loader64.asm 6.78 KB
Newer Older
PoroCYon's avatar
PoroCYon committed
1
2
; vim: set ft=nasm:

3
4
%define R10_BIAS (0x2B8)

PoroCYon's avatar
PoroCYon committed
5
6
7
8
9
10
11
12
13
%include "rtld.inc"

%ifdef ELF_TYPE
[section .text.startup.smol]
%else
; not defined -> debugging!
[section .text]
%endif

14
; r9 : ptrdiff_t glibc_vercompat_extra_hi_field_off
PoroCYon's avatar
PoroCYon committed
15
16
; r10: struct link_map* entry + far correction factor
; r12: struct link_map* entry
17
; r14: struct link_map* root
PoroCYon's avatar
PoroCYon committed
18
; r13: _dl_fini address (reqd by the ABI)
PoroCYon's avatar
PoroCYon committed
19
20
21
22
23
24
25

%ifndef ELF_TYPE
extern _symbols
global _start
_start:
%endif
_smol_start:
PoroCYon's avatar
PoroCYon committed
26
%ifdef USE_DL_FINI
PoroCYon's avatar
PoroCYon committed
27
   xchg r13, rdx ; _dl_fini
PoroCYon's avatar
PoroCYon committed
28
%endif
PoroCYon's avatar
PoroCYon committed
29

PoroCYon's avatar
PoroCYon committed
30
31
%ifdef USE_DT_DEBUG
    mov r12, [rel _DEBUG]
32
    mov r12, [r12 + 8]
PoroCYon's avatar
PoroCYon committed
33
%else
PoroCYon's avatar
PoroCYon committed
34
    mov r12, [rsp -  8]        ; return address of _dl_init
35
36
    mov ebx, dword [r12 - 20] ; decode part of 'mov rdi, [rel _rtld_global]'
    mov r12, [r12 + rbx - 16]  ; ???
PoroCYon's avatar
PoroCYon committed
37
%endif
38
        ; struct link_map* root = r12
PoroCYon's avatar
PoroCYon committed
39
40
%ifdef SKIP_ENTRIES
    mov r12, [r12 + L_NEXT_OFF] ; skip this binary
41
42
;   mov r12, [r12 + L_NEXT_OFF] ; skip the vdso
        ; the second one isn't needed anymore, see code below (.next_link)
PoroCYon's avatar
PoroCYon committed
43
44
%endif

45
46
47
        mov rdi, r12
       push -1
        pop rcx
48
        lea rax, [rel _smol_start] ; TODO: make offset positive!
49
50
51
repne scasq
        sub rdi, r12
        sub rdi, LF_ENTRY_OFF+8
52
       xchg r9 , rdi
PoroCYon's avatar
PoroCYon committed
53

54
55
   ;mov edi, _symbols
    lea edi, [rel _symbols]
PoroCYon's avatar
PoroCYon committed
56

57
58
%ifdef LIBSEP
            ; for (rdi = (uint8_t*)_symbols; *rdi; ++rdi) {
PoroCYon's avatar
PoroCYon committed
59
     .next_needed:
60
        cmp byte [rdi], 0
PoroCYon's avatar
PoroCYon committed
61
62
63
64
65
66
67
         je .needed_end

            ; do { // iter over the link_map
         .next_link:
                ; entry = entry->l_next;
            mov r12, [r12 + L_NEXT_OFF] ; skip the first one (this is our main
                                        ; binary, it has no symbols)
68
            lea r10, [r12 + r9  + R10_BIAS]
PoroCYon's avatar
PoroCYon committed
69
70

                ; keep the current symbol in a backup reg
71
72
           push rdi
            pop rdx
PoroCYon's avatar
PoroCYon committed
73
74
75
76

                ; r11 = basename(rsi = entry->l_name)
            mov rsi, [r12 + L_NAME_OFF]
         .basename:
77
78
           push rsi
            pop r11
PoroCYon's avatar
PoroCYon committed
79
80
81
82
83
84
85
86
87
         .basename.next:
          lodsb
            cmp al, '/'
          cmove r11, rsi
             or al, al
            jnz short .basename.next
         .basename.done:

                ; and place it back
88
89
90
91
           push rdx
           push rdx
            pop rdi ; rdi == _symbol
            pop rsi
PoroCYon's avatar
PoroCYon committed
92
93
94
95
96
97
98
99
100
101
102
103

                ; strcmp(rsi, r11) -> flags; rsi == first hash if matches
         .strcmp:
          lodsb
             or al, al
             jz short .strcmp.done
            sub al, byte [r11]
         cmovnz rsi, rdx
            jnz short .next_link;.strcmp.done
            inc r11
            jmp short .strcmp
         .strcmp.done:
104
           xchg rsi, rdi
PoroCYon's avatar
PoroCYon committed
105
106
107
108
109
110
111
112
113
114
115
116

                ; if (strcmp(...)) goto next_link;
        ;cmovnz r12, [r12 + L_NEXT_OFF] ; this is guaranteed to be nonzero
           ;jnz short .next_link ; because otherwise ld.so would have complained

                ; now we have the right link_map of the library, so all we have
                ; to do now is to find the right symbol addresses corresponding
                ; to the hashes.

                ; do {
         .next_hash:
                ; if (!*phash) break;
117
            mov eax, dword [rdi]
PoroCYon's avatar
PoroCYon committed
118
119
120
121
122
             or eax, eax
             jz short .next_needed ; done the last hash, so move to the next lib

;link_symbol(struct link_map* entry = r12, size_t* phash = rsi, uint32_t hash = eax)

123
124
           push rax
            pop r11
PoroCYon's avatar
PoroCYon committed
125
126
                ; uint32_t bkt_ind(edx) = hash % entry->l_nbuckets
            xor edx, edx
127
            mov ecx, dword [r10 + LF_NBUCKETS_OFF - R10_BIAS]
PoroCYon's avatar
PoroCYon committed
128
129
130
131
132
133
            div ecx

                ; shift left because we don't want to compare the lowest bit
            shr r11, 1

                ; uint32_t bucket(edx) = entry->l_gnu_buckets[bkt_ind]
134
            mov r8, [r10 + LF_GNU_BUCKETS_OFF - R10_BIAS]
PoroCYon's avatar
PoroCYon committed
135
136
137
138
139
            mov edx, dword [r8 + rdx * 4]

                ; do {
            .next_chain:
                    ; uint32_t luhash(ecx) = entry->l_gnu_chain_zero[bucket] >> 1
140
                mov rcx, [r10 + LF_GNU_CHAIN_ZERO_OFF - R10_BIAS]
PoroCYon's avatar
PoroCYon committed
141
142
143
144
145
146
                mov ecx, dword [rcx + rdx * 4]
                shr ecx, 1

                    ; if (luhash == hash) break;
                cmp ecx, r11d
                 je short .chain_break
147
                    ; ++bucket; } while (LIBSEP || (luhash & 1))
PoroCYon's avatar
PoroCYon committed
148
149
                inc edx
                jne short .next_chain
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
%else
; !LIBSEP
   push r12
    pop r11 ; back up link_map root
    .next_hash:
        mov eax, dword [rdi]
         or al, al
         jz short .needed_end
       push r11
       push rax
       push rax
        pop rbx
        pop r14
        pop r12
            ; shift left because we don't want to compare the lowest bit
        shr ebx, 1

        .next_link:
            mov r12, [r12 + L_NEXT_OFF]

            lea r10, [r12 + r9  + R10_BIAS]
                ; uint32_t bkt_ind(edx) = hash % entry->l_nbuckets
            xor edx, edx
           push r14
            pop rax
            mov ecx, dword [r10 + LF_NBUCKETS_OFF - R10_BIAS]
            div ecx

                ; uint32_t bucket(edx) = entry->l_gnu_buckets[bkt_ind]
            mov r8 , [r10 + LF_GNU_BUCKETS_OFF - R10_BIAS]
            mov edx, dword [r8 + rdx * 4]

             or edx, edx
             jz short .next_link

            .next_chain:
                    ; uint32_t luhash(ecx) = entry->l_gnu_chain_zero[bucket] >> 1
                mov rcx, [r10 + LF_GNU_CHAIN_ZERO_OFF - R10_BIAS]
                mov ecx, dword [rcx + rdx * 4]

                    ; if (!(luhash & 1)) goto next_link; // nothing to be found in this lib.
                mov al, cl

                shr ecx, 1

                    ; if (luhash == hash) break;
                cmp ecx, ebx
                 je short .chain_break

                    ; ++bucket; } while (luhash & 1);
                and al, 1
                jnz short .next_link
                inc edx
                jmp short .next_chain
%endif
PoroCYon's avatar
PoroCYon committed
205
206

        .chain_break:
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
                ; ElfW(Sym)* symtab = entry->l_info[DT_SYMTAB]->d_un.d_ptr
                ; ElfW(Sym)* sym = &symtab[bucket]
                ; *phash = sym->st_value + entry->l_addr

                ; ElfW(Dyn)* dyn(rax) = entry->l_info[DT_SYMTAB]
            mov rax, [r12 + L_INFO_DT_SYMTAB_OFF]
                ; ElfW(Sym)* symtab(rax) = dyn->d_un.d_ptr
            mov rax, [rax + D_UN_PTR_OFF]
                ; ElfW(Addr) symoff(rax) = symtab[bucket].st_value
            lea rdx, [rdx + rdx * 2]
            mov rax, [rax + rdx * 8 + ST_VALUE_OFF]
                ; void* finaladdr(rax) = symoff + entry->l_addr
            mov rcx, [r12 + L_ADDR_OFF]
            add rax, rcx

                ; *phash = finaladdr
          stosq

            ; } while (1)
        jmp short .next_hash
PoroCYon's avatar
PoroCYon committed
227
228

.needed_end:
PoroCYon's avatar
PoroCYon committed
229
   ;xor rbp, rbp ; still 0 from _dl_start_user
PoroCYon's avatar
PoroCYon committed
230
    mov rdi, rsp
231
%ifdef ALIGN_STACK
PoroCYon's avatar
PoroCYon committed
232
   push rax
233
%endif
PoroCYon's avatar
PoroCYon committed
234
%ifdef USE_DL_FINI
PoroCYon's avatar
PoroCYon committed
235
   xchg rsi, r13 ; _dl_fini
PoroCYon's avatar
PoroCYon committed
236
%endif
PoroCYon's avatar
PoroCYon committed
237
238
        ; fallthru to _start