Several low-level applications need access to ELF internals. For example Wine recently began calling ELF initializers for Winelibs within itself instead of having the dynamic linker do it. To do this, it calls the dlinfo() function with request RTLD_DI_LINKMAP, and searches the .dynamic section pointed to by link_map.l_ld for a custom tag with Winelib initializers. However ELF libraries can be loaded at a different address to the one they expected (relocation), so the pointer stored in the initializer tag is not necessarily pointing to the correct address. We have to add the offset from the expected base address to the actual base address to it to determine the relocated address (in the rtld-elf code, this is the "relocbase" variable). On most implementations of dlinfo(), the link_map.l_addr field stores this offset. However on FreeBSD, link_map.l_addr stores the absolute base address where the library was loaded instead ("mapbase"). A separate l_offs field was apparently added to return relocbase, but it only exists on MIPS. Wine recently began crashing on startup because it was adding l_addr to the pointers in initializers, but since l_addr is mapbase instead of relocbase on FreeBSD, it was relocating them to wrong addresses. NetBSD changed their dynamic linker to return relocbase in l_addr in 2002 (https://github.com/NetBSD/src/commit/d1351c627c5f4d5ac41a3f680243d57293e0ce1f). GNU always returned relocbase. Illumos returns relocbase. Only FreeBSD returns mapbase. Can we please change rtld-elf to return relocbase? Either we can change l_addr itself to return relocbase like NetBSD did: diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index 2d15560fb908..647626e3a41d 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -3951,7 +3951,7 @@ linkmap_add(Obj_Entry *obj) struct link_map *prev; obj->linkmap.l_name = obj->path; - obj->linkmap.l_addr = obj->mapbase; + obj->linkmap.l_addr = obj->relocbase; obj->linkmap.l_ld = obj->dynamic; #ifdef __mips__ /* GDB needs load offset on MIPS to use the symbols */ or we can remove that "#ifdef __mips__" further down and return l_offs on all platforms, and patch applications to use that instead (like was apparently already done for GDB on MIPS). (Of course, being an ABI-breaking change, it can only be done in CURRENT.) I eventually found a way to work out relocbase from mapbase within Wine (https://source.winehq.org/git/wine.git/blobdiff/0f31e48e9ba28ba8c0aee0678567d6b47e3c63aa..0fd3f0266e05f6afa710fa2b5a254b0ed88bac0f:/dlls/ntdll/loader.c), and the latest Wine Git is no longer crashing on startup. But I am not convinced that approach will always work, because it requires the first PT_LOAD segment to start at address 0 in the file, and I don't see that being required by the ELF specification. Detailed discussion: https://bugs.winehq.org/show_bug.cgi?id=49139
I do not think we can break link_map ABI by changing the meaning of l_addr. https://reviews.freebsd.org/D24918
(In reply to Konstantin Belousov from comment #1) It's not clear if there exists any code at all which expects mapbase in l_addr. Would you at least consider renaming l_addr to something else then? That way existing code won't compile until it's patched to use the correct field (whatever it is).
(In reply to Alex S from comment #2) Aren't the gdb binaries expect it (adopted to it) ?
GDB doesn't use the special field for MIPS (it ignores it). GDB also uses the structure embedded in the rtld itself, it does not call dlinfo(). GDB does seem to expect l_addr + offset of ".dynamic" in the binary == l_ld. I think what we have now only works because all of our shared libraries are linked at a virtual address of 0. If we did "pre-linking" to set preferred addresses for shared libraries GDB would stop working. Here's stepping through the function (gdb/solib-svr4.c:lm_addr_check()) that finds the base address of a shared library (libutil.so in this case): (top-gdb) p *li $10 = {<lm_info_base> = {<No data fields>}, l_addr = 0x0, l_addr_inferior = 0x800250000, l_addr_p = false, lm_addr = 0x800232638, l_ld = 0x800263360, l_next = 0x800232a38, l_prev = 0x800232238, l_name = 0x800230260} (top-gdb) n 225 l_addr = li->l_addr_inferior; (top-gdb) n 227 if (! abfd || ! has_lm_dynamic_from_link_map ()) (top-gdb) 230 l_dynaddr = li->l_ld; (top-gdb) 232 dyninfo_sect = bfd_get_section_by_name (abfd, ".dynamic"); (top-gdb) 233 if (dyninfo_sect == NULL) (top-gdb) 236 dynaddr = bfd_section_vma (abfd, dyninfo_sect); (top-gdb) 238 if (dynaddr + l_addr != l_dynaddr) (top-gdb) p dynaddr $11 = 0x13360 (top-gdb) p l_addr $12 = 0x800250000 (top-gdb) p l_dynaddr $13 = 0x800263360 li->l_addr_inferior is the value of 'l_addr' from the linkmap, li->l_ld is 'l_ld'. readelf -t libutil.so: [20] .dynamic DYNAMIC 0000000000013360 0000000000013360 6 0000000000000160 0000000000000010 0 8 [0000000000000003]: WRITE, ALLOC readelf -l shows first PT_LOAD with an offset of 0: Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040 0x00000000000001f8 0x00000000000001f8 R 0x8 LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x00000000000075cc 0x00000000000075cc R 0x1000 LOAD 0x0000000000008000 0x0000000000008000 0x0000000000008000 0x000000000000a5d0 0x000000000000a5d0 R E 0x1000
A commit references this bug: Author: kib Date: Wed May 20 22:08:27 UTC 2020 New revision: 361303 URL: https://svnweb.freebsd.org/changeset/base/361303 Log: Change the samantic of struct link_map l_addr member. It previously returned the object map base address, while all other ELF operating systems return load offset, i.e. the difference between map base and the link base. Explain the meaning of the field in the man page. Stop filling the mips-only l_offs member, which is apparently unused. PR: 246561 Requested by: Damjan Jovanovic <damjan.jov@gmail.com> Reviewed by: emaste, jhb, cem (previous version) Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D24918 Changes: head/lib/libc/gen/dlinfo.3 head/libexec/rtld-elf/rtld.c head/sys/sys/link_elf.h
MFCed in r361564.