1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#include <unistd.h>
#include <stdint.h>
#include <pthread.h>
#include "atomic.h"
#include "syscall.h"
#include "psxglue.h"
#include "pthread_impl.h"
extern const struct __ldso_vtbl * __ldso_vtbl;
extern const struct __psx_vtbl * __psx_vtbl;
extern const struct __seh_vtbl * __seh_vtbl;
static int __pthread_surrogate_init(struct pthread * self);
extern int __libc_start_main(
void * main,
int argc,
char ** argv);
static void (*__global_ctors_fn)();
static void (*__global_dtors_fn)();
void _init()
{
__global_ctors_fn();
}
void _fini()
{
__global_dtors_fn();
}
struct __tls {
void * pad[16/sizeof(void *)];
struct pthread pt;
} __builtin_tls = {{0}};
void __init_tls (size_t * auxv)
{
#define T __builtin_tls
__set_thread_area(&T.pt);
T.pt.self = &T.pt;
T.pt.locale = &libc.global_locale;
T.pt.tid = __syscall(SYS_set_tid_address, &T.pt.tid);
T.pt.detach_state = DT_JOINABLE;
T.pt.locale = &libc.global_locale;
T.pt.robust_list.head = &T.pt.robust_list.head;
libc.can_do_threads = 1;
libc.tls_size = sizeof(struct __tls);
};
void __libc_entry_routine(
int (*main)(),
__psx_init_routine * __psx_init,
const unsigned short * __ctty,
int options)
{
int argc;
char ** argv;
char ** envp;
struct __psx_context ctx;
/* ctx init */
ctx.size = sizeof(ctx);
ctx.options = options;
ctx.usrmain = main;
ctx.ldsoaddr = _init;
ctx.ctty = __ctty;
ctx.pthread_create_fn = pthread_create;
ctx.pthread_surrogate_fn= __pthread_surrogate_init;
/* __psx_init must succeed... */
if (__psx_init(&argc,&argv,&envp,&ctx))
a_crash();
/* ...and conform */
else if (envp != argv + (argc + 1))
a_crash();
/* write once */
__syscall_vtbl = (unsigned long **)ctx.sys_vtbl;
__ldso_vtbl = ctx.ldso_vtbl;
__psx_vtbl = ctx.psx_vtbl;
__seh_vtbl = ctx.seh_vtbl;
__teb_sys_idx = ctx.teb_sys_idx;
__teb_libc_idx = ctx.teb_libc_idx;
/* surrogate init/fini arrays */
__global_ctors_fn = __psx_vtbl->do_global_ctors_fn;
__global_dtors_fn = __psx_vtbl->do_global_dtors_fn;
/* enter libc */
__psx_vtbl->start_main(argc,argv,__libc_start_main);
/* guard */
a_crash();
}
static int __pthread_surrogate_init(struct pthread * self)
{
/**
* invoked by psxscl upon creation of a surrogate libc
* thread, which in turn may only call pthread_create();
*
* the purpose of this mecahnism is to support a scenario
* where a third-party library creates a non-posix thread
* which then calls, be it directly or via a callback
* function, a libc api that depends on a valid
* pthread_self.
*
* self: a pointer to an already zero'ed memory page
*
* struct pthread relevant members:
* --------------------------------
* cancel (already zero)
* canary (already zero)
*
* pthread_create() reference:
* 1a47ed15eebf96d0c8d5de4aea54108bc8cc3f53
**/
return 0;
}
|
