1/* Relocate a shared object and resolve its references to other loaded objects.
2 Copyright (C) 1995-2020 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
18
19#include <errno.h>
20#include <libintl.h>
21#include <stdlib.h>
22#include <unistd.h>
23#include <ldsodefs.h>
24#include <sys/mman.h>
25#include <sys/param.h>
26#include <sys/types.h>
27#include <_itoa.h>
28#include <libc-pointer-arith.h>
29#include "dynamic-link.h"
30
31/* Statistics function. */
32#ifdef SHARED
33# define bump_num_cache_relocations() ++GL(dl_num_cache_relocations)
34#else
35# define bump_num_cache_relocations() ((void) 0)
36#endif
37
38
39/* We are trying to perform a static TLS relocation in MAP, but it was
40 dynamically loaded. This can only work if there is enough surplus in
41 the static TLS area already allocated for each running thread. If this
42 object's TLS segment is too big to fit, we fail with -1. If it fits,
43 we set MAP->l_tls_offset and return 0.
44 A portion of the surplus static TLS can be optionally used to optimize
45 dynamic TLS access (with TLSDESC or powerpc TLS optimizations).
46 If OPTIONAL is true then TLS is allocated for such optimization and
47 the caller must have a fallback in case the optional portion of surplus
48 TLS runs out. If OPTIONAL is false then the entire surplus TLS area is
49 considered and the allocation only fails if that runs out. */
50int
51_dl_try_allocate_static_tls (struct link_map *map, bool optional)
52{
53 /* If we've already used the variable with dynamic access, or if the
54 alignment requirements are too high, fail. */
55 if (map->l_tls_offset == FORCED_DYNAMIC_TLS_OFFSET
56 || map->l_tls_align > GL(dl_tls_static_align))
57 {
58 fail:
59 return -1;
60 }
61
62#if TLS_TCB_AT_TP
63 size_t freebytes = GL(dl_tls_static_size) - GL(dl_tls_static_used);
64 if (freebytes < TLS_TCB_SIZE)
65 goto fail;
66 freebytes -= TLS_TCB_SIZE;
67
68 size_t blsize = map->l_tls_blocksize + map->l_tls_firstbyte_offset;
69 if (freebytes < blsize)
70 goto fail;
71
72 size_t n = (freebytes - blsize) / map->l_tls_align;
73
74 /* Account optional static TLS surplus usage. */
75 size_t use = freebytes - n * map->l_tls_align - map->l_tls_firstbyte_offset;
76 if (optional && use > GL(dl_tls_static_optional))
77 goto fail;
78 else if (optional)
79 GL(dl_tls_static_optional) -= use;
80
81 size_t offset = GL(dl_tls_static_used) + use;
82
83 map->l_tls_offset = GL(dl_tls_static_used) = offset;
84#elif TLS_DTV_AT_TP
85 /* dl_tls_static_used includes the TCB at the beginning. */
86 size_t offset = (ALIGN_UP(GL(dl_tls_static_used)
87 - map->l_tls_firstbyte_offset,
88 map->l_tls_align)
89 + map->l_tls_firstbyte_offset);
90 size_t used = offset + map->l_tls_blocksize;
91
92 if (used > GL(dl_tls_static_size))
93 goto fail;
94
95 /* Account optional static TLS surplus usage. */
96 size_t use = used - GL(dl_tls_static_used);
97 if (optional && use > GL(dl_tls_static_optional))
98 goto fail;
99 else if (optional)
100 GL(dl_tls_static_optional) -= use;
101
102 map->l_tls_offset = offset;
103 map->l_tls_firstbyte_offset = GL(dl_tls_static_used);
104 GL(dl_tls_static_used) = used;
105#else
106# error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
107#endif
108
109 /* If the object is not yet relocated we cannot initialize the
110 static TLS region. Delay it. */
111 if (map->l_real->l_relocated)
112 {
113#ifdef SHARED
114 if (__builtin_expect (THREAD_DTV()[0].counter != GL(dl_tls_generation),
115 0))
116 /* Update the slot information data for at least the generation of
117 the DSO we are allocating data for. */
118 (void) _dl_update_slotinfo (map->l_tls_modid);
119#endif
120
121 GL(dl_init_static_tls) (map);
122 }
123 else
124 map->l_need_tls_init = 1;
125
126 return 0;
127}
128
129/* This function intentionally does not return any value but signals error
130 directly, as static TLS should be rare and code handling it should
131 not be inlined as much as possible. */
132void
133__attribute_noinline__
134_dl_allocate_static_tls (struct link_map *map)
135{
136 if (map->l_tls_offset == FORCED_DYNAMIC_TLS_OFFSET
137 || _dl_try_allocate_static_tls (map, false))
138 {
139 _dl_signal_error (0, map->l_name, NULL, N_("\
140cannot allocate memory in static TLS block"));
141 }
142}
143
144/* Initialize static TLS area and DTV for current (only) thread.
145 libpthread implementations should provide their own hook
146 to handle all threads. */
147void
148_dl_nothread_init_static_tls (struct link_map *map)
149{
150#if TLS_TCB_AT_TP
151 void *dest = (char *) THREAD_SELF - map->l_tls_offset;
152#elif TLS_DTV_AT_TP
153 void *dest = (char *) THREAD_SELF + map->l_tls_offset + TLS_PRE_TCB_SIZE;
154#else
155# error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
156#endif
157
158 /* Initialize the memory. */
159 memset (__mempcpy (dest, map->l_tls_initimage, map->l_tls_initimage_size),
160 '\0', map->l_tls_blocksize - map->l_tls_initimage_size);
161}
162
163
164void
165_dl_relocate_object (struct link_map *l, struct r_scope_elem *scope[],
166 int reloc_mode, int consider_profiling)
167{
168 struct textrels
169 {
170 caddr_t start;
171 size_t len;
172 int prot;
173 struct textrels *next;
174 } *textrels = NULL;
175 /* Initialize it to make the compiler happy. */
176 const char *errstring = NULL;
177 int lazy = reloc_mode & RTLD_LAZY;
178 int skip_ifunc = reloc_mode & __RTLD_NOIFUNC;
179
180#ifdef SHARED
181 /* If we are auditing, install the same handlers we need for profiling. */
182 if ((reloc_mode & __RTLD_AUDIT) == 0)
183 consider_profiling |= GLRO(dl_audit) != NULL;
184#elif defined PROF
185 /* Never use dynamic linker profiling for gprof profiling code. */
186# define consider_profiling 0
187#endif
188
189 if (l->l_relocated)
190 return;
191
192 /* If DT_BIND_NOW is set relocate all references in this object. We
193 do not do this if we are profiling, of course. */
194 // XXX Correct for auditing?
195 if (!consider_profiling
196 && __builtin_expect (l->l_info[DT_BIND_NOW] != NULL, 0))
197 lazy = 0;
198
199 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_RELOC))
200 _dl_debug_printf ("\nrelocation processing: %s%s\n",
201 DSO_FILENAME (l->l_name), lazy ? " (lazy)" : "");
202
203 /* DT_TEXTREL is now in level 2 and might phase out at some time.
204 But we rewrite the DT_FLAGS entry to a DT_TEXTREL entry to make
205 testing easier and therefore it will be available at all time. */
206 if (__glibc_unlikely (l->l_info[DT_TEXTREL] != NULL))
207 {
208 /* Bletch. We must make read-only segments writable
209 long enough to relocate them. */
210 const ElfW(Phdr) *ph;
211 for (ph = l->l_phdr; ph < &l->l_phdr[l->l_phnum]; ++ph)
212 if (ph->p_type == PT_LOAD && (ph->p_flags & PF_W) == 0)
213 {
214 struct textrels *newp;
215
216 newp = (struct textrels *) alloca (sizeof (*newp));
217 newp->len = ALIGN_UP (ph->p_vaddr + ph->p_memsz, GLRO(dl_pagesize))
218 - ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize));
219 newp->start = PTR_ALIGN_DOWN (ph->p_vaddr, GLRO(dl_pagesize))
220 + (caddr_t) l->l_addr;
221
222 newp->prot = 0;
223 if (ph->p_flags & PF_R)
224 newp->prot |= PROT_READ;
225 if (ph->p_flags & PF_W)
226 newp->prot |= PROT_WRITE;
227 if (ph->p_flags & PF_X)
228 newp->prot |= PROT_EXEC;
229
230 if (__mprotect (newp->start, newp->len, newp->prot|PROT_WRITE) < 0)
231 {
232 errstring = N_("cannot make segment writable for relocation");
233 call_error:
234 _dl_signal_error (errno, l->l_name, NULL, errstring);
235 }
236
237 newp->next = textrels;
238 textrels = newp;
239 }
240 }
241
242 {
243 /* Do the actual relocation of the object's GOT and other data. */
244
245 /* String table object symbols. */
246 const char *strtab = (const void *) D_PTR (l, l_info[DT_STRTAB]);
247
248 /* This macro is used as a callback from the ELF_DYNAMIC_RELOCATE code. */
249#define RESOLVE_MAP(ref, version, r_type) \
250 ((ELFW(ST_BIND) ((*ref)->st_info) != STB_LOCAL \
251 && __glibc_likely (!dl_symbol_visibility_binds_local_p (*ref))) \
252 ? ((__builtin_expect ((*ref) == l->l_lookup_cache.sym, 0) \
253 && elf_machine_type_class (r_type) == l->l_lookup_cache.type_class) \
254 ? (bump_num_cache_relocations (), \
255 (*ref) = l->l_lookup_cache.ret, \
256 l->l_lookup_cache.value) \
257 : ({ lookup_t _lr; \
258 int _tc = elf_machine_type_class (r_type); \
259 l->l_lookup_cache.type_class = _tc; \
260 l->l_lookup_cache.sym = (*ref); \
261 const struct r_found_version *v = NULL; \
262 if ((version) != NULL && (version)->hash != 0) \
263 v = (version); \
264 _lr = _dl_lookup_symbol_x (strtab + (*ref)->st_name, l, (ref), \
265 scope, v, _tc, \
266 DL_LOOKUP_ADD_DEPENDENCY \
267 | DL_LOOKUP_FOR_RELOCATE, NULL); \
268 l->l_lookup_cache.ret = (*ref); \
269 l->l_lookup_cache.value = _lr; })) \
270 : l)
271
272#include "dynamic-link.h"
273
274 ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc);
275
276#ifndef PROF
277 if (__glibc_unlikely (consider_profiling)
278 && l->l_info[DT_PLTRELSZ] != NULL)
279 {
280 /* Allocate the array which will contain the already found
281 relocations. If the shared object lacks a PLT (for example
282 if it only contains lead function) the l_info[DT_PLTRELSZ]
283 will be NULL. */
284 size_t sizeofrel = l->l_info[DT_PLTREL]->d_un.d_val == DT_RELA
285 ? sizeof (ElfW(Rela))
286 : sizeof (ElfW(Rel));
287 size_t relcount = l->l_info[DT_PLTRELSZ]->d_un.d_val / sizeofrel;
288 l->l_reloc_result = calloc (sizeof (l->l_reloc_result[0]), relcount);
289
290 if (l->l_reloc_result == NULL)
291 {
292 errstring = N_("\
293%s: out of memory to store relocation results for %s\n");
294 _dl_fatal_printf (errstring, RTLD_PROGNAME, l->l_name);
295 }
296 }
297#endif
298 }
299
300 /* Mark the object so we know this work has been done. */
301 l->l_relocated = 1;
302
303 /* Undo the segment protection changes. */
304 while (__builtin_expect (textrels != NULL, 0))
305 {
306 if (__mprotect (textrels->start, textrels->len, textrels->prot) < 0)
307 {
308 errstring = N_("cannot restore segment prot after reloc");
309 goto call_error;
310 }
311
312#ifdef CLEAR_CACHE
313 CLEAR_CACHE (textrels->start, textrels->start + textrels->len);
314#endif
315
316 textrels = textrels->next;
317 }
318
319 /* In case we can protect the data now that the relocations are
320 done, do it. */
321 if (l->l_relro_size != 0)
322 _dl_protect_relro (l);
323}
324
325
326void
327_dl_protect_relro (struct link_map *l)
328{
329 ElfW(Addr) start = ALIGN_DOWN((l->l_addr
330 + l->l_relro_addr),
331 GLRO(dl_pagesize));
332 ElfW(Addr) end = ALIGN_DOWN((l->l_addr
333 + l->l_relro_addr
334 + l->l_relro_size),
335 GLRO(dl_pagesize));
336 if (start != end
337 && __mprotect ((void *) start, end - start, PROT_READ) < 0)
338 {
339 static const char errstring[] = N_("\
340cannot apply additional memory protection after relocation");
341 _dl_signal_error (errno, l->l_name, NULL, errstring);
342 }
343}
344
345void
346__attribute_noinline__
347_dl_reloc_bad_type (struct link_map *map, unsigned int type, int plt)
348{
349#define DIGIT(b) _itoa_lower_digits[(b) & 0xf];
350
351 /* XXX We cannot translate these messages. */
352 static const char msg[2][32
353#if __ELF_NATIVE_CLASS == 64
354 + 6
355#endif
356 ] = { "unexpected reloc type 0x",
357 "unexpected PLT reloc type 0x" };
358 char msgbuf[sizeof (msg[0])];
359 char *cp;
360
361 cp = __stpcpy (msgbuf, msg[plt]);
362#if __ELF_NATIVE_CLASS == 64
363 if (__builtin_expect(type > 0xff, 0))
364 {
365 *cp++ = DIGIT (type >> 28);
366 *cp++ = DIGIT (type >> 24);
367 *cp++ = DIGIT (type >> 20);
368 *cp++ = DIGIT (type >> 16);
369 *cp++ = DIGIT (type >> 12);
370 *cp++ = DIGIT (type >> 8);
371 }
372#endif
373 *cp++ = DIGIT (type >> 4);
374 *cp++ = DIGIT (type);
375 *cp = '\0';
376
377 _dl_signal_error (0, map->l_name, NULL, msgbuf);
378}
379