prelink - prelink ELF shared libraries and binaries to speed up startup time
SYNOPSIS
prelink
[OPTION...] [FILES]
DESCRIPTION
prelink
is a program which modifies ELF shared libraries and ELF dynamically linked
binaries, so that the time which dynamic linker needs for their relocation
at startup significantly decreases and also due to fewer relocations the
run-time memory consumption decreases too (especially number of unshareable
pages). Such prelinking information is only used if all its dependant
libraries have not changed since prelinking, otherwise programs are
relocated normally.
prelink
first collects ELF binaries which should be prelinked and all the ELF shared
libraries they depend on. Then it assigns a unique virtual address space
slot for each library and relinks the shared library to that base address.
When the dynamic linker attempts to load such a library, unless that virtual
address space slot is already occupied, it will map it into the given slot.
After this is done,
prelink
with the help of dynamic linker resolves all relocations in the binary or
library against its dependant libraries and stores the relocations into the
ELF object.
It also stores a list of all dependant libraries together with their
checksums into the binary or library.
For binaries, it also computes a list of
conflicts
(relocations which resolve differently in the binary's symbol search scope
than in the smaller search scope in which the dependant library was
resolved) and stores it into a special ELF section.
At runtime, the dynamic linker first checks whether all dependant libraries
were successfully mapped into their designated address space slots and
whether they have not changed since the prelinking was done.
If all checks are successful, the dynamic linker just replays the list of
conflicts (which is usually significantly shorter than total number of
relocations) instead of relocating each library.
OPTIONS
-v --verbose
Verbose mode.
Print the virtual address slot assignment to libraries and print what binary
or library is currently being prelinked.
-n --dry-run
Don't actually prelink anything, just collect the binaries/libraries, assign
them addresses and with
-v
print what would be prelinked.
-a --all
Prelink all binaries and dependant libraries found in directory hierarchies
specified in
/etc/prelink.conf.
Normally only binaries specified from command line and their dependant
libraries are prelinked.
-m --conserve-memory
When assigning addresses to libraries, allow overlap of address space slots
provided that the two libraries are not present together in any of the
binaries or libraries. This results in smaller virtual address space range
used for libraries, on the other side if during incremental prelinking
prelink
sees a binary which puts together two libraries which were not present
together in any other binary and were given the same virtual address space
slots, then the binary cannot be prelinked.
Normally each library is assigned a unique virtual address space slot.
-R --random
When assigning addresses to libraries, start with random address within
architecture dependant virtual address space range.
This can make some buffer overflow attacks slightly harder to exploit,
because libraries are not present on the same addresses accross different
machines.
Normally, assigning virtual addresses starts at the bottom of architecture
dependant range.
-r --reloc-only=ADDRESS
Instead of prelinking, just relink given shared libraries to the specified
base address.
-N --no-update-cache
Don't save cache file after prelinking. Normally, list of libraries (and
with
-m
binaries also) is stored into
/etc/prelink.cache
file together with their given address space slots and dependencies, so
it can be used during incremental prelinking (prelinking without
-a
option).
-c --config-file=CONFIG
Specify alternate config file instead of default
/etc/prelink.conf.
-C --cache-file=CACHE
Specify alternate cache file instead of default
/etc/prelink.cache.
-f --force
Force re-prelinking even for already prelinked objects for which no
dependencies changed. This option causes new virtual address space slots to
be assigned to all libraries.
Normally, only binaries or libraries which are either not prelinked yet, or
some of their dependencies changed, are prelinked.
-q --quick
Run prelink in quick mode. This mode checks just mtime and ctime timestamps
of libraries and binaries stored in the cache file. If they are unchanged
from the last prelink run, it is assumed that the library in question did
not change and no parsing of its ELF headers and verifying it is done.
-p --print-cache
Print the content of the cache file (normally
/etc/prelink.cache)
and exit.
--dynamic-linker=LDSO
Specify alternate dynamic linker instead of the default.
--ld-library-path=PATH
Specify special
LD_LIBRARY_PATH
to be used when
prelink
queries dynamic linker about symbol resolution details.
--libs-only
Only prelink ELF shared libraries, don't prelink any binaries.
-h --dereference
When processing command line directory arguments, follow symbolic links when
walking directory hierarchies.
-l --one-file-system
When processing command line directory arguments, limit directory tree walk
to a single filesystem.
-u --undo
Revert binaries and libraries to their original content before they were
prelinked.
Without
-a
option this causes only the binaries and libraries specified on the command
line to be reverted to their original state (and e.g. not their
dependencies). If used together with
-a
option all binaries and libraries from command line, all their dependencies,
all binaries found in directories specified on command line and in config
file and all their dependencies will be undone.
-y --verify
Verifies a prelinked binary or library.
This option can be used only on a single binary or library. It first applies
an
--undo
operation on the file, then prelinks just that file again and compares this
with the original file. If both are identical, it prints the file after
--undo
operation on standard output and exit with zero status. Otherwise it exits
with error status.
Thus if
--verify
operation returns zero exit status and its standard output is
equal to the content of the binary or library before prelinking, you can be
sure that nobody modified the binaries or libraries after prelinking.
Similarly with message digests and checksums (unless you trigger the
unprobable case of modified file and original file having the same digest
or checksum).
--md5
This is similar to
--verify
option, except instead of outputing the content of the binary or library
before prelinking to standard output MD5 digest is printed.
See
md5sum(1).
--sha
This is similar to
--verify
option, except instead of outputing the content of the binary or library
before prelinking to standard output SHA1 digest is printed.
See
sha1sum(1).
--exec-shield --no-exec-shield
On IA-32, if kernel supports Exec-Shield, prelink attempts to lay libraries
out similarly to how kernel places them (i.e. if possible below the binary,
most widely used into the ASCII armor zone). These switches allow to override
prelink detection of whether Exec-Shield is supported or not.
-b --black-list=PATH
This option allows to blacklist certain paths, libraries or binaries.
Prelink will not touch them during prelinking.
-o --undo-output=FILE
When doing
--undo
operation, don't overwrite the prelinked binary or library with its
original content (before it was prelinked), but save that into the specified
file.
-V --version
Print version and exit.
-? --help
Print short help and exit.
ARGUMENTS
Command line arguments should be either directory hierarchies (in which case
-l
and
-h
options apply), or particular ELF binaries or shared libraries.
Unlike when walking directory hierarchies, specifying a shared library
explicitely on the command line causes it to be prelinked even if no binary
is linked against it. Normally, only binaries are collected together with
all libraries they depend on.
EXAMPLES
# /usr/sbin/prelink -avmR
will prelink all binaries found in directories specified in
/etc/prelink.conf
and all their dependant libraries, assigning libraries unique virtual
address space slots only if they ever appear together and will start
assigning at random address.
# /usr/sbin/prelink -vm ~/bin/progx
will prelink ~/bin/progx program and all its dependant libraries (unless
they were prelinked already e.g. during
prelink -a
invocation).
# /usr/sbin/prelink -au
will revert all binaries and libraries to their original content.
# /usr/sbin/prelink -y /bin/prelinked_prog > /tmp/original_prog; echo $?
will verify whether /bin/prelinked_prog hasn't been changed.
FILES
/etc/prelink.cache
Binary file containing list of prelinked libraries and/or binaries together
with their assigned virtual address space slots and dependencies.
You can run
/usr/sbin/prelink -p
to see what is stored in there.
/etc/prelink.conf
Configuration file containing a list of directory hierarchies which can
contain ELF shared libraries or binaries which should be prelinked.
This configuration file is used in
-a
mode to find binaries which should be prelinked and also no matter whether
-a
is given or not to limit which dependant shared libraries should be
prelinked. If
prelink
finds a dependant library of some binary or other library which is not
present in any of the directories specified in
/etc/prelink.conf
and neither in any of the directories specified on the command line, then it
cannot be prelinked.
Each line of the config file should be either comment starting with
#,
or a directory name, or a blacklist specification. Directory names can be prefixed
by
-l
switch, meaning tree walk of the given directory will be only limited to one
filesystem, or
-h
switch, meaning tree walk of the given directory will follow symbolic links.
Blacklist specification should be prefixed by
-b
and optionally also
-l
or
-h
if needed. It should be either absolute directory name (in that case
all files in that directory hierarchy will be blacklisted), absolute filename
(in that case that particular library or binary will not be touched by
prelink) or a glob pattern without
/
character in it (then all files matching that glob in any directory
will be blacklisted).