1 /* Report modules by examining dynamic linker data structures.
2 Copyright (C) 2008-2015 Red Hat, Inc.
3 This file is part of elfutils.
4
5 This file is free software; you can redistribute it and/or modify
6 it under the terms of either
7
8 * the GNU Lesser General Public License as published by the Free
9 Software Foundation; either version 3 of the License, or (at
10 your option) any later version
11
12 or
13
14 * the GNU General Public License as published by the Free
15 Software Foundation; either version 2 of the License, or (at
16 your option) any later version
17
18 or both in parallel, as here.
19
20 elfutils is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
24
25 You should have received copies of the GNU General Public License and
26 the GNU Lesser General Public License along with this program. If
27 not, see <http://www.gnu.org/licenses/>. */
28
29 #include <config.h>
30 #include "libdwflP.h"
31 #include "../libdw/memory-access.h"
32 #include "system.h"
33
34 #include <byteswap.h>
35 #include <endian.h>
36 #include <fcntl.h>
37
38 /* This element is always provided and always has a constant value.
39 This makes it an easy thing to scan for to discern the format. */
40 #define PROBE_TYPE AT_PHENT
41 #define PROBE_VAL32 sizeof (Elf32_Phdr)
42 #define PROBE_VAL64 sizeof (Elf64_Phdr)
43
44
45 static inline bool
do_check64(size_t i,const Elf64_auxv_t (* a64)[],uint_fast8_t * elfdata)46 do_check64 (size_t i, const Elf64_auxv_t (*a64)[], uint_fast8_t *elfdata)
47 {
48 /* The AUXV pointer might not even be naturally aligned for 64-bit
49 data, because note payloads in a core file are not aligned. */
50
51 uint64_t type = read_8ubyte_unaligned_noncvt (&(*a64)[i].a_type);
52 uint64_t val = read_8ubyte_unaligned_noncvt (&(*a64)[i].a_un.a_val);
53
54 if (type == BE64 (PROBE_TYPE)
55 && val == BE64 (PROBE_VAL64))
56 {
57 *elfdata = ELFDATA2MSB;
58 return true;
59 }
60
61 if (type == LE64 (PROBE_TYPE)
62 && val == LE64 (PROBE_VAL64))
63 {
64 *elfdata = ELFDATA2LSB;
65 return true;
66 }
67
68 return false;
69 }
70
71 #define check64(n) do_check64 (n, a64, elfdata)
72
73 static inline bool
do_check32(size_t i,const Elf32_auxv_t (* a32)[],uint_fast8_t * elfdata)74 do_check32 (size_t i, const Elf32_auxv_t (*a32)[], uint_fast8_t *elfdata)
75 {
76 /* The AUXV pointer might not even be naturally aligned for 32-bit
77 data, because note payloads in a core file are not aligned. */
78
79 uint32_t type = read_4ubyte_unaligned_noncvt (&(*a32)[i].a_type);
80 uint32_t val = read_4ubyte_unaligned_noncvt (&(*a32)[i].a_un.a_val);
81
82 if (type == BE32 (PROBE_TYPE)
83 && val == BE32 (PROBE_VAL32))
84 {
85 *elfdata = ELFDATA2MSB;
86 return true;
87 }
88
89 if (type == LE32 (PROBE_TYPE)
90 && val == LE32 (PROBE_VAL32))
91 {
92 *elfdata = ELFDATA2LSB;
93 return true;
94 }
95
96 return false;
97 }
98
99 #define check32(n) do_check32 (n, a32, elfdata)
100
101 /* Examine an auxv data block and determine its format.
102 Return true iff we figured it out. */
103 static bool
auxv_format_probe(const void * auxv,size_t size,uint_fast8_t * elfclass,uint_fast8_t * elfdata)104 auxv_format_probe (const void *auxv, size_t size,
105 uint_fast8_t *elfclass, uint_fast8_t *elfdata)
106 {
107 const Elf32_auxv_t (*a32)[size / sizeof (Elf32_auxv_t)] = (void *) auxv;
108 const Elf64_auxv_t (*a64)[size / sizeof (Elf64_auxv_t)] = (void *) auxv;
109
110 for (size_t i = 0; i < size / sizeof (Elf64_auxv_t); ++i)
111 {
112 if (check64 (i))
113 {
114 *elfclass = ELFCLASS64;
115 return true;
116 }
117
118 if (check32 (i * 2) || check32 (i * 2 + 1))
119 {
120 *elfclass = ELFCLASS32;
121 return true;
122 }
123 }
124
125 return false;
126 }
127
128 /* This is a Dwfl_Memory_Callback that wraps another memory callback.
129 If the underlying callback cannot fill the data, then this will
130 fall back to fetching data from module files. */
131
132 struct integrated_memory_callback
133 {
134 Dwfl_Memory_Callback *memory_callback;
135 void *memory_callback_arg;
136 void *buffer;
137 };
138
139 static bool
integrated_memory_callback(Dwfl * dwfl,int ndx,void ** buffer,size_t * buffer_available,GElf_Addr vaddr,size_t minread,void * arg)140 integrated_memory_callback (Dwfl *dwfl, int ndx,
141 void **buffer, size_t *buffer_available,
142 GElf_Addr vaddr,
143 size_t minread,
144 void *arg)
145 {
146 struct integrated_memory_callback *info = arg;
147
148 if (ndx == -1)
149 {
150 /* Called for cleanup. */
151 if (info->buffer != NULL)
152 {
153 /* The last probe buffer came from the underlying callback.
154 Let it do its cleanup. */
155 assert (*buffer == info->buffer); /* XXX */
156 *buffer = info->buffer;
157 info->buffer = NULL;
158 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
159 vaddr, minread,
160 info->memory_callback_arg);
161 }
162 *buffer = NULL;
163 *buffer_available = 0;
164 return false;
165 }
166
167 if (*buffer != NULL)
168 /* For a final-read request, we only use the underlying callback. */
169 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
170 vaddr, minread, info->memory_callback_arg);
171
172 /* Let the underlying callback try to fill this request. */
173 if ((*info->memory_callback) (dwfl, ndx, &info->buffer, buffer_available,
174 vaddr, minread, info->memory_callback_arg))
175 {
176 *buffer = info->buffer;
177 return true;
178 }
179
180 /* Now look for module text covering this address. */
181
182 Dwfl_Module *mod;
183 (void) INTUSE(dwfl_addrsegment) (dwfl, vaddr, &mod);
184 if (mod == NULL)
185 return false;
186
187 Dwarf_Addr bias;
188 Elf_Scn *scn = INTUSE(dwfl_module_address_section) (mod, &vaddr, &bias);
189 if (unlikely (scn == NULL))
190 {
191 #if 0 // XXX would have to handle ndx=-1 cleanup calls passed down.
192 /* If we have no sections we can try to fill it from the module file
193 based on its phdr mappings. */
194 if (likely (mod->e_type != ET_REL) && mod->main.elf != NULL)
195 return INTUSE(dwfl_elf_phdr_memory_callback)
196 (dwfl, 0, buffer, buffer_available,
197 vaddr - mod->main.bias, minread, mod->main.elf);
198 #endif
199 return false;
200 }
201
202 Elf_Data *data = elf_rawdata (scn, NULL);
203 if (unlikely (data == NULL))
204 // XXX throw error?
205 return false;
206
207 if (unlikely (data->d_size < vaddr))
208 return false;
209
210 /* Provide as much data as we have. */
211 void *contents = data->d_buf + vaddr;
212 size_t avail = data->d_size - vaddr;
213 if (unlikely (avail < minread))
214 return false;
215
216 /* If probing for a string, make sure it's terminated. */
217 if (minread == 0 && unlikely (memchr (contents, '\0', avail) == NULL))
218 return false;
219
220 /* We have it! */
221 *buffer = contents;
222 *buffer_available = avail;
223 return true;
224 }
225
226 static size_t
addrsize(uint_fast8_t elfclass)227 addrsize (uint_fast8_t elfclass)
228 {
229 return elfclass * 4;
230 }
231
232 /* Report a module for each struct link_map in the linked list at r_map
233 in the struct r_debug at R_DEBUG_VADDR. For r_debug_info description
234 see dwfl_link_map_report in libdwflP.h. If R_DEBUG_INFO is not NULL then no
235 modules get added to DWFL, caller has to add them from filled in
236 R_DEBUG_INFO.
237
238 For each link_map entry, if an existing module resides at its address,
239 this just modifies that module's name and suggested file name. If
240 no such module exists, this calls dwfl_report_elf on the l_name string.
241
242 Returns the number of modules found, or -1 for errors. */
243
244 static int
report_r_debug(uint_fast8_t elfclass,uint_fast8_t elfdata,Dwfl * dwfl,GElf_Addr r_debug_vaddr,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg,struct r_debug_info * r_debug_info)245 report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata,
246 Dwfl *dwfl, GElf_Addr r_debug_vaddr,
247 Dwfl_Memory_Callback *memory_callback,
248 void *memory_callback_arg,
249 struct r_debug_info *r_debug_info)
250 {
251 /* Skip r_version, to aligned r_map field. */
252 GElf_Addr read_vaddr = r_debug_vaddr + addrsize (elfclass);
253
254 void *buffer = NULL;
255 size_t buffer_available = 0;
256 inline int release_buffer (int result)
257 {
258 if (buffer != NULL)
259 (void) (*memory_callback) (dwfl, -1, &buffer, &buffer_available, 0, 0,
260 memory_callback_arg);
261 return result;
262 }
263
264 GElf_Addr addrs[4];
265 inline bool read_addrs (GElf_Addr vaddr, size_t n)
266 {
267 size_t nb = n * addrsize (elfclass); /* Address words -> bytes to read. */
268
269 /* Read a new buffer if the old one doesn't cover these words. */
270 if (buffer == NULL
271 || vaddr < read_vaddr
272 || vaddr - read_vaddr + nb > buffer_available)
273 {
274 release_buffer (0);
275
276 read_vaddr = vaddr;
277 int segndx = INTUSE(dwfl_addrsegment) (dwfl, vaddr, NULL);
278 if (unlikely (segndx < 0)
279 || unlikely (! (*memory_callback) (dwfl, segndx,
280 &buffer, &buffer_available,
281 vaddr, nb, memory_callback_arg)))
282 return true;
283 }
284
285 Elf32_Addr (*a32)[n] = vaddr - read_vaddr + buffer;
286 Elf64_Addr (*a64)[n] = (void *) a32;
287
288 if (elfclass == ELFCLASS32)
289 {
290 if (elfdata == ELFDATA2MSB)
291 for (size_t i = 0; i < n; ++i)
292 addrs[i] = BE32 (read_4ubyte_unaligned_noncvt (&(*a32)[i]));
293 else
294 for (size_t i = 0; i < n; ++i)
295 addrs[i] = LE32 (read_4ubyte_unaligned_noncvt (&(*a32)[i]));
296 }
297 else
298 {
299 if (elfdata == ELFDATA2MSB)
300 for (size_t i = 0; i < n; ++i)
301 addrs[i] = BE64 (read_8ubyte_unaligned_noncvt (&(*a64)[i]));
302 else
303 for (size_t i = 0; i < n; ++i)
304 addrs[i] = LE64 (read_8ubyte_unaligned_noncvt (&(*a64)[i]));
305 }
306
307 return false;
308 }
309
310 if (unlikely (read_addrs (read_vaddr, 1)))
311 return release_buffer (-1);
312
313 GElf_Addr next = addrs[0];
314
315 Dwfl_Module **lastmodp = &dwfl->modulelist;
316 int result = 0;
317
318 /* There can't be more elements in the link_map list than there are
319 segments. DWFL->lookup_elts is probably twice that number, so it
320 is certainly above the upper bound. If we iterate too many times,
321 there must be a loop in the pointers due to link_map clobberation. */
322 size_t iterations = 0;
323 while (next != 0 && ++iterations < dwfl->lookup_elts)
324 {
325 if (read_addrs (next, 4))
326 return release_buffer (-1);
327
328 /* Unused: l_addr is the difference between the address in memory
329 and the ELF file when the core was created. We need to
330 recalculate the difference below because the ELF file we use
331 might be differently pre-linked. */
332 // GElf_Addr l_addr = addrs[0];
333 GElf_Addr l_name = addrs[1];
334 GElf_Addr l_ld = addrs[2];
335 next = addrs[3];
336
337 /* If a clobbered or truncated memory image has no useful pointer,
338 just skip this element. */
339 if (l_ld == 0)
340 continue;
341
342 /* Fetch the string at the l_name address. */
343 const char *name = NULL;
344 if (buffer != NULL
345 && read_vaddr <= l_name
346 && l_name + 1 - read_vaddr < buffer_available
347 && memchr (l_name - read_vaddr + buffer, '\0',
348 buffer_available - (l_name - read_vaddr)) != NULL)
349 name = l_name - read_vaddr + buffer;
350 else
351 {
352 release_buffer (0);
353 read_vaddr = l_name;
354 int segndx = INTUSE(dwfl_addrsegment) (dwfl, l_name, NULL);
355 if (likely (segndx >= 0)
356 && (*memory_callback) (dwfl, segndx,
357 &buffer, &buffer_available,
358 l_name, 0, memory_callback_arg))
359 name = buffer;
360 }
361
362 if (name != NULL && name[0] == '\0')
363 name = NULL;
364
365 if (iterations == 1
366 && dwfl->user_core != NULL
367 && dwfl->user_core->executable_for_core != NULL)
368 name = dwfl->user_core->executable_for_core;
369
370 struct r_debug_info_module *r_debug_info_module = NULL;
371 if (r_debug_info != NULL)
372 {
373 /* Save link map information about valid shared library (or
374 executable) which has not been found on disk. */
375 const char *name1 = name == NULL ? "" : name;
376 r_debug_info_module = malloc (sizeof (*r_debug_info_module)
377 + strlen (name1) + 1);
378 if (unlikely (r_debug_info_module == NULL))
379 return release_buffer (result);
380 r_debug_info_module->fd = -1;
381 r_debug_info_module->elf = NULL;
382 r_debug_info_module->l_ld = l_ld;
383 r_debug_info_module->start = 0;
384 r_debug_info_module->end = 0;
385 r_debug_info_module->disk_file_has_build_id = false;
386 strcpy (r_debug_info_module->name, name1);
387 r_debug_info_module->next = r_debug_info->module;
388 r_debug_info->module = r_debug_info_module;
389 }
390
391 Dwfl_Module *mod = NULL;
392 if (name != NULL)
393 {
394 /* This code is mostly inlined dwfl_report_elf. */
395 // XXX hook for sysroot
396 int fd = open (name, O_RDONLY);
397 if (fd >= 0)
398 {
399 Elf *elf;
400 Dwfl_Error error = __libdw_open_file (&fd, &elf, true, false);
401 GElf_Addr elf_dynamic_vaddr;
402 if (error == DWFL_E_NOERROR
403 && __libdwfl_dynamic_vaddr_get (elf, &elf_dynamic_vaddr))
404 {
405 const void *build_id_bits;
406 GElf_Addr build_id_elfaddr;
407 int build_id_len;
408 bool valid = true;
409
410 if (__libdwfl_find_elf_build_id (NULL, elf, &build_id_bits,
411 &build_id_elfaddr,
412 &build_id_len) > 0
413 && build_id_elfaddr != 0)
414 {
415 if (r_debug_info_module != NULL)
416 r_debug_info_module->disk_file_has_build_id = true;
417 GElf_Addr build_id_vaddr = (build_id_elfaddr
418 - elf_dynamic_vaddr + l_ld);
419
420 release_buffer (0);
421 int segndx = INTUSE(dwfl_addrsegment) (dwfl,
422 build_id_vaddr,
423 NULL);
424 if (! (*memory_callback) (dwfl, segndx,
425 &buffer, &buffer_available,
426 build_id_vaddr, build_id_len,
427 memory_callback_arg))
428 {
429 /* File has valid build-id which cannot be read from
430 memory. This happens for core files without bit 4
431 (0x10) set in Linux /proc/PID/coredump_filter. */
432 }
433 else
434 {
435 if (memcmp (build_id_bits, buffer, build_id_len) != 0)
436 /* File has valid build-id which does not match
437 the one in memory. */
438 valid = false;
439 release_buffer (0);
440 }
441 }
442
443 if (valid)
444 {
445 // It is like l_addr but it handles differently prelinked
446 // files at core dumping vs. core loading time.
447 GElf_Addr base = l_ld - elf_dynamic_vaddr;
448 if (r_debug_info_module == NULL)
449 {
450 // XXX hook for sysroot
451 mod = __libdwfl_report_elf (dwfl, basename (name),
452 name, fd, elf, base,
453 true, true);
454 if (mod != NULL)
455 {
456 elf = NULL;
457 fd = -1;
458 }
459 }
460 else if (__libdwfl_elf_address_range (elf, base, true,
461 true, NULL, NULL,
462 &r_debug_info_module->start,
463 &r_debug_info_module->end,
464 NULL, NULL))
465 {
466 r_debug_info_module->elf = elf;
467 r_debug_info_module->fd = fd;
468 elf = NULL;
469 fd = -1;
470 }
471 }
472 if (elf != NULL)
473 elf_end (elf);
474 if (fd != -1)
475 close (fd);
476 }
477 }
478 }
479
480 if (mod != NULL)
481 {
482 ++result;
483
484 /* Move this module to the end of the list, so that we end
485 up with a list in the same order as the link_map chain. */
486 if (mod->next != NULL)
487 {
488 if (*lastmodp != mod)
489 {
490 lastmodp = &dwfl->modulelist;
491 while (*lastmodp != mod)
492 lastmodp = &(*lastmodp)->next;
493 }
494 *lastmodp = mod->next;
495 mod->next = NULL;
496 while (*lastmodp != NULL)
497 lastmodp = &(*lastmodp)->next;
498 *lastmodp = mod;
499 }
500
501 lastmodp = &mod->next;
502 }
503 }
504
505 return release_buffer (result);
506 }
507
508 static GElf_Addr
consider_executable(Dwfl_Module * mod,GElf_Addr at_phdr,GElf_Addr at_entry,uint_fast8_t * elfclass,uint_fast8_t * elfdata,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg)509 consider_executable (Dwfl_Module *mod, GElf_Addr at_phdr, GElf_Addr at_entry,
510 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
511 Dwfl_Memory_Callback *memory_callback,
512 void *memory_callback_arg)
513 {
514 GElf_Ehdr ehdr;
515 if (unlikely (gelf_getehdr (mod->main.elf, &ehdr) == NULL))
516 return 0;
517
518 if (at_entry != 0)
519 {
520 /* If we have an AT_ENTRY value, reject this executable if
521 its entry point address could not have supplied that. */
522
523 if (ehdr.e_entry == 0)
524 return 0;
525
526 if (mod->e_type == ET_EXEC)
527 {
528 if (ehdr.e_entry != at_entry)
529 return 0;
530 }
531 else
532 {
533 /* It could be a PIE. */
534 }
535 }
536
537 // XXX this could be saved in the file cache: phdr vaddr, DT_DEBUG d_val vaddr
538 /* Find the vaddr of the DT_DEBUG's d_ptr. This is the memory
539 address where &r_debug was written at runtime. */
540 GElf_Xword align = mod->dwfl->segment_align;
541 GElf_Addr d_val_vaddr = 0;
542 size_t phnum;
543 if (elf_getphdrnum (mod->main.elf, &phnum) != 0)
544 return 0;
545
546 for (size_t i = 0; i < phnum; ++i)
547 {
548 GElf_Phdr phdr_mem;
549 GElf_Phdr *phdr = gelf_getphdr (mod->main.elf, i, &phdr_mem);
550 if (phdr == NULL)
551 break;
552
553 if (phdr->p_align > 1 && (align == 0 || phdr->p_align < align))
554 align = phdr->p_align;
555
556 if (at_phdr != 0
557 && phdr->p_type == PT_LOAD
558 && (phdr->p_offset & -align) == (ehdr.e_phoff & -align))
559 {
560 /* This is the segment that would map the phdrs.
561 If we have an AT_PHDR value, reject this executable
562 if its phdr mapping could not have supplied that. */
563 if (mod->e_type == ET_EXEC)
564 {
565 if (ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr != at_phdr)
566 return 0;
567 }
568 else
569 {
570 /* It could be a PIE. If the AT_PHDR value and our
571 phdr address don't match modulo ALIGN, then this
572 could not have been the right PIE. */
573 if (((ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr) & -align)
574 != (at_phdr & -align))
575 return 0;
576
577 /* Calculate the bias applied to the PIE's p_vaddr values. */
578 GElf_Addr bias = (at_phdr - (ehdr.e_phoff - phdr->p_offset
579 + phdr->p_vaddr));
580
581 /* Final sanity check: if we have an AT_ENTRY value,
582 reject this PIE unless its biased e_entry matches. */
583 if (at_entry != 0 && at_entry != ehdr.e_entry + bias)
584 return 0;
585
586 /* If we're changing the module's address range,
587 we've just invalidated the module lookup table. */
588 GElf_Addr mod_bias = dwfl_adjusted_address (mod, 0);
589 if (bias != mod_bias)
590 {
591 mod->low_addr -= mod_bias;
592 mod->high_addr -= mod_bias;
593 mod->low_addr += bias;
594 mod->high_addr += bias;
595
596 free (mod->dwfl->lookup_module);
597 mod->dwfl->lookup_module = NULL;
598 }
599 }
600 }
601
602 if (phdr->p_type == PT_DYNAMIC)
603 {
604 Elf_Data *data = elf_getdata_rawchunk (mod->main.elf, phdr->p_offset,
605 phdr->p_filesz, ELF_T_DYN);
606 if (data == NULL)
607 continue;
608 const size_t entsize = gelf_fsize (mod->main.elf,
609 ELF_T_DYN, 1, EV_CURRENT);
610 const size_t n = data->d_size / entsize;
611 for (size_t j = 0; j < n; ++j)
612 {
613 GElf_Dyn dyn_mem;
614 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
615 if (dyn != NULL && dyn->d_tag == DT_DEBUG)
616 {
617 d_val_vaddr = phdr->p_vaddr + entsize * j + entsize / 2;
618 break;
619 }
620 }
621 }
622 }
623
624 if (d_val_vaddr != 0)
625 {
626 /* Now we have the final address from which to read &r_debug. */
627 d_val_vaddr = dwfl_adjusted_address (mod, d_val_vaddr);
628
629 void *buffer = NULL;
630 size_t buffer_available = addrsize (ehdr.e_ident[EI_CLASS]);
631
632 int segndx = INTUSE(dwfl_addrsegment) (mod->dwfl, d_val_vaddr, NULL);
633
634 if ((*memory_callback) (mod->dwfl, segndx,
635 &buffer, &buffer_available,
636 d_val_vaddr, buffer_available,
637 memory_callback_arg))
638 {
639 const union
640 {
641 Elf32_Addr a32;
642 Elf64_Addr a64;
643 } *u = buffer;
644
645 GElf_Addr vaddr;
646 if (ehdr.e_ident[EI_CLASS] == ELFCLASS32)
647 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
648 ? BE32 (u->a32) : LE32 (u->a32));
649 else
650 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
651 ? BE64 (u->a64) : LE64 (u->a64));
652
653 (*memory_callback) (mod->dwfl, -1, &buffer, &buffer_available, 0, 0,
654 memory_callback_arg);
655
656 if (*elfclass == ELFCLASSNONE)
657 *elfclass = ehdr.e_ident[EI_CLASS];
658 else if (*elfclass != ehdr.e_ident[EI_CLASS])
659 return 0;
660
661 if (*elfdata == ELFDATANONE)
662 *elfdata = ehdr.e_ident[EI_DATA];
663 else if (*elfdata != ehdr.e_ident[EI_DATA])
664 return 0;
665
666 return vaddr;
667 }
668 }
669
670 return 0;
671 }
672
673 /* Try to find an existing executable module with a DT_DEBUG. */
674 static GElf_Addr
find_executable(Dwfl * dwfl,GElf_Addr at_phdr,GElf_Addr at_entry,uint_fast8_t * elfclass,uint_fast8_t * elfdata,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg)675 find_executable (Dwfl *dwfl, GElf_Addr at_phdr, GElf_Addr at_entry,
676 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
677 Dwfl_Memory_Callback *memory_callback,
678 void *memory_callback_arg)
679 {
680 for (Dwfl_Module *mod = dwfl->modulelist; mod != NULL; mod = mod->next)
681 if (mod->main.elf != NULL)
682 {
683 GElf_Addr r_debug_vaddr = consider_executable (mod, at_phdr, at_entry,
684 elfclass, elfdata,
685 memory_callback,
686 memory_callback_arg);
687 if (r_debug_vaddr != 0)
688 return r_debug_vaddr;
689 }
690
691 return 0;
692 }
693
694
695 int
dwfl_link_map_report(Dwfl * dwfl,const void * auxv,size_t auxv_size,Dwfl_Memory_Callback * memory_callback,void * memory_callback_arg,struct r_debug_info * r_debug_info)696 dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
697 Dwfl_Memory_Callback *memory_callback,
698 void *memory_callback_arg,
699 struct r_debug_info *r_debug_info)
700 {
701 GElf_Addr r_debug_vaddr = 0;
702
703 uint_fast8_t elfclass = ELFCLASSNONE;
704 uint_fast8_t elfdata = ELFDATANONE;
705 if (likely (auxv != NULL)
706 && likely (auxv_format_probe (auxv, auxv_size, &elfclass, &elfdata)))
707 {
708 GElf_Addr entry = 0;
709 GElf_Addr phdr = 0;
710 GElf_Xword phent = 0;
711 GElf_Xword phnum = 0;
712
713 #define READ_AUXV32(ptr) read_4ubyte_unaligned_noncvt (ptr)
714 #define READ_AUXV64(ptr) read_8ubyte_unaligned_noncvt (ptr)
715 #define AUXV_SCAN(NN, BL) do \
716 { \
717 const Elf##NN##_auxv_t *av = auxv; \
718 for (size_t i = 0; i < auxv_size / sizeof av[0]; ++i) \
719 { \
720 uint##NN##_t type = READ_AUXV##NN (&av[i].a_type); \
721 uint##NN##_t val = BL##NN (READ_AUXV##NN (&av[i].a_un.a_val)); \
722 if (type == BL##NN (AT_ENTRY)) \
723 entry = val; \
724 else if (type == BL##NN (AT_PHDR)) \
725 phdr = val; \
726 else if (type == BL##NN (AT_PHNUM)) \
727 phnum = val; \
728 else if (type == BL##NN (AT_PHENT)) \
729 phent = val; \
730 else if (type == BL##NN (AT_PAGESZ)) \
731 { \
732 if (val > 1 \
733 && (dwfl->segment_align == 0 \
734 || val < dwfl->segment_align)) \
735 dwfl->segment_align = val; \
736 } \
737 } \
738 } \
739 while (0)
740
741 if (elfclass == ELFCLASS32)
742 {
743 if (elfdata == ELFDATA2MSB)
744 AUXV_SCAN (32, BE);
745 else
746 AUXV_SCAN (32, LE);
747 }
748 else
749 {
750 if (elfdata == ELFDATA2MSB)
751 AUXV_SCAN (64, BE);
752 else
753 AUXV_SCAN (64, LE);
754 }
755
756 /* If we found the phdr dimensions, search phdrs for PT_DYNAMIC. */
757 GElf_Addr dyn_vaddr = 0;
758 GElf_Xword dyn_filesz = 0;
759 GElf_Addr dyn_bias = (GElf_Addr) -1;
760
761 inline bool consider_phdr (GElf_Word type,
762 GElf_Addr vaddr, GElf_Xword filesz)
763 {
764 switch (type)
765 {
766 case PT_PHDR:
767 if (dyn_bias == (GElf_Addr) -1
768 /* Do a sanity check on the putative address. */
769 && ((vaddr & (dwfl->segment_align - 1))
770 == (phdr & (dwfl->segment_align - 1))))
771 {
772 dyn_bias = phdr - vaddr;
773 return dyn_vaddr != 0;
774 }
775 break;
776
777 case PT_DYNAMIC:
778 dyn_vaddr = vaddr;
779 dyn_filesz = filesz;
780 return dyn_bias != (GElf_Addr) -1;
781 }
782
783 return false;
784 }
785
786 if (phdr != 0 && phnum != 0)
787 {
788 Dwfl_Module *phdr_mod;
789 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod);
790 Elf_Data in =
791 {
792 .d_type = ELF_T_PHDR,
793 .d_version = EV_CURRENT,
794 .d_size = phnum * phent,
795 .d_buf = NULL
796 };
797 bool in_ok = (*memory_callback) (dwfl, phdr_segndx, &in.d_buf,
798 &in.d_size, phdr, phnum * phent,
799 memory_callback_arg);
800 bool in_from_exec = false;
801 if (! in_ok
802 && dwfl->user_core != NULL
803 && dwfl->user_core->executable_for_core != NULL)
804 {
805 /* AUXV -> PHDR -> DYNAMIC
806 Both AUXV and DYNAMIC should be always present in a core file.
807 PHDR may be missing in core file, try to read it from
808 EXECUTABLE_FOR_CORE to find where DYNAMIC is located in the
809 core file. */
810
811 int fd = open (dwfl->user_core->executable_for_core, O_RDONLY);
812 Elf *elf;
813 Dwfl_Error error = DWFL_E_ERRNO;
814 if (fd != -1)
815 error = __libdw_open_file (&fd, &elf, true, false);
816 if (error != DWFL_E_NOERROR)
817 {
818 __libdwfl_seterrno (error);
819 return false;
820 }
821 GElf_Ehdr ehdr_mem, *ehdr = gelf_getehdr (elf, &ehdr_mem);
822 if (ehdr == NULL)
823 {
824 elf_end (elf);
825 close (fd);
826 __libdwfl_seterrno (DWFL_E_LIBELF);
827 return false;
828 }
829 size_t e_phnum;
830 if (elf_getphdrnum (elf, &e_phnum) != 0)
831 {
832 elf_end (elf);
833 close (fd);
834 __libdwfl_seterrno (DWFL_E_LIBELF);
835 return false;
836 }
837 if (e_phnum != phnum || ehdr->e_phentsize != phent)
838 {
839 elf_end (elf);
840 close (fd);
841 __libdwfl_seterrno (DWFL_E_BADELF);
842 return false;
843 }
844 off_t off = ehdr->e_phoff;
845 assert (in.d_buf == NULL);
846 assert (in.d_size == phnum * phent);
847 in.d_buf = malloc (in.d_size);
848 if (unlikely (in.d_buf == NULL))
849 {
850 elf_end (elf);
851 close (fd);
852 __libdwfl_seterrno (DWFL_E_NOMEM);
853 return false;
854 }
855 ssize_t nread = pread_retry (fd, in.d_buf, in.d_size, off);
856 elf_end (elf);
857 close (fd);
858 if (nread != (ssize_t) in.d_size)
859 {
860 free (in.d_buf);
861 __libdwfl_seterrno (DWFL_E_ERRNO);
862 return false;
863 }
864 in_ok = true;
865 in_from_exec = true;
866 }
867 if (in_ok)
868 {
869 if (unlikely (phnum > SIZE_MAX / phent))
870 {
871 __libdwfl_seterrno (DWFL_E_NOMEM);
872 return false;
873 }
874 size_t nbytes = phnum * phent;
875 void *buf = malloc (nbytes);
876 Elf32_Phdr (*p32)[phnum] = buf;
877 Elf64_Phdr (*p64)[phnum] = buf;
878 if (unlikely (buf == NULL))
879 {
880 __libdwfl_seterrno (DWFL_E_NOMEM);
881 return false;
882 }
883 Elf_Data out =
884 {
885 .d_type = ELF_T_PHDR,
886 .d_version = EV_CURRENT,
887 .d_size = phnum * phent,
888 .d_buf = buf
889 };
890 in.d_size = out.d_size;
891 if (likely ((elfclass == ELFCLASS32
892 ? elf32_xlatetom : elf64_xlatetom)
893 (&out, &in, elfdata) != NULL))
894 {
895 /* We are looking for PT_DYNAMIC. */
896 if (elfclass == ELFCLASS32)
897 {
898 for (size_t i = 0; i < phnum; ++i)
899 if (consider_phdr ((*p32)[i].p_type,
900 (*p32)[i].p_vaddr,
901 (*p32)[i].p_filesz))
902 break;
903 }
904 else
905 {
906 for (size_t i = 0; i < phnum; ++i)
907 if (consider_phdr ((*p64)[i].p_type,
908 (*p64)[i].p_vaddr,
909 (*p64)[i].p_filesz))
910 break;
911 }
912 }
913
914 if (in_from_exec)
915 free (in.d_buf);
916 else
917 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
918 memory_callback_arg);
919 free (buf);
920 }
921 else
922 /* We could not read the executable's phdrs from the
923 memory image. If we have a presupplied executable,
924 we can still use the AT_PHDR and AT_ENTRY values to
925 verify it, and to adjust its bias if it's a PIE.
926
927 If there was an ET_EXEC module presupplied that contains
928 the AT_PHDR address, then we only consider that one.
929 We'll either accept it if its phdr location and e_entry
930 make sense or reject it if they don't. If there is no
931 presupplied ET_EXEC, then look for a presupplied module,
932 which might be a PIE (ET_DYN) that needs its bias adjusted. */
933 r_debug_vaddr = ((phdr_mod == NULL
934 || phdr_mod->main.elf == NULL
935 || phdr_mod->e_type != ET_EXEC)
936 ? find_executable (dwfl, phdr, entry,
937 &elfclass, &elfdata,
938 memory_callback,
939 memory_callback_arg)
940 : consider_executable (phdr_mod, phdr, entry,
941 &elfclass, &elfdata,
942 memory_callback,
943 memory_callback_arg));
944 }
945
946 /* If we found PT_DYNAMIC, search it for DT_DEBUG. */
947 if (dyn_filesz != 0)
948 {
949 if (dyn_bias != (GElf_Addr) -1)
950 dyn_vaddr += dyn_bias;
951
952 Elf_Data in =
953 {
954 .d_type = ELF_T_DYN,
955 .d_version = EV_CURRENT,
956 .d_size = dyn_filesz,
957 .d_buf = NULL
958 };
959 int dyn_segndx = dwfl_addrsegment (dwfl, dyn_vaddr, NULL);
960 if ((*memory_callback) (dwfl, dyn_segndx, &in.d_buf, &in.d_size,
961 dyn_vaddr, dyn_filesz, memory_callback_arg))
962 {
963 void *buf = malloc (dyn_filesz);
964 Elf32_Dyn (*d32)[dyn_filesz / sizeof (Elf32_Dyn)] = buf;
965 Elf64_Dyn (*d64)[dyn_filesz / sizeof (Elf64_Dyn)] = buf;
966 if (unlikely (buf == NULL))
967 {
968 __libdwfl_seterrno (DWFL_E_NOMEM);
969 return false;
970 }
971 Elf_Data out =
972 {
973 .d_type = ELF_T_DYN,
974 .d_version = EV_CURRENT,
975 .d_size = dyn_filesz,
976 .d_buf = buf
977 };
978 in.d_size = out.d_size;
979 if (likely ((elfclass == ELFCLASS32
980 ? elf32_xlatetom : elf64_xlatetom)
981 (&out, &in, elfdata) != NULL))
982 {
983 /* We are looking for DT_DEBUG. */
984 if (elfclass == ELFCLASS32)
985 {
986 size_t n = dyn_filesz / sizeof (Elf32_Dyn);
987 for (size_t i = 0; i < n; ++i)
988 if ((*d32)[i].d_tag == DT_DEBUG)
989 {
990 r_debug_vaddr = (*d32)[i].d_un.d_val;
991 break;
992 }
993 }
994 else
995 {
996 size_t n = dyn_filesz / sizeof (Elf64_Dyn);
997 for (size_t i = 0; i < n; ++i)
998 if ((*d64)[i].d_tag == DT_DEBUG)
999 {
1000 r_debug_vaddr = (*d64)[i].d_un.d_val;
1001 break;
1002 }
1003 }
1004 }
1005
1006 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
1007 memory_callback_arg);
1008 free (buf);
1009 }
1010 }
1011 }
1012 else
1013 /* We have to look for a presupplied executable file to determine
1014 the vaddr of its dynamic section and DT_DEBUG therein. */
1015 r_debug_vaddr = find_executable (dwfl, 0, 0, &elfclass, &elfdata,
1016 memory_callback, memory_callback_arg);
1017
1018 if (r_debug_vaddr == 0)
1019 return 0;
1020
1021 /* For following pointers from struct link_map, we will use an
1022 integrated memory access callback that can consult module text
1023 elided from the core file. This is necessary when the l_name
1024 pointer for the dynamic linker's own entry is a pointer into the
1025 executable's .interp section. */
1026 struct integrated_memory_callback mcb =
1027 {
1028 .memory_callback = memory_callback,
1029 .memory_callback_arg = memory_callback_arg
1030 };
1031
1032 /* Now we can follow the dynamic linker's library list. */
1033 return report_r_debug (elfclass, elfdata, dwfl, r_debug_vaddr,
1034 &integrated_memory_callback, &mcb, r_debug_info);
1035 }
1036 INTDEF (dwfl_link_map_report)
1037