } 707 708 *versym = kVersymGlobal; 709 710 return for_each_verdef(this, 711 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 712 if (verdef->vd_hash == vi->elf_hash && 713 strcmp(vi->name, get_string(verdaux->vda_name)) == 0) { 714 *versym = verdef->vd_ndx; 715 return true; 716 } 717 718 return false; 719 } 720 ); 721 } 722 723 bool soinfo::find_symbol_by_name(SymbolName& symbol_name, 724 const version_info* vi, 725 const ElfW(Sym)** symbol) const { 726 uint32_t symbol_index; 727 bool success = 728 is_gnu_hash() ? 729 gnu_lookup(symbol_name, vi, &symbol_index) : 730 elf_lookup(symbol_name, vi, &symbol_index); 731 732 if (success) { 733 *symbol = symbol_index == 0 ? nullptr : symtab_ + symbol_index; 734 } 735 736 return success; 737 } 738 739 static bool is_symbol_global_and_defined(const soinfo* si, const ElfW(Sym)* s) { 740 if (ELF_ST_BIND(s->st_info) == STB_GLOBAL || 741 ELF_ST_BIND(s->st_info) == STB_WEAK) { 742 return s->st_shndx != SHN_UNDEF; 743 } else if (ELF_ST_BIND(s->st_info) != STB_LOCAL) { 744 DL_WARN("unexpected ST_BIND value: %d for \"%s\" in \"%s\"", 745 ELF_ST_BIND(s->st_info), si->get_string(s->st_name), si->get_realpath()); 746 } 747 748 return false; 749 } 750 751 static const ElfW(Versym) kVersymHiddenBit = 0x8000; 752 753 static inline bool is_versym_hidden(const ElfW(Versym)* versym) { 754 // the symbol is hidden if bit 15 of versym is set. 755 return versym != nullptr && (*versym & kVersymHiddenBit) != 0; 756 } 757 758 static inline bool check_symbol_version(const ElfW(Versym) verneed, 759 const ElfW(Versym)* verdef) { 760 return verneed == kVersymNotNeeded || 761 verdef == nullptr || 762 verneed == (*verdef & ~kVersymHiddenBit); 763 } 764 765 bool soinfo::gnu_lookup(SymbolName& symbol_name, 766 const version_info* vi, 767 uint32_t* symbol_index) const { 768 uint32_t hash = symbol_name.gnu_hash(); 769 uint32_t h2 = hash >> gnu_shift2_; 770 771 uint32_t bloom_mask_bits = sizeof(ElfW(Addr))*8; 772 uint32_t word_num = (hash / bloom_mask_bits) & gnu_maskwords_; 773 ElfW(Addr) bloom_word = gnu_bloom_filter_[word_num]; 774 775 *symbol_index = 0; 776 777 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p (gnu)", 778 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 779 780 // test against bloom filter 781 if ((1 & (bloom_word >> (hash % bloom_mask_bits)) & (bloom_word >> (h2 % bloom_mask_bits))) == 0) { 782 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 783 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 784 785 return true; 786 } 787 788 // bloom test says "probably yes"... 789 uint32_t n = gnu_bucket_[hash % gnu_nbucket_]; 790 791 if (n == 0) { 792 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 793 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 794 795 return true; 796 } 797 798 // lookup versym for the version definition in this library 799 // note the difference between "version is not requested" (vi == nullptr) 800 // and "version not found". In the first case verneed is kVersymNotNeeded 801 // which implies that the default version can be accepted; the second case results in 802 // verneed = 1 (kVersymGlobal) and implies that we should ignore versioned symbols 803 // for this library and consider only *global* ones. 804 ElfW(Versym) verneed = 0; 805 if (!find_verdef_version_index(vi, &verneed)) { 806 return false; 807 } 808 809 do { 810 ElfW(Sym)* s = symtab_ + n; 811 const ElfW(Versym)* verdef = get_versym(n); 812 // skip hidden versions when verneed == kVersymNotNeeded (0) 813 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 814 continue; 815 } 816 if (((gnu_chain_[n] ^ hash) >> 1) == 0 && 817 check_symbol_version(verneed, verdef) && 818 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 819 is_symbol_global_and_defined(this, s)) { 820 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 821 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(s->st_value), 822 static_cast<size_t>(s->st_size)); 823 *symbol_index = n; 824 return true; 825 } 826 } while ((gnu_chain_[n++] & 1) == 0); 827 828 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p", 829 symbol_name.get_name(), get_realpath(), reinterpret_cast<void*>(base)); 830 831 return true; 832 } 833 834 bool soinfo::elf_lookup(SymbolName& symbol_name, 835 const version_info* vi, 836 uint32_t* symbol_index) const { 837 uint32_t hash = symbol_name.elf_hash(); 838 839 TRACE_TYPE(LOOKUP, "SEARCH %s in %s@%p h=%x(elf) %zd", 840 symbol_name.get_name(), get_realpath(), 841 reinterpret_cast<void*>(base), hash, hash % nbucket_); 842 843 ElfW(Versym) verneed = 0; 844 if (!find_verdef_version_index(vi, &verneed)) { 845 return false; 846 } 847 848 for (uint32_t n = bucket_[hash % nbucket_]; n != 0; n = chain_[n]) { 849 ElfW(Sym)* s = symtab_ + n; 850 const ElfW(Versym)* verdef = get_versym(n); 851 852 // skip hidden versions when verneed == 0 853 if (verneed == kVersymNotNeeded && is_versym_hidden(verdef)) { 854 continue; 855 } 856 857 if (check_symbol_version(verneed, verdef) && 858 strcmp(get_string(s->st_name), symbol_name.get_name()) == 0 && 859 is_symbol_global_and_defined(this, s)) { 860 TRACE_TYPE(LOOKUP, "FOUND %s in %s (%p) %zd", 861 symbol_name.get_name(), get_realpath(), 862 reinterpret_cast<void*>(s->st_value), 863 static_cast<size_t>(s->st_size)); 864 *symbol_index = n; 865 return true; 866 } 867 } 868 869 TRACE_TYPE(LOOKUP, "NOT FOUND %s in %s@%p %x %zd", 870 symbol_name.get_name(), get_realpath(), 871 reinterpret_cast<void*>(base), hash, hash % nbucket_); 872 873 *symbol_index = 0; 874 return true; 875 } 876 877 soinfo::soinfo(android_namespace_t* ns, const char* realpath, 878 const struct stat* file_stat, off64_t file_offset, 879 int rtld_flags) { 880 memset(this, 0, sizeof(*this)); 881 882 if (realpath != nullptr) { 883 realpath_ = realpath; 884 } 885 886 flags_ = FLAG_NEW_SOINFO; 887 version_ = SOINFO_VERSION; 888 889 if (file_stat != nullptr) { 890 this->st_dev_ = file_stat->st_dev; 891 this->st_ino_ = file_stat->st_ino; 892 this->file_offset_ = file_offset; 893 } 894 895 this->rtld_flags_ = rtld_flags; 896 this->primary_namespace_ = ns; 897 } 898 899 soinfo::~soinfo() { 900 g_soinfo_handles_map.erase(handle_); 901 } 902 903 static uint32_t calculate_elf_hash(const char* name) { 904 const uint8_t* name_bytes = reinterpret_cast<const uint8_t*>(name); 905 uint32_t h = 0, g; 906 907 while (*name_bytes) { 908 h = (h << 4) + *name_bytes++; 909 g = h & 0xf0000000; 910 h ^= g; 911 h ^= g >> 24; 912 } 913 914 return h; 915 } 916 917 uint32_t SymbolName::elf_hash() { 918 if (!has_elf_hash_) { 919 elf_hash_ = calculate_elf_hash(name_); 920 has_elf_hash_ = true; 921 } 922 923 return elf_hash_; 924 } 925 926 uint32_t SymbolName::gnu_hash() { 927 if (!has_gnu_hash_) { 928 uint32_t h = 5381; 929 const uint8_t* name = reinterpret_cast<const uint8_t*>(name_); 930 while (*name != 0) { 931 h += (h << 5) + *name++; // h*33 + c = h + h * 32 + c = h + h << 5 + c 932 } 933 934 gnu_hash_ = h; 935 has_gnu_hash_ = true; 936 } 937 938 return gnu_hash_; 939 } 940 941 bool soinfo_do_lookup(soinfo* si_from, const char* name, const version_info* vi, 942 soinfo** si_found_in, const soinfo::soinfo_list_t& global_group, 943 const soinfo::soinfo_list_t& local_group, const ElfW(Sym)** symbol) { 944 SymbolName symbol_name(name); 945 const ElfW(Sym)* s = nullptr; 946 947 /* "This element's presence in a shared object library alters the dynamic linker's 948 * symbol resolution algorithm for references within the library. Instead of starting 949 * a symbol search with the executable file, the dynamic linker starts from the shared 950 * object itself. If the shared object fails to supply the referenced symbol, the 951 * dynamic linker then searches the executable file and other shared objects as usual." 952 * 953 * http://www.sco.com/developers/gabi/2012-12-31/ch5.dynamic.html 954 * 955 * Note that this is unlikely since static linker avoids generating 956 * relocations for -Bsymbolic linked dynamic executables. 957 */ 958 if (si_from->has_DT_SYMBOLIC) { 959 DEBUG("%s: looking up %s in local scope (DT_SYMBOLIC)", si_from->get_realpath(), name); 960 if (!si_from->find_symbol_by_name(symbol_name, vi, &s)) { 961 return false; 962 } 963 964 if (s != nullptr) { 965 *si_found_in = si_from; 966 } 967 } 968 969 // 1. Look for it in global_group 970 if (s == nullptr) { 971 bool error = false; 972 global_group.visit([&](soinfo* global_si) { 973 DEBUG("%s: looking up %s in %s (from global group)", 974 si_from->get_realpath(), name, global_si->get_realpath()); 975 if (!global_si->find_symbol_by_name(symbol_name, vi, &s)) { 976 error = true; 977 return false; 978 } 979 980 if (s != nullptr) { 981 *si_found_in = global_si; 982 return false; 983 } 984 985 return true; 986 }); 987 988 if (error) { 989 return false; 990 } 991 } 992 993 // 2. Look for it in the local group 994 if (s == nullptr) { 995 bool error = false; 996 local_group.visit([&](soinfo* local_si) { 997 if (local_si == si_from && si_from->has_DT_SYMBOLIC) { 998 // we already did this - skip 999 return true; 1000 } 1001 1002 DEBUG("%s: looking up %s in %s (from local group)", 1003 si_from->get_realpath(), name, local_si->get_realpath()); 1004 if (!local_si->find_symbol_by_name(symbol_name, vi, &s)) { 1005 error = true; 1006 return false; 1007 } 1008 1009 if (s != nullptr) { 1010 *si_found_in = local_si; 1011 return false; 1012 } 1013 1014 return true; 1015 }); 1016 1017 if (error) { 1018 return false; 1019 } 1020 } 1021 1022 if (s != nullptr) { 1023 TRACE_TYPE(LOOKUP, "si %s sym %s s->st_value = %p, " 1024 "found in %s, base = %p, load bias = %p", 1025 si_from->get_realpath(), name, reinterpret_cast<void*>(s->st_value), 1026 (*si_found_in)->get_realpath(), reinterpret_cast<void*>((*si_found_in)->base), 1027 reinterpret_cast<void*>((*si_found_in)->load_bias)); 1028 } 1029 1030 *symbol = s; 1031 return true; 1032 } 1033 1034 class ProtectedDataGuard { 1035 public: 1036 ProtectedDataGuard() { 1037 if (ref_count_++ == 0) { 1038 protect_data(PROT_READ | PROT_WRITE); 1039 } 1040 } 1041 1042 ~ProtectedDataGuard() { 1043 if (ref_count_ == 0) { // overflow 1044 __libc_fatal("Too many nested calls to dlopen()"); 1045 } 1046 1047 if (--ref_count_ == 0) { 1048 protect_data(PROT_READ); 1049 } 1050 } 1051 private: 1052 void protect_data(int protection) { 1053 g_soinfo_allocator.protect_all(protection); 1054 g_soinfo_links_allocator.protect_all(protection); 1055 g_namespace_allocator.protect_all(protection); 1056 g_namespace_list_allocator.protect_all(protection); 1057 } 1058 1059 static size_t ref_count_; 1060 }; 1061 1062 size_t ProtectedDataGuard::ref_count_ = 0; 1063 1064 // Each size has it's own allocator. 1065 template<size_t size> 1066 class SizeBasedAllocator { 1067 public: 1068 static void* alloc() { 1069 return allocator_.alloc(); 1070 } 1071 1072 static void free(void* ptr) { 1073 allocator_.free(ptr); 1074 } 1075 1076 private: 1077 static LinkerBlockAllocator allocator_; 1078 }; 1079 1080 template<size_t size> 1081 LinkerBlockAllocator SizeBasedAllocator<size>::allocator_(size); 1082 1083 template<typename T> 1084 class TypeBasedAllocator { 1085 public: 1086 static T* alloc() { 1087 return reinterpret_cast<T*>(SizeBasedAllocator<sizeof(T)>::alloc()); 1088 } 1089 1090 static void free(T* ptr) { 1091 SizeBasedAllocator<sizeof(T)>::free(ptr); 1092 } 1093 }; 1094 1095 class LoadTask { 1096 public: 1097 struct deleter_t { 1098 void operator()(LoadTask* t) { 1099 t->~LoadTask(); 1100 TypeBasedAllocator<LoadTask>::free(t); 1101 } 1102 }; 1103 1104 static deleter_t deleter; 1105 1106 static LoadTask* create(const char* name, soinfo* needed_by, 1107 std::unordered_map<const soinfo*, ElfReader>* readers_map) { 1108 LoadTask* ptr = TypeBasedAllocator<LoadTask>::alloc(); 1109 return new (ptr) LoadTask(name, needed_by, readers_map); 1110 } 1111 1112 const char* get_name() const { 1113 return name_; 1114 } 1115 1116 soinfo* get_needed_by() const { 1117 return needed_by_; 1118 } 1119 1120 soinfo* get_soinfo() const { 1121 return si_; 1122 } 1123 1124 void set_soinfo(soinfo* si) { 1125 si_ = si; 1126 } 1127 1128 off64_t get_file_offset() const { 1129 return file_offset_; 1130 } 1131 1132 void set_file_offset(off64_t offset) { 1133 file_offset_ = offset; 1134 } 1135 1136 int get_fd() const { 1137 return fd_; 1138 } 1139 1140 void set_fd(int fd, bool assume_ownership) { 1141 fd_ = fd; 1142 close_fd_ = assume_ownership; 1143 } 1144 1145 const android_dlextinfo* get_extinfo() const { 1146 return extinfo_; 1147 } 1148 1149 void set_extinfo(const android_dlextinfo* extinfo) { 1150 extinfo_ = extinfo; 1151 } 1152 1153 bool is_dt_needed() const { 1154 return is_dt_needed_; 1155 } 1156 1157 void set_dt_needed(bool is_dt_needed) { 1158 is_dt_needed_ = is_dt_needed; 1159 } 1160 1161 const ElfReader& get_elf_reader() const { 1162 CHECK(si_ != nullptr); 1163 return (*elf_readers_map_)[si_]; 1164 } 1165 1166 ElfReader& get_elf_reader() { 1167 CHECK(si_ != nullptr); 1168 return (*elf_readers_map_)[si_]; 1169 } 1170 1171 std::unordered_map<const soinfo*, ElfReader>* get_readers_map() { 1172 return elf_readers_map_; 1173 } 1174 1175 bool read(const char* realpath, off64_t file_size) { 1176 ElfReader& elf_reader = get_elf_reader(); 1177 return elf_reader.Read(realpath, fd_, file_offset_, file_size); 1178 } 1179 1180 bool load() { 1181 ElfReader& elf_reader = get_elf_reader(); 1182 if (!elf_reader.Load(extinfo_)) { 1183 return false; 1184 } 1185 1186 si_->base = elf_reader.load_start(); 1187 si_->size = elf_reader.load_size(); 1188 si_->set_mapped_by_caller(elf_reader.is_mapped_by_caller()); 1189 si_->load_bias = elf_reader.load_bias(); 1190 si_->phnum = elf_reader.phdr_count(); 1191 si_->phdr = elf_reader.loaded_phdr(); 1192 1193 return true; 1194 } 1195 1196 private: 1197 LoadTask(const char* name, soinfo* needed_by, 1198 std::unordered_map<const soinfo*, ElfReader>* readers_map) 1199 : name_(name), needed_by_(needed_by), si_(nullptr), 1200 fd_(-1), close_fd_(false), file_offset_(0), elf_readers_map_(readers_map), 1201 is_dt_needed_(false) {} 1202 1203 ~LoadTask() { 1204 if (fd_ != -1 && close_fd_) { 1205 close(fd_); 1206 } 1207 } 1208 1209 const char* name_; 1210 soinfo* needed_by_; 1211 soinfo* si_; 1212 const android_dlextinfo* extinfo_; 1213 int fd_; 1214 bool close_fd_; 1215 off64_t file_offset_; 1216 std::unordered_map<const soinfo*, ElfReader>* elf_readers_map_; 1217 // TODO(dimitry): needed by workaround for http://b/26394120 (the grey-list) 1218 bool is_dt_needed_; 1219 // END OF WORKAROUND 1220 1221 DISALLOW_IMPLICIT_CONSTRUCTORS(LoadTask); 1222 }; 1223 1224 LoadTask::deleter_t LoadTask::deleter; 1225 1226 template <typename T> 1227 using linked_list_t = LinkedList<T, TypeBasedAllocator<LinkedListEntry<T>>>; 1228 1229 typedef linked_list_t<soinfo> SoinfoLinkedList; 1230 typedef linked_list_t<const char> StringLinkedList; 1231 typedef std::vector<LoadTask*> LoadTaskList; 1232 1233 1234 // This function walks down the tree of soinfo dependencies 1235 // in breadth-first order and 1236 // * calls action(soinfo* si) for each node, and 1237 // * terminates walk if action returns false. 1238 // 1239 // walk_dependencies_tree returns false if walk was terminated 1240 // by the action and true otherwise. 1241 template<typename F> 1242 static bool walk_dependencies_tree(soinfo* root_soinfos[], size_t root_soinfos_size, F action) { 1243 SoinfoLinkedList visit_list; 1244 SoinfoLinkedList visited; 1245 1246 for (size_t i = 0; i < root_soinfos_size; ++i) { 1247 visit_list.push_back(root_soinfos[i]); 1248 } 1249 1250 soinfo* si; 1251 while ((si = visit_list.pop_front()) != nullptr) { 1252 if (visited.contains(si)) { 1253 continue; 1254 } 1255 1256 if (!action(si)) { 1257 return false; 1258 } 1259 1260 visited.push_back(si); 1261 1262 si->get_children().for_each([&](soinfo* child) { 1263 visit_list.push_back(child); 1264 }); 1265 } 1266 1267 return true; 1268 } 1269 1270 1271 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* root, soinfo* skip_until, 1272 soinfo** found, SymbolName& symbol_name, 1273 const version_info* vi) { 1274 const ElfW(Sym)* result = nullptr; 1275 bool skip_lookup = skip_until != nullptr; 1276 1277 walk_dependencies_tree(&root, 1, [&](soinfo* current_soinfo) { 1278 if (skip_lookup) { 1279 skip_lookup = current_soinfo != skip_until; 1280 return true; 1281 } 1282 1283 if (!current_soinfo->find_symbol_by_name(symbol_name, vi, &result)) { 1284 result = nullptr; 1285 return false; 1286 } 1287 1288 if (result != nullptr) { 1289 *found = current_soinfo; 1290 return false; 1291 } 1292 1293 return true; 1294 }); 1295 1296 return result; 1297 } 1298 1299 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns, 1300 const char* name, 1301 const version_info* vi, 1302 soinfo** found, 1303 soinfo* caller, 1304 void* handle); 1305 1306 // This is used by dlsym(3). It performs symbol lookup only within the 1307 // specified soinfo object and its dependencies in breadth first order. 1308 static const ElfW(Sym)* dlsym_handle_lookup(soinfo* si, soinfo** found, 1309 const char* name, const version_info* vi) { 1310 // According to man dlopen(3) and posix docs in the case when si is handle 1311 // of the main executable we need to search not only in the executable and its 1312 // dependencies but also in all libraries loaded with RTLD_GLOBAL. 1313 // 1314 // Since RTLD_GLOBAL is always set for the main executable and all dt_needed shared 1315 // libraries and they are loaded in breath-first (correct) order we can just execute 1316 // dlsym(RTLD_DEFAULT, ...); instead of doing two stage lookup. 1317 if (si == somain) { 1318 return dlsym_linear_lookup(&g_default_namespace, name, vi, found, nullptr, RTLD_DEFAULT); 1319 } 1320 1321 SymbolName symbol_name(name); 1322 return dlsym_handle_lookup(si, nullptr, found, symbol_name, vi); 1323 } 1324 1325 /* This is used by dlsym(3) to performs a global symbol lookup. If the 1326 start value is null (for RTLD_DEFAULT), the search starts at the 1327 beginning of the global solist. Otherwise the search starts at the 1328 specified soinfo (for RTLD_NEXT). 1329 */ 1330 static const ElfW(Sym)* dlsym_linear_lookup(android_namespace_t* ns, 1331 const char* name, 1332 const version_info* vi, 1333 soinfo** found, 1334 soinfo* caller, 1335 void* handle) { 1336 SymbolName symbol_name(name); 1337 1338 auto& soinfo_list = ns->soinfo_list(); 1339 auto start = soinfo_list.begin(); 1340 1341 if (handle == RTLD_NEXT) { 1342 if (caller == nullptr) { 1343 return nullptr; 1344 } else { 1345 auto it = soinfo_list.find(caller); 1346 CHECK (it != soinfo_list.end()); 1347 start = ++it; 1348 } 1349 } 1350 1351 const ElfW(Sym)* s = nullptr; 1352 for (auto it = start, end = soinfo_list.end(); it != end; ++it) { 1353 soinfo* si = *it; 1354 // Do not skip RTLD_LOCAL libraries in dlsym(RTLD_DEFAULT, ...) 1355 // if the library is opened by application with target api level <= 22 1356 // See http://b/21565766 1357 if ((si->get_rtld_flags() & RTLD_GLOBAL) == 0 && si->get_target_sdk_version() > 22) { 1358 continue; 1359 } 1360 1361 if (!si->find_symbol_by_name(symbol_name, vi, &s)) { 1362 return nullptr; 1363 } 1364 1365 if (s != nullptr) { 1366 *found = si; 1367 break; 1368 } 1369 } 1370 1371 // If not found - use dlsym_handle_lookup for caller's 1372 // local_group unless it is part of the global group in which 1373 // case we already did it. 1374 if (s == nullptr && caller != nullptr && 1375 (caller->get_rtld_flags() & RTLD_GLOBAL) == 0) { 1376 return dlsym_handle_lookup(caller->get_local_group_root(), 1377 (handle == RTLD_NEXT) ? caller : nullptr, found, symbol_name, vi); 1378 } 1379 1380 if (s != nullptr) { 1381 TRACE_TYPE(LOOKUP, "%s s->st_value = %p, found->base = %p", 1382 name, reinterpret_cast<void*>(s->st_value), reinterpret_cast<void*>((*found)->base)); 1383 } 1384 1385 return s; 1386 } 1387 1388 soinfo* find_containing_library(const void* p) { 1389 ElfW(Addr) address = reinterpret_cast<ElfW(Addr)>(p); 1390 for (soinfo* si = solist; si != nullptr; si = si->next) { 1391 if (address >= si->base && address - si->base < si->size) { 1392 return si; 1393 } 1394 } 1395 return nullptr; 1396 } 1397 1398 ElfW(Sym)* soinfo::find_symbol_by_address(const void* addr) { 1399 return is_gnu_hash() ? gnu_addr_lookup(addr) : elf_addr_lookup(addr); 1400 } 1401 1402 static bool symbol_matches_soaddr(const ElfW(Sym)* sym, ElfW(Addr) soaddr) { 1403 return sym->st_shndx != SHN_UNDEF && 1404 soaddr >= sym->st_value && 1405 soaddr < sym->st_value + sym->st_size; 1406 } 1407 1408 ElfW(Sym)* soinfo::gnu_addr_lookup(const void* addr) { 1409 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1410 1411 for (size_t i = 0; i < gnu_nbucket_; ++i) { 1412 uint32_t n = gnu_bucket_[i]; 1413 1414 if (n == 0) { 1415 continue; 1416 } 1417 1418 do { 1419 ElfW(Sym)* sym = symtab_ + n; 1420 if (symbol_matches_soaddr(sym, soaddr)) { 1421 return sym; 1422 } 1423 } while ((gnu_chain_[n++] & 1) == 0); 1424 } 1425 1426 return nullptr; 1427 } 1428 1429 ElfW(Sym)* soinfo::elf_addr_lookup(const void* addr) { 1430 ElfW(Addr) soaddr = reinterpret_cast<ElfW(Addr)>(addr) - load_bias; 1431 1432 // Search the library's symbol table for any defined symbol which 1433 // contains this address. 1434 for (size_t i = 0; i < nchain_; ++i) { 1435 ElfW(Sym)* sym = symtab_ + i; 1436 if (symbol_matches_soaddr(sym, soaddr)) { 1437 return sym; 1438 } 1439 } 1440 1441 return nullptr; 1442 } 1443 1444 class ZipArchiveCache { 1445 public: 1446 ZipArchiveCache() {} 1447 ~ZipArchiveCache(); 1448 1449 bool get_or_open(const char* zip_path, ZipArchiveHandle* handle); 1450 private: 1451 DISALLOW_COPY_AND_ASSIGN(ZipArchiveCache); 1452 1453 std::unordered_map<std::string, ZipArchiveHandle> cache_; 1454 }; 1455 1456 bool ZipArchiveCache::get_or_open(const char* zip_path, ZipArchiveHandle* handle) { 1457 std::string key(zip_path); 1458 1459 auto it = cache_.find(key); 1460 if (it != cache_.end()) { 1461 *handle = it->second; 1462 return true; 1463 } 1464 1465 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1466 if (fd == -1) { 1467 return false; 1468 } 1469 1470 if (OpenArchiveFd(fd, "", handle) != 0) { 1471 // invalid zip-file (?) 1472 CloseArchive(handle); 1473 close(fd); 1474 return false; 1475 } 1476 1477 cache_[key] = *handle; 1478 return true; 1479 } 1480 1481 ZipArchiveCache::~ZipArchiveCache() { 1482 for (const auto& it : cache_) { 1483 CloseArchive(it.second); 1484 } 1485 } 1486 1487 static int open_library_in_zipfile(ZipArchiveCache* zip_archive_cache, 1488 const char* const input_path, 1489 off64_t* file_offset, std::string* realpath) { 1490 std::string normalized_path; 1491 if (!normalize_path(input_path, &normalized_path)) { 1492 return -1; 1493 } 1494 1495 const char* const path = normalized_path.c_str(); 1496 TRACE("Trying zip file open from path \"%s\" -> normalized \"%s\"", input_path, path); 1497 1498 // Treat an '!/' separator inside a path as the separator between the name 1499 // of the zip file on disk and the subdirectory to search within it. 1500 // For example, if path is "foo.zip!/bar/bas/x.so", then we search for 1501 // "bar/bas/x.so" within "foo.zip". 1502 const char* const separator = strstr(path, kZipFileSeparator); 1503 if (separator == nullptr) { 1504 return -1; 1505 } 1506 1507 char buf[512]; 1508 if (strlcpy(buf, path, sizeof(buf)) >= sizeof(buf)) { 1509 PRINT("Warning: ignoring very long library path: %s", path); 1510 return -1; 1511 } 1512 1513 buf[separator - path] = '\0'; 1514 1515 const char* zip_path = buf; 1516 const char* file_path = &buf[separator - path + 2]; 1517 int fd = TEMP_FAILURE_RETRY(open(zip_path, O_RDONLY | O_CLOEXEC)); 1518 if (fd == -1) { 1519 return -1; 1520 } 1521 1522 ZipArchiveHandle handle; 1523 if (!zip_archive_cache->get_or_open(zip_path, &handle)) { 1524 // invalid zip-file (?) 1525 close(fd); 1526 return -1; 1527 } 1528 1529 ZipEntry entry; 1530 1531 if (FindEntry(handle, ZipString(file_path), &entry) != 0) { 1532 // Entry was not found. 1533 close(fd); 1534 return -1; 1535 } 1536 1537 // Check if it is properly stored 1538 if (entry.method != kCompressStored || (entry.offset % PAGE_SIZE) != 0) { 1539 close(fd); 1540 return -1; 1541 } 1542 1543 *file_offset = entry.offset; 1544 1545 if (realpath_fd(fd, realpath)) { 1546 *realpath += separator; 1547 } else { 1548 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", 1549 normalized_path.c_str()); 1550 *realpath = normalized_path; 1551 } 1552 1553 return fd; 1554 } 1555 1556 static bool format_path(char* buf, size_t buf_size, const char* path, const char* name) { 1557 int n = __libc_format_buffer(buf, buf_size, "%s/%s", path, name); 1558 if (n < 0 || n >= static_cast<int>(buf_size)) { 1559 PRINT("Warning: ignoring very long library path: %s/%s", path, name); 1560 return false; 1561 } 1562 1563 return true; 1564 } 1565 1566 static int open_library_on_paths(ZipArchiveCache* zip_archive_cache, 1567 const char* name, off64_t* file_offset, 1568 const std::vector<std::string>& paths, 1569 std::string* realpath) { 1570 for (const auto& path : paths) { 1571 char buf[512]; 1572 if (!format_path(buf, sizeof(buf), path.c_str(), name)) { 1573 continue; 1574 } 1575 1576 int fd = -1; 1577 if (strstr(buf, kZipFileSeparator) != nullptr) { 1578 fd = open_library_in_zipfile(zip_archive_cache, buf, file_offset, realpath); 1579 } 1580 1581 if (fd == -1) { 1582 fd = TEMP_FAILURE_RETRY(open(buf, O_RDONLY | O_CLOEXEC)); 1583 if (fd != -1) { 1584 *file_offset = 0; 1585 if (!realpath_fd(fd, realpath)) { 1586 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", buf); 1587 *realpath = buf; 1588 } 1589 } 1590 } 1591 1592 if (fd != -1) { 1593 return fd; 1594 } 1595 } 1596 1597 return -1; 1598 } 1599 1600 static int open_library(android_namespace_t* ns, 1601 ZipArchiveCache* zip_archive_cache, 1602 const char* name, soinfo *needed_by, 1603 off64_t* file_offset, std::string* realpath) { 1604 TRACE("[ opening %s ]", name); 1605 1606 // If the name contains a slash, we should attempt to open it directly and not search the paths. 1607 if (strchr(name, '/') != nullptr) { 1608 int fd = -1; 1609 1610 if (strstr(name, kZipFileSeparator) != nullptr) { 1611 fd = open_library_in_zipfile(zip_archive_cache, name, file_offset, realpath); 1612 } 1613 1614 if (fd == -1) { 1615 fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_CLOEXEC)); 1616 if (fd != -1) { 1617 *file_offset = 0; 1618 if (!realpath_fd(fd, realpath)) { 1619 PRINT("warning: unable to get realpath for the library \"%s\". Will use given path.", name); 1620 *realpath = name; 1621 } 1622 } 1623 } 1624 1625 return fd; 1626 } 1627 1628 // Otherwise we try LD_LIBRARY_PATH first, and fall back to the default library path 1629 int fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_ld_library_paths(), realpath); 1630 if (fd == -1 && needed_by != nullptr) { 1631 fd = open_library_on_paths(zip_archive_cache, name, file_offset, needed_by->get_dt_runpath(), realpath); 1632 // Check if the library is accessible 1633 if (fd != -1 && !ns->is_accessible(*realpath)) { 1634 fd = -1; 1635 } 1636 } 1637 1638 if (fd == -1) { 1639 fd = open_library_on_paths(zip_archive_cache, name, file_offset, ns->get_default_library_paths(), realpath); 1640 } 1641 1642 // TODO(dimitry): workaround for http://b/26394120 (the grey-list) 1643 if (fd == -1 && ns != &g_default_namespace && is_greylisted(name, needed_by)) { 1644 // try searching for it on default_namespace default_library_path 1645 fd = open_library_on_paths(zip_archive_cache, name, file_offset, 1646 g_default_namespace.get_default_library_paths(), realpath); 1647 } 1648 // END OF WORKAROUND 1649 1650 return fd; 1651 } 1652 1653 static const char* fix_dt_needed(const char* dt_needed, const char* sopath __unused) { 1654 #if !defined(__LP64__) 1655 // Work around incorrect DT_NEEDED entries for old apps: http://b/21364029 1656 if (get_application_target_sdk_version() <= 22) { 1657 const char* bname = basename(dt_needed); 1658 if (bname != dt_needed) { 1659 DL_WARN("library \"%s\" has invalid DT_NEEDED entry \"%s\"", sopath, dt_needed); 1660 add_dlwarning(sopath, "invalid DT_NEEDED entry", dt_needed); 1661 } 1662 1663 return bname; 1664 } 1665 #endif 1666 return dt_needed; 1667 } 1668 1669 template<typename F> 1670 static void for_each_dt_needed(const soinfo* si, F action) { 1671 for (const ElfW(Dyn)* d = si->dynamic; d->d_tag != DT_NULL; ++d) { 1672 if (d->d_tag == DT_NEEDED) { 1673 action(fix_dt_needed(si->get_string(d->d_un.d_val), si->get_realpath())); 1674 } 1675 } 1676 } 1677 1678 template<typename F> 1679 static void for_each_dt_needed(const ElfReader& elf_reader, F action) { 1680 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { 1681 if (d->d_tag == DT_NEEDED) { 1682 action(fix_dt_needed(elf_reader.get_string(d->d_un.d_val), elf_reader.name())); 1683 } 1684 } 1685 } 1686 1687 static bool load_library(android_namespace_t* ns, 1688 LoadTask* task, 1689 LoadTaskList* load_tasks, 1690 int rtld_flags, 1691 const std::string& realpath) { 1692 off64_t file_offset = task->get_file_offset(); 1693 const char* name = task->get_name(); 1694 const android_dlextinfo* extinfo = task->get_extinfo(); 1695 1696 if ((file_offset % PAGE_SIZE) != 0) { 1697 DL_ERR("file offset for the library \"%s\" is not page-aligned: %" PRId64, name, file_offset); 1698 return false; 1699 } 1700 if (file_offset < 0) { 1701 DL_ERR("file offset for the library \"%s\" is negative: %" PRId64, name, file_offset); 1702 return false; 1703 } 1704 1705 struct stat file_stat; 1706 if (TEMP_FAILURE_RETRY(fstat(task->get_fd(), &file_stat)) != 0) { 1707 DL_ERR("unable to stat file for the library \"%s\": %s", name, strerror(errno)); 1708 return false; 1709 } 1710 if (file_offset >= file_stat.st_size) { 1711 DL_ERR("file offset for the library \"%s\" >= file size: %" PRId64 " >= %" PRId64, 1712 name, file_offset, file_stat.st_size); 1713 return false; 1714 } 1715 1716 // Check for symlink and other situations where 1717 // file can have different names, unless ANDROID_DLEXT_FORCE_LOAD is set 1718 if (extinfo == nullptr || (extinfo->flags & ANDROID_DLEXT_FORCE_LOAD) == 0) { 1719 auto predicate = [&](soinfo* si) { 1720 return si->get_st_dev() != 0 && 1721 si->get_st_ino() != 0 && 1722 si->get_st_dev() == file_stat.st_dev && 1723 si->get_st_ino() == file_stat.st_ino && 1724 si->get_file_offset() == file_offset; 1725 }; 1726 1727 soinfo* si = ns->soinfo_list().find_if(predicate); 1728 1729 // check public namespace 1730 if (si == nullptr) { 1731 si = g_public_namespace.find_if(predicate); 1732 if (si != nullptr) { 1733 ns->add_soinfo(si); 1734 } 1735 } 1736 1737 if (si != nullptr) { 1738 TRACE("library \"%s\" is already loaded under different name/path \"%s\" - " 1739 "will return existing soinfo", name, si->get_realpath()); 1740 task->set_soinfo(si); 1741 return true; 1742 } 1743 } 1744 1745 if ((rtld_flags & RTLD_NOLOAD) != 0) { 1746 DL_ERR("library \"%s\" wasn't loaded and RTLD_NOLOAD prevented it", name); 1747 return false; 1748 } 1749 1750 if (!ns->is_accessible(realpath)) { 1751 // TODO(dimitry): workaround for http://b/26394120 - the grey-list 1752 const soinfo* needed_by = task->is_dt_needed() ? task->get_needed_by() : nullptr; 1753 if (is_greylisted(name, needed_by)) { 1754 // print warning only if needed by non-system library 1755 if (needed_by == nullptr || !is_system_library(needed_by->get_realpath())) { 1756 const soinfo* needed_or_dlopened_by = task->get_needed_by(); 1757 const char* sopath = needed_or_dlopened_by == nullptr ? "(unknown)" : 1758 needed_or_dlopened_by->get_realpath(); 1759 DL_WARN("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"" 1760 " - the access is temporarily granted as a workaround for http://b/26394120, note that the access" 1761 " will be removed in future releases of Android.", 1762 name, realpath.c_str(), sopath, ns->get_name()); 1763 add_dlwarning(sopath, "unauthorized access to", name); 1764 } 1765 } else { 1766 // do not load libraries if they are not accessible for the specified namespace. 1767 const char* needed_or_dlopened_by = task->get_needed_by() == nullptr ? 1768 "(unknown)" : 1769 task->get_needed_by()->get_realpath(); 1770 1771 DL_ERR("library \"%s\" needed or dlopened by \"%s\" is not accessible for the namespace \"%s\"", 1772 name, needed_or_dlopened_by, ns->get_name()); 1773 1774 PRINT("library \"%s\" (\"%s\") needed or dlopened by \"%s\" is not accessible for the" 1775 " namespace: [name=\"%s\", ld_library_paths=\"%s\", default_library_paths=\"%s\"," 1776 " permitted_paths=\"%s\"]", 1777 name, realpath.c_str(), 1778 needed_or_dlopened_by, 1779 ns->get_name(), 1780 android::base::Join(ns->get_ld_library_paths(), ':').c_str(), 1781 android::base::Join(ns->get_default_library_paths(), ':').c_str(), 1782 android::base::Join(ns->get_permitted_paths(), ':').c_str()); 1783 return false; 1784 } 1785 } 1786 1787 soinfo* si = soinfo_alloc(ns, realpath.c_str(), &file_stat, file_offset, rtld_flags); 1788 if (si == nullptr) { 1789 return false; 1790 } 1791 1792 task->set_soinfo(si); 1793 1794 // Read the ELF header and some of the segments. 1795 if (!task->read(realpath.c_str(), file_stat.st_size)) { 1796 soinfo_free(si); 1797 task->set_soinfo(nullptr); 1798 return false; 1799 } 1800 1801 // find and set DT_RUNPATH and dt_soname 1802 // Note that these field values are temporary and are 1803 // going to be overwritten on soinfo::prelink_image 1804 // with values from PT_LOAD segments. 1805 const ElfReader& elf_reader = task->get_elf_reader(); 1806 for (const ElfW(Dyn)* d = elf_reader.dynamic(); d->d_tag != DT_NULL; ++d) { 1807 if (d->d_tag == DT_RUNPATH) { 1808 si->set_dt_runpath(elf_reader.get_string(d->d_un.d_val)); 1809 } 1810 if (d->d_tag == DT_SONAME) { 1811 si->set_soname(elf_reader.get_string(d->d_un.d_val)); 1812 } 1813 } 1814 1815 for_each_dt_needed(task->get_elf_reader(), [&](const char* name) { 1816 load_tasks->push_back(LoadTask::create(name, si, task->get_readers_map())); 1817 }); 1818 1819 return true; 1820 } 1821 1822 static bool load_library(android_namespace_t* ns, 1823 LoadTask* task, 1824 ZipArchiveCache* zip_archive_cache, 1825 LoadTaskList* load_tasks, 1826 int rtld_flags) { 1827 const char* name = task->get_name(); 1828 soinfo* needed_by = task->get_needed_by(); 1829 const android_dlextinfo* extinfo = task->get_extinfo(); 1830 1831 off64_t file_offset; 1832 std::string realpath; 1833 if (extinfo != nullptr && (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) != 0) { 1834 file_offset = 0; 1835 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 1836 file_offset = extinfo->library_fd_offset; 1837 } 1838 1839 if (!realpath_fd(extinfo->library_fd, &realpath)) { 1840 PRINT("warning: unable to get realpath for the library \"%s\" by extinfo->library_fd. " 1841 "Will use given name.", name); 1842 realpath = name; 1843 } 1844 1845 task->set_fd(extinfo->library_fd, false); 1846 task->set_file_offset(file_offset); 1847 return load_library(ns, task, load_tasks, rtld_flags, realpath); 1848 } 1849 1850 // Open the file. 1851 int fd = open_library(ns, zip_archive_cache, name, needed_by, &file_offset, &realpath); 1852 if (fd == -1) { 1853 DL_ERR("library \"%s\" not found", name); 1854 return false; 1855 } 1856 1857 task->set_fd(fd, true); 1858 task->set_file_offset(file_offset); 1859 1860 return load_library(ns, task, load_tasks, rtld_flags, realpath); 1861 } 1862 1863 // Returns true if library was found and false in 2 cases 1864 // 1. (for default namespace only) The library was found but loaded under different 1865 // target_sdk_version (*candidate != nullptr) 1866 // 2. The library was not found by soname (*candidate is nullptr) 1867 static bool find_loaded_library_by_soname(android_namespace_t* ns, 1868 const char* name, soinfo** candidate) { 1869 *candidate = nullptr; 1870 1871 // Ignore filename with path. 1872 if (strchr(name, '/') != nullptr) { 1873 return false; 1874 } 1875 1876 uint32_t target_sdk_version = get_application_target_sdk_version(); 1877 1878 return !ns->soinfo_list().visit([&](soinfo* si) { 1879 const char* soname = si->get_soname(); 1880 if (soname != nullptr && (strcmp(name, soname) == 0)) { 1881 // If the library was opened under different target sdk version 1882 // skip this step and try to reopen it. The exceptions are 1883 // "libdl.so" and global group. There is no point in skipping 1884 // them because relocation process is going to use them 1885 // in any case. 1886 bool is_libdl = si == solist; 1887 if (is_libdl || (si->get_dt_flags_1() & DF_1_GLOBAL) != 0 || 1888 !si->is_linked() || si->get_target_sdk_version() == target_sdk_version || 1889 ns != &g_default_namespace) { 1890 *candidate = si; 1891 return false; 1892 } else if (*candidate == nullptr) { 1893 // for the different sdk version in the default namespace 1894 // remember the first library. 1895 *candidate = si; 1896 } 1897 } 1898 1899 return true; 1900 }); 1901 } 1902 1903 static bool find_library_internal(android_namespace_t* ns, 1904 LoadTask* task, 1905 ZipArchiveCache* zip_archive_cache, 1906 LoadTaskList* load_tasks, 1907 int rtld_flags) { 1908 soinfo* candidate; 1909 1910 if (find_loaded_library_by_soname(ns, task->get_name(), &candidate)) { 1911 task->set_soinfo(candidate); 1912 return true; 1913 } 1914 1915 if (ns != &g_default_namespace) { 1916 // check public namespace 1917 candidate = g_public_namespace.find_if([&](soinfo* si) { 1918 return strcmp(task->get_name(), si->get_soname()) == 0; 1919 }); 1920 1921 if (candidate != nullptr) { 1922 ns->add_soinfo(candidate); 1923 task->set_soinfo(candidate); 1924 return true; 1925 } 1926 } 1927 1928 // Library might still be loaded, the accurate detection 1929 // of this fact is done by load_library. 1930 TRACE("[ \"%s\" find_loaded_library_by_soname failed (*candidate=%s@%p). Trying harder...]", 1931 task->get_name(), candidate == nullptr ? "n/a" : candidate->get_realpath(), candidate); 1932 1933 if (load_library(ns, task, zip_archive_cache, load_tasks, rtld_flags)) { 1934 return true; 1935 } else { 1936 // In case we were unable to load the library but there 1937 // is a candidate loaded under the same soname but different 1938 // sdk level - return it anyways. 1939 if (candidate != nullptr) { 1940 task->set_soinfo(candidate); 1941 return true; 1942 } 1943 } 1944 1945 return false; 1946 } 1947 1948 static void soinfo_unload(soinfo* si); 1949 static void soinfo_unload(soinfo* soinfos[], size_t count); 1950 1951 // TODO: this is slightly unusual way to construct 1952 // the global group for relocation. Not every RTLD_GLOBAL 1953 // library is included in this group for backwards-compatibility 1954 // reasons. 1955 // 1956 // This group consists of the main executable, LD_PRELOADs 1957 // and libraries with the DF_1_GLOBAL flag set. 1958 static soinfo::soinfo_list_t make_global_group(android_namespace_t* ns) { 1959 soinfo::soinfo_list_t global_group; 1960 ns->soinfo_list().for_each([&](soinfo* si) { 1961 if ((si->get_dt_flags_1() & DF_1_GLOBAL) != 0) { 1962 global_group.push_back(si); 1963 } 1964 }); 1965 1966 return global_group; 1967 } 1968 1969 // This function provides a list of libraries to be shared 1970 // by the namespace. For the default namespace this is the global 1971 // group (see make_global_group). For all others this is a group 1972 // of RTLD_GLOBAL libraries (which includes the global group from 1973 // the default namespace). 1974 static soinfo::soinfo_list_t get_shared_group(android_namespace_t* ns) { 1975 if (ns == &g_default_namespace) { 1976 return make_global_group(ns); 1977 } 1978 1979 soinfo::soinfo_list_t shared_group; 1980 ns->soinfo_list().for_each([&](soinfo* si) { 1981 if ((si->get_rtld_flags() & RTLD_GLOBAL) != 0) { 1982 shared_group.push_back(si); 1983 } 1984 }); 1985 1986 return shared_group; 1987 } 1988 1989 static void shuffle(std::vector<LoadTask*>* v) { 1990 for (size_t i = 0, size = v->size(); i < size; ++i) { 1991 size_t n = size - i; 1992 size_t r = arc4random_uniform(n); 1993 std::swap((*v)[n-1], (*v)[r]); 1994 } 1995 } 1996 1997 // add_as_children - add first-level loaded libraries (i.e. library_names[], but 1998 // not their transitive dependencies) as children of the start_with library. 1999 // This is false when find_libraries is called for dlopen(), when newly loaded 2000 // libraries must form a disjoint tree. 2001 static bool find_libraries(android_namespace_t* ns, 2002 soinfo* start_with, 2003 const char* const library_names[], 2004 size_t library_names_count, soinfo* soinfos[], 2005 std::vector<soinfo*>* ld_preloads, 2006 size_t ld_preloads_count, int rtld_flags, 2007 const android_dlextinfo* extinfo, 2008 bool add_as_children) { 2009 // Step 0: prepare. 2010 LoadTaskList load_tasks; 2011 std::unordered_map<const soinfo*, ElfReader> readers_map; 2012 2013 for (size_t i = 0; i < library_names_count; ++i) { 2014 const char* name = library_names[i]; 2015 load_tasks.push_back(LoadTask::create(name, start_with, &readers_map)); 2016 } 2017 2018 // Construct global_group. 2019 soinfo::soinfo_list_t global_group = make_global_group(ns); 2020 2021 // If soinfos array is null allocate one on stack. 2022 // The array is needed in case of failure; for example 2023 // when library_names[] = {libone.so, libtwo.so} and libone.so 2024 // is loaded correctly but libtwo.so failed for some reason. 2025 // In this case libone.so should be unloaded on return. 2026 // See also implementation of failure_guard below. 2027 2028 if (soinfos == nullptr) { 2029 size_t soinfos_size = sizeof(soinfo*)*library_names_count; 2030 soinfos = reinterpret_cast<soinfo**>(alloca(soinfos_size)); 2031 memset(soinfos, 0, soinfos_size); 2032 } 2033 2034 // list of libraries to link - see step 2. 2035 size_t soinfos_count = 0; 2036 2037 auto scope_guard = make_scope_guard([&]() { 2038 for (LoadTask* t : load_tasks) { 2039 LoadTask::deleter(t); 2040 } 2041 }); 2042 2043 auto failure_guard = make_scope_guard([&]() { 2044 // Housekeeping 2045 soinfo_unload(soinfos, soinfos_count); 2046 }); 2047 2048 ZipArchiveCache zip_archive_cache; 2049 2050 // Step 1: expand the list of load_tasks to include 2051 // all DT_NEEDED libraries (do not load them just yet) 2052 for (size_t i = 0; i<load_tasks.size(); ++i) { 2053 LoadTask* task = load_tasks[i]; 2054 soinfo* needed_by = task->get_needed_by(); 2055 2056 bool is_dt_needed = needed_by != nullptr && (needed_by != start_with || add_as_children); 2057 task->set_extinfo(is_dt_needed ? nullptr : extinfo); 2058 task->set_dt_needed(is_dt_needed); 2059 2060 if(!find_library_internal(ns, task, &zip_archive_cache, &load_tasks, rtld_flags)) { 2061 return false; 2062 } 2063 2064 soinfo* si = task->get_soinfo(); 2065 2066 if (is_dt_needed) { 2067 needed_by->add_child(si); 2068 } 2069 2070 if (si->is_linked()) { 2071 si->increment_ref_count(); 2072 } 2073 2074 // When ld_preloads is not null, the first 2075 // ld_preloads_count libs are in fact ld_preloads. 2076 if (ld_preloads != nullptr && soinfos_count < ld_preloads_count) { 2077 ld_preloads->push_back(si); 2078 } 2079 2080 if (soinfos_count < library_names_count) { 2081 soinfos[soinfos_count++] = si; 2082 } 2083 } 2084 2085 // Step 2: Load libraries in random order (see b/24047022) 2086 LoadTaskList load_list; 2087 for (auto&& task : load_tasks) { 2088 soinfo* si = task->get_soinfo(); 2089 auto pred = [&](const LoadTask* t) { 2090 return t->get_soinfo() == si; 2091 }; 2092 2093 if (!si->is_linked() && 2094 std::find_if(load_list.begin(), load_list.end(), pred) == load_list.end() ) { 2095 load_list.push_back(task); 2096 } 2097 } 2098 shuffle(&load_list); 2099 2100 for (auto&& task : load_list) { 2101 if (!task->load()) { 2102 return false; 2103 } 2104 } 2105 2106 // Step 3: pre-link all DT_NEEDED libraries in breadth first order. 2107 for (auto&& task : load_tasks) { 2108 soinfo* si = task->get_soinfo(); 2109 if (!si->is_linked() && !si->prelink_image()) { 2110 return false; 2111 } 2112 } 2113 2114 // Step 4: Add LD_PRELOADed libraries to the global group for 2115 // future runs. There is no need to explicitly add them to 2116 // the global group for this run because they are going to 2117 // appear in the local group in the correct order. 2118 if (ld_preloads != nullptr) { 2119 for (auto&& si : *ld_preloads) { 2120 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 2121 } 2122 } 2123 2124 2125 // Step 5: link libraries. 2126 soinfo::soinfo_list_t local_group; 2127 walk_dependencies_tree( 2128 (start_with != nullptr && add_as_children) ? &start_with : soinfos, 2129 (start_with != nullptr && add_as_children) ? 1 : soinfos_count, 2130 [&] (soinfo* si) { 2131 local_group.push_back(si); 2132 return true; 2133 }); 2134 2135 // We need to increment ref_count in case 2136 // the root of the local group was not linked. 2137 bool was_local_group_root_linked = local_group.front()->is_linked(); 2138 2139 bool linked = local_group.visit([&](soinfo* si) { 2140 if (!si->is_linked()) { 2141 if (!si->link_image(global_group, local_group, extinfo)) { 2142 return false; 2143 } 2144 } 2145 2146 return true; 2147 }); 2148 2149 if (linked) { 2150 local_group.for_each([](soinfo* si) { 2151 if (!si->is_linked()) { 2152 si->set_linked(); 2153 } 2154 }); 2155 2156 failure_guard.disable(); 2157 } 2158 2159 if (!was_local_group_root_linked) { 2160 local_group.front()->increment_ref_count(); 2161 } 2162 2163 return linked; 2164 } 2165 2166 static soinfo* find_library(android_namespace_t* ns, 2167 const char* name, int rtld_flags, 2168 const android_dlextinfo* extinfo, 2169 soinfo* needed_by) { 2170 soinfo* si; 2171 2172 if (name == nullptr) { 2173 si = somain; 2174 } else if (!find_libraries(ns, needed_by, &name, 1, &si, nullptr, 0, rtld_flags, 2175 extinfo, /* add_as_children */ false)) { 2176 return nullptr; 2177 } 2178 2179 return si; 2180 } 2181 2182 static void soinfo_unload(soinfo* root) { 2183 if (root->is_linked()) { 2184 root = root->get_local_group_root(); 2185 } 2186 2187 if (!root->can_unload()) { 2188 TRACE("not unloading \"%s\" - the binary is flagged with NODELETE", root->get_realpath()); 2189 return; 2190 } 2191 2192 soinfo_unload(&root, 1); 2193 } 2194 2195 static void soinfo_unload(soinfo* soinfos[], size_t count) { 2196 // Note that the library can be loaded but not linked; 2197 // in which case there is no root but we still need 2198 // to walk the tree and unload soinfos involved. 2199 // 2200 // This happens on unsuccessful dlopen, when one of 2201 // the DT_NEEDED libraries could not be linked/found. 2202 if (count == 0) { 2203 return; 2204 } 2205 2206 soinfo::soinfo_list_t unload_list; 2207 for (size_t i = 0; i < count; ++i) { 2208 soinfo* si = soinfos[i]; 2209 2210 if (si->can_unload()) { 2211 size_t ref_count = si->is_linked() ? si->decrement_ref_count() : 0; 2212 if (ref_count == 0) { 2213 unload_list.push_back(si); 2214 } else { 2215 TRACE("not unloading '%s' group, decrementing ref_count to %zd", 2216 si->get_realpath(), ref_count); 2217 } 2218 } else { 2219 TRACE("not unloading '%s' - the binary is flagged with NODELETE", si->get_realpath()); 2220 return; 2221 } 2222 } 2223 2224 // This is used to identify soinfos outside of the load-group 2225 // note that we cannot have > 1 in the array and have any of them 2226 // linked. This is why we can safely use the first one. 2227 soinfo* root = soinfos[0]; 2228 2229 soinfo::soinfo_list_t local_unload_list; 2230 soinfo::soinfo_list_t external_unload_list; 2231 soinfo* si = nullptr; 2232 2233 while ((si = unload_list.pop_front()) != nullptr) { 2234 if (local_unload_list.contains(si)) { 2235 continue; 2236 } 2237 2238 local_unload_list.push_back(si); 2239 2240 if (si->has_min_version(0)) { 2241 soinfo* child = nullptr; 2242 while ((child = si->get_children().pop_front()) != nullptr) { 2243 TRACE("%s@%p needs to unload %s@%p", si->get_realpath(), si, 2244 child->get_realpath(), child); 2245 2246 if (local_unload_list.contains(child)) { 2247 continue; 2248 } else if (child->is_linked() && child->get_local_group_root() != root) { 2249 external_unload_list.push_back(child); 2250 } else { 2251 unload_list.push_front(child); 2252 } 2253 } 2254 } else { 2255 #if !defined(__work_around_b_24465209__) 2256 __libc_fatal("soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 2257 #else 2258 PRINT("warning: soinfo for \"%s\"@%p has no version", si->get_realpath(), si); 2259 for_each_dt_needed(si, [&] (const char* library_name) { 2260 TRACE("deprecated (old format of soinfo): %s needs to unload %s", 2261 si->get_realpath(), library_name); 2262 2263 soinfo* needed = find_library(si->get_primary_namespace(), 2264 library_name, RTLD_NOLOAD, nullptr, nullptr); 2265 2266 if (needed != nullptr) { 2267 // Not found: for example if symlink was deleted between dlopen and dlclose 2268 // Since we cannot really handle errors at this point - print and continue. 2269 PRINT("warning: couldn't find %s needed by %s on unload.", 2270 library_name, si->get_realpath()); 2271 return; 2272 } else if (local_unload_list.contains(needed)) { 2273 // already visited 2274 return; 2275 } else if (needed->is_linked() && needed->get_local_group_root() != root) { 2276 // external group 2277 external_unload_list.push_back(needed); 2278 } else { 2279 // local group 2280 unload_list.push_front(needed); 2281 } 2282 }); 2283 #endif 2284 } 2285 } 2286 2287 local_unload_list.for_each([](soinfo* si) { 2288 si->call_destructors(); 2289 }); 2290 2291 while ((si = local_unload_list.pop_front()) != nullptr) { 2292 notify_gdb_of_unload(si); 2293 soinfo_free(si); 2294 } 2295 2296 while ((si = external_unload_list.pop_front()) != nullptr) { 2297 soinfo_unload(si); 2298 } 2299 } 2300 2301 static std::string symbol_display_name(const char* sym_name, const char* sym_ver) { 2302 if (sym_ver == nullptr) { 2303 return sym_name; 2304 } 2305 2306 return std::string(sym_name) + ", version " + sym_ver; 2307 } 2308 2309 static android_namespace_t* get_caller_namespace(soinfo* caller) { 2310 return caller != nullptr ? caller->get_primary_namespace() : g_anonymous_namespace; 2311 } 2312 2313 void do_android_get_LD_LIBRARY_PATH(char* buffer, size_t buffer_size) { 2314 // Use basic string manipulation calls to avoid snprintf. 2315 // snprintf indirectly calls pthread_getspecific to get the size of a buffer. 2316 // When debug malloc is enabled, this call returns 0. This in turn causes 2317 // snprintf to do nothing, which causes libraries to fail to load. 2318 // See b/17302493 for further details. 2319 // Once the above bug is fixed, this code can be modified to use 2320 // snprintf again. 2321 size_t required_len = 0; 2322 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 2323 required_len += strlen(g_default_ld_paths[i]) + 1; 2324 } 2325 if (buffer_size < required_len) { 2326 __libc_fatal("android_get_LD_LIBRARY_PATH failed, buffer too small: " 2327 "buffer len %zu, required len %zu", buffer_size, required_len); 2328 } 2329 char* end = buffer; 2330 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 2331 if (i > 0) *end++ = ':'; 2332 end = stpcpy(end, g_default_ld_paths[i]); 2333 } 2334 } 2335 2336 void do_android_update_LD_LIBRARY_PATH(const char* ld_library_path) { 2337 parse_LD_LIBRARY_PATH(ld_library_path); 2338 } 2339 2340 void* do_dlopen(const char* name, int flags, const android_dlextinfo* extinfo, 2341 void* caller_addr) { 2342 soinfo* const caller = find_containing_library(caller_addr); 2343 2344 if ((flags & ~(RTLD_NOW|RTLD_LAZY|RTLD_LOCAL|RTLD_GLOBAL|RTLD_NODELETE|RTLD_NOLOAD)) != 0) { 2345 DL_ERR("invalid flags to dlopen: %x", flags); 2346 return nullptr; 2347 } 2348 2349 android_namespace_t* ns = get_caller_namespace(caller); 2350 2351 if (extinfo != nullptr) { 2352 if ((extinfo->flags & ~(ANDROID_DLEXT_VALID_FLAG_BITS)) != 0) { 2353 DL_ERR("invalid extended flags to android_dlopen_ext: 0x%" PRIx64, extinfo->flags); 2354 return nullptr; 2355 } 2356 2357 if ((extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD) == 0 && 2358 (extinfo->flags & ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET) != 0) { 2359 DL_ERR("invalid extended flag combination (ANDROID_DLEXT_USE_LIBRARY_FD_OFFSET without " 2360 "ANDROID_DLEXT_USE_LIBRARY_FD): 0x%" PRIx64, extinfo->flags); 2361 return nullptr; 2362 } 2363 2364 if ((extinfo->flags & ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS) != 0 && 2365 (extinfo->flags & (ANDROID_DLEXT_RESERVED_ADDRESS | ANDROID_DLEXT_RESERVED_ADDRESS_HINT)) != 0) { 2366 DL_ERR("invalid extended flag combination: ANDROID_DLEXT_LOAD_AT_FIXED_ADDRESS is not " 2367 "compatible with ANDROID_DLEXT_RESERVED_ADDRESS/ANDROID_DLEXT_RESERVED_ADDRESS_HINT"); 2368 return nullptr; 2369 } 2370 2371 if ((extinfo->flags & ANDROID_DLEXT_USE_NAMESPACE) != 0) { 2372 if (extinfo->library_namespace == nullptr) { 2373 DL_ERR("ANDROID_DLEXT_USE_NAMESPACE is set but extinfo->library_namespace is null"); 2374 return nullptr; 2375 } 2376 ns = extinfo->library_namespace; 2377 } 2378 } 2379 2380 std::string asan_name_holder; 2381 2382 const char* translated_name = name; 2383 if (g_is_asan) { 2384 if (file_is_in_dir(name, kSystemLibDir)) { 2385 asan_name_holder = std::string(kAsanSystemLibDir) + "/" + basename(name); 2386 if (file_exists(asan_name_holder.c_str())) { 2387 translated_name = asan_name_holder.c_str(); 2388 PRINT("linker_asan dlopen translating \"%s\" -> \"%s\"", name, translated_name); 2389 } 2390 } else if (file_is_in_dir(name, kVendorLibDir)) { 2391 asan_name_holder = std::string(kAsanVendorLibDir) + "/" + basename(name); 2392 if (file_exists(asan_name_holder.c_str())) { 2393 translated_name = asan_name_holder.c_str(); 2394 PRINT("linker_asan dlopen translating \"%s\" -> \"%s\"", name, translated_name); 2395 } 2396 } 2397 } 2398 2399 ProtectedDataGuard guard; 2400 soinfo* si = find_library(ns, translated_name, flags, extinfo, caller); 2401 if (si != nullptr) { 2402 si->call_constructors(); 2403 return si->to_handle(); 2404 } 2405 2406 return nullptr; 2407 } 2408 2409 int do_dladdr(const void* addr, Dl_info* info) { 2410 // Determine if this address can be found in any library currently mapped. 2411 soinfo* si = find_containing_library(addr); 2412 if (si == nullptr) { 2413 return 0; 2414 } 2415 2416 memset(info, 0, sizeof(Dl_info)); 2417 2418 info->dli_fname = si->get_realpath(); 2419 // Address at which the shared object is loaded. 2420 info->dli_fbase = reinterpret_cast<void*>(si->base); 2421 2422 // Determine if any symbol in the library contains the specified address. 2423 ElfW(Sym)* sym = si->find_symbol_by_address(addr); 2424 if (sym != nullptr) { 2425 info->dli_sname = si->get_string(sym->st_name); 2426 info->dli_saddr = reinterpret_cast<void*>(si->resolve_symbol_address(sym)); 2427 } 2428 2429 return 1; 2430 } 2431 2432 static soinfo* soinfo_from_handle(void* handle) { 2433 if ((reinterpret_cast<uintptr_t>(handle) & 1) != 0) { 2434 auto it = g_soinfo_handles_map.find(reinterpret_cast<uintptr_t>(handle)); 2435 if (it == g_soinfo_handles_map.end()) { 2436 return nullptr; 2437 } else { 2438 return it->second; 2439 } 2440 } 2441 2442 return static_cast<soinfo*>(handle); 2443 } 2444 2445 bool do_dlsym(void* handle, const char* sym_name, const char* sym_ver, 2446 void* caller_addr, void** symbol) { 2447 #if !defined(__LP64__) 2448 if (handle == nullptr) { 2449 DL_ERR("dlsym failed: library handle is null"); 2450 return false; 2451 } 2452 #endif 2453 2454 if (sym_name == nullptr) { 2455 DL_ERR("dlsym failed: symbol name is null"); 2456 return false; 2457 } 2458 2459 soinfo* found = nullptr; 2460 const ElfW(Sym)* sym = nullptr; 2461 soinfo* caller = find_containing_library(caller_addr); 2462 android_namespace_t* ns = get_caller_namespace(caller); 2463 2464 version_info vi_instance; 2465 version_info* vi = nullptr; 2466 2467 if (sym_ver != nullptr) { 2468 vi_instance.name = sym_ver; 2469 vi_instance.elf_hash = calculate_elf_hash(sym_ver); 2470 vi = &vi_instance; 2471 } 2472 2473 if (handle == RTLD_DEFAULT || handle == RTLD_NEXT) { 2474 sym = dlsym_linear_lookup(ns, sym_name, vi, &found, caller, handle); 2475 } else { 2476 soinfo* si = soinfo_from_handle(handle); 2477 if (si == nullptr) { 2478 DL_ERR("dlsym failed: invalid handle: %p", handle); 2479 return false; 2480 } 2481 sym = dlsym_handle_lookup(si, &found, sym_name, vi); 2482 } 2483 2484 if (sym != nullptr) { 2485 uint32_t bind = ELF_ST_BIND(sym->st_info); 2486 2487 if ((bind == STB_GLOBAL || bind == STB_WEAK) && sym->st_shndx != 0) { 2488 *symbol = reinterpret_cast<void*>(found->resolve_symbol_address(sym)); 2489 return true; 2490 } 2491 2492 DL_ERR("symbol \"%s\" found but not global", symbol_display_name(sym_name, sym_ver).c_str()); 2493 return false; 2494 } 2495 2496 DL_ERR("undefined symbol: %s", symbol_display_name(sym_name, sym_ver).c_str()); 2497 return false; 2498 } 2499 2500 int do_dlclose(void* handle) { 2501 ProtectedDataGuard guard; 2502 soinfo* si = soinfo_from_handle(handle); 2503 if (si == nullptr) { 2504 DL_ERR("invalid handle: %p", handle); 2505 return -1; 2506 } 2507 2508 soinfo_unload(si); 2509 return 0; 2510 } 2511 2512 bool init_namespaces(const char* public_ns_sonames, const char* anon_ns_library_path) { 2513 CHECK(public_ns_sonames != nullptr); 2514 if (g_public_namespace_initialized) { 2515 DL_ERR("public namespace has already been initialized."); 2516 return false; 2517 } 2518 2519 std::vector<std::string> sonames = android::base::Split(public_ns_sonames, ":"); 2520 2521 ProtectedDataGuard guard; 2522 2523 auto failure_guard = make_scope_guard([&]() { 2524 g_public_namespace.clear(); 2525 }); 2526 2527 for (const auto& soname : sonames) { 2528 soinfo* candidate = nullptr; 2529 2530 find_loaded_library_by_soname(&g_default_namespace, soname.c_str(), &candidate); 2531 2532 if (candidate == nullptr) { 2533 DL_ERR("error initializing public namespace: a library with soname \"%s\"" 2534 " was not found in the default namespace", soname.c_str()); 2535 return false; 2536 } 2537 2538 candidate->set_nodelete(); 2539 g_public_namespace.push_back(candidate); 2540 } 2541 2542 g_public_namespace_initialized = true; 2543 2544 // create anonymous namespace 2545 // When the caller is nullptr - create_namespace will take global group 2546 // from the anonymous namespace, which is fine because anonymous namespace 2547 // is still pointing to the default one. 2548 android_namespace_t* anon_ns = 2549 create_namespace(nullptr, "(anonymous)", nullptr, anon_ns_library_path, 2550 ANDROID_NAMESPACE_TYPE_REGULAR, nullptr, &g_default_namespace); 2551 2552 if (anon_ns == nullptr) { 2553 g_public_namespace_initialized = false; 2554 return false; 2555 } 2556 g_anonymous_namespace = anon_ns; 2557 failure_guard.disable(); 2558 return true; 2559 } 2560 2561 android_namespace_t* create_namespace(const void* caller_addr, 2562 const char* name, 2563 const char* ld_library_path, 2564 const char* default_library_path, 2565 uint64_t type, 2566 const char* permitted_when_isolated_path, 2567 android_namespace_t* parent_namespace) { 2568 if (!g_public_namespace_initialized) { 2569 DL_ERR("cannot create namespace: public namespace is not initialized."); 2570 return nullptr; 2571 } 2572 2573 if (parent_namespace == nullptr) { 2574 // if parent_namespace is nullptr -> set it to the caller namespace 2575 soinfo* caller_soinfo = find_containing_library(caller_addr); 2576 2577 parent_namespace = caller_soinfo != nullptr ? 2578 caller_soinfo->get_primary_namespace() : 2579 g_anonymous_namespace; 2580 } 2581 2582 ProtectedDataGuard guard; 2583 std::vector<std::string> ld_library_paths; 2584 std::vector<std::string> default_library_paths; 2585 std::vector<std::string> permitted_paths; 2586 2587 parse_path(ld_library_path, ":", &ld_library_paths); 2588 parse_path(default_library_path, ":", &default_library_paths); 2589 parse_path(permitted_when_isolated_path, ":", &permitted_paths); 2590 2591 android_namespace_t* ns = new (g_namespace_allocator.alloc()) android_namespace_t(); 2592 ns->set_name(name); 2593 ns->set_isolated((type & ANDROID_NAMESPACE_TYPE_ISOLATED) != 0); 2594 ns->set_ld_library_paths(std::move(ld_library_paths)); 2595 ns->set_default_library_paths(std::move(default_library_paths)); 2596 ns->set_permitted_paths(std::move(permitted_paths)); 2597 2598 if ((type & ANDROID_NAMESPACE_TYPE_SHARED) != 0) { 2599 // If shared - clone the parent namespace 2600 ns->add_soinfos(parent_namespace->soinfo_list()); 2601 } else { 2602 // If not shared - copy only the shared group 2603 ns->add_soinfos(get_shared_group(parent_namespace)); 2604 } 2605 2606 return ns; 2607 } 2608 2609 static ElfW(Addr) call_ifunc_resolver(ElfW(Addr) resolver_addr) { 2610 typedef ElfW(Addr) (*ifunc_resolver_t)(void); 2611 ifunc_resolver_t ifunc_resolver = reinterpret_cast<ifunc_resolver_t>(resolver_addr); 2612 ElfW(Addr) ifunc_addr = ifunc_resolver(); 2613 TRACE_TYPE(RELO, "Called ifunc_resolver@%p. The result is %p", 2614 ifunc_resolver, reinterpret_cast<void*>(ifunc_addr)); 2615 2616 return ifunc_addr; 2617 } 2618 2619 const version_info* VersionTracker::get_version_info(ElfW(Versym) source_symver) const { 2620 if (source_symver < 2 || 2621 source_symver >= version_infos.size() || 2622 version_infos[source_symver].name == nullptr) { 2623 return nullptr; 2624 } 2625 2626 return &version_infos[source_symver]; 2627 } 2628 2629 void VersionTracker::add_version_info(size_t source_index, 2630 ElfW(Word) elf_hash, 2631 const char* ver_name, 2632 const soinfo* target_si) { 2633 if (source_index >= version_infos.size()) { 2634 version_infos.resize(source_index+1); 2635 } 2636 2637 version_infos[source_index].elf_hash = elf_hash; 2638 version_infos[source_index].name = ver_name; 2639 version_infos[source_index].target_si = target_si; 2640 } 2641 2642 bool VersionTracker::init_verneed(const soinfo* si_from) { 2643 uintptr_t verneed_ptr = si_from->get_verneed_ptr(); 2644 2645 if (verneed_ptr == 0) { 2646 return true; 2647 } 2648 2649 size_t verneed_cnt = si_from->get_verneed_cnt(); 2650 2651 for (size_t i = 0, offset = 0; i<verneed_cnt; ++i) { 2652 const ElfW(Verneed)* verneed = reinterpret_cast<ElfW(Verneed)*>(verneed_ptr + offset); 2653 size_t vernaux_offset = offset + verneed->vn_aux; 2654 offset += verneed->vn_next; 2655 2656 if (verneed->vn_version != 1) { 2657 DL_ERR("unsupported verneed[%zd] vn_version: %d (expected 1)", i, verneed->vn_version); 2658 return false; 2659 } 2660 2661 const char* target_soname = si_from->get_string(verneed->vn_file); 2662 // find it in dependencies 2663 soinfo* target_si = si_from->get_children().find_if([&](const soinfo* si) { 2664 return si->get_soname() != nullptr && strcmp(si->get_soname(), target_soname) == 0; 2665 }); 2666 2667 if (target_si == nullptr) { 2668 DL_ERR("cannot find \"%s\" from verneed[%zd] in DT_NEEDED list for \"%s\"", 2669 target_soname, i, si_from->get_realpath()); 2670 return false; 2671 } 2672 2673 for (size_t j = 0; j<verneed->vn_cnt; ++j) { 2674 const ElfW(Vernaux)* vernaux = reinterpret_cast<ElfW(Vernaux)*>(verneed_ptr + vernaux_offset); 2675 vernaux_offset += vernaux->vna_next; 2676 2677 const ElfW(Word) elf_hash = vernaux->vna_hash; 2678 const char* ver_name = si_from->get_string(vernaux->vna_name); 2679 ElfW(Half) source_index = vernaux->vna_other; 2680 2681 add_version_info(source_index, elf_hash, ver_name, target_si); 2682 } 2683 } 2684 2685 return true; 2686 } 2687 2688 bool VersionTracker::init_verdef(const soinfo* si_from) { 2689 return for_each_verdef(si_from, 2690 [&](size_t, const ElfW(Verdef)* verdef, const ElfW(Verdaux)* verdaux) { 2691 add_version_info(verdef->vd_ndx, verdef->vd_hash, 2692 si_from->get_string(verdaux->vda_name), si_from); 2693 return false; 2694 } 2695 ); 2696 } 2697 2698 bool VersionTracker::init(const soinfo* si_from) { 2699 if (!si_from->has_min_version(2)) { 2700 return true; 2701 } 2702 2703 return init_verneed(si_from) && init_verdef(si_from); 2704 } 2705 2706 bool soinfo::lookup_version_info(const VersionTracker& version_tracker, ElfW(Word) sym, 2707 const char* sym_name, const version_info** vi) { 2708 const ElfW(Versym)* sym_ver_ptr = get_versym(sym); 2709 ElfW(Versym) sym_ver = sym_ver_ptr == nullptr ? 0 : *sym_ver_ptr; 2710 2711 if (sym_ver != VER_NDX_LOCAL && sym_ver != VER_NDX_GLOBAL) { 2712 *vi = version_tracker.get_version_info(sym_ver); 2713 2714 if (*vi == nullptr) { 2715 DL_ERR("cannot find verneed/verdef for version index=%d " 2716 "referenced by symbol \"%s\" at \"%s\"", sym_ver, sym_name, get_realpath()); 2717 return false; 2718 } 2719 } else { 2720 // there is no version info 2721 *vi = nullptr; 2722 } 2723 2724 return true; 2725 } 2726 2727 #if !defined(__mips__) 2728 #if defined(USE_RELA) 2729 static ElfW(Addr) get_addend(ElfW(Rela)* rela, ElfW(Addr) reloc_addr __unused) { 2730 return rela->r_addend; 2731 } 2732 #else 2733 static ElfW(Addr) get_addend(ElfW(Rel)* rel, ElfW(Addr) reloc_addr) { 2734 if (ELFW(R_TYPE)(rel->r_info) == R_GENERIC_RELATIVE || 2735 ELFW(R_TYPE)(rel->r_info) == R_GENERIC_IRELATIVE) { 2736 return *reinterpret_cast<ElfW(Addr)*>(reloc_addr); 2737 } 2738 return 0; 2739 } 2740 #endif 2741 2742 template<typename ElfRelIteratorT> 2743 bool soinfo::relocate(const VersionTracker& version_tracker, ElfRelIteratorT&& rel_iterator, 2744 const soinfo_list_t& global_group, const soinfo_list_t& local_group) { 2745 for (size_t idx = 0; rel_iterator.has_next(); ++idx) { 2746 const auto rel = rel_iterator.next(); 2747 if (rel == nullptr) { 2748 return false; 2749 } 2750 2751 ElfW(Word) type = ELFW(R_TYPE)(rel->r_info); 2752 ElfW(Word) sym = ELFW(R_SYM)(rel->r_info); 2753 2754 ElfW(Addr) reloc = static_cast<ElfW(Addr)>(rel->r_offset + load_bias); 2755 ElfW(Addr) sym_addr = 0; 2756 const char* sym_name = nullptr; 2757 ElfW(Addr) addend = get_addend(rel, reloc); 2758 2759 DEBUG("Processing \"%s\" relocation at index %zd", get_realpath(), idx); 2760 if (type == R_GENERIC_NONE) { 2761 continue; 2762 } 2763 2764 const ElfW(Sym)* s = nullptr; 2765 soinfo* lsi = nullptr; 2766 2767 if (sym != 0) { 2768 sym_name = get_string(symtab_[sym].st_name); 2769 const version_info* vi = nullptr; 2770 2771 if (!lookup_version_info(version_tracker, sym, sym_name, &vi)) { 2772 return false; 2773 } 2774 2775 if (!soinfo_do_lookup(this, sym_name, vi, &lsi, global_group, local_group, &s)) { 2776 return false; 2777 } 2778 2779 if (s == nullptr) { 2780 // We only allow an undefined symbol if this is a weak reference... 2781 s = &symtab_[sym]; 2782 if (ELF_ST_BIND(s->st_info) != STB_WEAK) { 2783 DL_ERR("cannot locate symbol \"%s\" referenced by \"%s\"...", sym_name, get_realpath()); 2784 return false; 2785 } 2786 2787 /* IHI0044C AAELF 4.5.1.1: 2788 2789 Libraries are not searched to resolve weak references. 2790 It is not an error for a weak reference to remain unsatisfied. 2791 2792 During linking, the value of an undefined weak reference is: 2793 - Zero if the relocation type is absolute 2794 - The address of the place if the relocation is pc-relative 2795 - The address of nominal base address if the relocation 2796 type is base-relative. 2797 */ 2798 2799 switch (type) { 2800 case R_GENERIC_JUMP_SLOT: 2801 case R_GENERIC_GLOB_DAT: 2802 case R_GENERIC_RELATIVE: 2803 case R_GENERIC_IRELATIVE: 2804 #if defined(__aarch64__) 2805 case R_AARCH64_ABS64: 2806 case R_AARCH64_ABS32: 2807 case R_AARCH64_ABS16: 2808 #elif defined(__x86_64__) 2809 case R_X86_64_32: 2810 case R_X86_64_64: 2811 #elif defined(__arm__) 2812 case R_ARM_ABS32: 2813 #elif defined(__i386__) 2814 case R_386_32: 2815 #endif 2816 /* 2817 * The sym_addr was initialized to be zero above, or the relocation 2818 * code below does not care about value of sym_addr. 2819 * No need to do anything. 2820 */ 2821 break; 2822 #if defined(__x86_64__) 2823 case R_X86_64_PC32: 2824 sym_addr = reloc; 2825 break; 2826 #elif defined(__i386__) 2827 case R_386_PC32: 2828 sym_addr = reloc; 2829 break; 2830 #endif 2831 default: 2832 DL_ERR("unknown weak reloc type %d @ %p (%zu)", type, rel, idx); 2833 return false; 2834 } 2835 } else { // We got a definition. 2836 #if !defined(__LP64__) 2837 // When relocating dso with text_relocation .text segment is 2838 // not executable. We need to restore elf flags before resolving 2839 // STT_GNU_IFUNC symbol. 2840 bool protect_segments = has_text_relocations && 2841 lsi == this && 2842 ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC; 2843 if (protect_segments) { 2844 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2845 DL_ERR("can't protect segments for \"%s\": %s", 2846 get_realpath(), strerror(errno)); 2847 return false; 2848 } 2849 } 2850 #endif 2851 sym_addr = lsi->resolve_symbol_address(s); 2852 #if !defined(__LP64__) 2853 if (protect_segments) { 2854 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2855 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2856 get_realpath(), strerror(errno)); 2857 return false; 2858 } 2859 } 2860 #endif 2861 } 2862 count_relocation(kRelocSymbol); 2863 } 2864 2865 switch (type) { 2866 case R_GENERIC_JUMP_SLOT: 2867 count_relocation(kRelocAbsolute); 2868 MARK(rel->r_offset); 2869 TRACE_TYPE(RELO, "RELO JMP_SLOT %16p <- %16p %s\n", 2870 reinterpret_cast<void*>(reloc), 2871 reinterpret_cast<void*>(sym_addr + addend), sym_name); 2872 2873 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2874 break; 2875 case R_GENERIC_GLOB_DAT: 2876 count_relocation(kRelocAbsolute); 2877 MARK(rel->r_offset); 2878 TRACE_TYPE(RELO, "RELO GLOB_DAT %16p <- %16p %s\n", 2879 reinterpret_cast<void*>(reloc), 2880 reinterpret_cast<void*>(sym_addr + addend), sym_name); 2881 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2882 break; 2883 case R_GENERIC_RELATIVE: 2884 count_relocation(kRelocRelative); 2885 MARK(rel->r_offset); 2886 TRACE_TYPE(RELO, "RELO RELATIVE %16p <- %16p\n", 2887 reinterpret_cast<void*>(reloc), 2888 reinterpret_cast<void*>(load_bias + addend)); 2889 *reinterpret_cast<ElfW(Addr)*>(reloc) = (load_bias + addend); 2890 break; 2891 case R_GENERIC_IRELATIVE: 2892 count_relocation(kRelocRelative); 2893 MARK(rel->r_offset); 2894 TRACE_TYPE(RELO, "RELO IRELATIVE %16p <- %16p\n", 2895 reinterpret_cast<void*>(reloc), 2896 reinterpret_cast<void*>(load_bias + addend)); 2897 { 2898 #if !defined(__LP64__) 2899 // When relocating dso with text_relocation .text segment is 2900 // not executable. We need to restore elf flags for this 2901 // particular call. 2902 if (has_text_relocations) { 2903 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 2904 DL_ERR("can't protect segments for \"%s\": %s", 2905 get_realpath(), strerror(errno)); 2906 return false; 2907 } 2908 } 2909 #endif 2910 ElfW(Addr) ifunc_addr = call_ifunc_resolver(load_bias + addend); 2911 #if !defined(__LP64__) 2912 // Unprotect it afterwards... 2913 if (has_text_relocations) { 2914 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 2915 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 2916 get_realpath(), strerror(errno)); 2917 return false; 2918 } 2919 } 2920 #endif 2921 *reinterpret_cast<ElfW(Addr)*>(reloc) = ifunc_addr; 2922 } 2923 break; 2924 2925 #if defined(__aarch64__) 2926 case R_AARCH64_ABS64: 2927 count_relocation(kRelocAbsolute); 2928 MARK(rel->r_offset); 2929 TRACE_TYPE(RELO, "RELO ABS64 %16llx <- %16llx %s\n", 2930 reloc, sym_addr + addend, sym_name); 2931 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2932 break; 2933 case R_AARCH64_ABS32: 2934 count_relocation(kRelocAbsolute); 2935 MARK(rel->r_offset); 2936 TRACE_TYPE(RELO, "RELO ABS32 %16llx <- %16llx %s\n", 2937 reloc, sym_addr + addend, sym_name); 2938 { 2939 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2940 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2941 if ((min_value <= (sym_addr + addend)) && 2942 ((sym_addr + addend) <= max_value)) { 2943 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend; 2944 } else { 2945 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2946 sym_addr + addend, min_value, max_value); 2947 return false; 2948 } 2949 } 2950 break; 2951 case R_AARCH64_ABS16: 2952 count_relocation(kRelocAbsolute); 2953 MARK(rel->r_offset); 2954 TRACE_TYPE(RELO, "RELO ABS16 %16llx <- %16llx %s\n", 2955 reloc, sym_addr + addend, sym_name); 2956 { 2957 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 2958 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 2959 if ((min_value <= (sym_addr + addend)) && 2960 ((sym_addr + addend) <= max_value)) { 2961 *reinterpret_cast<ElfW(Addr)*>(reloc) = (sym_addr + addend); 2962 } else { 2963 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2964 sym_addr + addend, min_value, max_value); 2965 return false; 2966 } 2967 } 2968 break; 2969 case R_AARCH64_PREL64: 2970 count_relocation(kRelocRelative); 2971 MARK(rel->r_offset); 2972 TRACE_TYPE(RELO, "RELO REL64 %16llx <- %16llx - %16llx %s\n", 2973 reloc, sym_addr + addend, rel->r_offset, sym_name); 2974 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 2975 break; 2976 case R_AARCH64_PREL32: 2977 count_relocation(kRelocRelative); 2978 MARK(rel->r_offset); 2979 TRACE_TYPE(RELO, "RELO REL32 %16llx <- %16llx - %16llx %s\n", 2980 reloc, sym_addr + addend, rel->r_offset, sym_name); 2981 { 2982 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT32_MIN); 2983 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT32_MAX); 2984 if ((min_value <= (sym_addr + addend - rel->r_offset)) && 2985 ((sym_addr + addend - rel->r_offset) <= max_value)) { 2986 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 2987 } else { 2988 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 2989 sym_addr + addend - rel->r_offset, min_value, max_value); 2990 return false; 2991 } 2992 } 2993 break; 2994 case R_AARCH64_PREL16: 2995 count_relocation(kRelocRelative); 2996 MARK(rel->r_offset); 2997 TRACE_TYPE(RELO, "RELO REL16 %16llx <- %16llx - %16llx %s\n", 2998 reloc, sym_addr + addend, rel->r_offset, sym_name); 2999 { 3000 const ElfW(Addr) min_value = static_cast<ElfW(Addr)>(INT16_MIN); 3001 const ElfW(Addr) max_value = static_cast<ElfW(Addr)>(UINT16_MAX); 3002 if ((min_value <= (sym_addr + addend - rel->r_offset)) && 3003 ((sym_addr + addend - rel->r_offset) <= max_value)) { 3004 *reinterpret_cast<ElfW(Addr)*>(reloc) = sym_addr + addend - rel->r_offset; 3005 } else { 3006 DL_ERR("0x%016llx out of range 0x%016llx to 0x%016llx", 3007 sym_addr + addend - rel->r_offset, min_value, max_value); 3008 return false; 3009 } 3010 } 3011 break; 3012 3013 case R_AARCH64_COPY: 3014 /* 3015 * ET_EXEC is not supported so this should not happen. 3016 * 3017 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf 3018 * 3019 * Section 4.6.11 "Dynamic relocations" 3020 * R_AARCH64_COPY may only appear in executable objects where e_type is 3021 * set to ET_EXEC. 3022 */ 3023 DL_ERR("%s R_AARCH64_COPY relocations are not supported", get_realpath()); 3024 return false; 3025 case R_AARCH64_TLS_TPREL64: 3026 TRACE_TYPE(RELO, "RELO TLS_TPREL64 *** %16llx <- %16llx - %16llx\n", 3027 reloc, (sym_addr + addend), rel->r_offset); 3028 break; 3029 case R_AARCH64_TLS_DTPREL32: 3030 TRACE_TYPE(RELO, "RELO TLS_DTPREL32 *** %16llx <- %16llx - %16llx\n", 3031 reloc, (sym_addr + addend), rel->r_offset); 3032 break; 3033 #elif defined(__x86_64__) 3034 case R_X86_64_32: 3035 count_relocation(kRelocRelative); 3036 MARK(rel->r_offset); 3037 TRACE_TYPE(RELO, "RELO R_X86_64_32 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 3038 static_cast<size_t>(sym_addr), sym_name); 3039 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend; 3040 break; 3041 case R_X86_64_64: 3042 count_relocation(kRelocRelative); 3043 MARK(rel->r_offset); 3044 TRACE_TYPE(RELO, "RELO R_X86_64_64 %08zx <- +%08zx %s", static_cast<size_t>(reloc), 3045 static_cast<size_t>(sym_addr), sym_name); 3046 *reinterpret_cast<Elf64_Addr*>(reloc) = sym_addr + addend; 3047 break; 3048 case R_X86_64_PC32: 3049 count_relocation(kRelocRelative); 3050 MARK(rel->r_offset); 3051 TRACE_TYPE(RELO, "RELO R_X86_64_PC32 %08zx <- +%08zx (%08zx - %08zx) %s", 3052 static_cast<size_t>(reloc), static_cast<size_t>(sym_addr - reloc), 3053 static_cast<size_t>(sym_addr), static_cast<size_t>(reloc), sym_name); 3054 *reinterpret_cast<Elf32_Addr*>(reloc) = sym_addr + addend - reloc; 3055 break; 3056 #elif defined(__arm__) 3057 case R_ARM_ABS32: 3058 count_relocation(kRelocAbsolute); 3059 MARK(rel->r_offset); 3060 TRACE_TYPE(RELO, "RELO ABS %08x <- %08x %s", reloc, sym_addr, sym_name); 3061 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 3062 break; 3063 case R_ARM_REL32: 3064 count_relocation(kRelocRelative); 3065 MARK(rel->r_offset); 3066 TRACE_TYPE(RELO, "RELO REL32 %08x <- %08x - %08x %s", 3067 reloc, sym_addr, rel->r_offset, sym_name); 3068 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr - rel->r_offset; 3069 break; 3070 case R_ARM_COPY: 3071 /* 3072 * ET_EXEC is not supported so this should not happen. 3073 * 3074 * http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044d/IHI0044D_aaelf.pdf 3075 * 3076 * Section 4.6.1.10 "Dynamic relocations" 3077 * R_ARM_COPY may only appear in executable objects where e_type is 3078 * set to ET_EXEC. 3079 */ 3080 DL_ERR("%s R_ARM_COPY relocations are not supported", get_realpath()); 3081 return false; 3082 #elif defined(__i386__) 3083 case R_386_32: 3084 count_relocation(kRelocRelative); 3085 MARK(rel->r_offset); 3086 TRACE_TYPE(RELO, "RELO R_386_32 %08x <- +%08x %s", reloc, sym_addr, sym_name); 3087 *reinterpret_cast<ElfW(Addr)*>(reloc) += sym_addr; 3088 break; 3089 case R_386_PC32: 3090 count_relocation(kRelocRelative); 3091 MARK(rel->r_offset); 3092 TRACE_TYPE(RELO, "RELO R_386_PC32 %08x <- +%08x (%08x - %08x) %s", 3093 reloc, (sym_addr - reloc), sym_addr, reloc, sym_name); 3094 *reinterpret_cast<ElfW(Addr)*>(reloc) += (sym_addr - reloc); 3095 break; 3096 #endif 3097 default: 3098 DL_ERR("unknown reloc type %d @ %p (%zu)", type, rel, idx); 3099 return false; 3100 } 3101 } 3102 return true; 3103 } 3104 #endif // !defined(__mips__) 3105 3106 void soinfo::call_array(const char* array_name __unused, linker_function_t* functions, 3107 size_t count, bool reverse) { 3108 if (functions == nullptr) { 3109 return; 3110 } 3111 3112 TRACE("[ Calling %s (size %zd) @ %p for \"%s\" ]", array_name, count, functions, get_realpath()); 3113 3114 int begin = reverse ? (count - 1) : 0; 3115 int end = reverse ? -1 : count; 3116 int step = reverse ? -1 : 1; 3117 3118 for (int i = begin; i != end; i += step) { 3119 TRACE("[ %s[%d] == %p ]", array_name, i, functions[i]); 3120 call_function("function", functions[i]); 3121 } 3122 3123 TRACE("[ Done calling %s for \"%s\" ]", array_name, get_realpath()); 3124 } 3125 3126 void soinfo::call_function(const char* function_name __unused, linker_function_t function) { 3127 if (function == nullptr || reinterpret_cast<uintptr_t>(function) == static_cast<uintptr_t>(-1)) { 3128 return; 3129 } 3130 3131 TRACE("[ Calling %s @ %p for \"%s\" ]", function_name, function, get_realpath()); 3132 function(); 3133 TRACE("[ Done calling %s @ %p for \"%s\" ]", function_name, function, get_realpath()); 3134 } 3135 3136 void soinfo::call_pre_init_constructors() { 3137 // DT_PREINIT_ARRAY functions are called before any other constructors for executables, 3138 // but ignored in a shared library. 3139 call_array("DT_PREINIT_ARRAY", preinit_array_, preinit_array_count_, false); 3140 } 3141 3142 void soinfo::call_constructors() { 3143 if (constructors_called) { 3144 return; 3145 } 3146 3147 // We set constructors_called before actually calling the constructors, otherwise it doesn't 3148 // protect against recursive constructor calls. One simple example of constructor recursion 3149 // is the libc debug malloc, which is implemented in libc_malloc_debug_leak.so: 3150 // 1. The program depends on libc, so libc's constructor is called here. 3151 // 2. The libc constructor calls dlopen() to load libc_malloc_debug_leak.so. 3152 // 3. dlopen() calls the constructors on the newly created 3153 // soinfo for libc_malloc_debug_leak.so. 3154 // 4. The debug .so depends on libc, so CallConstructors is 3155 // called again with the libc soinfo. If it doesn't trigger the early- 3156 // out above, the libc constructor will be called again (recursively!). 3157 constructors_called = true; 3158 3159 if (!is_main_executable() && preinit_array_ != nullptr) { 3160 // The GNU dynamic linker silently ignores these, but we warn the developer. 3161 PRINT("\"%s\": ignoring DT_PREINIT_ARRAY in shared library!", get_realpath()); 3162 } 3163 3164 get_children().for_each([] (soinfo* si) { 3165 si->call_constructors(); 3166 }); 3167 3168 TRACE("\"%s\": calling constructors", get_realpath()); 3169 3170 // DT_INIT should be called before DT_INIT_ARRAY if both are present. 3171 call_function("DT_INIT", init_func_); 3172 call_array("DT_INIT_ARRAY", init_array_, init_array_count_, false); 3173 } 3174 3175 void soinfo::call_destructors() { 3176 if (!constructors_called) { 3177 return; 3178 } 3179 TRACE("\"%s\": calling destructors", get_realpath()); 3180 3181 // DT_FINI_ARRAY must be parsed in reverse order. 3182 call_array("DT_FINI_ARRAY", fini_array_, fini_array_count_, true); 3183 3184 // DT_FINI should be called after DT_FINI_ARRAY if both are present. 3185 call_function("DT_FINI", fini_func_); 3186 3187 // This is needed on second call to dlopen 3188 // after library has been unloaded with RTLD_NODELETE 3189 constructors_called = false; 3190 } 3191 3192 void soinfo::add_child(soinfo* child) { 3193 if (has_min_version(0)) { 3194 child->parents_.push_back(this); 3195 this->children_.push_back(child); 3196 } 3197 } 3198 3199 void soinfo::remove_all_links() { 3200 if (!has_min_version(0)) { 3201 return; 3202 } 3203 3204 // 1. Untie connected soinfos from 'this'. 3205 children_.for_each([&] (soinfo* child) { 3206 child->parents_.remove_if([&] (const soinfo* parent) { 3207 return parent == this; 3208 }); 3209 }); 3210 3211 parents_.for_each([&] (soinfo* parent) { 3212 parent->children_.remove_if([&] (const soinfo* child) { 3213 return child == this; 3214 }); 3215 }); 3216 3217 // 2. Remove from the primary namespace 3218 primary_namespace_->remove_soinfo(this); 3219 primary_namespace_ = nullptr; 3220 3221 // 3. Remove from secondary namespaces 3222 secondary_namespaces_.for_each([&](android_namespace_t* ns) { 3223 ns->remove_soinfo(this); 3224 }); 3225 3226 3227 // 4. Once everything untied - clear local lists. 3228 parents_.clear(); 3229 children_.clear(); 3230 secondary_namespaces_.clear(); 3231 } 3232 3233 dev_t soinfo::get_st_dev() const { 3234 if (has_min_version(0)) { 3235 return st_dev_; 3236 } 3237 3238 return 0; 3239 }; 3240 3241 ino_t soinfo::get_st_ino() const { 3242 if (has_min_version(0)) { 3243 return st_ino_; 3244 } 3245 3246 return 0; 3247 } 3248 3249 off64_t soinfo::get_file_offset() const { 3250 if (has_min_version(1)) { 3251 return file_offset_; 3252 } 3253 3254 return 0; 3255 } 3256 3257 uint32_t soinfo::get_rtld_flags() const { 3258 if (has_min_version(1)) { 3259 return rtld_flags_; 3260 } 3261 3262 return 0; 3263 } 3264 3265 uint32_t soinfo::get_dt_flags_1() const { 3266 if (has_min_version(1)) { 3267 return dt_flags_1_; 3268 } 3269 3270 return 0; 3271 } 3272 3273 void soinfo::set_dt_flags_1(uint32_t dt_flags_1) { 3274 if (has_min_version(1)) { 3275 if ((dt_flags_1 & DF_1_GLOBAL) != 0) { 3276 rtld_flags_ |= RTLD_GLOBAL; 3277 } 3278 3279 if ((dt_flags_1 & DF_1_NODELETE) != 0) { 3280 rtld_flags_ |= RTLD_NODELETE; 3281 } 3282 3283 dt_flags_1_ = dt_flags_1; 3284 } 3285 } 3286 3287 void soinfo::set_nodelete() { 3288 rtld_flags_ |= RTLD_NODELETE; 3289 } 3290 3291 const char* soinfo::get_realpath() const { 3292 #if defined(__work_around_b_24465209__) 3293 if (has_min_version(2)) { 3294 return realpath_.c_str(); 3295 } else { 3296 return old_name_; 3297 } 3298 #else 3299 return realpath_.c_str(); 3300 #endif 3301 } 3302 3303 void soinfo::set_soname(const char* soname) { 3304 #if defined(__work_around_b_24465209__) 3305 if (has_min_version(2)) { 3306 soname_ = soname; 3307 } 3308 strlcpy(old_name_, soname_, sizeof(old_name_)); 3309 #else 3310 soname_ = soname; 3311 #endif 3312 } 3313 3314 const char* soinfo::get_soname() const { 3315 #if defined(__work_around_b_24465209__) 3316 if (has_min_version(2)) { 3317 return soname_; 3318 } else { 3319 return old_name_; 3320 } 3321 #else 3322 return soname_; 3323 #endif 3324 } 3325 3326 // This is a return on get_children()/get_parents() if 3327 // 'this->flags' does not have FLAG_NEW_SOINFO set. 3328 static soinfo::soinfo_list_t g_empty_list; 3329 3330 soinfo::soinfo_list_t& soinfo::get_children() { 3331 if (has_min_version(0)) { 3332 return children_; 3333 } 3334 3335 return g_empty_list; 3336 } 3337 3338 const soinfo::soinfo_list_t& soinfo::get_children() const { 3339 if (has_min_version(0)) { 3340 return children_; 3341 } 3342 3343 return g_empty_list; 3344 } 3345 3346 soinfo::soinfo_list_t& soinfo::get_parents() { 3347 if (has_min_version(0)) { 3348 return parents_; 3349 } 3350 3351 return g_empty_list; 3352 } 3353 3354 static std::vector<std::string> g_empty_runpath; 3355 3356 const std::vector<std::string>& soinfo::get_dt_runpath() const { 3357 if (has_min_version(3)) { 3358 return dt_runpath_; 3359 } 3360 3361 return g_empty_runpath; 3362 } 3363 3364 android_namespace_t* soinfo::get_primary_namespace() { 3365 if (has_min_version(3)) { 3366 return primary_namespace_; 3367 } 3368 3369 return &g_default_namespace; 3370 } 3371 3372 void soinfo::add_secondary_namespace(android_namespace_t* secondary_ns) { 3373 CHECK(has_min_version(3)); 3374 secondary_namespaces_.push_back(secondary_ns); 3375 } 3376 3377 ElfW(Addr) soinfo::resolve_symbol_address(const ElfW(Sym)* s) const { 3378 if (ELF_ST_TYPE(s->st_info) == STT_GNU_IFUNC) { 3379 return call_ifunc_resolver(s->st_value + load_bias); 3380 } 3381 3382 return static_cast<ElfW(Addr)>(s->st_value + load_bias); 3383 } 3384 3385 const char* soinfo::get_string(ElfW(Word) index) const { 3386 if (has_min_version(1) && (index >= strtab_size_)) { 3387 __libc_fatal("%s: strtab out of bounds error; STRSZ=%zd, name=%d", 3388 get_realpath(), strtab_size_, index); 3389 } 3390 3391 return strtab_ + index; 3392 } 3393 3394 bool soinfo::is_gnu_hash() const { 3395 return (flags_ & FLAG_GNU_HASH) != 0; 3396 } 3397 3398 bool soinfo::can_unload() const { 3399 return !is_linked() || ((get_rtld_flags() & (RTLD_NODELETE | RTLD_GLOBAL)) == 0); 3400 } 3401 3402 bool soinfo::is_linked() const { 3403 return (flags_ & FLAG_LINKED) != 0; 3404 } 3405 3406 bool soinfo::is_main_executable() const { 3407 return (flags_ & FLAG_EXE) != 0; 3408 } 3409 3410 bool soinfo::is_linker() const { 3411 return (flags_ & FLAG_LINKER) != 0; 3412 } 3413 3414 void soinfo::set_linked() { 3415 flags_ |= FLAG_LINKED; 3416 } 3417 3418 void soinfo::set_linker_flag() { 3419 flags_ |= FLAG_LINKER; 3420 } 3421 3422 void soinfo::set_main_executable() { 3423 flags_ |= FLAG_EXE; 3424 } 3425 3426 void soinfo::increment_ref_count() { 3427 local_group_root_->ref_count_++; 3428 } 3429 3430 size_t soinfo::decrement_ref_count() { 3431 return --local_group_root_->ref_count_; 3432 } 3433 3434 soinfo* soinfo::get_local_group_root() const { 3435 return local_group_root_; 3436 } 3437 3438 3439 void soinfo::set_mapped_by_caller(bool mapped_by_caller) { 3440 if (mapped_by_caller) { 3441 flags_ |= FLAG_MAPPED_BY_CALLER; 3442 } else { 3443 flags_ &= ~FLAG_MAPPED_BY_CALLER; 3444 } 3445 } 3446 3447 bool soinfo::is_mapped_by_caller() const { 3448 return (flags_ & FLAG_MAPPED_BY_CALLER) != 0; 3449 } 3450 3451 // This function returns api-level at the time of 3452 // dlopen/load. Note that libraries opened by system 3453 // will always have 'current' api level. 3454 uint32_t soinfo::get_target_sdk_version() const { 3455 if (!has_min_version(2)) { 3456 return __ANDROID_API__; 3457 } 3458 3459 return local_group_root_->target_sdk_version_; 3460 } 3461 3462 uintptr_t soinfo::get_handle() const { 3463 CHECK(has_min_version(3)); 3464 CHECK(handle_ != 0); 3465 return handle_; 3466 } 3467 3468 void* soinfo::to_handle() { 3469 if (get_application_target_sdk_version() <= 23 || !has_min_version(3)) { 3470 return this; 3471 } 3472 3473 return reinterpret_cast<void*>(get_handle()); 3474 } 3475 3476 void soinfo::generate_handle() { 3477 CHECK(has_min_version(3)); 3478 CHECK(handle_ == 0); // Make sure this is the first call 3479 3480 // Make sure the handle is unique and does not collide 3481 // with special values which are RTLD_DEFAULT and RTLD_NEXT. 3482 do { 3483 arc4random_buf(&handle_, sizeof(handle_)); 3484 // the least significant bit for the handle is always 1 3485 // making it easy to test the type of handle passed to 3486 // dl* functions. 3487 handle_ = handle_ | 1; 3488 } while (handle_ == reinterpret_cast<uintptr_t>(RTLD_DEFAULT) || 3489 handle_ == reinterpret_cast<uintptr_t>(RTLD_NEXT) || 3490 g_soinfo_handles_map.find(handle_) != g_soinfo_handles_map.end()); 3491 3492 g_soinfo_handles_map[handle_] = this; 3493 } 3494 3495 bool soinfo::prelink_image() { 3496 /* Extract dynamic section */ 3497 ElfW(Word) dynamic_flags = 0; 3498 phdr_table_get_dynamic_section(phdr, phnum, load_bias, &dynamic, &dynamic_flags); 3499 3500 /* We can't log anything until the linker is relocated */ 3501 bool relocating_linker = (flags_ & FLAG_LINKER) != 0; 3502 if (!relocating_linker) { 3503 INFO("[ Linking \"%s\" ]", get_realpath()); 3504 DEBUG("si->base = %p si->flags = 0x%08x", reinterpret_cast<void*>(base), flags_); 3505 } 3506 3507 if (dynamic == nullptr) { 3508 if (!relocating_linker) { 3509 DL_ERR("missing PT_DYNAMIC in \"%s\"", get_realpath()); 3510 } 3511 return false; 3512 } else { 3513 if (!relocating_linker) { 3514 DEBUG("dynamic = %p", dynamic); 3515 } 3516 } 3517 3518 #if defined(__arm__) 3519 (void) phdr_table_get_arm_exidx(phdr, phnum, load_bias, 3520 &ARM_exidx, &ARM_exidx_count); 3521 #endif 3522 3523 // Extract useful information from dynamic section. 3524 // Note that: "Except for the DT_NULL element at the end of the array, 3525 // and the relative order of DT_NEEDED elements, entries may appear in any order." 3526 // 3527 // source: http://www.sco.com/developers/gabi/1998-04-29/ch5.dynamic.html 3528 uint32_t needed_count = 0; 3529 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 3530 DEBUG("d = %p, d[0](tag) = %p d[1](val) = %p", 3531 d, reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 3532 switch (d->d_tag) { 3533 case DT_SONAME: 3534 // this is parsed after we have strtab initialized (see below). 3535 break; 3536 3537 case DT_HASH: 3538 nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 3539 nchain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 3540 bucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8); 3541 chain_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr + 8 + nbucket_ * 4); 3542 break; 3543 3544 case DT_GNU_HASH: 3545 gnu_nbucket_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[0]; 3546 // skip symndx 3547 gnu_maskwords_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[2]; 3548 gnu_shift2_ = reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[3]; 3549 3550 gnu_bloom_filter_ = reinterpret_cast<ElfW(Addr)*>(load_bias + d->d_un.d_ptr + 16); 3551 gnu_bucket_ = reinterpret_cast<uint32_t*>(gnu_bloom_filter_ + gnu_maskwords_); 3552 // amend chain for symndx = header[1] 3553 gnu_chain_ = gnu_bucket_ + gnu_nbucket_ - 3554 reinterpret_cast<uint32_t*>(load_bias + d->d_un.d_ptr)[1]; 3555 3556 if (!powerof2(gnu_maskwords_)) { 3557 DL_ERR("invalid maskwords for gnu_hash = 0x%x, in \"%s\" expecting power to two", 3558 gnu_maskwords_, get_realpath()); 3559 return false; 3560 } 3561 --gnu_maskwords_; 3562 3563 flags_ |= FLAG_GNU_HASH; 3564 break; 3565 3566 case DT_STRTAB: 3567 strtab_ = reinterpret_cast<const char*>(load_bias + d->d_un.d_ptr); 3568 break; 3569 3570 case DT_STRSZ: 3571 strtab_size_ = d->d_un.d_val; 3572 break; 3573 3574 case DT_SYMTAB: 3575 symtab_ = reinterpret_cast<ElfW(Sym)*>(load_bias + d->d_un.d_ptr); 3576 break; 3577 3578 case DT_SYMENT: 3579 if (d->d_un.d_val != sizeof(ElfW(Sym))) { 3580 DL_ERR("invalid DT_SYMENT: %zd in \"%s\"", 3581 static_cast<size_t>(d->d_un.d_val), get_realpath()); 3582 return false; 3583 } 3584 break; 3585 3586 case DT_PLTREL: 3587 #if defined(USE_RELA) 3588 if (d->d_un.d_val != DT_RELA) { 3589 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_RELA", get_realpath()); 3590 return false; 3591 } 3592 #else 3593 if (d->d_un.d_val != DT_REL) { 3594 DL_ERR("unsupported DT_PLTREL in \"%s\"; expected DT_REL", get_realpath()); 3595 return false; 3596 } 3597 #endif 3598 break; 3599 3600 case DT_JMPREL: 3601 #if defined(USE_RELA) 3602 plt_rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 3603 #else 3604 plt_rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 3605 #endif 3606 break; 3607 3608 case DT_PLTRELSZ: 3609 #if defined(USE_RELA) 3610 plt_rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 3611 #else 3612 plt_rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 3613 #endif 3614 break; 3615 3616 case DT_PLTGOT: 3617 #if defined(__mips__) 3618 // Used by mips and mips64. 3619 plt_got_ = reinterpret_cast<ElfW(Addr)**>(load_bias + d->d_un.d_ptr); 3620 #endif 3621 // Ignore for other platforms... (because RTLD_LAZY is not supported) 3622 break; 3623 3624 case DT_DEBUG: 3625 // Set the DT_DEBUG entry to the address of _r_debug for GDB 3626 // if the dynamic table is writable 3627 // FIXME: not working currently for N64 3628 // The flags for the LOAD and DYNAMIC program headers do not agree. 3629 // The LOAD section containing the dynamic table has been mapped as 3630 // read-only, but the DYNAMIC header claims it is writable. 3631 #if !(defined(__mips__) && defined(__LP64__)) 3632 if ((dynamic_flags & PF_W) != 0) { 3633 d->d_un.d_val = reinterpret_cast<uintptr_t>(&_r_debug); 3634 } 3635 #endif 3636 break; 3637 #if defined(USE_RELA) 3638 case DT_RELA: 3639 rela_ = reinterpret_cast<ElfW(Rela)*>(load_bias + d->d_un.d_ptr); 3640 break; 3641 3642 case DT_RELASZ: 3643 rela_count_ = d->d_un.d_val / sizeof(ElfW(Rela)); 3644 break; 3645 3646 case DT_ANDROID_RELA: 3647 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 3648 break; 3649 3650 case DT_ANDROID_RELASZ: 3651 android_relocs_size_ = d->d_un.d_val; 3652 break; 3653 3654 case DT_ANDROID_REL: 3655 DL_ERR("unsupported DT_ANDROID_REL in \"%s\"", get_realpath()); 3656 return false; 3657 3658 case DT_ANDROID_RELSZ: 3659 DL_ERR("unsupported DT_ANDROID_RELSZ in \"%s\"", get_realpath()); 3660 return false; 3661 3662 case DT_RELAENT: 3663 if (d->d_un.d_val != sizeof(ElfW(Rela))) { 3664 DL_ERR("invalid DT_RELAENT: %zd", static_cast<size_t>(d->d_un.d_val)); 3665 return false; 3666 } 3667 break; 3668 3669 // ignored (see DT_RELCOUNT comments for details) 3670 case DT_RELACOUNT: 3671 break; 3672 3673 case DT_REL: 3674 DL_ERR("unsupported DT_REL in \"%s\"", get_realpath()); 3675 return false; 3676 3677 case DT_RELSZ: 3678 DL_ERR("unsupported DT_RELSZ in \"%s\"", get_realpath()); 3679 return false; 3680 3681 #else 3682 case DT_REL: 3683 rel_ = reinterpret_cast<ElfW(Rel)*>(load_bias + d->d_un.d_ptr); 3684 break; 3685 3686 case DT_RELSZ: 3687 rel_count_ = d->d_un.d_val / sizeof(ElfW(Rel)); 3688 break; 3689 3690 case DT_RELENT: 3691 if (d->d_un.d_val != sizeof(ElfW(Rel))) { 3692 DL_ERR("invalid DT_RELENT: %zd", static_cast<size_t>(d->d_un.d_val)); 3693 return false; 3694 } 3695 break; 3696 3697 case DT_ANDROID_REL: 3698 android_relocs_ = reinterpret_cast<uint8_t*>(load_bias + d->d_un.d_ptr); 3699 break; 3700 3701 case DT_ANDROID_RELSZ: 3702 android_relocs_size_ = d->d_un.d_val; 3703 break; 3704 3705 case DT_ANDROID_RELA: 3706 DL_ERR("unsupported DT_ANDROID_RELA in \"%s\"", get_realpath()); 3707 return false; 3708 3709 case DT_ANDROID_RELASZ: 3710 DL_ERR("unsupported DT_ANDROID_RELASZ in \"%s\"", get_realpath()); 3711 return false; 3712 3713 // "Indicates that all RELATIVE relocations have been concatenated together, 3714 // and specifies the RELATIVE relocation count." 3715 // 3716 // TODO: Spec also mentions that this can be used to optimize relocation process; 3717 // Not currently used by bionic linker - ignored. 3718 case DT_RELCOUNT: 3719 break; 3720 3721 case DT_RELA: 3722 DL_ERR("unsupported DT_RELA in \"%s\"", get_realpath()); 3723 return false; 3724 3725 case DT_RELASZ: 3726 DL_ERR("unsupported DT_RELASZ in \"%s\"", get_realpath()); 3727 return false; 3728 3729 #endif 3730 case DT_INIT: 3731 init_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 3732 DEBUG("%s constructors (DT_INIT) found at %p", get_realpath(), init_func_); 3733 break; 3734 3735 case DT_FINI: 3736 fini_func_ = reinterpret_cast<linker_function_t>(load_bias + d->d_un.d_ptr); 3737 DEBUG("%s destructors (DT_FINI) found at %p", get_realpath(), fini_func_); 3738 break; 3739 3740 case DT_INIT_ARRAY: 3741 init_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3742 DEBUG("%s constructors (DT_INIT_ARRAY) found at %p", get_realpath(), init_array_); 3743 break; 3744 3745 case DT_INIT_ARRAYSZ: 3746 init_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3747 break; 3748 3749 case DT_FINI_ARRAY: 3750 fini_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3751 DEBUG("%s destructors (DT_FINI_ARRAY) found at %p", get_realpath(), fini_array_); 3752 break; 3753 3754 case DT_FINI_ARRAYSZ: 3755 fini_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3756 break; 3757 3758 case DT_PREINIT_ARRAY: 3759 preinit_array_ = reinterpret_cast<linker_function_t*>(load_bias + d->d_un.d_ptr); 3760 DEBUG("%s constructors (DT_PREINIT_ARRAY) found at %p", get_realpath(), preinit_array_); 3761 break; 3762 3763 case DT_PREINIT_ARRAYSZ: 3764 preinit_array_count_ = static_cast<uint32_t>(d->d_un.d_val) / sizeof(ElfW(Addr)); 3765 break; 3766 3767 case DT_TEXTREL: 3768 #if defined(__LP64__) 3769 DL_ERR("text relocations (DT_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 3770 return false; 3771 #else 3772 has_text_relocations = true; 3773 break; 3774 #endif 3775 3776 case DT_SYMBOLIC: 3777 has_DT_SYMBOLIC = true; 3778 break; 3779 3780 case DT_NEEDED: 3781 ++needed_count; 3782 break; 3783 3784 case DT_FLAGS: 3785 if (d->d_un.d_val & DF_TEXTREL) { 3786 #if defined(__LP64__) 3787 DL_ERR("text relocations (DF_TEXTREL) found in 64-bit ELF file \"%s\"", get_realpath()); 3788 return false; 3789 #else 3790 has_text_relocations = true; 3791 #endif 3792 } 3793 if (d->d_un.d_val & DF_SYMBOLIC) { 3794 has_DT_SYMBOLIC = true; 3795 } 3796 break; 3797 3798 case DT_FLAGS_1: 3799 set_dt_flags_1(d->d_un.d_val); 3800 3801 if ((d->d_un.d_val & ~SUPPORTED_DT_FLAGS_1) != 0) { 3802 DL_WARN("%s: unsupported flags DT_FLAGS_1=%p", get_realpath(), reinterpret_cast<void*>(d->d_un.d_val)); 3803 } 3804 break; 3805 #if defined(__mips__) 3806 case DT_MIPS_RLD_MAP: 3807 // Set the DT_MIPS_RLD_MAP entry to the address of _r_debug for GDB. 3808 { 3809 r_debug** dp = reinterpret_cast<r_debug**>(load_bias + d->d_un.d_ptr); 3810 *dp = &_r_debug; 3811 } 3812 break; 3813 case DT_MIPS_RLD_MAP2: 3814 // Set the DT_MIPS_RLD_MAP2 entry to the address of _r_debug for GDB. 3815 { 3816 r_debug** dp = reinterpret_cast<r_debug**>( 3817 reinterpret_cast<ElfW(Addr)>(d) + d->d_un.d_val); 3818 *dp = &_r_debug; 3819 } 3820 break; 3821 3822 case DT_MIPS_RLD_VERSION: 3823 case DT_MIPS_FLAGS: 3824 case DT_MIPS_BASE_ADDRESS: 3825 case DT_MIPS_UNREFEXTNO: 3826 break; 3827 3828 case DT_MIPS_SYMTABNO: 3829 mips_symtabno_ = d->d_un.d_val; 3830 break; 3831 3832 case DT_MIPS_LOCAL_GOTNO: 3833 mips_local_gotno_ = d->d_un.d_val; 3834 break; 3835 3836 case DT_MIPS_GOTSYM: 3837 mips_gotsym_ = d->d_un.d_val; 3838 break; 3839 #endif 3840 // Ignored: "Its use has been superseded by the DF_BIND_NOW flag" 3841 case DT_BIND_NOW: 3842 break; 3843 3844 case DT_VERSYM: 3845 versym_ = reinterpret_cast<ElfW(Versym)*>(load_bias + d->d_un.d_ptr); 3846 break; 3847 3848 case DT_VERDEF: 3849 verdef_ptr_ = load_bias + d->d_un.d_ptr; 3850 break; 3851 case DT_VERDEFNUM: 3852 verdef_cnt_ = d->d_un.d_val; 3853 break; 3854 3855 case DT_VERNEED: 3856 verneed_ptr_ = load_bias + d->d_un.d_ptr; 3857 break; 3858 3859 case DT_VERNEEDNUM: 3860 verneed_cnt_ = d->d_un.d_val; 3861 break; 3862 3863 case DT_RUNPATH: 3864 // this is parsed after we have strtab initialized (see below). 3865 break; 3866 3867 default: 3868 if (!relocating_linker) { 3869 DL_WARN("%s: unused DT entry: type %p arg %p", get_realpath(), 3870 reinterpret_cast<void*>(d->d_tag), reinterpret_cast<void*>(d->d_un.d_val)); 3871 } 3872 break; 3873 } 3874 } 3875 3876 #if defined(__mips__) && !defined(__LP64__) 3877 if (!mips_check_and_adjust_fp_modes()) { 3878 return false; 3879 } 3880 #endif 3881 3882 DEBUG("si->base = %p, si->strtab = %p, si->symtab = %p", 3883 reinterpret_cast<void*>(base), strtab_, symtab_); 3884 3885 // Sanity checks. 3886 if (relocating_linker && needed_count != 0) { 3887 DL_ERR("linker cannot have DT_NEEDED dependencies on other libraries"); 3888 return false; 3889 } 3890 if (nbucket_ == 0 && gnu_nbucket_ == 0) { 3891 DL_ERR("empty/missing DT_HASH/DT_GNU_HASH in \"%s\" " 3892 "(new hash type from the future?)", get_realpath()); 3893 return false; 3894 } 3895 if (strtab_ == 0) { 3896 DL_ERR("empty/missing DT_STRTAB in \"%s\"", get_realpath()); 3897 return false; 3898 } 3899 if (symtab_ == 0) { 3900 DL_ERR("empty/missing DT_SYMTAB in \"%s\"", get_realpath()); 3901 return false; 3902 } 3903 3904 // second pass - parse entries relying on strtab 3905 for (ElfW(Dyn)* d = dynamic; d->d_tag != DT_NULL; ++d) { 3906 switch (d->d_tag) { 3907 case DT_SONAME: 3908 set_soname(get_string(d->d_un.d_val)); 3909 break; 3910 case DT_RUNPATH: 3911 set_dt_runpath(get_string(d->d_un.d_val)); 3912 break; 3913 } 3914 } 3915 3916 // Before M release linker was using basename in place of soname. 3917 // In the case when dt_soname is absent some apps stop working 3918 // because they can't find dt_needed library by soname. 3919 // This workaround should keep them working. (applies only 3920 // for apps targeting sdk version <=22). Make an exception for 3921 // the main executable and linker; they do not need to have dt_soname 3922 if (soname_ == nullptr && this != somain && (flags_ & FLAG_LINKER) == 0 && 3923 get_application_target_sdk_version() <= 22) { 3924 soname_ = basename(realpath_.c_str()); 3925 DL_WARN("%s: is missing DT_SONAME will use basename as a replacement: \"%s\"", 3926 get_realpath(), soname_); 3927 // Don't call add_dlwarning because a missing DT_SONAME isn't important enough to show in the UI 3928 } 3929 return true; 3930 } 3931 3932 bool soinfo::link_image(const soinfo_list_t& global_group, const soinfo_list_t& local_group, 3933 const android_dlextinfo* extinfo) { 3934 3935 local_group_root_ = local_group.front(); 3936 if (local_group_root_ == nullptr) { 3937 local_group_root_ = this; 3938 } 3939 3940 if ((flags_ & FLAG_LINKER) == 0 && local_group_root_ == this) { 3941 target_sdk_version_ = get_application_target_sdk_version(); 3942 } 3943 3944 VersionTracker version_tracker; 3945 3946 if (!version_tracker.init(this)) { 3947 return false; 3948 } 3949 3950 #if !defined(__LP64__) 3951 if (has_text_relocations) { 3952 // Fail if app is targeting sdk version > 22 3953 if (get_application_target_sdk_version() > 22) { 3954 PRINT("%s: has text relocations", get_realpath()); 3955 DL_ERR("%s: has text relocations", get_realpath()); 3956 return false; 3957 } 3958 // Make segments writable to allow text relocations to work properly. We will later call 3959 // phdr_table_protect_segments() after all of them are applied. 3960 DL_WARN("%s has text relocations. This is wasting memory and prevents " 3961 "security hardening. Please fix.", get_realpath()); 3962 add_dlwarning(get_realpath(), "text relocations"); 3963 if (phdr_table_unprotect_segments(phdr, phnum, load_bias) < 0) { 3964 DL_ERR("can't unprotect loadable segments for \"%s\": %s", 3965 get_realpath(), strerror(errno)); 3966 return false; 3967 } 3968 } 3969 #endif 3970 3971 if (android_relocs_ != nullptr) { 3972 // check signature 3973 if (android_relocs_size_ > 3 && 3974 android_relocs_[0] == 'A' && 3975 android_relocs_[1] == 'P' && 3976 android_relocs_[2] == 'S' && 3977 android_relocs_[3] == '2') { 3978 DEBUG("[ android relocating %s ]", get_realpath()); 3979 3980 bool relocated = false; 3981 const uint8_t* packed_relocs = android_relocs_ + 4; 3982 const size_t packed_relocs_size = android_relocs_size_ - 4; 3983 3984 relocated = relocate( 3985 version_tracker, 3986 packed_reloc_iterator<sleb128_decoder>( 3987 sleb128_decoder(packed_relocs, packed_relocs_size)), 3988 global_group, local_group); 3989 3990 if (!relocated) { 3991 return false; 3992 } 3993 } else { 3994 DL_ERR("bad android relocation header."); 3995 return false; 3996 } 3997 } 3998 3999 #if defined(USE_RELA) 4000 if (rela_ != nullptr) { 4001 DEBUG("[ relocating %s ]", get_realpath()); 4002 if (!relocate(version_tracker, 4003 plain_reloc_iterator(rela_, rela_count_), global_group, local_group)) { 4004 return false; 4005 } 4006 } 4007 if (plt_rela_ != nullptr) { 4008 DEBUG("[ relocating %s plt ]", get_realpath()); 4009 if (!relocate(version_tracker, 4010 plain_reloc_iterator(plt_rela_, plt_rela_count_), global_group, local_group)) { 4011 return false; 4012 } 4013 } 4014 #else 4015 if (rel_ != nullptr) { 4016 DEBUG("[ relocating %s ]", get_realpath()); 4017 if (!relocate(version_tracker, 4018 plain_reloc_iterator(rel_, rel_count_), global_group, local_group)) { 4019 return false; 4020 } 4021 } 4022 if (plt_rel_ != nullptr) { 4023 DEBUG("[ relocating %s plt ]", get_realpath()); 4024 if (!relocate(version_tracker, 4025 plain_reloc_iterator(plt_rel_, plt_rel_count_), global_group, local_group)) { 4026 return false; 4027 } 4028 } 4029 #endif 4030 4031 #if defined(__mips__) 4032 if (!mips_relocate_got(version_tracker, global_group, local_group)) { 4033 return false; 4034 } 4035 #endif 4036 4037 DEBUG("[ finished linking %s ]", get_realpath()); 4038 4039 #if !defined(__LP64__) 4040 if (has_text_relocations) { 4041 // All relocations are done, we can protect our segments back to read-only. 4042 if (phdr_table_protect_segments(phdr, phnum, load_bias) < 0) { 4043 DL_ERR("can't protect segments for \"%s\": %s", 4044 get_realpath(), strerror(errno)); 4045 return false; 4046 } 4047 } 4048 #endif 4049 4050 // We can also turn on GNU RELRO protection if we're not linking the dynamic linker 4051 // itself --- it can't make system calls yet, and will have to call protect_relro later. 4052 if (!is_linker() && !protect_relro()) { 4053 return false; 4054 } 4055 4056 /* Handle serializing/sharing the RELRO segment */ 4057 if (extinfo && (extinfo->flags & ANDROID_DLEXT_WRITE_RELRO)) { 4058 if (phdr_table_serialize_gnu_relro(phdr, phnum, load_bias, 4059 extinfo->relro_fd) < 0) { 4060 DL_ERR("failed serializing GNU RELRO section for \"%s\": %s", 4061 get_realpath(), strerror(errno)); 4062 return false; 4063 } 4064 } else if (extinfo && (extinfo->flags & ANDROID_DLEXT_USE_RELRO)) { 4065 if (phdr_table_map_gnu_relro(phdr, phnum, load_bias, 4066 extinfo->relro_fd) < 0) { 4067 DL_ERR("failed mapping GNU RELRO section for \"%s\": %s", 4068 get_realpath(), strerror(errno)); 4069 return false; 4070 } 4071 } 4072 4073 notify_gdb_of_load(this); 4074 return true; 4075 } 4076 4077 bool soinfo::protect_relro() { 4078 if (phdr_table_protect_gnu_relro(phdr, phnum, load_bias) < 0) { 4079 DL_ERR("can't enable GNU RELRO protection for \"%s\": %s", 4080 get_realpath(), strerror(errno)); 4081 return false; 4082 } 4083 return true; 4084 } 4085 4086 /* 4087 * This function add vdso to internal dso list. 4088 * It helps to stack unwinding through signal handlers. 4089 * Also, it makes bionic more like glibc. 4090 */ 4091 static void add_vdso(KernelArgumentBlock& args __unused) { 4092 #if defined(AT_SYSINFO_EHDR) 4093 ElfW(Ehdr)* ehdr_vdso = reinterpret_cast<ElfW(Ehdr)*>(args.getauxval(AT_SYSINFO_EHDR)); 4094 if (ehdr_vdso == nullptr) { 4095 return; 4096 } 4097 4098 soinfo* si = soinfo_alloc(&g_default_namespace, "[vdso]", nullptr, 0, 0); 4099 4100 si->phdr = reinterpret_cast<ElfW(Phdr)*>(reinterpret_cast<char*>(ehdr_vdso) + ehdr_vdso->e_phoff); 4101 si->phnum = ehdr_vdso->e_phnum; 4102 si->base = reinterpret_cast<ElfW(Addr)>(ehdr_vdso); 4103 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 4104 si->load_bias = get_elf_exec_load_bias(ehdr_vdso); 4105 4106 si->prelink_image(); 4107 si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr); 4108 #endif 4109 } 4110 4111 /* gdb expects the linker to be in the debug shared object list. 4112 * Without this, gdb has trouble locating the linker's ".text" 4113 * and ".plt" sections. Gdb could also potentially use this to 4114 * relocate the offset of our exported 'rtld_db_dlactivity' symbol. 4115 * Note that the linker shouldn't be on the soinfo list. 4116 */ 4117 static void init_linker_info_for_gdb(ElfW(Addr) linker_base) { 4118 static link_map linker_link_map_for_gdb; 4119 #if defined(__LP64__) 4120 static char kLinkerPath[] = "/system/bin/linker64"; 4121 #else 4122 static char kLinkerPath[] = "/system/bin/linker"; 4123 #endif 4124 4125 linker_link_map_for_gdb.l_addr = linker_base; 4126 linker_link_map_for_gdb.l_name = kLinkerPath; 4127 4128 /* 4129 * Set the dynamic field in the link map otherwise gdb will complain with 4130 * the following: 4131 * warning: .dynamic section for "/system/bin/linker" is not at the 4132 * expected address (wrong library or version mismatch?) 4133 */ 4134 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_base); 4135 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_base + elf_hdr->e_phoff); 4136 phdr_table_get_dynamic_section(phdr, elf_hdr->e_phnum, linker_base, 4137 &linker_link_map_for_gdb.l_ld, nullptr); 4138 4139 insert_link_map_into_debug_map(&linker_link_map_for_gdb); 4140 } 4141 4142 static void init_default_namespace() { 4143 g_default_namespace.set_name("(default)"); 4144 g_default_namespace.set_isolated(false); 4145 4146 const char *interp = phdr_table_get_interpreter_name(somain->phdr, somain->phnum, 4147 somain->load_bias); 4148 const char* bname = basename(interp); 4149 if (bname && (strcmp(bname, "linker_asan") == 0 || strcmp(bname, "linker_asan64") == 0)) { 4150 g_default_ld_paths = kAsanDefaultLdPaths; 4151 g_is_asan = true; 4152 } else { 4153 g_default_ld_paths = kDefaultLdPaths; 4154 } 4155 4156 std::vector<std::string> ld_default_paths; 4157 for (size_t i = 0; g_default_ld_paths[i] != nullptr; ++i) { 4158 ld_default_paths.push_back(g_default_ld_paths[i]); 4159 } 4160 4161 g_default_namespace.set_default_library_paths(std::move(ld_default_paths)); 4162 }; 4163 4164 extern "C" int __system_properties_init(void); 4165 4166 static const char* get_executable_path() { 4167 static std::string executable_path; 4168 if (executable_path.empty()) { 4169 char path[PATH_MAX]; 4170 ssize_t path_len = readlink("/proc/self/exe", path, sizeof(path)); 4171 if (path_len == -1 || path_len >= static_cast<ssize_t>(sizeof(path))) { 4172 __libc_fatal("readlink('/proc/self/exe') failed: %s", strerror(errno)); 4173 } 4174 executable_path = std::string(path, path_len); 4175 } 4176 4177 return executable_path.c_str(); 4178 } 4179 4180 /* 4181 * This code is called after the linker has linked itself and 4182 * fixed it's own GOT. It is safe to make references to externs 4183 * and other non-local data at this point. 4184 */ 4185 static ElfW(Addr) __linker_init_post_relocation(KernelArgumentBlock& args, ElfW(Addr) linker_base) { 4186 #if TIMING 4187 struct timeval t0, t1; 4188 gettimeofday(&t0, 0); 4189 #endif 4190 4191 // Sanitize the environment. 4192 __libc_init_AT_SECURE(args); 4193 4194 // Initialize system properties 4195 __system_properties_init(); // may use 'environ' 4196 4197 debuggerd_init(); 4198 4199 // Get a few environment variables. 4200 const char* LD_DEBUG = getenv("LD_DEBUG"); 4201 if (LD_DEBUG != nullptr) { 4202 g_ld_debug_verbosity = atoi(LD_DEBUG); 4203 } 4204 4205 #if defined(__LP64__) 4206 INFO("[ Android dynamic linker (64-bit) ]"); 4207 #else 4208 INFO("[ Android dynamic linker (32-bit) ]"); 4209 #endif 4210 4211 // These should have been sanitized by __libc_init_AT_SECURE, but the test 4212 // doesn't cost us anything. 4213 const char* ldpath_env = nullptr; 4214 const char* ldpreload_env = nullptr; 4215 if (!getauxval(AT_SECURE)) { 4216 ldpath_env = getenv("LD_LIBRARY_PATH"); 4217 if (ldpath_env != nullptr) { 4218 INFO("[ LD_LIBRARY_PATH set to \"%s\" ]", ldpath_env); 4219 } 4220 ldpreload_env = getenv("LD_PRELOAD"); 4221 if (ldpreload_env != nullptr) { 4222 INFO("[ LD_PRELOAD set to \"%s\" ]", ldpreload_env); 4223 } 4224 } 4225 4226 struct stat file_stat; 4227 // Stat "/proc/self/exe" instead of executable_path because 4228 // the executable could be unlinked by this point and it should 4229 // not cause a crash (see http://b/31084669) 4230 if (TEMP_FAILURE_RETRY(stat("/proc/self/exe", &file_stat)) != 0) { 4231 __libc_fatal("unable to stat \"/proc/self/exe\": %s", strerror(errno)); 4232 } 4233 4234 const char* executable_path = get_executable_path(); 4235 soinfo* si = soinfo_alloc(&g_default_namespace, executable_path, &file_stat, 0, RTLD_GLOBAL); 4236 if (si == nullptr) { 4237 __libc_fatal("Couldn't allocate soinfo: out of memory?"); 4238 } 4239 4240 /* bootstrap the link map, the main exe always needs to be first */ 4241 si->set_main_executable(); 4242 link_map* map = &(si->link_map_head); 4243 4244 // Register the main executable and the linker upfront to have 4245 // gdb aware of them before loading the rest of the dependency 4246 // tree. 4247 map->l_addr = 0; 4248 map->l_name = const_cast<char*>(executable_path); 4249 insert_link_map_into_debug_map(map); 4250 init_linker_info_for_gdb(linker_base); 4251 4252 // Extract information passed from the kernel. 4253 si->phdr = reinterpret_cast<ElfW(Phdr)*>(args.getauxval(AT_PHDR)); 4254 si->phnum = args.getauxval(AT_PHNUM); 4255 si->entry = args.getauxval(AT_ENTRY); 4256 4257 /* Compute the value of si->base. We can't rely on the fact that 4258 * the first entry is the PHDR because this will not be true 4259 * for certain executables (e.g. some in the NDK unit test suite) 4260 */ 4261 si->base = 0; 4262 si->size = phdr_table_get_load_size(si->phdr, si->phnum); 4263 si->load_bias = 0; 4264 for (size_t i = 0; i < si->phnum; ++i) { 4265 if (si->phdr[i].p_type == PT_PHDR) { 4266 si->load_bias = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_vaddr; 4267 si->base = reinterpret_cast<ElfW(Addr)>(si->phdr) - si->phdr[i].p_offset; 4268 break; 4269 } 4270 } 4271 si->dynamic = nullptr; 4272 4273 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(si->base); 4274 if (elf_hdr->e_type != ET_DYN) { 4275 __libc_fatal("\"%s\": error: only position independent executables (PIE) are supported.", 4276 args.argv[0]); 4277 } 4278 4279 // Use LD_LIBRARY_PATH and LD_PRELOAD (but only if we aren't setuid/setgid). 4280 parse_LD_LIBRARY_PATH(ldpath_env); 4281 parse_LD_PRELOAD(ldpreload_env); 4282 4283 somain = si; 4284 4285 init_default_namespace(); 4286 4287 if (!si->prelink_image()) { 4288 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4289 } 4290 4291 // add somain to global group 4292 si->set_dt_flags_1(si->get_dt_flags_1() | DF_1_GLOBAL); 4293 4294 // Load ld_preloads and dependencies. 4295 StringLinkedList needed_library_name_list; 4296 size_t needed_libraries_count = 0; 4297 size_t ld_preloads_count = 0; 4298 4299 for (const auto& ld_preload_name : g_ld_preload_names) { 4300 needed_library_name_list.push_back(ld_preload_name.c_str()); 4301 ++needed_libraries_count; 4302 ++ld_preloads_count; 4303 } 4304 4305 for_each_dt_needed(si, [&](const char* name) { 4306 needed_library_name_list.push_back(name); 4307 ++needed_libraries_count; 4308 }); 4309 4310 const char* needed_library_names[needed_libraries_count]; 4311 4312 memset(needed_library_names, 0, sizeof(needed_library_names)); 4313 needed_library_name_list.copy_to_array(needed_library_names, needed_libraries_count); 4314 4315 if (needed_libraries_count > 0 && 4316 !find_libraries(&g_default_namespace, si, needed_library_names, needed_libraries_count, 4317 nullptr, &g_ld_preloads, ld_preloads_count, RTLD_GLOBAL, nullptr, 4318 /* add_as_children */ true)) { 4319 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4320 } else if (needed_libraries_count == 0) { 4321 if (!si->link_image(g_empty_list, soinfo::soinfo_list_t::make_list(si), nullptr)) { 4322 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4323 } 4324 si->increment_ref_count(); 4325 } 4326 4327 add_vdso(args); 4328 4329 { 4330 ProtectedDataGuard guard; 4331 4332 si->call_pre_init_constructors(); 4333 4334 /* After the prelink_image, the si->load_bias is initialized. 4335 * For so lib, the map->l_addr will be updated in notify_gdb_of_load. 4336 * We need to update this value for so exe here. So Unwind_Backtrace 4337 * for some arch like x86 could work correctly within so exe. 4338 */ 4339 map->l_addr = si->load_bias; 4340 si->call_constructors(); 4341 } 4342 4343 #if TIMING 4344 gettimeofday(&t1, nullptr); 4345 PRINT("LINKER TIME: %s: %d microseconds", args.argv[0], (int) ( 4346 (((long long)t1.tv_sec * 1000000LL) + (long long)t1.tv_usec) - 4347 (((long long)t0.tv_sec * 1000000LL) + (long long)t0.tv_usec))); 4348 #endif 4349 #if STATS 4350 PRINT("RELO STATS: %s: %d abs, %d rel, %d copy, %d symbol", args.argv[0], 4351 linker_stats.count[kRelocAbsolute], 4352 linker_stats.count[kRelocRelative], 4353 linker_stats.count[kRelocCopy], 4354 linker_stats.count[kRelocSymbol]); 4355 #endif 4356 #if COUNT_PAGES 4357 { 4358 unsigned n; 4359 unsigned i; 4360 unsigned count = 0; 4361 for (n = 0; n < 4096; n++) { 4362 if (bitmask[n]) { 4363 unsigned x = bitmask[n]; 4364 #if defined(__LP64__) 4365 for (i = 0; i < 32; i++) { 4366 #else 4367 for (i = 0; i < 8; i++) { 4368 #endif 4369 if (x & 1) { 4370 count++; 4371 } 4372 x >>= 1; 4373 } 4374 } 4375 } 4376 PRINT("PAGES MODIFIED: %s: %d (%dKB)", args.argv[0], count, count * 4); 4377 } 4378 #endif 4379 4380 #if TIMING || STATS || COUNT_PAGES 4381 fflush(stdout); 4382 #endif 4383 4384 TRACE("[ Ready to execute \"%s\" @ %p ]", si->get_realpath(), reinterpret_cast<void*>(si->entry)); 4385 return si->entry; 4386 } 4387 4388 /* Compute the load-bias of an existing executable. This shall only 4389 * be used to compute the load bias of an executable or shared library 4390 * that was loaded by the kernel itself. 4391 * 4392 * Input: 4393 * elf -> address of ELF header, assumed to be at the start of the file. 4394 * Return: 4395 * load bias, i.e. add the value of any p_vaddr in the file to get 4396 * the corresponding address in memory. 4397 */ 4398 static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) { 4399 ElfW(Addr) offset = elf->e_phoff; 4400 const ElfW(Phdr)* phdr_table = 4401 reinterpret_cast<const ElfW(Phdr)*>(reinterpret_cast<uintptr_t>(elf) + offset); 4402 const ElfW(Phdr)* phdr_end = phdr_table + elf->e_phnum; 4403 4404 for (const ElfW(Phdr)* phdr = phdr_table; phdr < phdr_end; phdr++) { 4405 if (phdr->p_type == PT_LOAD) { 4406 return reinterpret_cast<ElfW(Addr)>(elf) + phdr->p_offset - phdr->p_vaddr; 4407 } 4408 } 4409 return 0; 4410 } 4411 4412 static void __linker_cannot_link(KernelArgumentBlock& args) { 4413 __libc_fatal("CANNOT LINK EXECUTABLE \"%s\": %s", args.argv[0], linker_get_error_buffer()); 4414 } 4415 4416 /* 4417 * This is the entry point for the linker, called from begin.S. This 4418 * method is responsible for fixing the linker's own relocations, and 4419 * then calling __linker_init_post_relocation(). 4420 * 4421 * Because this method is called before the linker has fixed it's own 4422 * relocations, any attempt to reference an extern variable, extern 4423 * function, or other GOT reference will generate a segfault. 4424 */ 4425 extern "C" ElfW(Addr) __linker_init(void* raw_args) { 4426 KernelArgumentBlock args(raw_args); 4427 4428 ElfW(Addr) linker_addr = args.getauxval(AT_BASE); 4429 ElfW(Addr) entry_point = args.getauxval(AT_ENTRY); 4430 ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr); 4431 ElfW(Phdr)* phdr = reinterpret_cast<ElfW(Phdr)*>(linker_addr + elf_hdr->e_phoff); 4432 4433 soinfo linker_so(nullptr, nullptr, nullptr, 0, 0); 4434 4435 // If the linker is not acting as PT_INTERP entry_point is equal to 4436 // _start. Which means that the linker is running as an executable and 4437 // already linked by PT_INTERP. 4438 // 4439 // This happens when user tries to run 'adb shell /system/bin/linker' 4440 // see also https://code.google.com/p/android/issues/detail?id=63174 4441 if (reinterpret_cast<ElfW(Addr)>(&_start) == entry_point) { 4442 __libc_format_fd(STDOUT_FILENO, 4443 "This is %s, the helper program for shared library executables.\n", 4444 args.argv[0]); 4445 exit(0); 4446 } 4447 4448 linker_so.base = linker_addr; 4449 linker_so.size = phdr_table_get_load_size(phdr, elf_hdr->e_phnum); 4450 linker_so.load_bias = get_elf_exec_load_bias(elf_hdr); 4451 linker_so.dynamic = nullptr; 4452 linker_so.phdr = phdr; 4453 linker_so.phnum = elf_hdr->e_phnum; 4454 linker_so.set_linker_flag(); 4455 4456 // Prelink the linker so we can access linker globals. 4457 if (!linker_so.prelink_image()) __linker_cannot_link(args); 4458 4459 // This might not be obvious... The reasons why we pass g_empty_list 4460 // in place of local_group here are (1) we do not really need it, because 4461 // linker is built with DT_SYMBOLIC and therefore relocates its symbols against 4462 // itself without having to look into local_group and (2) allocators 4463 // are not yet initialized, and therefore we cannot use linked_list.push_* 4464 // functions at this point. 4465 if (!linker_so.link_image(g_empty_list, g_empty_list, nullptr)) __linker_cannot_link(args); 4466 4467 #if defined(__i386__) 4468 // On x86, we can't make system calls before this point. 4469 // We can't move this up because this needs to assign to a global. 4470 // Note that until we call __libc_init_main_thread below we have 4471 // no TLS, so you shouldn't make a system call that can fail, because 4472 // it will SEGV when it tries to set errno. 4473 __libc_init_sysinfo(args); 4474 #endif 4475 4476 // Initialize the main thread (including TLS, so system calls really work). 4477 __libc_init_main_thread(args); 4478 4479 // We didn't protect the linker's RELRO pages in link_image because we 4480 // couldn't make system calls on x86 at that point, but we can now... 4481 if (!linker_so.protect_relro()) __linker_cannot_link(args); 4482 4483 // Initialize the linker's static libc's globals 4484 __libc_init_globals(args); 4485 4486 // Initialize the linker's own global variables 4487 linker_so.call_constructors(); 4488 4489 // Initialize static variables. Note that in order to 4490 // get correct libdl_info we need to call constructors 4491 // before get_libdl_info(). 4492 solist = get_libdl_info(); 4493 sonext = get_libdl_info(); 4494 g_default_namespace.add_soinfo(get_libdl_info()); 4495 4496 // We have successfully fixed our own relocations. It's safe to run 4497 // the main part of the linker now. 4498 args.abort_message_ptr = &g_abort_message; 4499 ElfW(Addr) start_address = __linker_init_post_relocation(args, linker_addr); 4500 4501 INFO("[ Jumping to _start (%p)... ]", reinterpret_cast<void*>(start_address)); 4502 4503 // Return the address that the calling assembly stub should jump to. 4504 return start_address; 4505 } 4506