Userland/Libraries/LibELF/DynamicObject.cpp at master

jcs.org / serenity
fork atom
Serenity Operating System
fork atom
serenity / Userland / Libraries / LibELF / DynamicObject.cpp
at master 534 lines 20 kB view raw
wrap content
Timon Kruiper LibELF+LibC: Add support for aarch64 relocations 3y ago
ed3be5b7
  1/*
  2 * Copyright (c) 2019-2020, Andrew Kaster <akaster@serenityos.org>
  3 * Copyright (c) 2020, Itamar S. <itamar8910@gmail.com>
  4 *
  5 * SPDX-License-Identifier: BSD-2-Clause
  6 */
  7
  8#include <AK/Debug.h>
  9#include <AK/DeprecatedString.h>
 10#include <AK/StringBuilder.h>
 11#include <LibC/elf.h>
 12#include <LibELF/DynamicLoader.h>
 13#include <LibELF/DynamicObject.h>
 14#include <LibELF/Hashes.h>
 15#include <string.h>
 16
 17namespace ELF {
 18
 19DynamicObject::DynamicObject(DeprecatedString const& filepath, VirtualAddress base_address, VirtualAddress dynamic_section_address)
 20    : m_filepath(filepath)
 21    , m_base_address(base_address)
 22    , m_dynamic_address(dynamic_section_address)
 23{
 24    auto* header = (ElfW(Ehdr)*)base_address.as_ptr();
 25    auto* pheader = (ElfW(Phdr)*)(base_address.as_ptr() + header->e_phoff);
 26    m_elf_base_address = VirtualAddress(pheader->p_vaddr - pheader->p_offset);
 27    if (header->e_type == ET_DYN)
 28        m_is_elf_dynamic = true;
 29    else
 30        m_is_elf_dynamic = false;
 31
 32    parse();
 33}
 34
 35DynamicObject::~DynamicObject()
 36{
 37    // TODO: unmap the object
 38}
 39
 40void DynamicObject::dump() const
 41{
 42    if constexpr (DYNAMIC_LOAD_DEBUG) {
 43        StringBuilder builder;
 44        builder.append("\nd_tag      tag_name         value\n"sv);
 45        size_t num_dynamic_sections = 0;
 46
 47        for_each_dynamic_entry([&](DynamicObject::DynamicEntry const& entry) {
 48            DeprecatedString name_field = DeprecatedString::formatted("({})", name_for_dtag(entry.tag()));
 49            builder.appendff("{:#08x} {:17} {:#08x}\n", entry.tag(), name_field, entry.val());
 50            num_dynamic_sections++;
 51        });
 52
 53        if (m_has_soname)
 54            builder.appendff("DT_SONAME: {}\n", soname()); // FIXME: Validate that this string is null terminated?
 55        if (m_has_rpath)
 56            builder.appendff("DT_RPATH: {}\n", rpath());
 57        if (m_has_runpath)
 58            builder.appendff("DT_RUNPATH: {}\n", runpath());
 59
 60        dbgln("Dynamic section at address {} contains {} entries:", m_dynamic_address.as_ptr(), num_dynamic_sections);
 61        dbgln("{}", builder.string_view());
 62    }
 63}
 64
 65void DynamicObject::parse()
 66{
 67    for_each_dynamic_entry([&](DynamicEntry const& entry) {
 68        switch (entry.tag()) {
 69        case DT_INIT:
 70            m_init_offset = entry.ptr() - m_elf_base_address.get();
 71            break;
 72        case DT_FINI:
 73            m_fini_offset = entry.ptr() - m_elf_base_address.get();
 74            break;
 75        case DT_INIT_ARRAY:
 76            m_init_array_offset = entry.ptr() - m_elf_base_address.get();
 77            break;
 78        case DT_INIT_ARRAYSZ:
 79            m_init_array_size = entry.val();
 80            break;
 81        case DT_FINI_ARRAY:
 82            m_fini_array_offset = entry.ptr() - m_elf_base_address.get();
 83            break;
 84        case DT_FINI_ARRAYSZ:
 85            m_fini_array_size = entry.val();
 86            break;
 87        case DT_HASH:
 88            // Use SYSV hash only if GNU hash is not available
 89            if (m_hash_type == HashType::SYSV) {
 90                m_hash_table_offset = entry.ptr() - m_elf_base_address.get();
 91            }
 92            break;
 93        case DT_GNU_HASH:
 94            m_hash_type = HashType::GNU;
 95            m_hash_table_offset = entry.ptr() - m_elf_base_address.get();
 96            break;
 97        case DT_SYMTAB:
 98            m_symbol_table_offset = entry.ptr() - m_elf_base_address.get();
 99            break;
100        case DT_STRTAB:
101            m_string_table_offset = entry.ptr() - m_elf_base_address.get();
102            break;
103        case DT_STRSZ:
104            m_size_of_string_table = entry.val();
105            break;
106        case DT_SYMENT:
107            m_size_of_symbol_table_entry = entry.val();
108            break;
109        case DT_PLTGOT:
110            m_procedure_linkage_table_offset = entry.ptr() - (FlatPtr)m_elf_base_address.as_ptr();
111            break;
112        case DT_PLTRELSZ:
113            m_size_of_plt_relocation_entry_list = entry.val();
114            break;
115        case DT_PLTREL:
116            m_procedure_linkage_table_relocation_type = entry.val();
117            VERIFY(m_procedure_linkage_table_relocation_type & (DT_REL | DT_RELA));
118            break;
119        case DT_JMPREL:
120            m_plt_relocation_offset_location = entry.ptr() - (FlatPtr)m_elf_base_address.as_ptr();
121            break;
122        case DT_RELA:
123            m_addend_used = true;
124            [[fallthrough]];
125        case DT_REL:
126            m_relocation_table_offset = entry.ptr() - (FlatPtr)m_elf_base_address.as_ptr();
127            break;
128        case DT_RELASZ:
129        case DT_RELSZ:
130            m_size_of_relocation_table = entry.val();
131            break;
132        case DT_RELAENT:
133        case DT_RELENT:
134            m_size_of_relocation_entry = entry.val();
135            break;
136        case DT_RELACOUNT:
137        case DT_RELCOUNT:
138            m_number_of_relocations = entry.val();
139            break;
140        case DT_RELR:
141            m_relr_relocation_table_offset = entry.ptr() - m_elf_base_address.get();
142            break;
143        case DT_RELRSZ:
144            m_size_of_relr_relocation_table = entry.val();
145            break;
146        case DT_RELRENT:
147            m_size_of_relr_relocations_entry = entry.val();
148            break;
149        case DT_FLAGS:
150            m_dt_flags = entry.val();
151            break;
152        case DT_TEXTREL:
153            m_dt_flags |= DF_TEXTREL; // This tag seems to exist for legacy reasons only?
154            break;
155        case DT_SONAME:
156            m_soname_index = entry.val();
157            m_has_soname = true;
158            break;
159        case DT_BIND_NOW:
160            m_dt_flags |= DF_BIND_NOW;
161            break;
162        case DT_RPATH:
163            m_rpath_index = entry.val();
164            m_has_rpath = true;
165            break;
166        case DT_RUNPATH:
167            m_runpath_index = entry.val();
168            m_has_runpath = true;
169            break;
170        case DT_DEBUG:
171            break;
172        case DT_FLAGS_1:
173            break;
174        case DT_NEEDED:
175            // We handle these in for_each_needed_library
176            break;
177        case DT_SYMBOLIC:
178            break;
179        default:
180            dbgln("DynamicObject: DYNAMIC tag handling not implemented for DT_{} ({})", name_for_dtag(entry.tag()), entry.tag());
181            break;
182        }
183    });
184
185    if (!m_size_of_relocation_entry) {
186        // TODO: FIXME, this shouldn't be hardcoded
187        // The reason we need this here is that for some reason, when there only PLT relocations, the compiler
188        // doesn't insert a 'PLTRELSZ' entry to the dynamic section
189        m_size_of_relocation_entry = sizeof(ElfW(Rel));
190    }
191
192    auto hash_section_address = hash_section().address().as_ptr();
193    // TODO: consider base address - it might not be zero
194    auto num_hash_chains = ((u32*)hash_section_address)[1];
195    m_symbol_count = num_hash_chains;
196}
197
198DynamicObject::Relocation DynamicObject::RelocationSection::relocation(unsigned index) const
199{
200    VERIFY(index < entry_count());
201    unsigned offset_in_section = index * entry_size();
202    auto relocation_address = (ElfW(Rela)*)address().offset(offset_in_section).as_ptr();
203    return Relocation(m_dynamic, *relocation_address, offset_in_section, m_addend_used);
204}
205
206DynamicObject::Relocation DynamicObject::RelocationSection::relocation_at_offset(unsigned offset) const
207{
208    VERIFY(offset <= (m_section_size_bytes - m_entry_size));
209    auto relocation_address = (ElfW(Rela)*)address().offset(offset).as_ptr();
210    return Relocation(m_dynamic, *relocation_address, offset, m_addend_used);
211}
212
213DynamicObject::Symbol DynamicObject::symbol(unsigned index) const
214{
215    auto symbol_section = Section(*this, m_symbol_table_offset, (m_symbol_count * m_size_of_symbol_table_entry), m_size_of_symbol_table_entry, "DT_SYMTAB"sv);
216    auto symbol_entry = (ElfW(Sym)*)symbol_section.address().offset(index * symbol_section.entry_size()).as_ptr();
217    return Symbol(*this, index, *symbol_entry);
218}
219
220DynamicObject::Section DynamicObject::init_section() const
221{
222    return Section(*this, m_init_offset, sizeof(void (*)()), sizeof(void (*)()), "DT_INIT"sv);
223}
224
225DynamicObject::Section DynamicObject::fini_section() const
226{
227    return Section(*this, m_fini_offset, sizeof(void (*)()), sizeof(void (*)()), "DT_FINI"sv);
228}
229
230DynamicObject::Section DynamicObject::init_array_section() const
231{
232    return Section(*this, m_init_array_offset, m_init_array_size, sizeof(void (*)()), "DT_INIT_ARRAY"sv);
233}
234
235DynamicObject::Section DynamicObject::fini_array_section() const
236{
237    return Section(*this, m_fini_array_offset, m_fini_array_size, sizeof(void (*)()), "DT_FINI_ARRAY"sv);
238}
239
240DynamicObject::RelocationSection DynamicObject::relocation_section() const
241{
242    return RelocationSection(Section(*this, m_relocation_table_offset, m_size_of_relocation_table, m_size_of_relocation_entry, "DT_REL"sv), m_addend_used);
243}
244
245DynamicObject::RelocationSection DynamicObject::plt_relocation_section() const
246{
247    return RelocationSection(Section(*this, m_plt_relocation_offset_location, m_size_of_plt_relocation_entry_list, m_size_of_relocation_entry, "DT_JMPREL"sv), m_procedure_linkage_table_relocation_type & DT_RELA);
248}
249
250DynamicObject::Section DynamicObject::relr_relocation_section() const
251{
252    return Section(*this, m_relr_relocation_table_offset, m_size_of_relr_relocation_table, m_size_of_relr_relocations_entry, "DT_RELR"sv);
253}
254
255ElfW(Half) DynamicObject::program_header_count() const
256{
257    auto* header = (const ElfW(Ehdr)*)m_base_address.as_ptr();
258    return header->e_phnum;
259}
260
261const ElfW(Phdr) * DynamicObject::program_headers() const
262{
263    auto* header = (const ElfW(Ehdr)*)m_base_address.as_ptr();
264    return (const ElfW(Phdr)*)(m_base_address.as_ptr() + header->e_phoff);
265}
266
267auto DynamicObject::HashSection::lookup_sysv_symbol(StringView name, u32 hash_value) const -> Optional<Symbol>
268{
269    u32* hash_table_begin = (u32*)address().as_ptr();
270    size_t num_buckets = hash_table_begin[0];
271
272    // This is here for completeness, but, since we're using the fact that every chain
273    // will end at chain 0 (which means 'not found'), we don't need to check num_chains.
274    // Interestingly, num_chains is required to be num_symbols
275
276    // size_t num_chains = hash_table_begin[1];
277
278    u32* buckets = &hash_table_begin[2];
279    u32* chains = &buckets[num_buckets];
280
281    for (u32 i = buckets[hash_value % num_buckets]; i; i = chains[i]) {
282        auto symbol = m_dynamic.symbol(i);
283        if (name == symbol.raw_name()) {
284            dbgln_if(DYNAMIC_LOAD_DEBUG, "Returning SYSV dynamic symbol with index {} for {}: {}", i, symbol.name(), symbol.address().as_ptr());
285            return symbol;
286        }
287    }
288    return {};
289}
290
291auto DynamicObject::HashSection::lookup_gnu_symbol(StringView name, u32 hash_value) const -> Optional<Symbol>
292{
293    // Algorithm reference: https://ent-voy.blogspot.com/2011/02/
294    using BloomWord = FlatPtr;
295    constexpr size_t bloom_word_size = sizeof(BloomWord) * 8;
296
297    u32 const* hash_table_begin = (u32*)address().as_ptr();
298
299    const size_t num_buckets = hash_table_begin[0];
300    const size_t num_omitted_symbols = hash_table_begin[1];
301    const u32 num_maskwords = hash_table_begin[2];
302    // This works because num_maskwords is required to be a power of 2
303    const u32 num_maskwords_bitmask = num_maskwords - 1;
304    const u32 shift2 = hash_table_begin[3];
305
306    BloomWord const* bloom_words = (BloomWord const*)&hash_table_begin[4];
307    u32 const* const buckets = (u32 const*)&bloom_words[num_maskwords];
308    u32 const* const chains = &buckets[num_buckets];
309
310    BloomWord hash1 = hash_value;
311    BloomWord hash2 = hash1 >> shift2;
312    const BloomWord bitmask = ((BloomWord)1 << (hash1 % bloom_word_size)) | ((BloomWord)1 << (hash2 % bloom_word_size));
313
314    if ((bloom_words[(hash1 / bloom_word_size) & num_maskwords_bitmask] & bitmask) != bitmask)
315        return {};
316
317    size_t current_sym = buckets[hash1 % num_buckets];
318    if (current_sym == 0)
319        return {};
320    u32 const* current_chain = &chains[current_sym - num_omitted_symbols];
321
322    for (hash1 &= ~1;; ++current_sym) {
323        hash2 = *(current_chain++);
324        if (hash1 == (hash2 & ~1)) {
325            auto symbol = m_dynamic.symbol(current_sym);
326            if (name == symbol.raw_name())
327                return symbol;
328        }
329
330        if (hash2 & 1)
331            break;
332    }
333
334    return {};
335}
336
337StringView DynamicObject::symbol_string_table_string(ElfW(Word) index) const
338{
339    auto const* symbol_string_table_ptr = reinterpret_cast<char const*>(base_address().offset(m_string_table_offset + index).as_ptr());
340    return StringView { symbol_string_table_ptr, strlen(symbol_string_table_ptr) };
341}
342
343char const* DynamicObject::raw_symbol_string_table_string(ElfW(Word) index) const
344{
345    return (char const*)base_address().offset(m_string_table_offset + index).as_ptr();
346}
347
348DynamicObject::InitializationFunction DynamicObject::init_section_function() const
349{
350    VERIFY(has_init_section());
351    return (InitializationFunction)init_section().address().as_ptr();
352}
353
354char const* DynamicObject::name_for_dtag(ElfW(Sword) d_tag)
355{
356    switch (d_tag) {
357    case DT_NULL:
358        return "NULL"; /* marks end of _DYNAMIC array */
359    case DT_NEEDED:
360        return "NEEDED"; /* string table offset of needed lib */
361    case DT_PLTRELSZ:
362        return "PLTRELSZ"; /* size of relocation entries in PLT */
363    case DT_PLTGOT:
364        return "PLTGOT"; /* address PLT/GOT */
365    case DT_HASH:
366        return "HASH"; /* address of symbol hash table */
367    case DT_STRTAB:
368        return "STRTAB"; /* address of string table */
369    case DT_SYMTAB:
370        return "SYMTAB"; /* address of symbol table */
371    case DT_RELA:
372        return "RELA"; /* address of relocation table */
373    case DT_RELASZ:
374        return "RELASZ"; /* size of relocation table */
375    case DT_RELAENT:
376        return "RELAENT"; /* size of relocation entry */
377    case DT_STRSZ:
378        return "STRSZ"; /* size of string table */
379    case DT_SYMENT:
380        return "SYMENT"; /* size of symbol table entry */
381    case DT_INIT:
382        return "INIT"; /* address of initialization func. */
383    case DT_FINI:
384        return "FINI"; /* address of termination function */
385    case DT_SONAME:
386        return "SONAME"; /* string table offset of shared obj */
387    case DT_RPATH:
388        return "RPATH"; /* string table offset of library search path */
389    case DT_SYMBOLIC:
390        return "SYMBOLIC"; /* start sym search in shared obj. */
391    case DT_REL:
392        return "REL"; /* address of rel. tbl. w addends */
393    case DT_RELSZ:
394        return "RELSZ"; /* size of DT_REL relocation table */
395    case DT_RELENT:
396        return "RELENT"; /* size of DT_REL relocation entry */
397    case DT_PLTREL:
398        return "PLTREL"; /* PLT referenced relocation entry */
399    case DT_DEBUG:
400        return "DEBUG"; /* bugger */
401    case DT_TEXTREL:
402        return "TEXTREL"; /* Allow rel. mod. to unwritable seg */
403    case DT_JMPREL:
404        return "JMPREL"; /* add. of PLT's relocation entries */
405    case DT_BIND_NOW:
406        return "BIND_NOW"; /* Bind now regardless of env setting */
407    case DT_INIT_ARRAY:
408        return "INIT_ARRAY"; /* address of array of init func */
409    case DT_FINI_ARRAY:
410        return "FINI_ARRAY"; /* address of array of term func */
411    case DT_INIT_ARRAYSZ:
412        return "INIT_ARRAYSZ"; /* size of array of init func */
413    case DT_FINI_ARRAYSZ:
414        return "FINI_ARRAYSZ"; /* size of array of term func */
415    case DT_RUNPATH:
416        return "RUNPATH"; /* strtab offset of lib search path */
417    case DT_FLAGS:
418        return "FLAGS"; /* Set of DF_* flags */
419    case DT_ENCODING:
420        return "ENCODING"; /* further DT_* follow encoding rules */
421    case DT_PREINIT_ARRAY:
422        return "PREINIT_ARRAY"; /* address of array of preinit func */
423    case DT_PREINIT_ARRAYSZ:
424        return "PREINIT_ARRAYSZ"; /* size of array of preinit func */
425    case DT_LOOS:
426        return "LOOS"; /* reserved range for OS */
427    case DT_HIOS:
428        return "HIOS"; /*  specific dynamic array tags */
429    case DT_LOPROC:
430        return "LOPROC"; /* reserved range for processor */
431    case DT_HIPROC:
432        return "HIPROC"; /*  specific dynamic array tags */
433    case DT_GNU_HASH:
434        return "GNU_HASH"; /* address of GNU hash table */
435    case DT_RELACOUNT:
436        return "RELACOUNT"; /* if present, number of RELATIVE */
437    case DT_RELCOUNT:
438        return "RELCOUNT"; /* relocs, which must come first */
439    case DT_FLAGS_1:
440        return "FLAGS_1";
441    case DT_VERDEF:
442        return "VERDEF";
443    case DT_VERDEFNUM:
444        return "VERDEFNUM";
445    case DT_VERSYM:
446        return "VERSYM";
447    case DT_VERNEEDED:
448        return "VERNEEDED";
449    case DT_VERNEEDEDNUM:
450        return "VERNEEDEDNUM";
451    case DT_RELR:
452        return "DT_RELR";
453    case DT_RELRSZ:
454        return "DT_RELRSZ";
455    case DT_RELRENT:
456        return "DT_RELRENT";
457    default:
458        return "??";
459    }
460}
461
462auto DynamicObject::lookup_symbol(StringView name) const -> Optional<SymbolLookupResult>
463{
464    return lookup_symbol(HashSymbol { name });
465}
466
467auto DynamicObject::lookup_symbol(HashSymbol const& symbol) const -> Optional<SymbolLookupResult>
468{
469    auto result = hash_section().lookup_symbol(symbol);
470    if (!result.has_value())
471        return {};
472    auto symbol_result = result.value();
473    if (symbol_result.is_undefined())
474        return {};
475    return SymbolLookupResult { symbol_result.value(), symbol_result.size(), symbol_result.address(), symbol_result.bind(), symbol_result.type(), this };
476}
477
478NonnullRefPtr<DynamicObject> DynamicObject::create(DeprecatedString const& filepath, VirtualAddress base_address, VirtualAddress dynamic_section_address)
479{
480    return adopt_ref(*new DynamicObject(filepath, base_address, dynamic_section_address));
481}
482
483// offset is in PLT relocation table
484VirtualAddress DynamicObject::patch_plt_entry(u32 relocation_offset)
485{
486    auto relocation = plt_relocation_section().relocation_at_offset(relocation_offset);
487    VERIFY(relocation.type() == R_X86_64_JUMP_SLOT || relocation.type() == R_AARCH64_JUMP_SLOT);
488    auto symbol = relocation.symbol();
489    auto relocation_address = (FlatPtr*)relocation.address().as_ptr();
490
491    VirtualAddress symbol_location;
492    auto result = DynamicLoader::lookup_symbol(symbol);
493    if (result.has_value()) {
494        symbol_location = result.value().address;
495
496        if (result.value().type == STT_GNU_IFUNC)
497            symbol_location = VirtualAddress { reinterpret_cast<IfuncResolver>(symbol_location.get())() };
498    } else if (symbol.bind() != STB_WEAK) {
499        dbgln("did not find symbol while doing relocations for library {}: {}", m_filepath, symbol.name());
500        VERIFY_NOT_REACHED();
501    }
502
503    dbgln_if(DYNAMIC_LOAD_DEBUG, "DynamicLoader: Jump slot relocation: putting {} ({}) into PLT at {}", symbol.name(), symbol_location, (void*)relocation_address);
504
505    *relocation_address = symbol_location.get();
506
507    return symbol_location;
508}
509
510u32 DynamicObject::HashSymbol::gnu_hash() const
511{
512    if (!m_gnu_hash.has_value())
513        m_gnu_hash = compute_gnu_hash(m_name);
514    return m_gnu_hash.value();
515}
516
517u32 DynamicObject::HashSymbol::sysv_hash() const
518{
519    if (!m_sysv_hash.has_value())
520        m_sysv_hash = compute_sysv_hash(m_name);
521    return m_sysv_hash.value();
522}
523
524void* DynamicObject::symbol_for_name(StringView name)
525{
526    auto result = hash_section().lookup_symbol(name);
527    if (!result.has_value())
528        return nullptr;
529    auto symbol = result.value();
530    if (symbol.is_undefined())
531        return nullptr;
532    return base_address().offset(symbol.value()).as_ptr();
533}
534} // end namespace ELF