| /* Machine-dependent program header inspection for the ELF loader. |
| Copyright (C) 2014-2018 Free Software Foundation, Inc. |
| This file is part of the GNU C Library. |
| |
| The GNU C Library is free software; you can redistribute it and/or |
| modify it under the terms of the GNU Lesser General Public |
| License as published by the Free Software Foundation; either |
| version 2.1 of the License, or (at your option) any later version. |
| |
| The GNU C Library is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public |
| License along with the GNU C Library; if not, see |
| <http://www.gnu.org/licenses/>. */ |
| |
| #ifndef _DL_MACHINE_REJECT_PHDR_H |
| #define _DL_MACHINE_REJECT_PHDR_H 1 |
| |
| #include <unistd.h> |
| #include <sys/prctl.h> |
| |
| #if defined PR_GET_FP_MODE && defined PR_SET_FP_MODE |
| # define HAVE_PRCTL_FP_MODE 1 |
| #else |
| # define HAVE_PRCTL_FP_MODE 0 |
| #endif |
| |
| /* Reject an object with a debug message. */ |
| #define REJECT(str, args...) \ |
| { \ |
| if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) \ |
| _dl_debug_printf (str, ##args); \ |
| return true; \ |
| } |
| |
| /* Search the program headers for the ABI Flags. */ |
| |
| static inline const ElfW(Phdr) * |
| find_mips_abiflags (const ElfW(Phdr) *phdr, ElfW(Half) phnum) |
| { |
| const ElfW(Phdr) *ph; |
| |
| for (ph = phdr; ph < &phdr[phnum]; ++ph) |
| if (ph->p_type == PT_MIPS_ABIFLAGS) |
| return ph; |
| return NULL; |
| } |
| |
| /* Cache the FP ABI value from the PT_MIPS_ABIFLAGS program header. */ |
| |
| static bool |
| cached_fpabi_reject_phdr_p (struct link_map *l) |
| { |
| if (l->l_mach.fpabi == 0) |
| { |
| const ElfW(Phdr) *ph = find_mips_abiflags (l->l_phdr, l->l_phnum); |
| |
| if (ph) |
| { |
| Elf_MIPS_ABIFlags_v0 * mips_abiflags; |
| if (ph->p_filesz < sizeof (Elf_MIPS_ABIFlags_v0)) |
| REJECT (" %s: malformed PT_MIPS_ABIFLAGS found\n", l->l_name); |
| |
| mips_abiflags = (Elf_MIPS_ABIFlags_v0 *) (l->l_addr + ph->p_vaddr); |
| |
| if (__glibc_unlikely (mips_abiflags->flags2 != 0)) |
| REJECT (" %s: unknown MIPS.abiflags flags2: %u\n", l->l_name, |
| mips_abiflags->flags2); |
| |
| l->l_mach.fpabi = mips_abiflags->fp_abi; |
| l->l_mach.odd_spreg = (mips_abiflags->flags1 |
| & MIPS_AFL_FLAGS1_ODDSPREG) != 0; |
| } |
| else |
| { |
| l->l_mach.fpabi = -1; |
| l->l_mach.odd_spreg = true; |
| } |
| } |
| return false; |
| } |
| |
| /* Return a description of the specified floating-point ABI. */ |
| |
| static const char * |
| fpabi_string (int fpabi) |
| { |
| switch (fpabi) |
| { |
| case Val_GNU_MIPS_ABI_FP_ANY: |
| return "Hard or soft float"; |
| case Val_GNU_MIPS_ABI_FP_DOUBLE: |
| return "Hard float (double precision)"; |
| case Val_GNU_MIPS_ABI_FP_SINGLE: |
| return "Hard float (single precision)"; |
| case Val_GNU_MIPS_ABI_FP_SOFT: |
| return "Soft float"; |
| case Val_GNU_MIPS_ABI_FP_OLD_64: |
| return "Unsupported FP64"; |
| case Val_GNU_MIPS_ABI_FP_XX: |
| return "Hard float (32-bit CPU, Any FPU)"; |
| case Val_GNU_MIPS_ABI_FP_64: |
| return "Hard float (32-bit CPU, 64-bit FPU)"; |
| case Val_GNU_MIPS_ABI_FP_64A: |
| return "Hard float compat (32-bit CPU, 64-bit FPU)"; |
| case -1: |
| return "Double precision, single precision or soft float"; |
| default: |
| return "Unknown FP ABI"; |
| } |
| } |
| |
| /* A structure to describe the requirements of each FP ABI extension. |
| Each field says whether the ABI can be executed in that mode. The FR0 field |
| is actually overloaded and means 'default' FR mode for the ABI. I.e. For |
| O32 it is FR0 and for N32/N64 it is actually FR1. Since this logic is |
| focussed on the intricacies of mode management for O32 we call the field |
| FR0. */ |
| |
| struct abi_req |
| { |
| bool single; |
| bool soft; |
| bool fr0; |
| bool fr1; |
| bool fre; |
| }; |
| |
| /* FP ABI requirements for all Val_GNU_MIPS_ABI_FP_* values. */ |
| |
| static const struct abi_req reqs[Val_GNU_MIPS_ABI_FP_MAX + 1] = |
| {{true, true, true, true, true}, /* Any */ |
| {false, false, true, false, true}, /* Double-float */ |
| {true, false, false, false, false}, /* Single-float */ |
| {false, true, false, false, false}, /* Soft-float */ |
| {false, false, false, false, false}, /* old-FP64 */ |
| {false, false, true, true, true}, /* FPXX */ |
| {false, false, false, true, false}, /* FP64 */ |
| {false, false, false, true, true}}; /* FP64A */ |
| |
| /* FP ABI requirements for objects without a PT_MIPS_ABIFLAGS segment. */ |
| |
| static const struct abi_req none_req = { true, true, true, false, true }; |
| |
| /* Return true iff ELF program headers are incompatible with the running |
| host. This verifies that floating-point ABIs are compatible and |
| re-configures the hardware mode if necessary. This code handles both the |
| DT_NEEDED libraries and the dlopen'ed libraries. It also accounts for the |
| impact of dlclose. */ |
| |
| static bool __attribute_used__ |
| elf_machine_reject_phdr_p (const ElfW(Phdr) *phdr, uint_fast16_t phnum, |
| const char *buf, size_t len, struct link_map *map, |
| int fd) |
| { |
| const ElfW(Phdr) *ph = find_mips_abiflags (phdr, phnum); |
| struct link_map *l; |
| Lmid_t nsid; |
| int in_abi = -1; |
| struct abi_req in_req; |
| Elf_MIPS_ABIFlags_v0 *mips_abiflags = NULL; |
| bool perfect_match = false; |
| #if _MIPS_SIM == _ABIO32 |
| unsigned int cur_mode = -1; |
| # if HAVE_PRCTL_FP_MODE |
| bool cannot_mode_switch = false; |
| |
| /* Get the current hardware mode. */ |
| cur_mode = __prctl (PR_GET_FP_MODE); |
| # endif |
| #endif |
| |
| /* Read the attributes section. */ |
| if (ph != NULL) |
| { |
| ElfW(Addr) size = ph->p_filesz; |
| |
| if (ph->p_offset + size <= len) |
| mips_abiflags = (Elf_MIPS_ABIFlags_v0 *) (buf + ph->p_offset); |
| else |
| { |
| mips_abiflags = alloca (size); |
| __lseek (fd, ph->p_offset, SEEK_SET); |
| if (__libc_read (fd, (void *) mips_abiflags, size) != size) |
| REJECT (" unable to read PT_MIPS_ABIFLAGS\n"); |
| } |
| |
| if (size < sizeof (Elf_MIPS_ABIFlags_v0)) |
| REJECT (" contains malformed PT_MIPS_ABIFLAGS\n"); |
| |
| if (__glibc_unlikely (mips_abiflags->flags2 != 0)) |
| REJECT (" unknown MIPS.abiflags flags2: %u\n", mips_abiflags->flags2); |
| |
| in_abi = mips_abiflags->fp_abi; |
| } |
| |
| /* ANY is compatible with anything. */ |
| perfect_match |= (in_abi == Val_GNU_MIPS_ABI_FP_ANY); |
| |
| /* Unknown ABIs are rejected. */ |
| if (in_abi != -1 && in_abi > Val_GNU_MIPS_ABI_FP_MAX) |
| REJECT (" uses unknown FP ABI: %u\n", in_abi); |
| |
| /* Obtain the initial requirements. */ |
| in_req = (in_abi == -1) ? none_req : reqs[in_abi]; |
| |
| /* Check that the new requirement does not conflict with any currently |
| loaded object. */ |
| for (nsid = 0; nsid < DL_NNS; ++nsid) |
| for (l = GL(dl_ns)[nsid]._ns_loaded; l != NULL; l = l->l_next) |
| { |
| struct abi_req existing_req; |
| |
| if (cached_fpabi_reject_phdr_p (l)) |
| return true; |
| |
| #if _MIPS_SIM == _ABIO32 |
| /* A special case arises for O32 FP64 and FP64A where the kernel |
| pre-dates PT_MIPS_ABIFLAGS. These ABIs will be blindly loaded even |
| if the hardware mode is unavailable or disabled. In this |
| circumstance the prctl call to obtain the current mode will fail. |
| Detect this situation here and reject everything. This will |
| effectively prevent dynamically linked applications from failing in |
| unusual ways but there is nothing we can do to help static |
| applications. */ |
| if ((l->l_mach.fpabi == Val_GNU_MIPS_ABI_FP_64A |
| || l->l_mach.fpabi == Val_GNU_MIPS_ABI_FP_64) |
| && cur_mode == -1) |
| REJECT (" found %s running in the wrong mode\n", |
| fpabi_string (l->l_mach.fpabi)); |
| #endif |
| |
| /* Found a perfect match, success. */ |
| perfect_match |= (in_abi == l->l_mach.fpabi); |
| |
| /* Unknown ABIs are rejected. */ |
| if (l->l_mach.fpabi != -1 && l->l_mach.fpabi > Val_GNU_MIPS_ABI_FP_MAX) |
| REJECT (" found unknown FP ABI: %u\n", l->l_mach.fpabi); |
| |
| existing_req = (l->l_mach.fpabi == -1 ? none_req |
| : reqs[l->l_mach.fpabi]); |
| |
| /* Merge requirements. */ |
| in_req.soft &= existing_req.soft; |
| in_req.single &= existing_req.single; |
| in_req.fr0 &= existing_req.fr0; |
| in_req.fr1 &= existing_req.fr1; |
| in_req.fre &= existing_req.fre; |
| |
| /* If there is at least one mode which is still usable then the new |
| object can be loaded. */ |
| if (in_req.single || in_req.soft || in_req.fr1 || in_req.fr0 |
| || in_req.fre) |
| { |
| #if _MIPS_SIM == _ABIO32 && HAVE_PRCTL_FP_MODE |
| /* Account for loaded ABIs which prohibit mode switching. */ |
| if (l->l_mach.fpabi == Val_GNU_MIPS_ABI_FP_XX) |
| cannot_mode_switch |= l->l_mach.odd_spreg; |
| #endif |
| } |
| else |
| REJECT (" uses %s, already loaded %s\n", |
| fpabi_string (in_abi), |
| fpabi_string (l->l_mach.fpabi)); |
| } |
| |
| #if _MIPS_SIM == _ABIO32 |
| /* At this point we know that the newly loaded object is compatible with all |
| existing objects but the hardware mode may not be correct. */ |
| if ((in_req.fr1 || in_req.fre || in_req.fr0) |
| && !perfect_match) |
| { |
| if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) |
| _dl_debug_printf (" needs %s%s mode\n", in_req.fr0 ? "FR0 or " : "", |
| (in_req.fre && !in_req.fr1) ? "FRE" : "FR1"); |
| |
| /* If the PR_GET_FP_MODE is not supported then only FR0 is available. |
| If the overall requirements cannot be met by FR0 then reject the |
| object. */ |
| if (cur_mode == -1) |
| return !in_req.fr0; |
| |
| # if HAVE_PRCTL_FP_MODE |
| { |
| unsigned int fr1_mode = PR_FP_MODE_FR; |
| |
| /* It is not possible to change the mode of a thread which may be |
| executing FPXX code with odd-singles. If an FPXX object with |
| odd-singles is loaded then just check the current mode is OK. This |
| can be either the FR1 mode or FR0 if the requirements are met by |
| FR0. */ |
| if (cannot_mode_switch) |
| return (!(in_req.fre && cur_mode == (PR_FP_MODE_FR | PR_FP_MODE_FRE)) |
| && !(in_req.fr1 && cur_mode == PR_FP_MODE_FR) |
| && !(in_req.fr0 && cur_mode == 0)); |
| |
| /* If the overall requirements can be satisfied by FRE but not FR1 then |
| fr1_mode must become FRE. */ |
| if (in_req.fre && !in_req.fr1) |
| fr1_mode |= PR_FP_MODE_FRE; |
| |
| /* Set the new mode. Use fr1_mode if the requirements cannot be met by |
| FR0. */ |
| if (!in_req.fr0) |
| return __prctl (PR_SET_FP_MODE, fr1_mode) != 0; |
| else if (__prctl (PR_SET_FP_MODE, /* fr0_mode */ 0) != 0) |
| { |
| /* Setting FR0 can validly fail on an R6 core so retry with the FR1 |
| mode as a fall back. */ |
| if (errno != ENOTSUP) |
| return true; |
| |
| return __prctl (PR_SET_FP_MODE, fr1_mode) != 0; |
| } |
| } |
| # endif /* HAVE_PRCTL_FP_MODE */ |
| } |
| #endif /* _MIPS_SIM == _ABIO32 */ |
| |
| return false; |
| } |
| |
| #endif /* dl-machine-reject-phdr.h */ |