📄 dl-machine.c
字号:
/* Machine-dependent ELF dynamic relocation functions. PowerPC version. Copyright (C) 1995-2001, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */#include <unistd.h>#include <string.h>#include <sys/param.h>#include <link.h>#include <ldsodefs.h>#include <elf/dynamic-link.h>#include <dl-machine.h>#include <stdio-common/_itoa.h>/* Because ld.so is now versioned, these functions can be in their own file; no relocations need to be done to call them. Of course, if ld.so is not versioned... */#if defined SHARED && !(DO_VERSIONING - 0)#error This will not work with versioning turned off, sorry.#endif/* Stuff for the PLT. */#define PLT_INITIAL_ENTRY_WORDS 18#define PLT_LONGBRANCH_ENTRY_WORDS 0#define PLT_TRAMPOLINE_ENTRY_WORDS 6#define PLT_DOUBLE_SIZE (1<<13)#define PLT_ENTRY_START_WORDS(entry_number) \ (PLT_INITIAL_ENTRY_WORDS + (entry_number)*2 \ + ((entry_number) > PLT_DOUBLE_SIZE \ ? ((entry_number) - PLT_DOUBLE_SIZE)*2 \ : 0))#define PLT_DATA_START_WORDS(num_entries) PLT_ENTRY_START_WORDS(num_entries)/* Macros to build PowerPC opcode words. */#define OPCODE_ADDI(rd,ra,simm) \ (0x38000000 | (rd) << 21 | (ra) << 16 | ((simm) & 0xffff))#define OPCODE_ADDIS(rd,ra,simm) \ (0x3c000000 | (rd) << 21 | (ra) << 16 | ((simm) & 0xffff))#define OPCODE_ADD(rd,ra,rb) \ (0x7c000214 | (rd) << 21 | (ra) << 16 | (rb) << 11)#define OPCODE_B(target) (0x48000000 | ((target) & 0x03fffffc))#define OPCODE_BA(target) (0x48000002 | ((target) & 0x03fffffc))#define OPCODE_BCTR() 0x4e800420#define OPCODE_LWZ(rd,d,ra) \ (0x80000000 | (rd) << 21 | (ra) << 16 | ((d) & 0xffff))#define OPCODE_LWZU(rd,d,ra) \ (0x84000000 | (rd) << 21 | (ra) << 16 | ((d) & 0xffff))#define OPCODE_MTCTR(rd) (0x7C0903A6 | (rd) << 21)#define OPCODE_RLWINM(ra,rs,sh,mb,me) \ (0x54000000 | (rs) << 21 | (ra) << 16 | (sh) << 11 | (mb) << 6 | (me) << 1)#define OPCODE_LI(rd,simm) OPCODE_ADDI(rd,0,simm)#define OPCODE_ADDIS_HI(rd,ra,value) \ OPCODE_ADDIS(rd,ra,((value) + 0x8000) >> 16)#define OPCODE_LIS_HI(rd,value) OPCODE_ADDIS_HI(rd,0,value)#define OPCODE_SLWI(ra,rs,sh) OPCODE_RLWINM(ra,rs,sh,0,31-sh)#define PPC_DCBST(where) asm volatile ("dcbst 0,%0" : : "r"(where) : "memory")#define PPC_SYNC asm volatile ("sync" : : : "memory")#define PPC_ISYNC asm volatile ("sync; isync" : : : "memory")#define PPC_ICBI(where) asm volatile ("icbi 0,%0" : : "r"(where) : "memory")#define PPC_DIE asm volatile ("tweq 0,0")/* Use this when you've modified some code, but it won't be in the instruction fetch queue (or when it doesn't matter if it is). */#define MODIFIED_CODE_NOQUEUE(where) \ do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); } while (0)/* Use this when it might be in the instruction queue. */#define MODIFIED_CODE(where) \ do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); PPC_ISYNC; } while (0)/* The idea here is that to conform to the ABI, we are supposed to try to load dynamic objects between 0x10000 (we actually use 0x40000 as the lower bound, to increase the chance of a memory reference from a null pointer giving a segfault) and the program's load address; this may allow us to use a branch instruction in the PLT rather than a computed jump. The address is only used as a preference for mmap, so if we get it wrong the worst that happens is that it gets mapped somewhere else. */ElfW(Addr)__elf_preferred_address(struct link_map *loader, size_t maplength, ElfW(Addr) mapstartpref){ ElfW(Addr) low, high; struct link_map *l; /* If the object has a preference, load it there! */ if (mapstartpref != 0) return mapstartpref; /* Otherwise, quickly look for a suitable gap between 0x3FFFF and 0x70000000. 0x3FFFF is so that references off NULL pointers will cause a segfault, 0x70000000 is just paranoia (it should always be superceded by the program's load address). */ low = 0x0003FFFF; high = 0x70000000; for (l = GL(dl_loaded); l; l = l->l_next) { ElfW(Addr) mapstart, mapend; mapstart = l->l_map_start & ~(GL(dl_pagesize) - 1); mapend = l->l_map_end | (GL(dl_pagesize) - 1); assert (mapend > mapstart); /* Prefer gaps below the main executable, note that l == _dl_loaded does not work for static binaries loading e.g. libnss_*.so. */ if ((mapend >= high || l->l_type == lt_executable) && high >= mapstart) high = mapstart; else if (mapend >= low && low >= mapstart) low = mapend; else if (high >= mapend && mapstart >= low) { if (high - mapend >= mapstart - low) low = mapend; else high = mapstart; } } high -= 0x10000; /* Allow some room between objects. */ maplength = (maplength | (GL(dl_pagesize) - 1)) + 1; if (high <= low || high - low < maplength ) return 0; return high - maplength; /* Both high and maplength are page-aligned. */}/* Set up the loaded object described by L so its unrelocated PLT entries will jump to the on-demand fixup code in dl-runtime.c. Also install a small trampoline to be used by entries that have been relocated to an address too far away for a single branch. *//* There are many kinds of PLT entries: (1) A direct jump to the actual routine, either a relative or absolute branch. These are set up in __elf_machine_fixup_plt. (2) Short lazy entries. These cover the first 8192 slots in the PLT, and look like (where 'index' goes from 0 to 8191): li %r11, index*4 b &plt[PLT_TRAMPOLINE_ENTRY_WORDS+1] (3) Short indirect jumps. These replace (2) when a direct jump wouldn't reach. They look the same except that the branch is 'b &plt[PLT_LONGBRANCH_ENTRY_WORDS]'. (4) Long lazy entries. These cover the slots when a short entry won't fit ('index*4' overflows its field), and look like: lis %r11, %hi(index*4 + &plt[PLT_DATA_START_WORDS]) lwzu %r12, %r11, %lo(index*4 + &plt[PLT_DATA_START_WORDS]) b &plt[PLT_TRAMPOLINE_ENTRY_WORDS] bctr (5) Long indirect jumps. These replace (4) when a direct jump wouldn't reach. They look like: lis %r11, %hi(index*4 + &plt[PLT_DATA_START_WORDS]) lwz %r12, %r11, %lo(index*4 + &plt[PLT_DATA_START_WORDS]) mtctr %r12 bctr (6) Long direct jumps. These are used when thread-safety is not required. They look like: lis %r12, %hi(finaladdr) addi %r12, %r12, %lo(finaladdr) mtctr %r12 bctr The lazy entries, (2) and (4), are set up here in __elf_machine_runtime_setup. (1), (3), and (5) are set up in __elf_machine_fixup_plt. (1), (3), and (6) can also be constructed in __process_machine_rela. The reason for the somewhat strange construction of the long entries, (4) and (5), is that we need to ensure thread-safety. For (1) and (3), this is obvious because only one instruction is changed and the PPC architecture guarantees that aligned stores are atomic. For (5), this is more tricky. When changing (4) to (5), the `b' instruction is first changed to to `mtctr'; this is safe and is why the `lwzu' instruction is not just a simple `addi'. Once this is done, and is visible to all processors, the `lwzu' can safely be changed to a `lwz'. */int__elf_machine_runtime_setup (struct link_map *map, int lazy, int profile){ if (map->l_info[DT_JMPREL]) { Elf32_Word i; Elf32_Word *plt = (Elf32_Word *) D_PTR (map, l_info[DT_PLTGOT]); Elf32_Word num_plt_entries = (map->l_info[DT_PLTRELSZ]->d_un.d_val / sizeof (Elf32_Rela)); Elf32_Word rel_offset_words = PLT_DATA_START_WORDS (num_plt_entries); Elf32_Word data_words = (Elf32_Word) (plt + rel_offset_words); Elf32_Word size_modified; extern void _dl_runtime_resolve (void); extern void _dl_prof_resolve (void); /* Convert the index in r11 into an actual address, and get the word at that address. */ plt[PLT_LONGBRANCH_ENTRY_WORDS] = OPCODE_ADDIS_HI (11, 11, data_words); plt[PLT_LONGBRANCH_ENTRY_WORDS + 1] = OPCODE_LWZ (11, data_words, 11); /* Call the procedure at that address. */ plt[PLT_LONGBRANCH_ENTRY_WORDS + 2] = OPCODE_MTCTR (11); plt[PLT_LONGBRANCH_ENTRY_WORDS + 3] = OPCODE_BCTR (); if (lazy) { Elf32_Word *tramp = plt + PLT_TRAMPOLINE_ENTRY_WORDS; Elf32_Word dlrr = (Elf32_Word)(profile ? _dl_prof_resolve : _dl_runtime_resolve); Elf32_Word offset; if (profile && _dl_name_match_p (GL(dl_profile), map)) /* This is the object we are looking for. Say that we really want profiling and the timers are started. */ GL(dl_profile_map) = map; /* For the long entries, subtract off data_words. */ tramp[0] = OPCODE_ADDIS_HI (11, 11, -data_words); tramp[1] = OPCODE_ADDI (11, 11, -data_words); /* Multiply index of entry by 3 (in r11). */ tramp[2] = OPCODE_SLWI (12, 11, 1); tramp[3] = OPCODE_ADD (11, 12, 11); if (dlrr <= 0x01fffffc || dlrr >= 0xfe000000) { /* Load address of link map in r12. */ tramp[4] = OPCODE_LI (12, (Elf32_Word) map); tramp[5] = OPCODE_ADDIS_HI (12, 12, (Elf32_Word) map); /* Call _dl_runtime_resolve. */ tramp[6] = OPCODE_BA (dlrr); } else { /* Get address of _dl_runtime_resolve in CTR. */ tramp[4] = OPCODE_LI (12, dlrr); tramp[5] = OPCODE_ADDIS_HI (12, 12, dlrr); tramp[6] = OPCODE_MTCTR (12); /* Load address of link map in r12. */ tramp[7] = OPCODE_LI (12, (Elf32_Word) map); tramp[8] = OPCODE_ADDIS_HI (12, 12, (Elf32_Word) map); /* Call _dl_runtime_resolve. */ tramp[9] = OPCODE_BCTR (); } /* Set up the lazy PLT entries. */ offset = PLT_INITIAL_ENTRY_WORDS; i = 0;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -