1 /* Report modules by examining dynamic linker data structures.
2 Copyright (C) 2008-2010 Red Hat, Inc.
3 This file is part of elfutils.
5 This file is free software; you can redistribute it and/or modify
6 it under the terms of either
8 * the GNU Lesser General Public License as published by the Free
9 Software Foundation; either version 3 of the License, or (at
10 your option) any later version
14 * the GNU General Public License as published by the Free
15 Software Foundation; either version 2 of the License, or (at
16 your option) any later version
18 or both in parallel, as here.
20 elfutils is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
25 You should have received copies of the GNU General Public License and
26 the GNU Lesser General Public License along with this program. If
27 not, see <http://www.gnu.org/licenses/>. */
35 /* This element is always provided and always has a constant value.
36 This makes it an easy thing to scan for to discern the format. */
37 #define PROBE_TYPE AT_PHENT
38 #define PROBE_VAL32 sizeof (Elf32_Phdr)
39 #define PROBE_VAL64 sizeof (Elf64_Phdr)
41 #if BYTE_ORDER == BIG_ENDIAN
44 # define LE32(x) bswap_32 (x)
45 # define LE64(x) bswap_64 (x)
49 # define BE32(x) bswap_32 (x)
50 # define BE64(x) bswap_64 (x)
54 /* Examine an auxv data block and determine its format.
55 Return true iff we figured it out. */
57 auxv_format_probe (const void *auxv, size_t size,
58 uint_fast8_t *elfclass, uint_fast8_t *elfdata)
63 Elf32_auxv_t a32[size / sizeof (Elf32_auxv_t)];
64 Elf64_auxv_t a64[size / sizeof (Elf64_auxv_t)];
67 inline bool check64 (size_t i)
69 if (u->a64[i].a_type == BE64 (PROBE_TYPE)
70 && u->a64[i].a_un.a_val == BE64 (PROBE_VAL64))
72 *elfdata = ELFDATA2MSB;
76 if (u->a64[i].a_type == LE64 (PROBE_TYPE)
77 && u->a64[i].a_un.a_val == LE64 (PROBE_VAL64))
79 *elfdata = ELFDATA2LSB;
86 inline bool check32 (size_t i)
88 if (u->a32[i].a_type == BE32 (PROBE_TYPE)
89 && u->a32[i].a_un.a_val == BE32 (PROBE_VAL32))
91 *elfdata = ELFDATA2MSB;
95 if (u->a32[i].a_type == LE32 (PROBE_TYPE)
96 && u->a32[i].a_un.a_val == LE32 (PROBE_VAL32))
98 *elfdata = ELFDATA2LSB;
105 for (size_t i = 0; i < size / sizeof (Elf64_auxv_t); ++i)
109 *elfclass = ELFCLASS64;
113 if (check32 (i * 2) || check32 (i * 2 + 1))
115 *elfclass = ELFCLASS32;
123 /* This is a Dwfl_Memory_Callback that wraps another memory callback.
124 If the underlying callback cannot fill the data, then this will
125 fall back to fetching data from module files. */
127 struct integrated_memory_callback
129 Dwfl_Memory_Callback *memory_callback;
130 void *memory_callback_arg;
135 integrated_memory_callback (Dwfl *dwfl, int ndx,
136 void **buffer, size_t *buffer_available,
141 struct integrated_memory_callback *info = arg;
145 /* Called for cleanup. */
146 if (info->buffer != NULL)
148 /* The last probe buffer came from the underlying callback.
149 Let it do its cleanup. */
150 assert (*buffer == info->buffer); /* XXX */
151 *buffer = info->buffer;
153 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
155 info->memory_callback_arg);
158 *buffer_available = 0;
163 /* For a final-read request, we only use the underlying callback. */
164 return (*info->memory_callback) (dwfl, ndx, buffer, buffer_available,
165 vaddr, minread, info->memory_callback_arg);
167 /* Let the underlying callback try to fill this request. */
168 if ((*info->memory_callback) (dwfl, ndx, &info->buffer, buffer_available,
169 vaddr, minread, info->memory_callback_arg))
171 *buffer = info->buffer;
175 /* Now look for module text covering this address. */
178 (void) INTUSE(dwfl_addrsegment) (dwfl, vaddr, &mod);
183 Elf_Scn *scn = INTUSE(dwfl_module_address_section) (mod, &vaddr, &bias);
184 if (unlikely (scn == NULL))
186 #if 0 // XXX would have to handle ndx=-1 cleanup calls passed down.
187 /* If we have no sections we can try to fill it from the module file
188 based on its phdr mappings. */
189 if (likely (mod->e_type != ET_REL) && mod->main.elf != NULL)
190 return INTUSE(dwfl_elf_phdr_memory_callback)
191 (dwfl, 0, buffer, buffer_available,
192 vaddr - mod->main.bias, minread, mod->main.elf);
197 Elf_Data *data = elf_rawdata (scn, NULL);
198 if (unlikely (data == NULL))
202 if (unlikely (data->d_size < vaddr))
205 /* Provide as much data as we have. */
206 void *contents = data->d_buf + vaddr;
207 size_t avail = data->d_size - vaddr;
208 if (unlikely (avail < minread))
211 /* If probing for a string, make sure it's terminated. */
212 if (minread == 0 && unlikely (memchr (contents, '\0', avail) == NULL))
217 *buffer_available = avail;
222 addrsize (uint_fast8_t elfclass)
227 /* Report a module for each struct link_map in the linked list at r_map
228 in the struct r_debug at R_DEBUG_VADDR.
230 For each link_map entry, if an existing module resides at its address,
231 this just modifies that module's name and suggested file name. If
232 no such module exists, this calls dwfl_report_elf on the l_name string.
234 Returns the number of modules found, or -1 for errors. */
237 report_r_debug (uint_fast8_t elfclass, uint_fast8_t elfdata,
238 Dwfl *dwfl, GElf_Addr r_debug_vaddr,
239 Dwfl_Memory_Callback *memory_callback,
240 void *memory_callback_arg)
242 /* Skip r_version, to aligned r_map field. */
243 GElf_Addr read_vaddr = r_debug_vaddr + addrsize (elfclass);
246 size_t buffer_available = 0;
247 inline int release_buffer (int result)
250 (void) (*memory_callback) (dwfl, -1, &buffer, &buffer_available, 0, 0,
251 memory_callback_arg);
256 inline bool read_addrs (GElf_Addr vaddr, size_t n)
258 size_t nb = n * addrsize (elfclass); /* Address words -> bytes to read. */
260 /* Read a new buffer if the old one doesn't cover these words. */
262 || vaddr < read_vaddr
263 || vaddr - read_vaddr + nb > buffer_available)
268 int segndx = INTUSE(dwfl_addrsegment) (dwfl, vaddr, NULL);
269 if (unlikely (segndx < 0)
270 || unlikely (! (*memory_callback) (dwfl, segndx,
271 &buffer, &buffer_available,
272 vaddr, nb, memory_callback_arg)))
280 } *in = vaddr - read_vaddr + buffer;
282 if (elfclass == ELFCLASS32)
284 if (elfdata == ELFDATA2MSB)
285 for (size_t i = 0; i < n; ++i)
286 addrs[i] = BE32 (in->a32[i]);
288 for (size_t i = 0; i < n; ++i)
289 addrs[i] = LE32 (in->a32[i]);
293 if (elfdata == ELFDATA2MSB)
294 for (size_t i = 0; i < n; ++i)
295 addrs[i] = BE64 (in->a64[i]);
297 for (size_t i = 0; i < n; ++i)
298 addrs[i] = LE64 (in->a64[i]);
304 if (unlikely (read_addrs (read_vaddr, 1)))
305 return release_buffer (-1);
307 GElf_Addr next = addrs[0];
309 Dwfl_Module **lastmodp = &dwfl->modulelist;
312 /* There can't be more elements in the link_map list than there are
313 segments. DWFL->lookup_elts is probably twice that number, so it
314 is certainly above the upper bound. If we iterate too many times,
315 there must be a loop in the pointers due to link_map clobberation. */
316 size_t iterations = 0;
317 while (next != 0 && ++iterations < dwfl->lookup_elts)
319 if (read_addrs (next, 4))
320 return release_buffer (-1);
322 GElf_Addr l_addr = addrs[0];
323 GElf_Addr l_name = addrs[1];
324 GElf_Addr l_ld = addrs[2];
327 /* If a clobbered or truncated memory image has no useful pointer,
328 just skip this element. */
332 /* Fetch the string at the l_name address. */
333 const char *name = NULL;
335 && read_vaddr <= l_name
336 && l_name + 1 - read_vaddr < buffer_available
337 && memchr (l_name - read_vaddr + buffer, '\0',
338 buffer_available - (l_name - read_vaddr)) != NULL)
339 name = l_name - read_vaddr + buffer;
344 int segndx = INTUSE(dwfl_addrsegment) (dwfl, l_name, NULL);
345 if (likely (segndx >= 0)
346 && (*memory_callback) (dwfl, segndx,
347 &buffer, &buffer_available,
348 l_name, 0, memory_callback_arg))
352 if (name != NULL && name[0] == '\0')
355 /* If content-sniffing already reported a module covering
356 the same area, find that existing module to adjust.
357 The l_ld address is the only one we know for sure
358 to be within the module's own segments (its .dynamic). */
359 Dwfl_Module *mod = INTUSE(dwfl_addrmodule) (dwfl, l_ld);
362 /* We have a module. We can give it a better name from l_name. */
363 if (name != NULL && mod->name[0] == '[')
365 char *newname = strdup (basename (name));
373 if (name == NULL && mod->name[0] == '/')
376 /* If we don't have a file for it already, we can pre-install
377 the full file name from l_name. Opening the file by this
378 name will be the fallback when no build ID match is found.
379 XXX hook for sysroot */
380 if (name != NULL && mod->main.name == NULL)
381 mod->main.name = strdup (name);
383 else if (name != NULL)
385 /* We have to find the file's phdrs to compute along with l_addr
386 what its runtime address boundaries are. */
388 // XXX hook for sysroot
389 mod = INTUSE(dwfl_report_elf) (dwfl, basename (name),
397 /* Move this module to the end of the list, so that we end
398 up with a list in the same order as the link_map chain. */
399 if (mod->next != NULL)
401 if (*lastmodp != mod)
403 lastmodp = &dwfl->modulelist;
404 while (*lastmodp != mod)
405 lastmodp = &(*lastmodp)->next;
407 *lastmodp = mod->next;
409 while (*lastmodp != NULL)
410 lastmodp = &(*lastmodp)->next;
414 lastmodp = &mod->next;
418 return release_buffer (result);
422 consider_executable (Dwfl_Module *mod, GElf_Addr at_phdr, GElf_Addr at_entry,
423 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
424 Dwfl_Memory_Callback *memory_callback,
425 void *memory_callback_arg)
428 if (unlikely (gelf_getehdr (mod->main.elf, &ehdr) == NULL))
433 /* If we have an AT_ENTRY value, reject this executable if
434 its entry point address could not have supplied that. */
436 if (ehdr.e_entry == 0)
439 if (mod->e_type == ET_EXEC)
441 if (ehdr.e_entry != at_entry)
446 /* It could be a PIE. */
450 // XXX this could be saved in the file cache: phdr vaddr, DT_DEBUG d_val vaddr
451 /* Find the vaddr of the DT_DEBUG's d_ptr. This is the memory
452 address where &r_debug was written at runtime. */
453 GElf_Xword align = mod->dwfl->segment_align;
454 GElf_Addr d_val_vaddr = 0;
455 for (uint_fast16_t i = 0; i < ehdr.e_phnum; ++i)
458 GElf_Phdr *phdr = gelf_getphdr (mod->main.elf, i, &phdr_mem);
462 if (phdr->p_align > 1 && (align == 0 || phdr->p_align < align))
463 align = phdr->p_align;
466 && phdr->p_type == PT_LOAD
467 && (phdr->p_offset & -align) == (ehdr.e_phoff & -align))
469 /* This is the segment that would map the phdrs.
470 If we have an AT_PHDR value, reject this executable
471 if its phdr mapping could not have supplied that. */
472 if (mod->e_type == ET_EXEC)
474 if (ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr != at_phdr)
479 /* It could be a PIE. If the AT_PHDR value and our
480 phdr address don't match modulo ALIGN, then this
481 could not have been the right PIE. */
482 if (((ehdr.e_phoff - phdr->p_offset + phdr->p_vaddr) & -align)
483 != (at_phdr & -align))
486 /* Calculate the bias applied to the PIE's p_vaddr values. */
487 GElf_Addr bias = (at_phdr - (ehdr.e_phoff - phdr->p_offset
490 /* Final sanity check: if we have an AT_ENTRY value,
491 reject this PIE unless its biased e_entry matches. */
492 if (at_entry != 0 && at_entry != ehdr.e_entry + bias)
495 /* If we're changing the module's address range,
496 we've just invalidated the module lookup table. */
497 GElf_Addr mod_bias = dwfl_adjusted_address (mod, 0);
498 if (bias != mod_bias)
500 mod->low_addr -= mod_bias;
501 mod->high_addr -= mod_bias;
502 mod->low_addr += bias;
503 mod->high_addr += bias;
505 free (mod->dwfl->lookup_module);
506 mod->dwfl->lookup_module = NULL;
511 if (phdr->p_type == PT_DYNAMIC)
513 Elf_Data *data = elf_getdata_rawchunk (mod->main.elf, phdr->p_offset,
514 phdr->p_filesz, ELF_T_DYN);
517 const size_t entsize = gelf_fsize (mod->main.elf,
518 ELF_T_DYN, 1, EV_CURRENT);
519 const size_t n = data->d_size / entsize;
520 for (size_t j = 0; j < n; ++j)
523 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
524 if (dyn != NULL && dyn->d_tag == DT_DEBUG)
526 d_val_vaddr = phdr->p_vaddr + entsize * j + entsize / 2;
533 if (d_val_vaddr != 0)
535 /* Now we have the final address from which to read &r_debug. */
536 d_val_vaddr = dwfl_adjusted_address (mod, d_val_vaddr);
539 size_t buffer_available = addrsize (ehdr.e_ident[EI_CLASS]);
541 int segndx = INTUSE(dwfl_addrsegment) (mod->dwfl, d_val_vaddr, NULL);
543 if ((*memory_callback) (mod->dwfl, segndx,
544 &buffer, &buffer_available,
545 d_val_vaddr, buffer_available,
546 memory_callback_arg))
555 if (ehdr.e_ident[EI_CLASS] == ELFCLASS32)
556 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
557 ? BE32 (u->a32) : LE32 (u->a32));
559 vaddr = (ehdr.e_ident[EI_DATA] == ELFDATA2MSB
560 ? BE64 (u->a64) : LE64 (u->a64));
562 (*memory_callback) (mod->dwfl, -1, &buffer, &buffer_available, 0, 0,
563 memory_callback_arg);
565 if (*elfclass == ELFCLASSNONE)
566 *elfclass = ehdr.e_ident[EI_CLASS];
567 else if (*elfclass != ehdr.e_ident[EI_CLASS])
570 if (*elfdata == ELFDATANONE)
571 *elfdata = ehdr.e_ident[EI_DATA];
572 else if (*elfdata != ehdr.e_ident[EI_DATA])
582 /* Try to find an existing executable module with a DT_DEBUG. */
584 find_executable (Dwfl *dwfl, GElf_Addr at_phdr, GElf_Addr at_entry,
585 uint_fast8_t *elfclass, uint_fast8_t *elfdata,
586 Dwfl_Memory_Callback *memory_callback,
587 void *memory_callback_arg)
589 for (Dwfl_Module *mod = dwfl->modulelist; mod != NULL; mod = mod->next)
590 if (mod->main.elf != NULL)
592 GElf_Addr r_debug_vaddr = consider_executable (mod, at_phdr, at_entry,
595 memory_callback_arg);
596 if (r_debug_vaddr != 0)
597 return r_debug_vaddr;
605 dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
606 Dwfl_Memory_Callback *memory_callback,
607 void *memory_callback_arg)
609 GElf_Addr r_debug_vaddr = 0;
611 uint_fast8_t elfclass = ELFCLASSNONE;
612 uint_fast8_t elfdata = ELFDATANONE;
613 if (likely (auxv != NULL)
614 && likely (auxv_format_probe (auxv, auxv_size, &elfclass, &elfdata)))
618 GElf_Xword phent = 0;
619 GElf_Xword phnum = 0;
621 #define AUXV_SCAN(NN, BL) do \
623 const Elf##NN##_auxv_t *av = auxv; \
624 for (size_t i = 0; i < auxv_size / sizeof av[0]; ++i) \
626 Elf##NN##_Addr val = BL##NN (av[i].a_un.a_val); \
627 if (av[i].a_type == BL##NN (AT_ENTRY)) \
629 else if (av[i].a_type == BL##NN (AT_PHDR)) \
631 else if (av[i].a_type == BL##NN (AT_PHNUM)) \
633 else if (av[i].a_type == BL##NN (AT_PHENT)) \
635 else if (av[i].a_type == BL##NN (AT_PAGESZ)) \
638 && (dwfl->segment_align == 0 \
639 || val < dwfl->segment_align)) \
640 dwfl->segment_align = val; \
646 if (elfclass == ELFCLASS32)
648 if (elfdata == ELFDATA2MSB)
655 if (elfdata == ELFDATA2MSB)
661 /* If we found the phdr dimensions, search phdrs for PT_DYNAMIC. */
662 GElf_Addr dyn_vaddr = 0;
663 GElf_Xword dyn_filesz = 0;
664 GElf_Addr dyn_bias = (GElf_Addr) -1;
666 inline bool consider_phdr (GElf_Word type,
667 GElf_Addr vaddr, GElf_Xword filesz)
672 if (dyn_bias == (GElf_Addr) -1
673 /* Do a sanity check on the putative address. */
674 && ((vaddr & (dwfl->segment_align - 1))
675 == (phdr & (dwfl->segment_align - 1))))
677 dyn_bias = phdr - vaddr;
678 return dyn_vaddr != 0;
685 return dyn_bias != (GElf_Addr) -1;
691 if (phdr != 0 && phnum != 0)
693 Dwfl_Module *phdr_mod;
694 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod);
697 .d_type = ELF_T_PHDR,
698 .d_version = EV_CURRENT,
699 .d_size = phnum * phent,
702 if ((*memory_callback) (dwfl, phdr_segndx, &in.d_buf, &in.d_size,
703 phdr, phnum * phent, memory_callback_arg))
709 char data[phnum * phent];
713 .d_type = ELF_T_PHDR,
714 .d_version = EV_CURRENT,
715 .d_size = phnum * phent,
718 in.d_size = out.d_size;
719 if (likely ((elfclass == ELFCLASS32
720 ? elf32_xlatetom : elf64_xlatetom)
721 (&out, &in, elfdata) != NULL))
723 /* We are looking for PT_DYNAMIC. */
726 Elf32_Phdr p32[phnum];
727 Elf64_Phdr p64[phnum];
728 } *u = (void *) &buf;
729 if (elfclass == ELFCLASS32)
731 for (size_t i = 0; i < phnum; ++i)
732 if (consider_phdr (u->p32[i].p_type,
739 for (size_t i = 0; i < phnum; ++i)
740 if (consider_phdr (u->p64[i].p_type,
747 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
748 memory_callback_arg);
751 /* We could not read the executable's phdrs from the
752 memory image. If we have a presupplied executable,
753 we can still use the AT_PHDR and AT_ENTRY values to
754 verify it, and to adjust its bias if it's a PIE.
756 If there was an ET_EXEC module presupplied that contains
757 the AT_PHDR address, then we only consider that one.
758 We'll either accept it if its phdr location and e_entry
759 make sense or reject it if they don't. If there is no
760 presupplied ET_EXEC, then look for a presupplied module,
761 which might be a PIE (ET_DYN) that needs its bias adjusted. */
762 r_debug_vaddr = ((phdr_mod == NULL
763 || phdr_mod->main.elf == NULL
764 || phdr_mod->e_type != ET_EXEC)
765 ? find_executable (dwfl, phdr, entry,
769 : consider_executable (phdr_mod, phdr, entry,
772 memory_callback_arg));
775 /* If we found PT_DYNAMIC, search it for DT_DEBUG. */
778 if (dyn_bias != (GElf_Addr) -1)
779 dyn_vaddr += dyn_bias;
784 .d_version = EV_CURRENT,
785 .d_size = dyn_filesz,
788 int dyn_segndx = dwfl_addrsegment (dwfl, dyn_vaddr, NULL);
789 if ((*memory_callback) (dwfl, dyn_segndx, &in.d_buf, &in.d_size,
790 dyn_vaddr, dyn_filesz, memory_callback_arg))
796 char data[dyn_filesz];
801 .d_version = EV_CURRENT,
802 .d_size = dyn_filesz,
805 in.d_size = out.d_size;
806 if (likely ((elfclass == ELFCLASS32
807 ? elf32_xlatetom : elf64_xlatetom)
808 (&out, &in, elfdata) != NULL))
810 /* We are looking for DT_DEBUG. */
813 Elf32_Dyn d32[dyn_filesz / sizeof (Elf32_Dyn)];
814 Elf64_Dyn d64[dyn_filesz / sizeof (Elf64_Dyn)];
815 } *u = (void *) &buf;
816 if (elfclass == ELFCLASS32)
818 size_t n = dyn_filesz / sizeof (Elf32_Dyn);
819 for (size_t i = 0; i < n; ++i)
820 if (u->d32[i].d_tag == DT_DEBUG)
822 r_debug_vaddr = u->d32[i].d_un.d_val;
828 size_t n = dyn_filesz / sizeof (Elf64_Dyn);
829 for (size_t i = 0; i < n; ++i)
830 if (u->d64[i].d_tag == DT_DEBUG)
832 r_debug_vaddr = u->d64[i].d_un.d_val;
838 (*memory_callback) (dwfl, -1, &in.d_buf, &in.d_size, 0, 0,
839 memory_callback_arg);
844 /* We have to look for a presupplied executable file to determine
845 the vaddr of its dynamic section and DT_DEBUG therein. */
846 r_debug_vaddr = find_executable (dwfl, 0, 0, &elfclass, &elfdata,
847 memory_callback, memory_callback_arg);
849 if (r_debug_vaddr == 0)
852 /* For following pointers from struct link_map, we will use an
853 integrated memory access callback that can consult module text
854 elided from the core file. This is necessary when the l_name
855 pointer for the dynamic linker's own entry is a pointer into the
856 executable's .interp section. */
857 struct integrated_memory_callback mcb =
859 .memory_callback = memory_callback,
860 .memory_callback_arg = memory_callback_arg
863 /* Now we can follow the dynamic linker's library list. */
864 return report_r_debug (elfclass, elfdata, dwfl, r_debug_vaddr,
865 &integrated_memory_callback, &mcb);
867 INTDEF (dwfl_link_map_report)