Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r270798:
Process STT_GNU_IFUNC when doing non-plt relocations.

MFC r270802:
Only do the second pass over non-plt relocations when the first pass
found IFUNCs.

Approved by: re (gjb)

MFC r270803:
Document the whole settings needed to build a debug version of rtld.

MFC r270256:
Always check the limits of array index variables before using them.

Obtained from: DragonFlyBSD

MFC r265456, r265578:
Add a postinit debugger hook to rtld. This will be used by dtrace(1) to halt
the victim process before its entry point is called, at which point probes
and DOF data are registered with the kernel. The r_debug_state hook cannot
be used for this purpose, as it is called before the program's init routines
are invoked and in particular before DOF data is registered (via drti.o).

MFC r266609:
Change the _rtld_atfork() to lock the bind lock in write mode.

MFC r266411:
Fix LD_LIBMAP.

MFC r264481:
Add dwarf annotations to the amd64 _rtld_bind_start to allow debuggers
to unwind around the calls from PLT to binder.

MFC r262277:

malloc_aligned() may not leave enough space for pointer to allocated memory,
saving the pointer will overwrite bytes belongs to another memory block
unexpectly, to fix the problem, use (allocated address + sizeof(void *)) as
initial value, and slip to next aligned address, so maximum extra bytes is
sizeof(void *) + align - 1.

Tested by: Andre Albsmeier < mail at ma17 dot ata dot myota dot orgndre >

MFC r262334:

Increase alignment to size of pointer if the alignment is too small.
Some modules do not align data at least to size of pointer, they uses a
smaller alignment, but our pointer should be aligned to its native
boundary, otherwise on some platforms, hardware alignment checking
will cause bus error.

MFC: r262136

Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.

Reviewed by: imp

MFC r259044:
For variant II static TLS, properly align tls segments.

MFC r259072:
Cast Elf_Addr to void * to match the free_aligned() argument type.

MFC r259043:
Build an allocator for the aligned memory on top of the rtld-private
malloc.

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Implement support for the interpose dso flag.

Requested by: bf
Reviewed by: kan
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Approved by: re (glebius)

Populate .rld_map on MIPS for debuggers

On MIPS the .dynamic section is read-only, so the pointer to rtld
information for debuggers cannot be stored there (in DT_DEBUG).
Instead, a special section .rld_map is used.

Sponsored by: DARPA, AFRL
Approved by: re (delphij)

Make the directory mapping functionality, which was previously only
available in 32-bit compatibility mode, unconditional.

Overhaul the man page, which had evolved more by accretion than by design.

Approved by: re (gjb)
MFC after: 3 weeks

Revert r253748,253749

This WIP should not have been committed yet.

Pointyhat to: avg

remove needless inclusion of machine/cpu.h in userland

MFC after: 21 days

Properly terminate the result string for intermediate results, to
allow the final strcpy() to start at the intended place.

Reported and tested by: pgj
Pointy hat to: kib
MFC after: 3 days

The origin_subst_one() function limits the length of the string to
PATH_MAX after the token substitution. This is wrong, because
origin_subst_one() performs the substitution on the whole rpath and
similar strings, which contain several pathes separated by colon. As
result, long (but correct) rpath consisting of many path elements is
rejected by the function.

Correct the problem by rewriting the origin_subst_one() to perform two
passes, first pass to calculate the number of substitutions to be
performed, and second pass to generate the resulting string. Second
pass allocates the memory for the result based on the count from the
first pass, without enforcing a limit.

Reported and tested by: pgj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

Map libraries linked with -Ttext-segment=base_addr at base_addr.
Normal libraries have base address 0 and are unaffected by this change.

PR: 176216
Submitted by: Damjan Jovanovic <damjan.jov@gmail.com>
Reviewed by: kib
MFC after: 1 week

Avoid use of register variables, which some compilers (e.g. clang)
don't like. It makes the code a little clearer as well.

MFC after: 1 week

When building for ARM EABI link against libgcc for the __aeabi_* functions.

Use absolute path for /usr/libexec/ld-elf.so.1 symlink.

Requested by: kan, kib

Use -h flags for chflags, so we won't remove 'schg' flag from system's
/libexec/ld-elf.so.1.

MFC after: 2 weeks

Do not change entire BINDIR, it might be needed later, just change
symlink target.

MFC after: 2 weeks

Change /usr/libexec/ld-elf.so.1 to point at ../../libexec/ld-elf.so.1
instead of /libexec/ld-elf.so.1. Below in the Makefile we execute
'chflags noschg ${DESTDIR}/usr/libexec/ld-elf.so.1', which follows
symlink and removes 'schg' flag from system's /libexec/ld-elf.so.1
instead of the one in DESTDIR. It is also more friendly to use
replative paths in symlink in case of jail/chroot environments.

Obtained from: WHEEL Systems
MFC after: 2 weeks

rtld: Fix fd leak with parallel dlopen and fork/exec.

Rtld did not set FD_CLOEXEC on its internal file descriptors; therefore,
such a file descriptor may be passed to a process created by another thread
running in parallel to dlopen() or fdlopen().

No other threads are expected to be running during parsing of the hints
and libmap files but the file descriptors need not be passed to child
processes so add O_CLOEXEC there as well.

This change will break fdlopen() (as used by OpenPAM) on kernels without
F_DUPFD_CLOEXEC (added in July). Note that running new userland on old
kernels is not supported.

Reviewed by: kib

Do not reference z_nodeflib for !objgiven case, thus fixing LD_PRELOAD
for a non-absolute path.

PR: bin/171604
MFC after: 3 days

Do not call process_nodelete with NULL object pointer.

The place where the function is called can be reached if object loading
and relocation fails too, in which case obj pointer will be NULL. Do not
call process_nodelete then, or crash will follow.

Pointy hat to: kan

Merging of projects/armv6, part 2

Handle TLS for ARMv6 and ARMv7

Pospone the DF_1_NODELETE processing until object DAG is fully loaded.

Trying to up the reference from the load loop risks missing dependencies
that have not been loaded yet.

MFC afer: 1 week
Reported by: nox
Reviewd by: kib

Ensure we align the stack to 8 bytes in rtld.

This is not strictly required with the current ABI but will be when we
switch to the ARM EABI. The aapcs requires the stack to be 4 byte aligned
at all times and 8 byte aligned when calling a public subroutine where the
current ABI only requires sp to be a multiple of 4.

Parse notes only after object structure had been allocated.

Reported by: kargl
Reviewed by: kib (sans whitespace)

Import the DragonFly BSD commit 4f0bc915b65fcf5a23214f6d221d65c80be68ad4
by John Marino <draco@marino.st>, with the following (edited) commit
message
Date: Sat, 24 Mar 2012 06:40:50 +0100
Subject: [PATCH 1/1] rtld: Implement DT_RUNPATH and -z nodefaultlib

DT_RUNPATH is incorrectly being considered as an alias of DT_RPATH. The
purpose of DT_RUNPATH is to have two different types of rpath: one that
can be overridden by the environment variable LD_LIBRARY_PATH and one that
can't. With the currently implementation, LD_LIBRARY_PATH will always
trump any embedded rpath or runpath tags.

Current path search order by rtld:
==================================
LD_LIBRARY_PATH
DT_RPATH / DT_RUNPATH (always the same)
ldconfig hints file (default: /var/run/ld-elf.so.hints)
/usr/lib

New path search order by rtld:
==============================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file
/usr/lib

The new path search matches how the linux runtime loader works. The other
major added feature is support for linker flag "-z nodefaultlib". When
this flag is passed to the linker, rtld will skip all references to the
standard library search path ("/usr/lib" in this case but it could handle
more color delimited paths) except in DT_RPATH and DT_RUNPATH.

New path search order by rtld with -z nodefaultlib flag set:
============================================================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file (skips all references to /usr/lib)

FreeBSD notes:
- we fixed some bugs which were submitted to DragonFly and merged there
as commit 1ff8a2bd3eb6e5587174c6a983303ea3a79e0002;
- we added LD_LIBRARY_PATH_RPATH environment variable to switch to
the previous behaviour of considering DT_RPATH a synonym for DT_RUNPATH;
- the FreeBSD default search path is /lib:/usr/lib and not /usr/lib.

Reviewed by: kan
MFC after: 1 month
MFC note: flip the ld_library_path_rpath default value for stable/9

Ensure that for the object which is a dependency for some filtee,
relocations are performed before the object's initializer is called.
When dlopen()ing an object, relocate the whole DAG rooted in the
object instead of only relocating the object itself and list of newly
loaded dependencies.

Reversed sequence currently can occur if the same object is a
dependency for both filtee and filter, since filtees are loaded
typically during the relocation processing, when some filter
dependencies might be already loaded but not relocated yet.

Reported and tested by: swills
Reviewed by: kan
MFC after: 1 week

Eliminate the static buffer used to read the first page of the mapped
object, and eliminate the pread(2) call as well [1]. Mmap the first
page of the object temporaly, and unmap it on error or last use.
Potentially, this leaves one-page gap between succeeding dlopen(3),
but there are other mmap(2) consumers as well.

Fix several cases were the whole mapping of the object leaked on error.

Use MAP_PREFAULT_READ for mmap(2) calls which map real object pages [2].

Insipired by the patch by: Ian Lepore <freebsd damnhippie dyndns org> [1]
Suggested by: alc [2]
MFC after: 2 weeks

open the resolved path
fix debug message

Submitted by: John Marino <draco@marino.st>
Approved by: des (mentor)

Work around a situation where symlook_obj() could be called for the
object for which digest_dynamic1() was not done yet. Just return
EINVAL and do not try to dereference NULL buckets hash array.

This seems to happen on ia64 for rtld object itself, where the
R_IA_64_FPTR64LSB relocations require symbol lookup. The dynamic
linker itself does not rely on identity of the C-level function
pointers (i.e. function descriptors).

Reported and reviewed by: marcel
MFC after: 8 days

Add two special directives to libmap.conf:
include <file>:
Parse the contents of file before continuing with the current file.
includedir <dir>:
Parse the contents of every file in dir that ends in .conf before continuing
with the current file.
Any file or directory encountered while processing include or includedir
directives will be parsed exactly once, even if it is encountered multiple
times.

Reviewed by: kib, des
Approved by: des (mentor)
MFC after: 1 month

Add GNU hash support for rtld.

Based on dragonflybsd support for GNU hash by John Marino <draco marino st>
Reviewed by: kan
Tested by: bapt
MFC after: 2 weeks

Split the symlook_obj1 into a loop iterating over the ELF object symbol
hash elements, and a helper matched_symbol() which match the given hash
entry and request, performing needed type and version checks.

Based on dragonflybsd support for GNU hash by John Marino <draco marino st>
Reviewed by: kan
Tested by: bapt
MFC after: 2 weeks

Fix a missed file in r234580: replace the now-obsolete powerpc_mb() with
regular mb().

Propagate the current state of rtld_bind_lock to dlopen_object() calls
through the filter loading call chain. This fixes attempts to
write-lock the already locked rtld_bind_lock when filter loading is
initiated by relocation of dlopening dso.

Reported and tested by: Taku YAMAMOTO <taku tackymt homeip net>
MFC after: 1 week

Properly handle absent AT_CANARY aux entry.

Submitted by: Andrey Zonov <andrey zonov org>
MFC after: 3 days

Remove extra blank line from revious commit.

Submitted by: trema

Do not try to adjust stacks if dlopen_object is called too early.

This is a follow-up to r233231, which fixed similar issue with
object initialization code.

Reviewed by: kib
MFC after: 1 week (with 233231)

Fix ia64 build after r233655.

MFC after: 1 week

Import DragonFly BSD commit

From: Sascha Wildner <saw@online.de>
Date: Fri, 2 Mar 2012 09:15:56 +0000 (+0100)
Subject: rtld: Add a special case in do_dlsym() for TLS stored symbols.
X-Git-Url: http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/1388aaafe730c85693936aaf9bc6d83fc2d981be?hp=bca4412595a8979ab9f1bf36068c806ce88a667a

rtld: Add a special case in do_dlsym() for TLS stored symbols.

Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>

Discussed with: kan
MFC after: 1 week

Prevent rtld_verify_object_versions() from being called several times
for the same object. This can happen when object is a dependency of the
dlopen()ed dso. When called several times, we waste time due to unneeded
processing, and memory, because obj->vertab is allocated anew on each
iteration.

Reviewed by: kan
MFC after: 2 weeks

Remove libssp_nonshared from the rtld linking set. The only use for the
library was definition for the weak alias of __stack_chk_fail.

No objections from: kan
MFC after: 2 weeks

Provide short-circuit exit(3) implementation for rtld.
There is no atexit finalizers in rtld to call on rtld exiting (due to errors).

Submitted by: bde
No objections from: kan
MFC after: 2 weeks

Before jumping to application's entry point set ra == pc in order
to let backtracing routine know to go no further.

Remove superfluous extern keywords.

MFC after: 2 weeks

Centralize the calculation of the top source directory. This
simplifies the build of rtld with partial checkout, allowing to
override only one place to reference other tree.

Submitted by: bde
MFC after: 2 weeks

Implement xstrdup() using strlen()/xmalloc()/memcpy() already
presented in rtld, instead of pulling in libc strdup().

Submitted by: bde
MFC after: 2 weeks

Use xmalloc() instead of malloc() in the places where malloc() calls
are assumed to not fail.

Make the xcalloc() calling conventions follow the calloc(3) calling
conventions and replace unchecked calls to calloc() with calls to
xcalloc().

Remove redundand declarations from xmalloc.c, which are already
present in rtld.h.

Reviewed by: kan
Discussed with: bde
MFC after: 2 weeks

Remove the fragments which are not needed on FreeBSD. The caltech
malloc hardly would ever be updated.

Reviewed by: bde, kan
MFC after: 2 weeks

Fix several problems with our ELF filters implementation.

Do not relocate twice an object which happens to be needed by loaded
binary (or dso) and some filtee opened due to symbol resolution when
relocating need objects. Record the state of the relocation
processing in Obj_Entry and short-circuit relocate_objects() if
current object already processed.

Do not call constructors for filtees loaded during the early
relocation processing before image is initialized enough to run
user-provided code. Filtees are loaded using dlopen_object(), which
normally performs relocation and initialization. If filtee is
lazy-loaded during the relocation of dso needed by the main object,
dlopen_object() runs too earlier, when most runtime services are not
yet ready.

Postpone the constructors call to the time when main binary and
depended libraries constructors are run, passing the new flag
RTLD_LO_EARLY to dlopen_object(). Symbol lookups callers inform
symlook_* functions about early stage of initialization with
SYMLOOK_EARLY. Pass flags through all functions participating in
object relocation.

Use the opportunity and fix flags argument to find_symdef() in
arch-specific reloc.c to use proper name SYMLOOK_IN_PLT instead of
true, which happen to have the same numeric value.

Reported and tested by: theraven
Reviewed by: kan
MFC after: 2 weeks

Remove write-only variable.

MFC after: 3 days

Rtld on diet 3.

Stop using strerror(3) in rtld, which brings in msgcat and stdio.
Directly access sys_errlist array of errno messages with private
rtld_strerror() function.

Now,
$ size /libexec/ld-elf.so.1
text data bss dec hex filename
96983 2480 8744 108207 1a6af /libexec/ld-elf.so.1

Reviewed by: dim, kan
MFC after: 2 weeks

Use PTR_SUBU instead of subu (missed this one)

Use PTR_(ADD|SUB)U macrosses instead of hardcoded addu/subu

Spotted by: juli

- Although we pass first 4 arguments in registers, function callinf ABI requires
space to be reserved for them in stack. _rtld() prologue saves a1 and a2 in
this space.

- Whitespace cleanup while I'm at it

Rtld on diet part 2:

Do not use stdio for libmap.conf read. Directly map the file and
parse lines from the mappings.

Reviewed by: kan
MFC after: 3 weeks

Rtld on diet part 1:

Provide rtld-private implementations of __stack_chk_guard,
__stack_chk_fail() and __chk_fail() symbols, to be used by functions
linked from libc_pic.a. This avoids use of libc stack_protector.c,
which pulls in syslog(3) and stdio as dependency.

Also, do initialize rtld-private copy __stack_chk_guard, previously
libc-provided one was not initialized, since we do not call rtld
object _init() methods.

Reviewed by: kan
MFC after: 3 weeks

Amend r232857, now dropping the casts entirely, as they were not
necessary at all.

Submitted by: stefanf

Fix the following warning/error with clang:

libexec/rtld-elf/rtld.c:1898:22: error: comparison between pointer and integer ('Elf_Addr *' (aka 'unsigned int *') and 'Elf_Addr' (aka 'unsigned int')) [-Werror]
if (preinit_addr == (Elf_Addr)NULL)
~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
libexec/rtld-elf/rtld.c:2039:16: error: comparison between pointer and integer ('Elf_Addr *' (aka 'unsigned int *') and 'Elf_Addr' (aka 'unsigned int')) [-Werror]
if (init_addr != (Elf_Addr)NULL) {
~~~~~~~~~ ^ ~~~~~~~~~~~~~~

Reviewed by: kib

When iterating over the dso program headers, the object is not initialized
yet, and object segments are not yet mapped. Only parse the notes that
appear in the first page of the dso (as it should be anyway), and use
the preloaded page content.

Reported and tested by: stass
MFC after: 20 days

Add support for preinit, init and fini arrays. Some ABIs, in
particular on ARM, do require working init arrays.

Traditional FreeBSD crt1 calls _init and _fini of the binary, instead
of allowing runtime linker to arrange the calls. This was probably
done to have the same crt code serve both statically and dynamically
linked binaries. Since ABI mandates that first is called preinit
array functions, then init, and then init array functions, the init
have to be called from rtld now.

To provide binary compatibility to old FreeBSD crt1, which calls _init
itself, rtld only calls intializers and finalizers for main binary if
binary has a note indicating that new crt was used for linking. Add
parsing of ELF notes to rtld, and cache p_osrel value since we parsed
it anyway.

The patch is inspired by init_array support for DragonflyBSD, written
by John Marino.

Reviewed by: kan
Tested by: andrew (arm, previous version), flo (sparc64, previous version)
MFC after: 3 weeks

Optimize tls_get_addr_common(). The change provides around 30% speedup
for TLS microbenchmark using global-dynamic TLS model on amd64 (which is
default for PIC dso objects).

Split the slow path into tls_get_addr_slow(), for which inlining is
disabled. This prevents the registers spill on tls_get_addr_common()
entry.

Provide static branch hint to the compiler, indicating that slow path
is not likely to be taken.

While there, do some minimal style adjustments.

Reported and tested by: davidxu
MFC after: 1 week

Remove the use of toupper() from rtld_printf.c. Use of the libc function
relies on working TLS, which is particulary not true for LD_DEBUG uses.

MFC after: 1 week

Cosmetic nit:
- rename isspace1() macro to the more appropriate rtld_isspace().

Discussed with: kib

- Switch to saving non-offseted pointer to TLS block in order too keep things simple

The libmap.conf initialization is performed before TLS is functional.
Since after r232498 the ctype macros require working access to
thread-local variables, rtld crashes when libmap.conf is present.

Use hand-made isspace1() macro which is enough to detect spaces in
libmap.conf.

Reported by: alc, lme, many on current@
Tested by: lme
Reviewed by: dim, kan
MFC after: 1 week

Add thread-local storage support for ARM to rtld-elf

Reviewed by: cognet
Obtained from: NetBSD

Add missed EOL when die() was converted to use rtld_fdputstr() instead
of errx().

Reported by: amdmi3
PR: bin/165075
MFC after: 3 days

Add handlers for TLS-related relocation entries

Remove debug output

Switch MIPS TLS implementation to Variant I

Fix debug output for MIPS part of rtld

Add support for GNU RELRO.

Submitted by: John Marino <draco marino st>
MFC after: 2 weeks

Remove unneeded dtv variable.

It is only assigned and not used at all. The object files stay identical
when the variables are removed.

Approved by: kib

Spelling fixes for libexec/

Implement fdlopen(3), an rtld interface to load shared object by file
descriptor.

Requested and tested by: des (previous version)
Reviewed by: des, kan (previous version)
MFC after: 2 weeks

Postpone the resolution of IRELATIVE relocations and IFUNC-targeted
relocations until tls is initialized and stacks permissions correctly
set. This allows the ifunc to call malloc(3) and some other heavy
services.

Add debug banner.

MFC after: 3 days

Additional icache paranoia: non-PLT relocations can modify the text segment.
It is then important to make sure the icache is synchronized again to
prevent (rare) random seg faults and illegal instructions.

MFC after: 3 days

Fix RTLD on PowerPC after r228435. Changing the order of init_pltgot()
caused the icache to be invalidated at the wrong time, resulting in
an icache full of nonsense in the PLT section.

_rtld_bind() read-locks the bind lock, and possible plt resolution
from the dispatcher would also acquire bind lock in read mode, which
is the supported operation. plt is explicitely designed to allow safe
multithreaded updates, so the shared lock do not cause problems.

The error in r228435 is that it allows read lock acquisition after the
write lock for the bind block. If we dlopened the shared object that
contains IRELATIVE or jump slot which target is STT_GNU_IFUNC, then
possible recursive plt resolve from the dispatcher would cause it.

Postpone the resolution for irelative/ifunc right before initializers
are called, and drop bind lock around calls to dispatcher. Use
initlist to iterate over the objects instead of the ->next, due to
drop of the bind lock in iteration.

For i386/reloc.c:reloc_iresolve(), fix calculation of the dispatch
function address for dso, by taking into account possible non-zero
relocbase.

MFC after: 3 weeks

Add support for STT_GNU_IFUNC and R_MACHINE_IRELATIVE GNU extensions to
rtld on 386 and amd64. This adds runtime bits neccessary for the use
of the dispatch functions from the dynamically-linked executables and
shared libraries.

To allow use of external references from the dispatch function, resolution
of the R_MACHINE_IRESOLVE relocations in PLT is postponed until GOT entries
for PLT are prepared, and normal resolution of the GOT entries is finished.
Similar to how it is done by GNU, IRELATIVE relocations are resolved in
advance, instead of normal lazy handling for PLT.

Move the init_pltgot() call before the relocations for the object are
processed.

MFC after: 3 weeks

Typo.

MFC after: 3 days

Fix fd leak.

Reported by: slonoman2011 yandex ru
MFC after: 1 week

- change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by: lstewart
Approved by: sahil (mentor)
MFC after: 3 days

Handle the R_386_TLS_TPOFF32 relocation, which is similar to R_386_TLS_TPOFF,
but with negative relocation value.

Found by: mpfr test suite, pointed to by ale
Reviewed by: kan
MFC after: 1 week

Setting up TLS block for the main thread must be done after the
relocations are processed, since tls initialization section might be
itself subject for relocations. Only set up of the block is postponed,
the tls block offsets are allocated before relocation processing, since
TLS-related relocations may need offsets ready.

Reported by: ale
PR: threads/161344
Reviewed by: kan
MFC after: 1 week

Restore the writing of the .bss sections of the dsos (not the main
executable) after r190885. The whole region for the dso is mmaped with
MAP_NOCORE flag, doing only mprotect(2) over .bss prevented it from
writing .bss to core files.

Revert the optimization of using mprotect(2) to establish .bss, overlap
the section with mmap(2).

Reported by: attilio
Reviewed by: attilio, emaste
Approved by: re (bz)
MFC after: 2 weeks

Use the proper dynamic tls block to calculate the tls variable address
in case tls data generation was updated.

PR: misc/160721
Submitted by: "Thinker K.F. Li" <thinker codemud net>
Tested by: flo
Approved by: re (bz)
MFC after: 1 week

Do not use the function pointers for the internal operation of rtld_printf()
functions. The _rtld_error() function might be called early during the rtld
bootstrap, in which case function pointers are not yet functional on ia64
due to required relocations not yet performed.

Reported, reviewed and tested by: marcel
Approved by: re (bz)

When libexec/rtld-elf/rtld.c is compiled with clang, the r_debug_state()
function (a hook necessary for gdb support), is inlined, but since the
function contains no code, no calls to it are generated. When gdb is
debugging a dynamically linked program, this causes backtraces to be
corrupted.

Fix it by marking the function __noinline, and inserting an empty asm
statement, that pretends to clobber memory. This forces the compiler to
emit calls to r_debug_state() throughout rtld.c.

Approved by: re (kib)

Rtld links with the specially built pic static libc library to get some
C runtime services, like printf(). Unfortunately, the multithread-safeness
measures in the libc do not work in rtld environment.

Rip the kernel printf() implementation and use it in the rtld instead of
libc version. This printf does not require any shared global data and thus
is mt-safe. Systematically use rtld_printf() and related functions, remove
the calls to err(3).

Note that stdio is still pulled from libc due to libmap implementaion using
fopen(). This is safe but unoptimal, and can be changed later.

Reported and tested by: pgj
Diagnosed and reviewed by: kan (previous version)
Approved by: re (bz)

Fix clang warnings.

Approved by: philip (mentor)

Compile RTLD with global dot symbols on 64-bit PowerPC, as a crutch for
GDB's ability to locate r_debug_state (which is actually the only function
that need be compiled this way).

rtld: eliminate double call to close(2) that may occur in load_object

The second close(2) call resulted in heisenbugs in some multi-threaded
applications where e.g. dlopen(3) call in one thread could close a file
descriptor for a file having been opened in other thread concurrently.

My litmus test for this issue was an openoffice.org build.

Reviewed by: jhb
MFC after: 2 weeks

- Add support for TLS relocations.
- Emitt an error when encountering an unsupported and in case of the
kernel also for unaligned relocations.
- Fix R_SPARC_LOX10 relocations. Apparently these are hardly ever used.

- Remove clause 3 and 4 from TNF licenses. [1]
- Add the _RF_X committed in r212998 also to the tables in the sparc64
reloc.c in order reduce differences between the kernel and the userland
source. This results in no functional change though.
- Fix further inconsistencies in the abbreviations of the names of the
relocations.
- Further whitespace fixes.

Obtained from: NetBSD [1]

Remove dead code that snuck in from the 32-bit PowerPC version of this
file. The error being checked for does not exist on 64-bit systems.

- With the addition of TLS support binutils started to make the addend
values for resolved symbols relative to relocbase instead of sections
so detect this case and handle as appropriate, which allows using
kernel modules linked with affected versions of binutils. Actually I
think this is a bug in binutils but given that apparently nobody
complained for nearly six years and powerpc has basically the same
workaround I decided to put it in for the sparc64 kernel, too.
- Fix R_SPARC_HIX22 relocations. Apparently these are hardly ever used.

- Consistently abbreviate the names of the relocations.
- End sentences with dots.
- Fix whitespace.

Remove a hack made obsolete by the binutils 2.17 merge.

Turn off default generation of userland dot symbols on powerpc64 now that
we have a binutils that supports it. Kernel dot symbols remain on to assist
DDB.

Use sigsetjmp/siglongjmp with disabled signal mask access for
lock upgrade in rtld. There is no need to care about the mask,
which causes a lot of unneeded sigprocmask(2) calls during each
symbol lookup.

Fix grammar in comment.

Pointy hat to: kib
MFC after: 1 week

Make ldd(1) work when versioned dependency file is cannot be loaded.
Instead of aborting in locate_dependency(), propagate the error to
caller. The rtld startup function does the right thing with an error
from rtld_verify_versions(), depending on the mode of operation.

Reported by: maho
In collaboration with: kan
MFC after: 1 week

Eliminate the use of symlook_needed function in favor of DAGS.

Place elements on DAG lists in breadth-first order. This allows us to
walk pre-built list in all cases where breadth-first dependency chain
enumeration is required.

Fix dlsym on special handle obtained by dlopen(NULL, ...) to do what
comment claims it does. Take advantage of recently added symlook_global
function to iterate over main objects and global DAGs lists properly in
search of a symbol. Since rtld itself provides part of the global
namespace, search rtld_obj too.

Remove recursion from init_dag and symlook_needed functions. Use
symlook_needed for ELF filtee processing only and change lookup order
used in the function to match the order used by Solaris runtime linker
under same circumstances. While there, fix weak symbol handling in the
loop so that we return the first weak symbol definition if no strong one
was found, instead of the last one.

Reviewed by: kib
MFC after: 1 month

Remove SuperH architecture from a comment as we do not support it.
Presumably it was leaked from NetBSD together with rtld-elf mips support.

Approved by: kib (mentor)
MFC after: 3 days

When loading dso without PT_GNU_STACK phdr, only call
__pthread_map_stacks_exec() on architectures that allow executable
stacks.

Reported and tested by: marcel (ia64)

Fix get_program_var_addr() when type of the resolved symbol is functional.
Use make_function_pointer then, otherwise ia64 is broken.

Reported and tested by: marcel

Add my copyright.

Discussed with: kan

Mark rtld on PowerPC as not requiring executable stack.

Reviewed and tested by: nwhitehorn

get_program_var_addr() must prefer the strong symbol to the weak
one. Search global objects, together with main object and
dependencies, for the requested symbol.

Move the common code from symlook_default() into new helper
symlook_global(), and use it both in symlook_global() and
get_program_var_addr().

Supply lock state to get_program_var_addr().

Reviewed by: kan
Tested by: Mykola Dzham <i levsha me>

In rtld, read the initial stack access mode from AT_STACKPROT as set
by kernel, and parse PT_GNU_STACK phdr from linked and loaded dsos.

If the loaded dso requires executable stack, as specified by PF_X bit
of p_flags of PT_GNU_STACK phdr, but current stack protection does not
permit execution, the __pthread_map_stacks_exec symbol is looked up
and called. It should be implemented in libc or threading library and
change the protection mode of all thread stacks to be executable.

Provide a private interface _rtld_get_stack_prot() to export the stack
access mode as calculated by rtld.

Reviewed by: kan

Add section .note.GNU-stack for assembly files used by 386 and amd64.

Sort -mno-(mmx|3dnow|sse|sse2|sse3) options consistently throughout the
tree.

Submitted by: arundel

On amd64 and i386, tell the compiler to refrain from generating SSE,
3DNow, MMX and floating point instructions in rtld-elf.

Otherwise, _rtld_bind() (and whatever it calls) could possibly clobber
function arguments that are passed in SSE/3DNow/MMX/FP registers,
usually floating point values. This can happen, for example, when clang
generates SSE code for memset() or memcpy() calls.

One symptom of this is sshd dying early on amd64 with "PRNG not seeded",
which is ultimately caused by libcrypto.so.6 calling RAND_add() with a
double parameter. That parameter is passed via %xmm0, which gets wiped
out by an SSE memset() in _rtld_bind().

Reviewed by: kib, kan

Remove '-elf' from build flags for libexec/rtld-elf for amd64 and i386.
ELF has been the default format for almost 12 years now.

Add support for R_PPC64_UADDR64 relocations.

Fix an error in the ABI in rtld_bind_start(). When passing arguments to a
C function, the caller's stack frame must have room to store all of the
arguments to that function. While here, fix stack frame alignment issues.

Without this change, the compiler will save r3 and r4 into the caller's
stack frame before calling setjmp() in _rtld_bind(). These would then
overwrite arguments to the newly-bound function, causing eventual failures.

Fix an apparent cop-and-paste mistake in previous commit.

This makes dlsym(RTLD_DEFAULT) work properly again.

Implement support for ELF filters in rtld. Both normal and auxillary
filters are implemented.

Filtees are loaded on demand, unless LD_LOADFLTR environment variable
is set or -z loadfltr was specified during the linking. This forces
rtld to upgrade read-locked rtld_bind_lock to write lock when it
encounters an object with filter during symbol lookup.

Consolidate common arguments of the symbol lookup functions in the
SymLook structure. Track the state of the rtld locks in the
RtldLockState structure. Pass local RtldLockState through the rtld
symbol lookup calls to allow lock upgrades.

Reviewed by: kan
Tested by: Mykola Dzham <i levsha me>, nwhitehorn (powerpc)

Add a hook to pass debug flags to the build of rtld when doing make in
the rtld directory.

Reviewed by: kan

If dlclose() is called recursively from a _fini() function, the inner
dlclose() call may unload the object of the outer call prematurely
because objects are unreferenced before _fini() calls.

Fix this by unreferencing objects after calling objlist_call_fini() in
dlclose(). Therefore objlist_call_fini() now calls the fini function if
the reference count of an object is 1. In addition we must restart the
list_fini traversal after every _fini() call because another dlclose()
call might have modified the reference counts.

Add an XXX comment to objlist_call_fini() about possible race with
dlopen().

PR: 133246, 149464
Reviewed by: kan, kib

Use -fPIC to build libexec/rtld-elf on sparc64, so it will also be able
to link with newer binutils, without overflowing the GOT.

Obtained from: projects/binutils-2.17

In r214728, if dlopen() is called for the object that has been already
loaded as a dependency and marked -z nodlopen, object' DAG is already
initialized by load_needed_objects(). Due to this, the init_dag() call
from dlopen() does not increment refcount for the object [1].

Change init_dag() to not increment DAG refcount. Require explicit calls
to ref_dag() to increment, and assert that ref_dag() and unref_dag()
are called for root that has dag initialized. To fix the noted issue,
unconditionally call both init_dag() and ref_dag() in dlopen() for the
case when the object was already loaded, making it similar to the case
of newly loaded object.

Noted by: jh [1]
Reviewed by: jh, kan
MFC after: 6 days

Fix style.

MFC after: 6 days

If dlopen() is called for the dso that has been already loaded as a
dependency, then the dso never has its DAG initialized. Empty DAG
makes ref_dag() call in dlopen() a nop, and the dso refcount is off
by one.

Initialize the DAG on the first dlopen() call, using a boolean flag
to prevent double initialization.

From the PR (edited):
Assume we have a library liba.so, containing a function a(), and a
library libb.so, containing function b(). liba.so needs functionality
from libb.so, so liba.so links in libb.so.

An application doesn't know about the relation between these libraries,
but needs to call a() and b(). It dlopen()s liba.so and obtains a
pointer to a(), then it dlopen()s libb.so and obtains a pointer to b().

As soon as the application doesn't need a() anymore, it dlclose()s liba.so.

Expected result: the pointer to b() is still valid and can be called
Actual result: the pointer to b() has become invalid, even though the
application did not dlclose() the handle to libb.so. On calling b(), the
application crashes with a segmentation fault.

PR: misc/151861
Based on patch by: jh
Reviewed by: kan
Tested by: Arjan van Leeuwen <freebsd-maintainer opera com>
MFC after: 1 week

Unbreak ia64.

With r169630 I disabled symbol versioning because it broke rtld. With
r211706 rtld got broken for ia64 & powerpc64. It was fixed for powerpc64
with r212497. In between, r211749 removed the exports table because the
version script handled the exports. But wait, symbol versioning was
disabled on ia64.

With exports controlled by the version script and symbol versioning
disabled, all symbols are exported and too many symbols bind to the
definition in rtld. Let's just say that waird things happen.

So, enable symbol versioning on ia64 and apply a work-around for the
SIGSEGV that triggered r169630 to begin with: when rtld relocates
itself, it comes across r_debug_state and for some reason can't find the
definition. This causes a failure, relocation aborts and null pointers
galore. The work-around is to ignore the missing definition when rtld
is relocating itself and keep going.

Maybe with the next binutils this will all go away. Maybe not, in
which case I still need to figure out why r_debug_state cannot be found.

BTW: r_debug_state is in the symbol map -- I don't think any other rtld
symbols that rtld references are in the symbol map...

mdoc: drop redundant .Pp and .LP calls

They have no effect when coming in pairs, or before .Bl/.Bd

Fix two subtle problems in PPC32 RTLD. The first is a concurrency issue
where long PLT calls in multi-threaded environments could end up with
incorrect jmptab values. The second is that, after the addition of extended
PLT support, I forgot to update the PLT icache synchronization code to cover
the extended PLT instead of just the basic PLT.

MFC after: 10 days

Check for undefined weak symbols during PLT binding on powerpc64, and do
not attempt to copy NULL function descriptors. This fixes LD_BIND_NOW on
powerpc64 after r211706.

Reviewed by: kib

Make RTLD work on powerpc64 again. If there is a sub-directory named
MACHINE_ARCH, use that specific one, otherwise use MACHINE_CPUARCH.

Reviewed by: imp

Remove exports table. Export control by the version script is enough.

Reviewed by: kan
MFC after: 3 weeks

MFtbemd:

Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.

On shared object unload, in __cxa_finalize, call and clear all installed
atexit and __cxa_atexit handlers that are either installed by unloaded
dso, or points to the functions provided by the dso.

Use _rtld_addr_phdr to locate segment information from the address of
private variable belonging to the dso, supplied by crtstuff.c. Provide
utility function __elf_phdr_match_addr to do the match of address against
dso executable segment.

Call back into libthr from __cxa_finalize using weak
__pthread_cxa_finalize symbol to remove any atfork handler which
function points into unloaded object.

The rtld needs private __pthread_cxa_finalize symbol to not require
resolution of the weak undefined symbol at initialization time. This
cannot work, since rtld is relocated before sym_zero is set up.

Idea by: kan
Reviewed by: kan (previous version)
MFC after: 3 weeks

Introduce implementation-private rtld interface _rtld_addr_phdr, which
fills struct dl_phdr_info for the shared object that contains the
specified address, if any.

Idea and reviewed by: kan
MFC after: 3 weeks

Provide the starting image with the pointer to ELF aux vector. It is
written into the __elf_aux_vector variable, if the symbol is present.

Idea from: kan
Tested by: marius (sparc64)
MFC after: 1 month

Use the newly provided aux vectors to get pagesize and osreldate information.
Use local version of getpagesize(), rtld_getpagesize() in private allocator.
Override the __getosreldate() previously fetched from libc_pic.a with
local version that uses aux value if present. Note that __getosreldate()
is used by rtld indirectly, by mmap(2) libc wrapper.

To be able to utilize aux, split digest_dynamic() for use by init_rtld()
into two parts, where the first one does not call malloc(), and the
second part uses it. init_rtld() is able to initialize global variables
before digest_dynamic2() calls. In particular, pagesize and osreldate are
set up from the aux values.

Now, rtld avoids (two) sysctl calls in startup.

Tested by: marius (sparc64)
MFC after: 1 month

Add parentheses around the argument 'x' used in the __bswapXX(x) macros. Revert
r211130 in favor of this more general fix.

This fixes a compilation error for mips 64-bit little endian build.
libexec/rtld-elf/mips/reloc.c:196: warning: right shift count >= width of type

Suggested by: stefanf, jchandra, bde

Fix compilation error for 64-bit little endian build:
libexec/rtld-elf/mips/reloc.c:196: warning: right shift count >= width of type

When the expression '(r_info) >> 32' was passed to bswap32() it was promptly
changed to '(uint32_t)(r_info) >> 32' which is not what we intended.

64 bit support for MIPS rtld.

- Handle the case where pltgot[1] is 64 bit.
- use 'ifdef __mips_n64' instead of 'ELFSIZE == 64' to detect 64 bit compile.

RTLD support for powerpc64. A few small modifications to the Makefile
and symbol map are required to support various consequences of the dot
symbol scheme:

- Symbols beginning with a dot are reserved, so start private symbols with
an underscore.
- In order to set RTLD breakpoints, gdb must be able to locate the text
entry point, not the data section function descriptor, so add
.r_debug_state to the symbol map on powerpc64.

Obtained from: projects/ppc64

Revert r209544. It papers over a binutils bug, and is not even a reliable
fix for it.

The bug occurs when using the --as-needed flag to ld in the presence of
synthetic linker-generated symbols that reference symbols defined in
linked-to shared libraries with versioned symbols. When the only symbols
used from a library fall into this category, ld will drop the DT_NEEDED
entry for it, but retain the versioning information. This bug is best
fixed/hacked around in binutils, not in rtld.

Discussed with: kan

Ignore versioned dependencies on shared objects to which we do not link.
This fixes an error with files like this created by GNU ld under certain
circumstances.

Merge jmallett@'s n64 work into HEAD - changeset 3

Update rtld MIPS code to use assembly macros that work on o32/n64.

Changes from http://svn.freebsd.org/base/user/jmallett/octeon

Approved by: rrs(mentor), jmallett

Plug possible memory leak.

Found by: Coverity
MFC after: 2 weeks

Only use the cache after the early stage of loading. This is
because calling mmap() etc. may use GOT which is not set up
yet. Use calloc() instead of mmap() in cases where this
was the case before (sparc64, powerpc, arm).

Submitted by: Dimitry Andric (dimitry andric com)
Reviewed by: kan
Approved by: ed (mentor)

- Remove const'ness from dlerror(3) prototype, for consistency with POSIX.

Approved by: cognet
MFC after: 1 week

Updated rtld for n32 support.

Submitted by: jmallet@
Obtained from: NetBSD

Support the extended PLT format used when objects have more than 8192
PLT relocations on PPC32.

The NetBSD Foundation has granted permission to remove clauses 3 and 4.

Obtained from: NetBSD

Improve TLS variant I:
o Use obj->tlsinitsize to determine whether there's initialized data.
o If obj->tlssize > obj->tlsinitsize, then bzero uninitialized data.
o Don't exclude variant I from the work-around in free_tls_offset().

Make WARNS=6 the default for libexec/.

Just like bin/ and sbin/, I think setting WARNS to the highest value
possible will make it more attractive for people to fix warnings.

- The WARNS variable is set in the Makefile in the directory of the
application itself, making it more likely that it will be removed out
of curiosity to see what happens.
- New applications will most likely build with WARNS=6 out of the box,
because the author would more likely fix the warnings during
development than lower WARNS.

Unfortunately almost all apps in libexec require a lowered value of
WARNS.

Fix local root vulnerability.

Security: Advisory will be coming soon.
X-MFC-After: 30 seconds

Allow to load not-openable dso when tracing. This fixes ldd on such dso or
dso linked to non-openable object.
Remove '\n' at the end of error message.
End comments with dot.

MFC after: 3 weeks (together with r199829)

Implement rtld part of the support for -z nodlopen (see ld(1)).

Reviewed by: kan
MFC after: 3 weeks

Flag controlling origin expansion in DT_FLAGS is DF_ORIGIN, not DF_1_ORIGIN.

Reviewed by: kan
MFC after: 3 days

Fix white space in rtld runtime error printf.

MFC after: 3 days

Calculate relocation base for the main object, and apply the relocation
adjustment for all virtual addresses encoded into the ELF structures of
it. PIE binary could and should be loaded at non-zero mapbase.

For sym_zero pseudosymbol used as a return value from find_symdef()
for undefined weak symbols, st_value also should be adjusted, since
_rtld_bind corrects symbol values by relocbase.

Discussed with: bz
Reviewed by: kan
Tested by: bz (i386, amd64), bsam (linux)
MFC after: some time

In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file. As all other I/O on the binary
is done using mmap(), this avoids the need for seek privileges on the
file descriptor during run-time linking.

MFC after: 1 month
Sponsored by: Google

Implement RTLD_NOLOAD flag for dlopen(3).

Requested and tested by: jkim
Reviewed by: kan
Approved by: re (kensmith)

Only perform .bss mapping and cleaning operations when segment file size
is not equal to its memory size.

This eliminates unneeded clearing of the text segment that often
happens due to text end not being page-aligned.

For instance,
$ readelf -l /lib/libedit.so.6
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x139e1 0x139e1 R E 0x1000
LOAD 0x014000 0x00014000 0x00014000 0x00f04 0x00f14 RW 0x1000
DYNAMIC 0x014cc4 0x00014cc4 0x00014cc4 0x000d0 0x000d0 RW 0x4
$ procstat -v $$ (for /bin/sh)
68585 0x28097000 0x280aa000 r-x 6 0 21 14 CN vn /lib/libedit.so.6
68585 0x280aa000 0x280ab000 r-x 1 0 1 0 CN vn /lib/libedit.so.6 <==
68585 0x280ab000 0x280ac000 rwx 1 0 1 0 CN vn /lib/libedit.so.6
Note the splitted map entry marked by '<=='.

Reviewed by: kan
Approved by: re (kensmith)
MFC after: 1 month

Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by: kib
Approved by: re (kib)

Back out previous revision until better tested fix is ready.

Approved by: re (impliciti, by approving previos check-in)

Eliminate .text relocations in shared libraries compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.

Reviewed by: kib
Approved by: re (kensmith)

Fix a typo in the same comment, one line below.

Submitted by: bf1783 googlemail com

Fix typo in comment.

Submitted by: Christoph Mallon

Allow order of initialization of loaded shared objects to be
altered through their .init code. This might happen if init
vector calls dlopen on its own and that dlopen causes some not
yet initialized object to be initialized earlier as part of that
dlopened DAG.

Do not reset module reference counts to zero on final fini vector
run when process is exiting. Just add an additional parameter to
force fini vector invocation regardless of current reference count
value if object was not destructed yet. This allows dlclose called
from fini vector to proceed normally instead of failing with handle
validation error.

Reviewed by: kib
Reported by: venki kaps

FreeBSD returns main object handle from dlopen(NULL, ...) calls.
dlsym seaches using this handle are expected to look for symbol
definitions in all objects loaded at the program start time along
with all objects currently in RTLD_GLOBAL scope.

Discussed with: kib
Reported by: Maho NAKATA
MFC after: 2 weeks

Increase the size of the static TLS area slightly (required for the NVidia's
OpenGL driver on amd64).

Prefer <sys/param.h> to <machine/param.h> for the definition of
CACHE_LINE_SIZE.

Submitted by: bde
MFC after: 2 weeks

Explicitly include machine/param.h for CACHE_LINE_SIZE.

MFC after: 2 weeks

Now that the kernel defines CACHE_LINE_SIZE in machine/param.h, use
that definition in the custom locking code for the run-time linker
rather than local definitions.

Pointed out by: tinderbox
MFC after: 2 weeks

Currently, when mapping an object, rtld reserves the whole address space
for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it maps other
segments at the appropriate addresses inside the region.

On amd64, due to default alignment of the segments being 1Gb, the
subsequent segment mappings leave the holes in the region, that usually
contain mapping of the object' file past eof. Such mappings prevent
wiring of the address space, because the pages cannot be faulted in.

Change the way the mapping of the ELF objects is constructed, by first
mapping PROT_NONE anonymous memory over the whole range, and then
mapping the segments of the object over it. Take advantage of this new
order and allocate .bss by changing the protection of the range instead
of remapping.

Note that we cannot simply keep the holes between segments, because
other mappings may be made there. Among other issues, when the dso is
unloaded, rtld unmaps the whole region, deleting unrelated mappings.

The kernel ELF image activator does put the holes between segments, but
this is not critical for now because kernel loads only executable image
and interpreter, both cannot be unloaded. This will be fixed later, if
needed.

Reported and tested by: Hans Ottevanger <fbsdhackers beasties demon nl>
Suggested and reviewed by: kan, alc

Update comment to the reality, rtld supports any number of loadable segments.
Fix spacing.

Reviewed by: kan

Allow the NULL, RTLD_SELF and RTLD_NEXT handles to work with dlfunc(3).
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.

To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.

Reported, analyzed and tested by: Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by: kan

Document RTLD_NODELETE, -z nodelete and -z origin support.

Implement support for RTLD_NODELETE flag for dlopen() and -z nodelete
static linker option. Do it by incrementing reference count on the loaded
object and its dependencies.

Reviewed by: davidxu, kan

Do not dereference NULL pointer. refobj is NULL for the objects that are
preloaded.

Reported and tested by: ed

Support for a new environment variable, LD_ELF_HINTS_PATH for overriding
the rtld hints file. This environment variable would be unset if the
process is considered as tainted with setuid/setgid. This feature gives
a convenient way of using a custom set of shared library that is not
located in the default location and switch back.

Feature requested by: iXsystems
Original patch by: John Hixson
MFC after: 2 weeks

Implement the dynamic string token substitution in the rpath and
soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens
are supported. Enabling the substitution requires DF_ORIGIN flag in
DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin
gnu ld flag. Translation is unconditionally disabled for setuid/setgid
processes.

The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied
by kernel.

Requested by: maho
Tested by: maho, pho
Reviewed by: kan

Fix build when WITH_SSP is set explicitly.

Submitted by: Jeremie Le Hen

Provide custom simple allocator for rtld locks in libthr. The allocator
does not use any external symbols, thus avoiding possible recursion into
rtld to resolve symbols, when called.

Reviewed by: kan, davidxu
Tested by: rink
MFC after: 1 month

Add two rtld exported symbols, _rtld_atfork_pre and _rtld_atfork_post.
Threading library calls _pre before the fork, allowing the rtld to
lock itself to ensure that other threads of the process are out of
dynamic linker. _post releases the locks.

This allows the rtld to have consistent state in the child. Although
child may legitimately call only async-safe functions, the call may
need plt relocation resolution, and this requires working rtld.

Reported and debugging help by: rink
Reviewed by: kan, davidxu
MFC after: 1 month (anyway, not before 7.1 is out)

This code has no copyright. It is fairly obvious to me that we're a
derivitive of NetBSD's mips_reloc.c, so pull in the copyright notice
from there.

Also, a minor tweak to load/store pointers. Other changes from NetBSD
likely would be useful too...

Obtained from: NetBSD

MFp4: Fix a bug in the mips relocation code that prevents shared images
from working.

From p4 filelog of the upstream file in p4

//depot/projects/mips2-jnpr/src/libexec/rtld-elf/mips/reloc.c
... #6 change 140737 edit on 2008/04/27 by gonzo@gonzo_jeeves (text+ko)

o Looks like handler for R_MIPS_REL32 brought by CS 137942
is broken for tradmips. Code from NetBSD's
libexec/ld.elf_so/arch/mips/mips_reloc.c works just fine.

... #3 change 137942 edit on 2008/03/17 by rrs@rrs-mips2-jnpr (text+ko)

Any relocation symbol lookup if its 0. It looks like
this is the way the compiler indicates you need to
look in another shared library. When we hit these
as we relocate a object we will do the symbol
lookups and setup the relocation table with the
right value.

Submitted by: rrs@, gonzo@

Allow strong symbols to override weak ones for lookups done through
dlsym with RTLD_NEXT/RTLD_SELF handles.

Allow symbols from ld-elf.so to be located this way too.

Based on report and original patch from sobomax@.

Allow multiple locks to be acquired by detecting corresponding
bit flag, otherwise if a thread acquired a lock, another thread
or the current thread itself can no longer acquire another lock
because thread_mask_set() return whole flag word, this results
bit leaking in the word and misbehavior in later locking and
unlocking.

Make sure internal rtld malloc routines are not called from unlocked
contexts as rtld's malloc is not thread safe and is only supposed to be
called with exclusive bind lock already held.

The originating PR submitted a patch on top of different pre-requisite
workaroud for unsafe dlopen calls, and the patch was midief slighlty to apply
to stock sources for the purpose of this commit. Running rtld malloc from
unlocked contexts is a bug on its own.

PR: 126950
Submited by: Oleg Dolgov

Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by: Jeremie Le Hen <jeremie@le-hen.org>

Make the meaning of the %A format specifier, as passed to
LD_TRACE_LOADED_OBJECTS_FMT[12], more obvious for users like me.

Fix the problem with the C++ exception handling for the multithreaded
programs.

From the PR description:
The gcc runtime's _Unwind_Find_FDE function, invoked during exception
handling's stack unwinding, is not safe to execute from within multiple
threads. FreeBSD' s dl_iterate_phdr() however permits multiple threads
to pass through it though. The result is surprisingly reliable infinite
looping of one or more threads if they just happen to be unwinding at
the same time.

Introduce the new lock that is write locked around the dl_iterate_pdr,
thus providing required exclusion for the stack unwinders.

PR: threads/123062
Submitted by: Andy Newman <an at atrn org>
Reviewed by: kan
MFC after: 2 weeks

MFp4: Add mips support for dynamic linking.

This code came from the merged mips2 and Juniper mips repositories.
Warner Losh, Randall Seager, Oleksandr Tymoshenko and Olivier Houchard
worked to merge, debug and integrate this code. This code may also
contain code derived from NetBSD.

For un-prototyped static inline functions declared in pthread_md.h on
sparc64, use ANSI function headers and specifically indicate the lack of
arguments with 'void'. Otherwise, warnings are generated at WARNS=3 for
libkse, leading to a compile failure with -Werror.

Include an extra header to get a function prototype.

- Fix the handling of R_SPARC_OLO10, which is a bit of a special case
in the way we implement handling of relocations.
As for the kernel part this fixes the loading of lots of modules,
which failed to load due to unresolvable symbols when built after
the GCC 4.2.0 import. This wasn't due to a change in GCC itself
though but one of several changes in configuration done along the
import. Specfically, HAVE_AS_REGISTER_PSEUDO_OP, which causes GCC
to denote global registers used for scratch purposes and in turn
GAS uses R_SPARC_OLO10 relocations for, is now defined.
While at it replace some more ELF_R_TYPE which should have been
ELF64_R_TYPE_ID but didn't cause problems so far.
- Sync a sanity check between kernel and rtld(1) and change it to be
maintenance free regarding the type used for the lookup table.
- Sprinkle const on lookup tables.
- Use __FBSDID.

Reported and tested by: yongari
MFC after: 5 days

Unbreak the dynamic linker by not creating a cache for rtld-elf
itself. It needs mmap(2), which now needs getosreldate(3) and
which in turn uses a global variable to cache the result. This
cannot be done before linking is done.

See also: ../sparc64/reloc.c:1.15
Approved by: re (kensmith)

Cache does not serve any purpose when rtld is relocating itself, do
not bother allocating one.

Submitted by: kan
Approved by: re (bmah)

Add r_debug_state to the list of symbols exported from rtld. GDB needs to
be able to find it in order to trap shared library events from rtld.

Approved by: re (rwatson)

Update the man page to reflect that certain variables will be unset in
the case that the program is set-user-ID or set-group-ID. Add missing
annotations for LIBMAP and LIBMAP_DISABLE.

In the event a process is tainted (setuid/setgid binaries), un-set any
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.

This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.

Discussed on: secteam
Reviewed by: cperciva
PR: kern/109836
MFC after: 2 weeks

Don't enable symbol versioning on ia64 for now. It causes
symbol lookup failures that later result in null-pointer
dereferences. This needs looking into, but since we're
close to release it's possible that it's not resolved before
that time.

We don't need --export-dynamic for ld-elf.so.1, because it's a
shared object.

Enable symbol versioning by default. Use WITHOUT_SYMVER to disable it.
Warning, after symbol versioning is enabled, going back is not easy
(use WITHOUT_SYMVER at your own risk).

Change the default thread library to libthr.

There most likely still needs to be a version bump for at least the
thread libraries. If necessary, this will happen later.

Remove %m formatter, it's ifdef 0'ed in the code from the very beginning

MFC after: 1 week

Expand documentation for LD_TRACE_LOADED_OBJECTS_FMT? variables

PR: docs/66265 (inspired by)
Submitted by: Michel Lavondes <fox@vader.aacc.cc.md.us>
MFC after: 1 week

Fix a TLS memory leak.

PR: threads/112297
MFC: 1 week

Catch up with the private namespace change (s/FBSDprivate/FBSDprivate_1.0).

Retire rtld-specific Versions.def. Symbols exported by rtld are supposed
to override weak symbols exported by libc, so by definition these two
are using the same symbol version names.

Reflect the reality by referring to libc's Versions.def directly.

Give the private version namespace a number to match libc.

Use C comments since we now preprocess these files with CPP.

Bring rtld exports in line with corresponding symbols exported from
libc.

Disable SYMVER_DEFAULT n rtld until its implications are understood
better.

Remove reference to FBSDprivate version. We do not use it in this
module yet.

Catch up on rtld's special status. Since it does not appear on
main object list, its versioning information needs to be examined
separately.

This hopefully fixes problems that people running with SYMVER_ENABLED
are experiencing.

Prepare rtld for symbol versioning. Disable it by default for now.

Implement dl_iterate_phdr function.
Convert boolean flags in internal Obj_Entry structure into bitfields.
Properly check for loaded segment alignment in map_object.

Use u_int for variable manipulated by atomic ops to match atomic
ops function prototypes.

Document LD_UTRACE.

MFC after: 3 days

Add various utrace's for use with ktrace to the ELF runtime linker. To
activate the traces, set the LD_UTRACE (or LD_32_UTRACE) environment
variable. This also includes code in kdump(8) to parse the traces.

Reviewed by: kan, jdp
MFC after: 2 weeks

Fix TLS on sparc64 for statically and dynamically linked binaries
Approved by: rwatson (mentor)
Reviewed by: jmg and marcel

Clean up white spaces and fix style(9).

Fix the buggy rev. 1.117. dagmembers are only initialized for dlopen'ed
dso that are actually loading. If dso a.so depends on b.so, then dlsym
with handle from dlopen("b.so") will fail unconditionally.

Correct implementation shall use the Obj_Entry.needed list to walk
dependencies DAG.

Test provided by: jkim
Tested (prev. version) by: jkim, Nicolas Blais <nb_root at videotron ca>, h.blanke at chello nl
Pointy hat to: kib
Approved by: kan (mentor)

Markup fixes.

When looking up the symbol by dlsym, look it not only in the object
given as dso handle, but also in the implicit dependencies of that dso.

Also, const-ify the read-only parameter objlist of symlook_list.

Reported by: "Simon 'corecode' Schubert" <corecode at fs ei tum de>
Approved by: kan (mentor)
X-MFC-After: 6.2

Fix the variant I allocation for KSE: Allow a larger TCB and assume
that the documented TCB is at the tail of the extended TCB. In other
words, the base of the TCB has a negative offset from the TLS.

o Fix the static TLS relocation. We were subtracting the size of
the TCB.
o Use NULL for null pointer argument.
o Replace magic 8 with TLS_TCB_SIZE.

Use NULL for null-pointer argument.

Replace magic 16 with TLS_TCB_SIZE.

Prevent dead code elimination for the TP assignmient by using inline
assembly.

Remove alpha left-overs.

In symlook_obj(): fix _rtld_error output.

MFC After: 2 weeks

*thwack*! all the world's not i386.

Pointy hat to: des

Don't use dbg if it isn't defined (such as when this file is used by
code outside of rtld-elf)

Use C99's varadic macro syntax instead of gcc's.

Er, forgot to clear tls space to zero for Variant II.

Allocate space for thread pointer, this allows thread library to access
its pointer from begin, and simplifies _get_curthread() in libthr.

- Document LD_32_* environment variables
- Mention 32-bit files in FILES section

MFC after: 1 week

Fix a malloc overrun in 32-bit compat libmap lookup code.

s/DT_IA64_PLT_RESERVE/DT_IA_64_PLT_RESERVE/

s/R_IA64_/R_IA_64_/

s/R_IA64_/R_IA_64_/g as per the ia64 psABI.

In preparation for a new malloc implementation:

* Add posix_memalign().

* Move calloc() from calloc.c to malloc.c. Add a calloc() implementation in
rtld-elf in order to make the loader happy (even though calloc() isn't
used in rtld-elf).

* Add _malloc_prefork() and _malloc_postfork(), and use them instead of
directly manipulating __malloc_lock.

Approved by: phk, markm (mentor)

Make lookups for relocations from old unversioned binaries return
oldest versioned symbol available. Do not accept hidden symbols for
all other versions.

Use "<obj->path>: <error message>" for all error messages in new
functions to make them more consistent.

Remove debugging statement that slipped into lone of the previous commits
unintentionally.

Initialize object dagmembers list before checking version dependencies.

Implement ELF symbol versioning using GNU semantics. This code aims
to be compatible with symbol versioning support as implemented by
GNU libc and documented by http://people.redhat.com/~drepper/symbol-versioning
and LSB 3.0.

Implement dlvsym() function to allow lookups for a specific version of
a given symbol.

Make our ELF64 type definitions match standards. In particular this
means:
o Remove Elf64_Quarter,
o Redefine Elf64_Half to be 16-bit,
o Redefine Elf64_Word to be 32-bit,
o Add Elf64_Xword and Elf64_Sxword for 64-bit entities,
o Use Elf_Size in MI code to abstract the difference between
Elf32_Word and Elf64_Word.
o Add Elf_Ssize as the signed counterpart of Elf_Size.

MFC after: 2 weeks

Explicitly cast ELF_R_TYPE() to the right type.

Fix a bug in dlinfo(RTLD_DI_SERINFOSIZE) requests. For each search path
we included the length of the path in the returned size but not the length
of the associated Dl_serpath structure. Without this fix, programs
attempting to allocate a structure to hold the search path information
would allocate too small of a buffer and rtld would overrun the buffer
while filling it via a subsequent RTLD_DI_SERINFO request.

Submitted by: "William K. Josephson" wkj at morphisms dot net
Reviewed by: jdp
MFC after: 2 weeks

Clean out the leftovers from the i386_set_gsbase() TLS conversion.

Like on libthr, there is an i386_set_gsbase() stub implementation here
to avoid libc.so.5 issues. This should likely be a weak symbol and I
expect this will be fixed soon.

Approved by: re

Removed trailing whitespace.

Approved by: re (blanket)

MFNetBSD: src/libexec/ld.elf_so/arch/sparc64/mdreloc.c 1.26 (partial)

Fix an obvious bug in the 64-bit PLT fixup: the SLLX was by 12 bits, when
it should be 32.

MFC after: 1 month

Fix the load64 and store64 macros, created to handle 8-byte unaligned
loads and stores (resp.) The ldq_u and stq_u instruction mask off the
lower 3 bits of the final address before loading from or storing to
the address, so as to avoid unaligned loads and stores. They do not
themselves allow loads from or stores to unaligned addresses. Replace
the macro definitions by a packed struct dereference.

Submitted by: Richard Henderson (rth at twiddle dot net)

Align the stack to a 16 byte boundary before calling _rtld so that we can
safely initialise shared libraries that use SSE in their init sections.

MFC After: 1 week

Fix compilation problem.

Stop calling _amd64_set_gsbase() for COMPAT_32BIT. The amd64 kernel
implements i386_set_gsbase(), so there is no need for the variation.

Attempt to use i386_set_gsbase(), and gracefully fall back to LDT methods
if the direct access methods are not implemented.

No need to provide atomic_cmpset_32() anymore.

When allocating TLS and DTV, make sure that any unused slots in the DTV
are initialised to zero. When freeing TLS, don't attempt to free DTV
slots which were not used.

Pointed out by: Joerg Sonnenberger
X-MFC-After: After the branch, probably

If "dangerous" environment variables (LD_PRELOAD, LD_LIBMAP,
LD_LIBMAP_DISABLE, LD_LIBRARY_PATH) are used, then make sure the
libraries being loaded aren't on a noexec-mounted filesystem.

This is a compromise position: I'm assuming that nobody will be silly
enough to set the noexec mount flag on part of the default library
path, in order to avoid adding extra overhead into the common case
(where those environment variables aren't used).

Discussed with: csjp, secteam
MFC after: 1 week

Add locking code for tls routines.

Attempt to free any static TLS space used by a shared library when it
is unloaded. This allows applications which load and unload libraries
like libGL.so.1 several times to work properly.

MFC after: 2 days

Only provide the dummy, non-atomic atomic_cmpset_32() if
ARM_HAS_ATOMIC_CMPSET_32 isn't defined.

Description from Dan:

Another handy libmap patch. Lets you do stuff like this:

LD_LIBMAP="libpthread.so.1=libthr.so.1" mythreadedapp

If you already have a program-specific override in libmap.conf, note
that you must use a program-specific override in LD_LIBMAP:

LD_LIBMAP="[mythreadedapp],libpthread.so.1=libthr.so.1" mythreadedapp

PR: bin/74471
Submitted by: Dan Nelson <dnelson AT allantgroup.com>
MFC after: 2 weeks

style(9)

Implement a dummy atomic_cmpset_32(). It should be safe to use it in rtld as
the signals are masked anyway.

Remove 80386 support from the ELF run time linker.

So do it like we do in usr.bin/tip/tip/Makefile. ;)

Revert previous commit. As ru explains:

In the old world (as the surrounding comment in makefile says), there
was the /usr/libexec/ld-elf.so.1 binary which is now a symlink to
/libexec/ld-elf.so.1. To symlink, we need to make sure that the
_target_ (and the target is /usr/libexec/ld-elf.so.1) doesn't have
"schg" flag set. A real solution is to protect the chflags call only if
target exists, like we do in usr.bin/tip/tip/Makefile.

Requested by: ru

Avoid an (ignored) error by invoking chflags on the link target, not the
symlink.

PR: kern/73016
Submitted by: John E. Hein <jhein@timing.com>
MFC after: 1 week

Remove these unused files before any other archs include the same bogus
file.

The 32 bit compatability ld-elf32.so.1 cannot use i386_set_ldt() when
running on an amd64 kernel. Use the recently exposed direct %fs/%gs set
routines instead for the TLS setup of 32 bit binaries.

Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by: oliver

Implement TLS relocations for powerpc.

Approved by: grehan (mentor)

Do the TLS offset allocations before relocations, as otherwise there
can be overlap in the TLS offsets, if the relocations are done in a
certain order.

Approved by: dfr, grehan (mentor)

For variables that are only checked with defined(), don't provide
any fake value.

Don't try to relocate the dynamic loader in reloc_non_plt(). It has already
been done before.

Use add instead of saving the sp in a register.

Add stubs for TLS.
Arbitraly choose the 2nd variant until I figure out which one I should use.

Add stubs for powerpc TLS.

Submitted by: ssouhlal

Add support for Thread Local Storage.

Consistently use __inline instead of __inline__ as the former is an empty macro
in <sys/cdefs.h> for compilers without support for inline.

Fix the problem that surfaced with the new binutils import on sparc64
(and that is for now being worked around by a binutils patch).

The rtld code tested &_DYNAMIC against 0 to see whether rtld itself
was built as PIC or not. While the sparc64 MD code did not rely
on the preset value of the GOT slot for _DYNAMIC any more due
to previous binutils changes, it still used to not be 0, so
that this check did work. The new binutils do however initialize
this slot with 0. As a consequence, rtld would not properly initialize
itself and crash.
Fix that by introducing a new macro, RTLD_IS_DYNAMIC, to take the role
of this test. For sparc64, it is implemented using the rtld_dynamic()
code that was already there. If an architecture does not provide its
own implementation, we default to the old check.

While being there, mark _DYNAMIC as a weak symbol in the sparc64
rtld_start.S. This is needed in the LDSCRIPT case, which is however
not currently supported for want of an actual ldscript.

Sanity checked with md5 on alpha, amd64, i386 and ia64.

This comment should have been removed in the previous commit.

Spotted out by: marcus, simon

Woohoo !
the latest binutils import mades this gross hack useless, so just remove it.

give out a little more information in case of a missing dependency

PR: 56549
Submitted by: edwin
Reviewed by: joerg, ru
Approved by: joerg
MFC after: 2 weeks

Support basename and path based constrained matches.

eg:
[foo]
...

matches any executable 'foo'

[/usr/bin/foo/]
...

matches any executable under the directory /usr/bin/foo/

Exact matches continue to function as before.

PR: bin/66769
Submitted-by: Dan Nelson

Work around a problem somewhere with binutils (?) on arm, hopefully without
breaking any other arch this time.

Fix breakage caused by alphabetically sorting SRCS: rtld_start.S must come first!
The previous version made all shared binaries dump core.

Import arm bits for rtld-elf.

Obtained from: NetBSD

If we change obj_rtld.path after initialising __progname, make sure we
change __progname to point at the new storage otherwise it ends up
pointing at freed memory which leads to confusing garbled error messages.

More stack alignment fixes. Arrange so we call _rtld() in ld-elf.so.1
with the correct alignment. This is important because this calls to
library static constructors are made from here. The bug in the old crt*.s
files hid this because in this case, two wrongs do indeed make a right.
Also, call _rtld_bind() with the correct alignment, because it calls back
into the pthread library locking functions. If things happen just
the wrong way, we get a SIG10 due to the broken stack alignment.

Add initial support for compiling a special 32 bit version of
ld-elf.so.1 on 64 bit systems. Most of this involves using alternate
paths, environment variables and diagnostic messages.

The build glue is seperate.

Make NULL a (void*)0 whereever possible, and fix the warnings(-Werror)
that this provokes. "Wherever possible" means "In the kernel OR NOT
C++" (implying C).

There are places where (void *) pointers are not valid, such as for
function pointers, but in the special case of (void *)0, agreement
settles on it being OK.

Most of the fixes were NULL where an integer zero was needed; many
of the fixes were NULL where ascii <nul> ('\0') was needed, and a
few were just "other".

Tested on: i386 sparc64

Do not depend on existence of _end symbol in obj_from_addr, use
obj->mapbase and obj->mapsize instead.

Prompted by: OpenOffice debugging session at last BSDCon.

Fix "warning: value computed is not used".

Found by: gcc 2.95.4 [FreeBSD]

Initialise some uninitialised variables.

Thanks to: valgrind

Fix dynamic linking a bit more.. enough that mozilla-firebird works if you
dig up the patches for amd64 support for it.

Note to self: do not put a 64 bit value in a 32 bit space.

Revert last change. ../rtld.c uses CACHE_LINE_SIZE too.
Change it to 64 while here.

Reported by: ps

Only define CACHE_LINE_SIZE in one place..

CACHE_LINE_SIZE is 64 on athlon and amd64 chips, not 32. This should
probably be 128 since that is what the hardware prefetch fill size is
on both the p3, p4 and athlon* cpus.

Sync comment with code's reality.

MFC after: 1 week

Retire the WITH_LIBMAP compile knob; libmap is now a standard feature.

Change libmap.c:lm_init() to return a status value; 0 for success
(libmap available) and 1 for failure. Assign this return to the
global 'libmap_disable' variable in rtld.c.

This totally prevents any libmap functions from being called after
lm_init() if no config file is present.

Very minor style nit: sort include files alphabetically.

Forgot one instance of ld-elf.so.1. Convert to ${PROG}

Pointed out by: obrien

Don't forget to honor DESTDIR. Also switch over to using PROG instead of
the binary name directly.

Don't forget to chflags noschg the existing binary so we can symlink
over it safely.

Pointed out by: yosimoto@waishi.jp

As long threatened, stage 2 of making a dynamically-linked root a reality.
Install rtld into /libexec.

Prepend /lib to the builtin library search path in rtld.

Avoid using the global offset table to get the address of _DYNAMIC in
rtld. When _DYNAMIC is referenced normally from C the global offset
table is used implicitly, but newer versions of binutils don't initialize
it statically in the binary, so this doesn't work until rtld is relocated,
which _DYNAMIC is needed for... So, as on other systems with the same
problem, we disassemble a call instruction to _DYNAMIC in order to get
its address.

Fix warnings on 64 bit platforms.

Noticed by: jake

Add function prototypes.

LD_DUMP_REL_PRE and LD_DUMP_REL_POST don't output to stderr; don't
claim that they do.

Provide a mechanism for dumping relocation information.

Setting the LD_DUMP_REL_PRE or LD_DUMP_REL_POST environment variables
cause rtld-elf to output a table of all relocations.

This is useful for debugging.

Move MD function prototypes together.

Fix warnings; no parameters in function prototypes.

Avoid a NULL pointer dereference.

Include libmap.h for prototypes.

- Add support for DT_FLAGS.
- Define various things from the most recent ELF spec.

Don't fail if we encounter a relocation of type "none". Just ignore
it. It's a no-op relocation.

Trigger case: ports/x11-toolkits/pango

Set CSTD to gnu99. We can only use on of the gnu?9 C languages.
We can't use c89 due to use of 'inline', and c99 produces bad code.

Assorted mdoc(7) fixes.

- use issetugid()
- be paranoid about honoring LD_LIBMAP_DISABLE.

Suggested by: rwatson

Simplify map_object() by breaking out the ELF header validation bits
into a separate function.

Provide function entry debugging messages.

Use the environment variable LD_LIBMAP_DISABLE to disable
libmap.conf(5) functionality.

Don't post-increment pointers inside a loop conditional.

While I'm here:
- Let lm_add() call strdup() on its own behalf.
- Use a temporary pointer when parsing constraints; only set the
constraint pointer on a totally successful match.

PR: bin/52783
Submitted by: David P. Reese Jr. <daver@gomerbud.com>
Approved by: re (rwatson)

Allow threading libraries to register their own locking
implementation in case default one provided by rtld is
not suitable.

Consolidate various identical MD lock implementation into
a single file using appropriate machine/atomic.h.

Approved by: re (scottl)

Initial pass at supporting shared libraries on amd64. There are still
a few missing relocation types in amd64/reloc.c, but I have not found
any of them in use yet. :-)

Approved by: re (amd64/* blanket)

- Use xmalloc() and xstrdup() instead of malloc() and strdup().
- Add a global mapping if we have a successful constrained match.

Approved by: re

Since libmap.conf is referenced in rtld.1, include it in the references
section.

Approved by: re (scottl)

mdoc(7) police: Normalize the FILES section.

Approved by: re (blanket)

Rethink the way we count module references. Simply following
DT_NEEDED links is not flexible enough for cases where dynamically
loaded modules form a dependency cycle.

This should fix an infinite recursion problem encountered by Yahoo.

Approved by: re (jhb)

Fix signed/unsigned comparison warnings.

Remove 80386 bandaids from code repocopied from i386. rtld_start.S still
todo.

Remove redundant strlen checks, do not check the same
symbol twice.

Code cleanups and sanity checking for config file parser.

Dynamic object dependency mapping: libmap.

This is an optional feature, disabled by default.

This will be useful to people testing the various POSIX threading
libraries under -CURRENT but can easily serve other needs.

Fix for ia64/48024 - ensure function pointer equality across elf
objects.

Programs such as sshd depend on two pointers to the same function being
equal in a given process. However, the current ia64 implementation
ensures that they're equal when both the pointers are instantiated in
the same ELF object. The attached patch ensures that they're equal
irrespective of where they're instantiated.

Reviewed by marcel@ (mentor) and kan@

Free obj->priv field in obj_free functions. This field is NULL
on all architectures except ia64, which uses it to keep function
description table.

No need to zero fill memory, mmapped anonymously. Kernel will
return pre-zeroed pages itself.

Noticed by: jake

Do not remove object from the lists at the unref_dag() stage.
Introduce a new unlink_object() function and call it in
unload_object() instead. Removing the object in unref_dag() is
too early, rtld calls _fini() function after that and shared
objects might fail resolve their own symbols.

Advertize rtld(1) as ld.so(1) in manual pages world

Fix a typo in rtld_dirname.

Implement dlinfo() function.

Introdice RTLD_SELF special handle and properly process it within
dlsym() and dlinfo() functions.

The intention is to improve our compatibility with Solaris and
to make a Java port easier.

Partially submitted by: phantom

Add missing include files I forgot about in previous commit.

Remove /usr/lib/elf from a default search path.
Move xprintf to malloc.c, it is only used there. Make static.

Submitted by: phantom

When unloading dependencies make sure they are removed from all the
associated lists:
remove RTLD_GLOBAL objects from global objects list;
remove the parent object from dldags list of its children.

Previosly we were doing that only to the top-level object OF the DAG
being unloaded and all its dependencies were ignored, leading to
mysterious crashes later.

Submitted by: peter (partially)

Change the way ELF coredumps are handled. Instead of unconditionally
skipping read-only pages, which can result in valuable non-text-related
data not getting dumped, the ELF loader and the dynamic loader now mark
read-only text pages NOCORE and the coredump code only checks (primarily) for
complete inaccessibility of the page or NOCORE being set.

Certain applications which map large amounts of read-only data will
produce much larger cores. A new sysctl has been added,
debug.elf_legacy_coredump, which will revert to the old behavior.

This commit represents collaborative work by all parties involved.
The PR contains a program demonstrating the problem.

PR: kern/45994
Submitted by: "Peter Edwards" <pmedwards@eircom.net>, Archie Cobbs <archie@dellroad.org>
Reviewed by: jdp, dillon
MFC after: 7 days

Uniformly refer to a file system as "file system".

Approved by: re

Fix rtld to handle SPARC_R_UA{16,64} relocations correctly.

Approved by: re (rwatson)

rtld support for PowerPC. Mostly obtained from NetBSD, with mods
for binutils 2.13

Reviewed by: benno

Approved by: re (blanket)

Put back a test for binaries with no PT_LOAD entries I over-jealosly
removed in r1.69.

Apploved by: re (rwatson)

Fix the handling of high PLT entries (> 32764) on sparc64. This requires
additional arguments to reloc_jmpslot(), which is why MI code and MD code
of other platforms had to be changed.

Reviewed by: jake
Approved by: re

Add support for binaries with arbitrary number of PT_LOAD sections.

Reviewed by: peter

Change the symbol lookup order to search RTLD_GLOBAL objects
before referencing object's DAG. This makes it possible for
C++ exceptions to work across shared libraries and brings
us closer to the search order used by Solaris/Linux.

Reviewed by: jdp
Approved by: obrien
MFC after: 1 month

Fix a problem with RTLD_TRACE flag to dlopen(3), which sometimes can return
even if there was no error occured (when trying to dlopen(3) object that
already linked into executable which does dlopen(3) call). This is more
proper fix for `ldd /usr/lib/libc.so' problem, because the new behaviour
conforms to documentation.

Remove workaround from ldd.c (rev.1.32).

PR: 35099
Submitted by: Nathan Hawkins <utsl@quic.net>
MFC after: 1 week

Use the new freebsd output format from Binutils 2.13.1.

<machine/atomic.h> requires <sys/types.h>.

Reviewed by: jake, mike

Return an error if a symbol is not found in reloc_jmpslots() instead of
crashing.

Fix a nasty memory corruption bug caused by having a bogus pointer
for the DT_IA64_PLT_RESERVE dynamic table entry. When a shared object
does not have any PLT relocations, the linker apparently doesn't find
it necessary to actually reserve the space for the BOR (Bind On
Reference) entries as pointed to by the DTE. As a result, relocatable
data in the PLT was overwritten, causing some unexpected control flow
with annoyingly predictable outcome: coredump.
To reproduce:
% echo 'int main() { return 0; }' > foo.c
% cc -o foo foo.c -lxpg4

Include stddef.h for NULL definition, rather than rolling our own here.

Reviewed by: jdp

Add support for the R_IA64_IPLTLSB relocation in non-PLT context.
This relocation creates a function descriptor at the specified
address and is commonly used for C++ to create virtual function
tables.

Don't acquire the writer lock in rtld_exit when clearing the shared
objects' reference counts. This function is called by the atexit
mechanism at program shutdown. I don't think the locking is necessary
here. It caused OpenOffice builds to hang more often than not.
Credit to Martin Blapp and Matt Dillon for helping to diagnose this
problem and for testing the fix.

Add END markers to asm functions so that debuggers can find their size.

Remove the nanosleep calls from the spin loops in the locking code.
They provided little benefit (if any) and they caused some problems
in OpenOffice, at least in post-KSE -current and perhaps in other
environments too. The nanosleep calls prevented the profiling timer
from advancing during the spinloops, thereby preventing the thread
scheduler from ever pre-empting the spinning thread. Alexander
Kabaev diagnosed this problem, Martin Blapp helped with testing,
and Matt Dillon provided some helpful suggestions.

This is a short-term fix for a larger problem. The use of spinlocking
isn't guaranteed to work in all cases. For example, if the spinning
thread has higher priority than all other threads, it may never be
pre-empted, and the thread holding the lock may never progress far
enough to release the lock. On the other hand, spinlocking is the
only locking that can work with an arbitrary unknown threads package.

I have some ideas for a much better fix in the longer term. It
would eliminate all locking inside the dynamic linker by making it
safe for symbol lookups and lazy binding to proceed in parallel
with a call to dlopen or dlclose. This means that the only mutual
exclusion needed would be to prevent multiple simultaneous calls
to dlopen and/or dlclose. That mutual exclusion could be put into
the native pthreads library. Applications using foreign threads
packages would have to make their own arrangements to ensure that
they did not have multiple threads in dlopen and/or dlclose -- a
reasonable requirement in my opinion.

MFC after: 3 days

The .Nm utility

Update the asm statements to use the "+" modifier instead of
matching constraints where appropriate. This makes the dynamic
linker buildable at -O0 again.

Thanks to Bruce Evans for identifying the cause of the build
problem.

MFC after: 1 week

Add needed include of mman.h to fix sparc64 buildworld.

The last bits of the alloca -> mmap fix. IA64 and SPARC64 (current only).
Untested (testing request went unanswered), but sparc64 is not expected to
cause problems. IA64 is not expected to cause problems but the patch was
slightly more complex so the possibility exists.

Approved by: jdp

This is the same alloca() fix as was committed for i386. David O'Brien
tested the patch on -stable.

Reviewed by: obrien
Approved by: jdp
MFC after: 3 days

Dillon's recent commits to the dynamic linker without running them
by me first have given me a good excuse to drop my MAINTAINERship.

MFC after: 1 week

Correct a bug in the last commit. The whole point of creating a 'done:'
goto target was so the cache could be freed. So free the cache after
done: rather then before done: (!)

Submitted by: Gavin Atkinson <gavin@ury.york.ac.uk>

In tracking down an installation seg fault with then openoffice port
Martin Blapp determined that the elf dynamic loader was at fault. In
particular, the loader uses alloca() to allocate a symbol cache on the
stack. Normally this would work just fine, but if the loader is called
from a threaded program and the object being loaded is fairly large the
alloca() can blow away the thread stack and effect other nearby thread
stacks as well. My testing showed that the symbol cache can be as large
as 250KBytes during the openoffice port build and install sequence. Martin
was able to work around the problem by disabling the symbol cache
(cache = NULL;). However, this solution is not adequate for commit because
it can cause an enormous cpu burden for applications which do a lot of
dynamic loading (e.g. like konqueror).

The solution is to use anonymous mmap() to temporarily allocate space to
hold the symbol cache. In testing I found that replacing the alloca()
with mmap() has no observable degredation in performance.

It should be noted that this bug does not necessarily cause an immediate
crash but can instead result in long term corruption and instability in
applications that load modules from threads. The bug is almost certainly
responsible for some of the instabilities found in konqueror, for example,
and possibly netscape too.

Sleuthing work by: Martin Blapp <mb@imp.ch>
X-MFC after: Before or after the 4.6 release depending on the release engineers

Include machine/ia64_cpu.h because we use ia64_mf().

Submitted by: ru

Fix handling of weak references to undefined symbols on ia64:
o Set st_shndx for sym_zero to SHN_UNDEF instead of SHN_ABS.
This gives us something to reliably test against.
o For weak references to undefined sysmbols (as indicated by
having st_shndx equals SHN_UNDEF) in the context of OPDs,
the address of the OPD is to be zero, not the address of
the function it contains.
o For weak references to undefined symbols in all other cases
(only DIR64LSB at this time), the actual relocated value is
to be zero, not the value prior to relocating.

Roughly speaking, weak references to undefined symbols are no-ops.

Tested on: i386, ia64

Now that local symbols aren't looked up with the symbol hash table,
binding works for local symbols. Remove the workaround...

Don't do symbol lookups for local symbols. The symbol index in the
relocation identifies the symbol to which we need to bind. This
solves a problem seen on ia64 where the symbol hash table does not
contain local symbols and thus resulted in unresolved symbols.

Tested on: alpha, i386, ia64

Fix a relocation bug in the ia64 ld.so. Weak function pointers in shared
objects were not being correctly set to zero. Instead, the function
descriptor pointer was set to the load address of the .so object. This
caused gcc generated binaries to segfault on exit when crtbegin.asm's
_fini code tested the __cxa_finalize() function pointer for zero.

This is a bit of a hack because of a problem nearby workaround for
find_symdef and its quirks (failures) for local symbols. This still
needs to be fixed.

Minor changes to make this work on sparc64.

Approved by: jdp
Tested on: alpha, i386, sparc64

rtld support for sparc64.

Largely obtained from: netbsd
Submitted by: jake, tmm

When searching an object that was opened with RTLD_GLOBAL, search its DAG too.

PR: bin/25059
Approved by: jdp
MFC after: 3 weeks

ld-elf.so.1 assumed a few too many things about the ordering of sections
produced by ld(8) (ie: that _DYNAMIC immediately follows the _GOT).
The new binutils import changed that, and the intial GOT relocation
broke. Use a custom linker script to provide a real end-of-GOT symbol.

Update ld.so to deal with the new (faster) PLT format that gcc-3.1 and
binutils can produce.

This is probably incomplete, but appears to be working again.

Obtained from: NetBSD
(And a fix to a silly mistake that I made by: gallatin)

Add support such that if LD_TRACE_LOADED_OBJECTS_ALL is defined to a
non-empty string in the environment; we indicate which objects caused
each object to be loaded.

PR: 30908
Submitted-by: Mike Meyer <mwm@mired.org>

Allow ldd(1) be used on shared libraries in addition to executables.

Mark a function as __printflike()

MFC after: 1 week

Change the library search order so that LD_LIBRARY_PATH overrides
all others.

PR: bin/28191
MFC after: 2 weeks

Change brk's prototype from char *brk(const char *) to int brk(const void *)
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).

This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.

Also remove local declarations of sbrk and unnecessary casting.

PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month

mdoc(7) police: tidy up.

Update rtld for the "new" ia64 ABI. In the old toolchain, the
DT_INIT and DT_FINI tags pointed to fptr records. In 2.11.2, it points
to the actuall address of the function. On IA64 you cannot just take
an address of a function, store it in a function pointer variable and
call it.. the function pointers point to a fptr data block that has the
target gp and address in it. This is absolutely necessary for using
the in-tree binutils toolchain, but (unfortunately) will not work with
old shared libraries. Save your old ld-elf.so.1 if you want to use
old ones still. Do not mix-and-match.

This is a no-op change for i386 and alpha.

Reviewed by: dfr

Fix a dependency violation (branch after alloc)

Add ia64 support. Various adjustments were made to existing targets to
cope with a few interface changes required by the ia64. In particular,
function pointers on ia64 need special treatment in rtld.

The support for accelerating find_symdef() with a cache was broken. This
fixes the problem and improves startup times for large applications such
as KDE2 considerably.

Reviewed by: jdp
MFC after: 1 week

mdoc(7) police:

Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.

Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by: David Hill <david@phobia.ms>

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

mdoc(7) police: sort SEE ALSO xrefs (sort -b -f +2 -3 +1 -2).

Use new backup feature of install(1).

Performance improvements for the ELF dynamic linker. These
particularly help programs which load many shared libraries with
a lot of relocations. Large C++ programs such as are found in KDE
are a prime example.

While relocating a shared object, maintain a vector of symbols
which have already been looked up, directly indexed by symbol
number. Typically, symbols which are referenced by a relocation
entry are referenced by many of them. This is the same optimization
I made to the a.out dynamic linker in 1995 (rtld.c revision 1.30).

Also, compare the first character of a sought-after symbol with its
symbol table entry before calling strcmp().

On a PII/400 these changes reduce the start-up time of a typical
KDE program from 833 msec (elapsed) to 370 msec.

MFC after: 5 days

* include/elf.h has been repo copied to include/elf-hints.h, and it no
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.

This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.

- Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.

Prepare for mdoc(7)NG.

Fix a bug in which a program called dlclose from a destructor and
got an assert failure in the dynamic linker.

Prepare for mdoc(7)NG.

Add `_PATH_DEVZERO'.
Use _PATH_* where where possible.

Remove the superfluous call to _rtld_error() in symlook_default().
The function's callers generate the error message when appropriate.

This eliminates the message ``Undefined symbol "__register_frame_info"''
which was bogusly returned by dlerror() in some cases.

Add support for dlsym(RTLD_DEFAULT, ...).

Pass two pointer parameters to the r_debug_state() hook
function, thus allowing a debugger or other trace tool
to easily grab the addresses of the needed structures
off the stack.

This change is transparent to gdb, which locates the
link_map list and transfers it to debugger memory
for comparison purposes.

A sample program will be committed showing how this can
be used.

Reviewed by: John Polstra <jdp@FreeBSD.org>

Revamp the code that calls shared libraries' init and fini functions.
Formerly the init functions were called in the opposite of the
order in which libraries were loaded, and libraries were loaded
according to a breadth-first traversal of the dependency graph.
That ordering came from SVR4.0, and it was easy to implement but
not always sensible.

Now we do a depth-first walk over the dependency graph and call
the init functions in an order such that each shared object's needed
objects are initialized before the shared object itself. At the
same time we build a list of finalization (fini) functions in the
opposite order, to guarantee correct C++ destructor ordering whenever
possible. (It may not be possible if dlopen and dlclose are used
in strange ways, but we come as close as one can come.)

The need for this renovation has become apparent as more programs
have started using multithreading. The multithreaded C library
libc_r requires initialization, whereas the standard libc does not.
Since virtually every other object depends on the C library, it is
important that it get initialized first.

We shouldn't use cp to save the old ld-elf.so.1. Use the sanctioned tool
${INSTALL} with -C -p instead.

Fix a bug which could cause programs with user threads packages to
lock against themselves, causing infinite spinning. Brian Feldman
found this problem when testing with Mozilla and supplied the fix,
which I have revised slightly.

Here is the failure scenario. A thread calls dlopen() and acquires
the writer lock. While the thread still holds the lock, a signal
is delivered and caught. The signal handler tries to call a function
which hasn't been bound yet. It thus enters the dynamic linker
and tries to acquire the reader lock. Since the writer lock is
already held, it will spin forever in the signal handler. The
thread holding the lock won't be able to progress and release the
lock.

The solution is to block almost all signals while holding the
exclusive lock.

A similar problem could conceivably occur in the opposite order.
Namely, a thread is holding the reader lock and then a signal
handler calls dlopen() or dlclose() and spins waiting for the writer
lock. We deal with this administratively by proclaiming that signal
handlers aren't allowed to call dlopen() or dlclose(). Actually
we don't have to proclaim a thing, since signal handlers aren't
allowed to call any system functions except those which are explicitly
permitted.

Submitted by: Brian Fundakowski Feldman <green>

Solve the dynamic linker's problems with multithreaded programs once
and for all (I hope). Packages such as wine, JDK, and linuxthreads
should no longer have any problems with re-entering the dynamic
linker.

This commit replaces the locking used in the dynamic linker with a
new spinlock-based reader/writer lock implementation. Brian
Fundakowski Feldman <green> argued for this from the very beginning,
but it took me a long time to come around to his point of view.
Spinlocks are the only kinds of locks that work with all thread
packages. But on uniprocessor systems they can be inefficient,
because while a contender for the lock is spinning the holder of the
lock cannot make any progress toward releasing it. To alleviate
this disadvantage I have borrowed a trick from Sleepycat's Berkeley
DB implementation. When spinning for a lock, the requester does a
nanosleep() call for 1 usec. each time around the loop. This will
generally yield the CPU to other threads, allowing the lock holder
to finish its business and release the lock. I chose 1 usec. as the
minimum sleep which would with reasonable certainty not be rounded
down to 0.

The formerly machine-independent file "lockdflt.c" has been moved
into the architecture-specific subdirectories by repository copy.
It now contains the machine-dependent spinlocking code. For the
spinlocks I used the very nifty "simple, non-scalable reader-preference
lock" which I found at

<http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html>

on all CPUs except the 80386 (the specific CPU model, not the
architecture). The 80386 CPU doesn't support the necessary "cmpxchg"
instruction, so on that CPU a simple exclusive test-and-set lock
is used instead. 80386 CPUs are detected at initialization time by
trying to execute "cmpxchg" and catching the resulting SIGILL
signal.

To reduce contention for the locks, I have revamped a couple of
key data structures, permitting all common operations to be done
under non-exclusive (reader) locking. The only operations that
require exclusive locking now are the rare intrusive operations
such as dlopen() and dlclose().

The dllockinit() interface is now deprecated. It still exists,
but only as a do-nothing stub. I plan to remove it as soon as is
reasonably possible. (From the very beginning it was clearly
labeled as experimental and subject to change.) As far as I know,
only the linuxthreads port uses dllockinit(). This interface turned
out to have several problems. As one example, when the dynamic
linker called a client-supplied locking function, that function
sometimes needed lazy binding, causing re-entry into the dynamic
linker and a big looping mess. And in any case, it turned out to be
too burdensome to require threads packages to register themselves
with the dynamic linker.

When installing the dynamic linker, save the previous version in
"ld-elf.so.1.old". The dynamic linker is a critical component of
the system, and it is difficult to recover if it is damaged and
there isn't a working backup available. For instance, parts of
the toolchain such as the assembler are dynamically linked, making
it impossible to build a new dynamic linker if the installed one
doesn't work.

Only punctuation is an allowed argument type for open-close macros
such as Po/Pc, as explained by phantom.

Reported by: billf

Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by: msmith and others

Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by: phk
Reviewed by: phk
Approved by: mdodd

Eliminate unaligned accesses that occurred when relocating the
DWARF2 exception tables emitted by the compiler for C++ sources.
These tables are tightly packed, and they contain some relocated
addresses which are not well-aligned.

Cross-reference ldd(1) in rtld(1) and vice versa.

Fixed missing DPADDs.

Fixed some style bugs (some usual ones for LDADD, and misformatting of
$FreeBSD$).

Add a manual page for the ELF dynamic linker. I initially created
rtld.1 by means of a repository copy from "src/libexec/rtld-aout/rtld.1".
Then I edited it to make it (more) accurate for the ELF dynamic
linker.

When a threads package registers locking methods with dllockinit(),
figure out which shared object(s) contain the the locking methods
and fully bind those objects as if they had been loaded with
LD_BIND_NOW=1. The goal is to keep the locking methods from
requiring any lazy binding. Otherwise infinite recursion occurs
in _rtld_bind.

This fixes the infinite recursion problem in the linuxthreads port.

Block almost all signals in the default locking method instead of
just a few of them. This looks like it solves the recent

ld-elf.so.1: assert failed: /usr/src/libexec/rtld-elf/lockdflt.c:55

failures seen by some applications such as JDK.

Allow files in LD_PRELOAD to be separated by white space, like Solaris
and Linux.

Revamp the mechanism for enumerating and calling shared objects'
init and fini functions. Now the code is very careful to hold no
locks when calling these functions. Thus the dynamic linker cannot
be re-entered with a lock already held.

Remove the tolerance for recursive locking that I added in revision
1.2 of dllockinit.c. Recursive locking shouldn't happen any more.

Mozilla and JDK users: I'd appreciate confirmation that things still
work right (or at least the same) with these changes.

Work around an assert failure in the dynamic linker's default thread
locking functions. If an application loads a shared object with
dlopen() and the shared object has an init function which requires
lazy binding, then _rtld_bind is called when the thread is already
inside the dynamic linker. This leads to a recursive acquisition
of the lock, which I was not expecting -- hence the assert failure.

This work-around makes the default locking functions handle recursive
locking. It is NOT the correct fix -- that should be implemented
at the generic locking level rather than in the default locking
functions. I will implement the correct fix in a future commit.

Since the dllockinit() interface will likely need to change, warn
about that in both the man page and the header file.

Add a new function dllockinit() for registering thread locking
functions to be used by the dynamic linker. This can be called by
threads packages at start-up time. I will add the call to libc_r
soon.

Also add a default locking method that is used up until dllockinit()
is called. The default method works by blocking SIGVTALRM, SIGPROF,
and SIGALRM in critical sections. It is based on the observation
that most user-space threads packages implement thread preemption
with one of these signals (usually SIGVTALRM).

The dynamic linker has never been reentrant, but it became less
reentrant in revision 1.34 of "src/libexec/rtld-elf/rtld.c".
Starting with that revision, multiple threads each doing lazy
binding could interfere with each other. The usual symptom was
that a symbol was falsely reported as undefined at start-up time.
It was rare but not unseen. This commit fixes it.

In revision 1.21 I changed the search order for shared libraries,
but I forgot to make the corresponding fix to the comment. Rectify
that.

Submitted by: Tony Finch <fanf@demon.net>

.Nm += "rtld"
apropos(1) now knows about rtld(1) manpage.

Make jdk-1.1.8 work again. It turns out that some code inside
libjava peeks into the dynamic linker's private Obj_Entry structures.
My recent changes introduced some new members near the front of
the structures, causing libjava to get the wrong fields. This commit
moves the new members toward the end of the structure so that the
layout of the portion that is relevant to JDK remains the same as
before.

I will work with the JDK porting team to see if we can come up with
a less fragile way for them to do what they need to do. I understand
the current approach was necessary in order to work around some
limitations of the dynamic linker. Maybe it's not necessary any
more.

Enable -Wformat checking for debug_printf().

Change the warning about unrecognized entries in the dynamic table
to a debug message which is disabled in production builds of the
dynamic linker. The condition warned about is normally harmless.

PR: bin/12849

When looking up symbols, search the objects loaded at program start
up first -- before the dlopened DAGs containing the referencing
object.

This makes dynamically loaded perl modules work properly again.

Get the actual pathname of the dynamic linker from the executable's
PT_INTERP program header entry, to ensure that gdb always finds
the right dynamic linker.

Use obj->relocbase to simplify a few calculations where appropriate.

When checking to see if a shared object is already loaded, look for
a device/inode match if no pathname match is found.

Revamp the symbol lookup algorithm to cope better with objects
loaded separately by dlopen that have global symbols with identical
names. Viewing each dlopened object as a DAG which is linked by its
DT_NEEDED entries in the dynamic table, the search order is as
follows:

* If the referencing object was linked with -Bsymbolic, search it
internally.
* Search all dlopened DAGs containing the referencing object.
* Search all objects loaded at program start up.
* Search all objects which were dlopened() using the RTLD_GLOBAL
flag (which is now supported too).

The search terminates as soon as a strong definition is found.
Lacking that, the first weak definition is used.

These rules match those of Solaris, as best I could determine them
from its vague manual pages and the results of experiments I performed.

PR: misc/12438

When honoring -Bsymbolic, still keep searching if only a weak
definition was found in the referencing object.

Simplify the logic in find_symdef().

$Id$ -> $FreeBSD$

Add a NULL pointer check whose absence could cause segmentation
violations in certain obscure cases involving failed dlopens. Many
thanks to Archie Cobbs for providing me with a good test case.

Eliminate a block that existed only to localize a declaration.

Change many asserts into normal errors. They were all for conditions
caused by invalid shared objects rather than by internal errors.

Enable format string mismatch checking for _rtld_error().

Change the symbol used to find the end of an object's address space
from "end" to "_end". The former does not exist in most shared
libraries. This fixes problems in dladdr() and dlsym(RTLD_NEXT, ...).

Add code to 'handle' R_ALPHA_NONE relocations by ignoring them.

Add a MAINTAINER line naming myself. We control the vertical. We
control the horizontal.

Fix bug: if a dlopen() failed (e.g., because of undefined symbols),
the dynamic linker didn't clean up properly. A subsequent dlopen()
of the same object would appear to succeed.

Another excellent fix from Max Khon.

PR: bin/12471
Submitted by: Max Khon <fjoe@iclub.nsu.ru>

Shake hands with GDB a little bit earlier so that it is possible to
debug the init functions.

Submitted by: dfr

Fix a reference counting problem when using dlopen(NULL, ...).

PR: bin/12129

Fix a serious performance bug for large programs on the Alpha,
discovered by Hidetoshi Shimokawa. Large programs need multiple
GOTs. The lazy binding stub in the PLT can be reached from any of
these GOTs, but the dynamic linker only has enough information to
fix up the first GOT entry. Thus calls through the other GOTs went
through the time-consuming lazy binding process on every call.

This fix rewrites the PLT entries themselves to bypass the lazy
binding.

Tested by Hidetoshi Shimokawa and Steve Price.

Reviewed by: Doug Rabson <dfr@freebsd.org>

Back out my change from 6 April PDT that added a new dlversion()
function. It was an ill-considered feature. It didn't solve the
problem I wanted it to solve. And it added Yet Another Version
Number that would have to be maintained at every release point.
I'm nuking it now before anybody grows too fond of it.

After relocating the main program, but before calling any of the
_init() functions, initialize the global variables "__progname" and
"environ". This makes it possible for the _init() functions to call
things like getenv() and err().

The ELF specification says that the RPATH in the executable or
shared object takes precedence over LD_LIBRARY_PATH. Make the
dynamic linker do it that way.

Eliminate all machine-dependent code from the main source body and
the Makefile, and move it down into the architecture-specific
subdirectories.

Eliminate an asm() statement for the i386.

Make the dynamic linker work if it is built as an executable instead
of as a shared library. See i386/Makefile.inc to find out how to
do it. Note, this change is not enabled and it might never be
enabled. But it might be useful in the future. Building the
dynamic linker as an executable should make it start up faster,
because it won't have any relocations. But in practice I suspect
the difference is negligible.

Fix a couple of typos in comments.

Add a new function dlversion() which returns the version number of
the dynamic linker in the same form as __FreeBSD_version. This is
mainly intended for checking the dynamic linker version during a make
world.

Resolve undefined weak references to a value of 0. This solves the
"__deregister_frame_info" problem that was seen when combining a
program linked using the old gcc with shared libraries that were
built using egcs.

If somebody does an execv("foo", NULL) (which theoretically is an error),
avoid crashing inside rtld (since it's easy) since everything else handles
it. Of course, if the target program checks argv[], it'll fall over.

Reviewed by: jdp

- Commit the correct dladdr() implementation.

Reviewed by: jdp@FreeBSD.org <This is the version he reviewed!>

- Added dladdr(3) support.

Reviewed by: jdp@FreeBSD.org

- Set the system immutable flag when installing ld.so to avoid people
accidentally clobbering it.

Submitted by: numberous people on -current

Use the runpath of the main program for locating libraries loaded by
dlopen().

Reviewed by: jdp

Fix a bug in dlclose that broke the apache13 port. The list of
loaded objects wasn't being maintained properly.

Make LD_PRELOAD work for ELF.

Fix a bug that showed up when debugging dynamically linked programs.
References from GDB to "printf" and various other functions would
find the versions in the dynamic linker itself, rather than the
versions in the program's libc. This fix moves the GDB link map
entry for the dynamic linker to the end of the search list, where
its symbols will be found only if they are not found anywhere else.
It was suggested by Doug Rabson, though I implemented it a little
differently.

I personally would prefer to leave the dynamic linker's entry out
of the GDB search list altogether. But Doug argues that it is
handy there for such things as setting breakpoints on dlopen().
So it stays for now, at least.

Note, if we ever integrate the dynamic linker with libc (which has
several important benefits to recommend it), this whole problem
goes away.

Make the pathname pointed to by the Obj_Entry structure for the
dynamic linker itself dynamically allocated. All of them are
supposed to be dynamically allocated, but we cheated before. It
made gdb unhappy under some circumstances.

Update to the binutils-2.9.1 PLT format.

Add the r_addend of the relocation when processing GLOB_DAT relocations.

Fix a cut&paste error which prevented LD_BIND_NOW from working.

Implement ldconfig functionality for ELF. The hints are stored in
a different file than the a.out hints, namely, "/var/run/ld-elf.so.hints".
These hints consist only of the directory search path. There is
no hash table as in the a.out hints, because ELF doesn't have to
search for the file with the highest minor version number. (It
doesn't have minor version numbers at all.)

A single run of ldconfig updates either the a.out hints or the ELF
hints, but not both. The set of hints to process is selected in
the usual way, via /etc/objformat, or ${OBJFORMAT}, or the "-aout"
or "-elf" command line option. The rationale is that you probably
want to search different directories for ELF than for a.out.

"ldconfig -r" is faked up to produce output like we are used to,
except that for ELF there are no minor version numbers. This should
enable "ldconfig -r" to be used for checking LIB_DEPENDS in ports
even for ELF.

I implemented the ELF functionality in a new source file, with an
eye toward eliminating the a.out code entirely at some point in
the future.

Add alpha support.

Submitted by: John Birrell <jb@cimlogic.com.au> (with extra hacks by me)
Obtained from: Probably NetBSD

Suppress duplicate entries in ldd output.

Style fixes. If it seems like a lot of lines of changes, it's
because I moved some functions. Mr. Tidy likes them to be in
alphabetical order.

Handle dlsym(NULL, ...) properly, by searching in the caller's
shared object. Note, this searches _only_ that object, and not its
needed objects, in accordance with the documentation.

Also fix dlopen(NULL, ...) so that the executable's needed objects
are searched as well as the executable itself.

Update this header to use the revamped elf headers which select Elf32
or Elf64 based on the inclusion of the machine dependent header.

I've left the addition of the extra fields to handle the relocation
structures with addend for a separate commit after jdp has had a chance
to review what I've done. The current change is needed to compile
csu/alpha/crt1.c

Add "-C" to INSTALLFLAGS to install atomically. An elf->elf
installworld dies at this point otherwise, leaving the system
without a dynamic linker.

Add support for ldd.

Add GDB support. The method and some of the code came from NetBSD's elf
runtime linker.

This commit was generated by cvs2svn to compensate for changes in r34192,
which included commits to RCS files with non-trunk default branches.

Import the ELF dynamic linker. This is the ElfKit version with
quite a few enhancements and bug fixes. There are still some known
deficiencies, but it should be adequate to get us started with ELF.

Submitted by: John Polstra <jdp@polstra.com>

spelling corrections.

PR: docs/4450
Submitted by: josh@quick.net

Typo fix.
PR: 3693
Submitted by: Kazuo Horikawa <k-horik@yk.rim.or.jp>

Revert $FreeBSD$ to $Id$

Pay attention to the environment variable "LD_IGNORE_MISSING_OBJECTS".
If it is set to a nonempty string, then simply skip any missing
shared libraries. This came up in a discussion long ago as a
potentially useful feature at sysinstall time. For example, an
X11 utility could be used without the X libraries being present,
provided the utility had a mode in which no X functions were actually
called.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Sort cross references.

Correct typos and spelling errors.

Add support for the LD_BIND_NOW environment variable. If it is set to a
nonempty string, then function calls are relocated at program start-up
rather than lazily. This variable is standard on Sun and SVR4 systems.

The dlopen() function now supports both lazy and immediate binding, as
determined by its "mode" argument, which can be either 1 (RTLD_LAZY) or
2 (RTLD_NOW). I will add defines of these symbols to <dlfcn.h> as soon
as I've done a little more checking to make sure they won't cause
collisions or bootstrapping problems that would break "make world".

The "LD_*" environment variables which alter dynamic linker behavior are
now treated as unset if they are set to the empty string. This agrees
with the standard SVR4 conventions for the dynamic linker.

Add a work-around for programs compiled with certain buggy versions of
crt0.o. The buggy versions failed to set the "crt_ldso" member of the
interface structure. This caused certain error messages from the
dynamic linker to begin with "(null)" instead of the pathname of the
dynamic linker.

Fix spelling error in manpage.

Fix two minor typos in the manual page.

Update to handle new version ld.so.hints and info in executable for
configurable fallback search paths, as well as new crt interface version.

Also:
- even faster getenv(), get all environment variable settings in a single
pass.
- ldd printf-like format specifications
- minor code cleanups, one vsprintf -> vsnprintf (harmless)

The library search sequence is a little more complete now. Before,
it'd search $LD_LIBRARY_PATH (by opendir/readdir/closedir), then read
the hints file, then read /usr/lib (again by scanning thr directory). It
would then fail if there was no "found" library.

Now, it does LD_LIBRARY_PATH and the hints file the same, but then uses
a longer fallback path. The -R path is fetched from the executable if
specified at build time, the ldconfig path is appended, and /usr/lib is
appended to that. Duplicates are suppressed. This means that simply
placing a new library in /usr/local/lib will work (the same as it did in
/usr/lib) without needing ldconfig -m. It will find it quicker if the
ldconfig is run though.

Similar changes have been made to the NetBSD ld.so, but ours is rather
different now due to John Polstra's speedups and fixes from a while back.

The ldd printf-like format support came direct from NetBSD.

Reviewed by: nate, jdp

add missing comma(s) in .Xr macros

Implement support for LD_PRELOAD in the dynamic linker. Remove
descriptions of LD_NO_INTERN_SEARCH and LD_NOSTD_PATH from the manual
page, since they are not supported.

Submitted by: Doug Ambrisko <ambrisko@ambrisko.roble.com>

This is a FreeBSD manpage, not a NetBSD manpage. :)

Import Paul Kranenburg's man page for ld.so (aka. rtld).

Obtained from: NetBSD