diff mbox series

[v2] ldd: revise trace output for left-aligned relative addresses

Message ID 20201006235648.1811725-1-michaeljclark@mac.com
State New
Headers show
Series [v2] ldd: revise trace output for left-aligned relative addresses | expand

Commit Message

Michael Clark Oct. 6, 2020, 11:56 p.m. UTC
This change updates ld.so trace for left-aligned relative addresses.
The primary goal of this change is to increase `ldd` readability by:

 - modifying trace output to use relative addresses by default.
 - adding an alternative trace output mode with left-aligned addresses.

The relative addresses are composed by subtracting the ELF ehdr address
which makes the output constant under address space layout randomization.
This should be a safe change because the default format is preserved.

The intention is to make `ldd` easier to cross reference with objdump.
Also, log files including `ldd` output will contain less differences as
the vdso is the only address that changes when using relative addresses.

* Aligned output *

The new trace format is enabled with `LD_TRACE_ADDR_ALIGN=1`, otherwise
the default `ldd` trace format is selected by default for compatibility.

* Relative addresses *

`ldd` load addresses are displayed relative to the ld.so executable header
address. Relative addresses are enabled by default, given the output mimics
systems without ASLR, thus there should be minimal compatibility issues.
There is also an option to negate addresses as an aid in interpreting them,
seeing library addresses relative to the loader with negative offsets.

The changes adds three new ld.so flags accessible via environment variables:

 - `LD_TRACE_ADDR_ALIGN=1` - Show addresses left-aligned
 - `LD_TRACE_ADDR_ABSOLUTE=1` - Show absolute addresses (backwards compat)
 - `LD_TRACE_ADDR_NEGATE=1` - Show negated addresses (combination option)

Changelog

* v1 - initial version
* v2 - change address alignment variable name to LD_TRACE_ADDR_ALIGN=1

Signed-off-by: Michael Clark <michaeljclark@mac.com>

$ LD_TRACE_ADDR_ALIGN=1 \
  LD_TRACE_ADDR_NEGATE=1 \
  LD_TRACE_LOADED_OBJECTS=1 \
  build-tree/amd64-libc/elf/ld.so /usr/bin/Xwayland
	(-0xffffffc381cdd000) linux-vdso.so.1
	(-0x00000000002b7000) libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
	(-0x00000000003d5000) libgcrypt.so.20 => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20
	(-0x00000000003db000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
	(-0x00000000003f8000) libunwind.so.8 => /usr/lib/x86_64-linux-gnu/libunwind.so.8
	(-0x0000000000409000) libwayland-client.so.0 => /usr/lib/x86_64-linux-gnu/libwayland-client.so.0
	(-0x000000000041d000) libdrm.so.2 => /usr/lib/x86_64-linux-gnu/libdrm.so.2
	(-0x00000000004c6000) libpixman-1.so.0 => /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
	(-0x00000000006f4000) libXfont2.so.2 => /usr/lib/x86_64-linux-gnu/libXfont2.so.2
	(-0x00000000006fa000) libXau.so.6 => /usr/lib/x86_64-linux-gnu/libXau.so.6
	(-0x00000000007a7000) libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0
	(-0x00000000009a9000) libxshmfence.so.1 => /usr/lib/x86_64-linux-gnu/libxshmfence.so.1
	(-0x00000000009b1000) libXdmcp.so.6 => /usr/lib/x86_64-linux-gnu/libXdmcp.so.6
	(-0x0000000000ae6000) libepoxy.so.0 => /usr/lib/x86_64-linux-gnu/libepoxy.so.0
	(-0x0000000000af7000) libgbm.so.1 => /usr/lib/x86_64-linux-gnu/libgbm.so.1
	(-0x0000000000b7f000) libGL.so.1 => /usr/lib/x86_64-linux-gnu/libGL.so.1
	(-0x0000000000bab000) libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1
	(-0x0000000000cfa000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6
	(-0x0000000000d14000) libbsd.so.0 => /usr/lib/x86_64-linux-gnu/libbsd.so.0
	(-0x0000000000d39000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
	(-0x0000000000f2b000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
	(-0x0000000000fbb000) libpcre2-8.so.0 => /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0
	(-0x0000000000000000) /lib64/ld-linux-x86-64.so.2 => build-tree/amd64-libc/elf/ld.so
	(-0x0000000000fde000) libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0
	(-0x0000000001007000) liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5
	(-0x0000000001013000) libffi.so.7 => /usr/lib/x86_64-linux-gnu/libffi.so.7
	(-0x0000000001031000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1
	(-0x0000000001044000) libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0
	(-0x000000000104e000) libfontenc.so.1 => /usr/lib/x86_64-linux-gnu/libfontenc.so.1
	(-0x000000000110d000) libfreetype.so.6 => /usr/lib/x86_64-linux-gnu/libfreetype.so.6
	(-0x0000000001118000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1
	(-0x0000000001139000) liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1
	(-0x0000000001151000) libwayland-server.so.0 => /usr/lib/x86_64-linux-gnu/libwayland-server.so.0
	(-0x000000000117f000) libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1
	(-0x0000000001237000) libGLdispatch.so.0 => /usr/lib/x86_64-linux-gnu/libGLdispatch.so.0
	(-0x000000000126b000) libGLX.so.0 => /usr/lib/x86_64-linux-gnu/libGLX.so.0
	(-0x0000000001273000) libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0
	(-0x00000000012ad000) libpng16.so.16 => /usr/lib/x86_64-linux-gnu/libpng16.so.16
	(-0x00000000013ea000) libX11.so.6 => /usr/lib/x86_64-linux-gnu/libX11.so.6
	(-0x0000000001414000) libxcb.so.1 => /usr/lib/x86_64-linux-gnu/libxcb.so.1

$ LD_TRACE_ADDR_ABSOLUTE=1 \
  LD_TRACE_LOADED_OBJECTS=1 \
  build-tree/amd64-libc/elf/ld.so  /usr/bin/Xwayland
	linux-vdso.so.1 (0x00007fff12dee000)
	libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f310f6f8000)
	libgcrypt.so.20 => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f310f5da000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f310f5d4000)
	libunwind.so.8 => /usr/lib/x86_64-linux-gnu/libunwind.so.8 (0x00007f310f5b7000)
	libwayland-client.so.0 => /usr/lib/x86_64-linux-gnu/libwayland-client.so.0 (0x00007f310f5a6000)
	libdrm.so.2 => /usr/lib/x86_64-linux-gnu/libdrm.so.2 (0x00007f310f592000)
	libpixman-1.so.0 => /usr/lib/x86_64-linux-gnu/libpixman-1.so.0 (0x00007f310f4e9000)
	libXfont2.so.2 => /usr/lib/x86_64-linux-gnu/libXfont2.so.2 (0x00007f310f2bb000)
	libXau.so.6 => /usr/lib/x86_64-linux-gnu/libXau.so.6 (0x00007f310f2b5000)
	libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f310f208000)
	libxshmfence.so.1 => /usr/lib/x86_64-linux-gnu/libxshmfence.so.1 (0x00007f310f006000)
	libXdmcp.so.6 => /usr/lib/x86_64-linux-gnu/libXdmcp.so.6 (0x00007f310effe000)
	libepoxy.so.0 => /usr/lib/x86_64-linux-gnu/libepoxy.so.0 (0x00007f310eec9000)
	libgbm.so.1 => /usr/lib/x86_64-linux-gnu/libgbm.so.1 (0x00007f310eeb8000)
	libGL.so.1 => /usr/lib/x86_64-linux-gnu/libGL.so.1 (0x00007f310ee30000)
	libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1 (0x00007f310ee04000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f310ecb5000)
	libbsd.so.0 => /usr/lib/x86_64-linux-gnu/libbsd.so.0 (0x00007f310ec9b000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f310ec76000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f310ea84000)
	libpcre2-8.so.0 => /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f310e9f4000)
	/lib64/ld-linux-x86-64.so.2 => build-tree/amd64-libc/elf/ld.so (0x00007f310f9af000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f310e9d1000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f310e9a8000)
	libffi.so.7 => /usr/lib/x86_64-linux-gnu/libffi.so.7 (0x00007f310e99c000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f310e97e000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f310e96b000)
	libfontenc.so.1 => /usr/lib/x86_64-linux-gnu/libfontenc.so.1 (0x00007f310e961000)
	libfreetype.so.6 => /usr/lib/x86_64-linux-gnu/libfreetype.so.6 (0x00007f310e8a2000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f310e897000)
	liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f310e876000)
	libwayland-server.so.0 => /usr/lib/x86_64-linux-gnu/libwayland-server.so.0 (0x00007f310e85e000)
	libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f310e830000)
	libGLdispatch.so.0 => /usr/lib/x86_64-linux-gnu/libGLdispatch.so.0 (0x00007f310e778000)
	libGLX.so.0 => /usr/lib/x86_64-linux-gnu/libGLX.so.0 (0x00007f310e744000)
	libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0 (0x00007f310e73c000)
	libpng16.so.16 => /usr/lib/x86_64-linux-gnu/libpng16.so.16 (0x00007f310e702000)
	libX11.so.6 => /usr/lib/x86_64-linux-gnu/libX11.so.6 (0x00007f310e5c5000)
	libxcb.so.1 => /usr/lib/x86_64-linux-gnu/libxcb.so.1 (0x00007f310e59b000)
---
 elf/rtld.c | 131 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 111 insertions(+), 20 deletions(-)

Comments

Zack Weinberg Oct. 7, 2020, 12:12 a.m. UTC | #1
On Tue, Oct 6, 2020 at 7:57 PM Michael Clark via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
> This change updates ld.so trace for left-aligned relative addresses.
> The primary goal of this change is to increase `ldd` readability by:
>
>  - modifying trace output to use relative addresses by default.
>  - adding an alternative trace output mode with left-aligned addresses.

I don't have an opinion on most of the patch, but I find the term
"left-aligned addresses" very confusing -- in fact, on a first read I
thought your patch did exactly the opposite of what it does. I'd
describe the effect of LD_TRACE_ADDR_ALIGN=1 as "move load addresses
from the end of the line to the beginning, and pad them with leading
zeroes to a fixed width." Possibly the environment variable should be
renamed to match.

zw
Michael Clark Oct. 7, 2020, 12:40 a.m. UTC | #2
> On 7/10/2020, at 1:12 PM, Zack Weinberg <zackw@panix.com> wrote:
> 
> On Tue, Oct 6, 2020 at 7:57 PM Michael Clark via Libc-alpha
> <libc-alpha@sourceware.org> wrote:
>> 
>> This change updates ld.so trace for left-aligned relative addresses.
>> The primary goal of this change is to increase `ldd` readability by:
>> 
>> - modifying trace output to use relative addresses by default.
>> - adding an alternative trace output mode with left-aligned addresses.
> 
> I don't have an opinion on most of the patch, but I find the term
> "left-aligned addresses" very confusing -- in fact, on a first read I
> thought your patch did exactly the opposite of what it does. I'd
> describe the effect of LD_TRACE_ADDR_ALIGN=1 as "move load addresses
> from the end of the line to the beginning, and pad them with leading
> zeroes to a fixed width." Possibly the environment variable should be
> renamed to match.

agree in so many words
downstream parsing
could be quite disturbed

the commit message
could be very short
perhaps words yours
Adhemerval Zanella Oct. 7, 2020, 9:01 p.m. UTC | #3
On 06/10/2020 20:56, Michael Clark via Libc-alpha wrote:
> This change updates ld.so trace for left-aligned relative addresses.
> The primary goal of this change is to increase `ldd` readability by:

I am not sure if we want to extend the loader to expose debug format
printing where it could be archive by extending the elf/ldd.bash.in 
itself to handle it.  In fact, I would like to avoid such extra 
complexity on a core component of the program loading.

> 
>  - modifying trace output to use relative addresses by default.

You can get similar information with setarch -R, which disable ASLR. 

>  - adding an alternative trace output mode with left-aligned addresses.

And you can do it with some pos-processing tool (elf/ldd.bash.in, although
I give you it might be cumbersome to accomplish with sheel script).

> 
> The relative addresses are composed by subtracting the ELF ehdr address
> which makes the output constant under address space layout randomization.
> This should be a safe change because the default format is preserved.
> 
> The intention is to make `ldd` easier to cross reference with objdump.
> Also, log files including `ldd` output will contain less differences as
> the vdso is the only address that changes when using relative addresses.
> 

Which information exactly are you trying to match from what you read reading
the ELF information through objdump? Afaik without prelink sections, it does
not give any information whether loader might place the DSO segments.

> * Aligned output *
> 
> The new trace format is enabled with `LD_TRACE_ADDR_ALIGN=1`, otherwise
> the default `ldd` trace format is selected by default for compatibility.
> 
> * Relative addresses *
> 
> `ldd` load addresses are displayed relative to the ld.so executable header
> address. Relative addresses are enabled by default, given the output mimics
> systems without ASLR, thus there should be minimal compatibility issues.
> There is also an option to negate addresses as an aid in interpreting them,
> seeing library addresses relative to the loader with negative offsets.
> 
> The changes adds three new ld.so flags accessible via environment variables:
> 
>  - `LD_TRACE_ADDR_ALIGN=1` - Show addresses left-aligned
>  - `LD_TRACE_ADDR_ABSOLUTE=1` - Show absolute addresses (backwards compat)
>  - `LD_TRACE_ADDR_NEGATE=1` - Show negated addresses (combination option)

What I would like is in fact to move lld support *out* of the loader, where
it would require to process anything more the strictly required and without
commit any system resource (such as mmap).  It will result in slight less 
complex code and attack surface.

Carlos O'Donnel has stated a project to accomplish it some time ago [1],
but I haven't heard yet if it has been released. Maybe it something we
can work on glibc side as well.

> 
> Changelog
> 
> * v1 - initial version
> * v2 - change address alignment variable name to LD_TRACE_ADDR_ALIGN=1
> 
> Signed-off-by: Michael Clark <michaeljclark@mac.com>

We do not use DCO, but rather Copyright assignment. And for the size of the
proposed change I think we you will need proper paper sorted out (I am not
sure if you already have done it).

[1] https://pagure.io/eu-ldd
Michael Clark Oct. 8, 2020, 5:44 a.m. UTC | #4
On 10/8/20 10:01 AM, Adhemerval Zanella wrote:
> On 06/10/2020 20:56, Michael Clark via Libc-alpha wrote:
>> This change updates ld.so trace for left-aligned relative addresses.
>> The primary goal of this change is to increase `ldd` readability by:
> 
> I am not sure if we want to extend the loader to expose debug format
> printing where it could be archive by extending the elf/ldd.bash.in
> itself to handle it.  In fact, I would like to avoid such extra
> complexity on a core component of the program loading.
> 
>>
>>   - modifying trace output to use relative addresses by default.
> 
> You can get similar information with setarch -R, which disable ASLR.
> 
>>   - adding an alternative trace output mode with left-aligned addresses.
> 
> And you can do it with some pos-processing tool (elf/ldd.bash.in, although
> I give you it might be cumbersome to accomplish with sheel script).
> 
>>
>> The relative addresses are composed by subtracting the ELF ehdr address
>> which makes the output constant under address space layout randomization.
>> This should be a safe change because the default format is preserved.
>>
>> The intention is to make `ldd` easier to cross reference with objdump.
>> Also, log files including `ldd` output will contain less differences as
>> the vdso is the only address that changes when using relative addresses.
>>
> 
> Which information exactly are you trying to match from what you read reading
> the ELF information through objdump? Afaik without prelink sections, it does
> not give any information whether loader might place the DSO segments.

Precisely the linked run-time relative offsets of DSOs.

I have spent countless hours reading and cross referencing words and 
numbers from command line tools. For me it's a use case of trace output 
from a simulator (e.g. qemu -d in_asm, op_opt, out_asm) and a window 
beside me with objdump and ldd there. Time and cognitive load. An addend 
would be useful too, but one should be able to pipe cut to bc for that.

So more words around whether to adopt "left-aligned relative addresses".

I completely understand why it is difficult to change existing formats 
which is why the patch does not change the default. There is also musl 
ldd and freebsd ldd that also have adopted that brain damaged format.

>> * Aligned output *
>>
>> The new trace format is enabled with `LD_TRACE_ADDR_ALIGN=1`, otherwise
>> the default `ldd` trace format is selected by default for compatibility.
>>
>> * Relative addresses *
>>
>> `ldd` load addresses are displayed relative to the ld.so executable header
>> address. Relative addresses are enabled by default, given the output mimics
>> systems without ASLR, thus there should be minimal compatibility issues.
>> There is also an option to negate addresses as an aid in interpreting them,
>> seeing library addresses relative to the loader with negative offsets.
>>
>> The changes adds three new ld.so flags accessible via environment variables:
>>
>>   - `LD_TRACE_ADDR_ALIGN=1` - Show addresses left-aligned
>>   - `LD_TRACE_ADDR_ABSOLUTE=1` - Show absolute addresses (backwards compat)
>>   - `LD_TRACE_ADDR_NEGATE=1` - Show negated addresses (combination option)
> 
> What I would like is in fact to move lld support *out* of the loader, where
> it would require to process anything more the strictly required and without
> commit any system resource (such as mmap).  It will result in slight less
> complex code and attack surfac
That's kind of irrespective to this patch though. Kerckhoff's principle. 
The rationale is not to hide ASLR. It's to reduce diffs in CI logs where 
we run ldd to check which lib our build system decided to link us to.

Making output more difficult for humans to read is not a good rationale. 
Backwards compatibility on the other hand is completely reasonable.

> Carlos O'Donnel has stated a project to accomplish it some time ago [1],
> but I haven't heard yet if it has been released. Maybe it something we
> can work on glibc side as well.

No worries. I didn't expect that anyone would pick up the patch. It just 
occurred to me how brain damaged the present layout is. Not that I also 
wouldn't make brain damaged layouts myself. If logging something for 
trace purposes, one probably does not think too much about column order. 
There is also the field separator and potentially spaces in filenames, 
which is not addressed. QEMU has good trace infra btw.

On windows we have process hacker which has an easy to read scrollable 
table view but it has an ugly color scheme. There is another tool I use 
for dependency analysis on windows. depends.exe iirc.

It might be a bad idea to make the Linux tools look good.

>> Changelog
>>
>> * v1 - initial version
>> * v2 - change address alignment variable name to LD_TRACE_ADDR_ALIGN=1
>>
>> Signed-off-by: Michael Clark <michaeljclark@mac.com>
> 
> We do not use DCO, but rather Copyright assignment. And for the size of the
> proposed change I think we you will need proper paper sorted out (I am not
> sure if you already have done it).
> 
> [1] https://pagure.io/eu-ldd
>
Adhemerval Zanella Oct. 8, 2020, 12:09 p.m. UTC | #5
On 08/10/2020 02:44, Michael Clark wrote:
> 
> 
> On 10/8/20 10:01 AM, Adhemerval Zanella wrote:
>> On 06/10/2020 20:56, Michael Clark via Libc-alpha wrote:
>>> This change updates ld.so trace for left-aligned relative addresses.
>>> The primary goal of this change is to increase `ldd` readability by:
>>
>> I am not sure if we want to extend the loader to expose debug format
>> printing where it could be archive by extending the elf/ldd.bash.in
>> itself to handle it.  In fact, I would like to avoid such extra
>> complexity on a core component of the program loading.
>>
>>>
>>>   - modifying trace output to use relative addresses by default.
>>
>> You can get similar information with setarch -R, which disable ASLR.
>>
>>>   - adding an alternative trace output mode with left-aligned addresses.
>>
>> And you can do it with some pos-processing tool (elf/ldd.bash.in, although
>> I give you it might be cumbersome to accomplish with sheel script).
>>
>>>
>>> The relative addresses are composed by subtracting the ELF ehdr address
>>> which makes the output constant under address space layout randomization.
>>> This should be a safe change because the default format is preserved.
>>>
>>> The intention is to make `ldd` easier to cross reference with objdump.
>>> Also, log files including `ldd` output will contain less differences as
>>> the vdso is the only address that changes when using relative addresses.
>>>
>>
>> Which information exactly are you trying to match from what you read reading
>> the ELF information through objdump? Afaik without prelink sections, it does
>> not give any information whether loader might place the DSO segments.
> 
> Precisely the linked run-time relative offsets of DSOs.
> 
> I have spent countless hours reading and cross referencing words and numbers from command line tools. For me it's a use case of trace output from a simulator (e.g. qemu -d in_asm, op_opt, out_asm) and a window beside me with objdump and ldd there. Time and cognitive load. An addend would be useful too, but one should be able to pipe cut to bc for that.

But this relative offset only make sense with ALSR disabled, which you can
do by forcing it with a personality call.  What I am trying to understand
is why exactly you need to use a base address (__ehdr_start) and present
the offset relative address (since this will be also subject to ASLR).

> 
> So more words around whether to adopt "left-aligned relative addresses".
> 
> I completely understand why it is difficult to change existing formats which is why the patch does not change the default. There is also musl ldd and freebsd ldd that also have adopted that brain damaged format.
> 
>>> * Aligned output *
>>>
>>> The new trace format is enabled with `LD_TRACE_ADDR_ALIGN=1`, otherwise
>>> the default `ldd` trace format is selected by default for compatibility.
>>>
>>> * Relative addresses *
>>>
>>> `ldd` load addresses are displayed relative to the ld.so executable header
>>> address. Relative addresses are enabled by default, given the output mimics
>>> systems without ASLR, thus there should be minimal compatibility issues.
>>> There is also an option to negate addresses as an aid in interpreting them,
>>> seeing library addresses relative to the loader with negative offsets.
>>>
>>> The changes adds three new ld.so flags accessible via environment variables:
>>>
>>>   - `LD_TRACE_ADDR_ALIGN=1` - Show addresses left-aligned
>>>   - `LD_TRACE_ADDR_ABSOLUTE=1` - Show absolute addresses (backwards compat)
>>>   - `LD_TRACE_ADDR_NEGATE=1` - Show negated addresses (combination option)
>>
>> What I would like is in fact to move lld support *out* of the loader, where
>> it would require to process anything more the strictly required and without
>> commit any system resource (such as mmap).  It will result in slight less
>> complex code and attack surfac
> That's kind of irrespective to this patch though. Kerckhoff's principle. The rationale is not to hide ASLR. It's to reduce diffs in CI logs where we run ldd to check which lib our build system decided to link us to.

Not really because I also want to avoid make the loader code *more* complex
and move all this format complexity on how to present the information to
a helper script.  This is similar to multiple traces/profile utilities on 
Linux, where the interface to *obtain* the information is concise as 
possible.

My rationale is this could be accomplish by changing ldd script itself
(by either using python if this makes it easier).

> 
> Making output more difficult for humans to read is not a good rationale. Backwards compatibility on the other hand is completely reasonable.
> 
>> Carlos O'Donnel has stated a project to accomplish it some time ago [1],
>> but I haven't heard yet if it has been released. Maybe it something we
>> can work on glibc side as well.
> 
> No worries. I didn't expect that anyone would pick up the patch. It just occurred to me how brain damaged the present layout is. Not that I also wouldn't make brain damaged layouts myself. If logging something for trace purposes, one probably does not think too much about column order. There is also the field separator and potentially spaces in filenames, which is not addressed. QEMU has good trace infra btw.
> 
> On windows we have process hacker which has an easy to read scrollable table view but it has an ugly color scheme. There is another tool I use for dependency analysis on windows. depends.exe iirc.
> 
> It might be a bad idea to make the Linux tools look good.

Again, I am not against a better tracing output of lld and I do agree with
you that presenting the information in different ways might help users in 
parse  the information. What I think is we should move this to helper
program/script/tool and make the loader as concise as possible.

> 
>>> Changelog
>>>
>>> * v1 - initial version
>>> * v2 - change address alignment variable name to LD_TRACE_ADDR_ALIGN=1
>>>
>>> Signed-off-by: Michael Clark <michaeljclark@mac.com>
>>
>> We do not use DCO, but rather Copyright assignment. And for the size of the
>> proposed change I think we you will need proper paper sorted out (I am not
>> sure if you already have done it).
>>
>> [1] https://pagure.io/eu-ldd
>>
Michael Clark Oct. 9, 2020, 4:30 a.m. UTC | #6
On 10/9/20 1:09 AM, Adhemerval Zanella wrote:
> 
> 
> On 08/10/2020 02:44, Michael Clark wrote:
>>
>>
>> On 10/8/20 10:01 AM, Adhemerval Zanella wrote:
>>> On 06/10/2020 20:56, Michael Clark via Libc-alpha wrote:
>>>> This change updates ld.so trace for left-aligned relative addresses.
>>>> The primary goal of this change is to increase `ldd` readability by:
>>>
>>> I am not sure if we want to extend the loader to expose debug format
>>> printing where it could be archive by extending the elf/ldd.bash.in
>>> itself to handle it.  In fact, I would like to avoid such extra
>>> complexity on a core component of the program loading.
>>>
>>>>
>>>>    - modifying trace output to use relative addresses by default.
>>>
>>> You can get similar information with setarch -R, which disable ASLR.
>>>
>>>>    - adding an alternative trace output mode with left-aligned addresses.
>>>
>>> And you can do it with some pos-processing tool (elf/ldd.bash.in, although
>>> I give you it might be cumbersome to accomplish with sheel script).
>>>
>>>>
>>>> The relative addresses are composed by subtracting the ELF ehdr address
>>>> which makes the output constant under address space layout randomization.
>>>> This should be a safe change because the default format is preserved.
>>>>
>>>> The intention is to make `ldd` easier to cross reference with objdump.
>>>> Also, log files including `ldd` output will contain less differences as
>>>> the vdso is the only address that changes when using relative addresses.
>>>>
>>>
>>> Which information exactly are you trying to match from what you read reading
>>> the ELF information through objdump? Afaik without prelink sections, it does
>>> not give any information whether loader might place the DSO segments.
>>
>> Precisely the linked run-time relative offsets of DSOs.
>>
>> I have spent countless hours reading and cross referencing words and numbers from command line tools. For me it's a use case of trace output from a simulator (e.g. qemu -d in_asm, op_opt, out_asm) and a window beside me with objdump and ldd there. Time and cognitive load. An addend would be useful too, but one should be able to pipe cut to bc for that.
> 
> But this relative offset only make sense with ALSR disabled, which you can
> do by forcing it with a personality call.  What I am trying to understand
> is why exactly you need to use a base address (__ehdr_start) and present
> the offset relative address (since this will be also subject to ASLR).
> 
>>
>> So more words around whether to adopt "left-aligned relative addresses".
>>
>> I completely understand why it is difficult to change existing formats which is why the patch does not change the default. There is also musl ldd and freebsd ldd that also have adopted that brain damaged format.
>>
>>>> * Aligned output *
>>>>
>>>> The new trace format is enabled with `LD_TRACE_ADDR_ALIGN=1`, otherwise
>>>> the default `ldd` trace format is selected by default for compatibility.
>>>>
>>>> * Relative addresses *
>>>>
>>>> `ldd` load addresses are displayed relative to the ld.so executable header
>>>> address. Relative addresses are enabled by default, given the output mimics
>>>> systems without ASLR, thus there should be minimal compatibility issues.
>>>> There is also an option to negate addresses as an aid in interpreting them,
>>>> seeing library addresses relative to the loader with negative offsets.
>>>>
>>>> The changes adds three new ld.so flags accessible via environment variables:
>>>>
>>>>    - `LD_TRACE_ADDR_ALIGN=1` - Show addresses left-aligned
>>>>    - `LD_TRACE_ADDR_ABSOLUTE=1` - Show absolute addresses (backwards compat)
>>>>    - `LD_TRACE_ADDR_NEGATE=1` - Show negated addresses (combination option)
>>>
>>> What I would like is in fact to move lld support *out* of the loader, where
>>> it would require to process anything more the strictly required and without
>>> commit any system resource (such as mmap).  It will result in slight less
>>> complex code and attack surfac
>> That's kind of irrespective to this patch though. Kerckhoff's principle. The rationale is not to hide ASLR. It's to reduce diffs in CI logs where we run ldd to check which lib our build system decided to link us to.
> 
> Not really because I also want to avoid make the loader code *more* complex
> and move all this format complexity on how to present the information to
> a helper script.  This is similar to multiple traces/profile utilities on
> Linux, where the interface to *obtain* the information is concise as
> possible.

That's reasonable.

> My rationale is this could be accomplish by changing ldd script itself
> (by either using python if this makes it easier).
Understand.

I agree. An if statement switch here adds complexity and it is the wrong 
way to get this functionality. It should have been done this way in the 
beginning and it is a good example of a usability change for how tools 
should respond in a world with self-contained tests where a change like 
this could be tested, at least against the core system dependencies, in 
CI and the change should simply switch the order of columns; no options.

I am free to keep the patch locally. It suits me to patch ldd so I can 
use my version. That's the good thing about open source tools. It just 
happens to be a random thing that grabbed my attention while trying to 
visually parse load addresses. It didn't make sense to me the position, 
from a tool user perspective.

>> Making output more difficult for humans to read is not a good rationale. Backwards compatibility on the other hand is completely reasonable.
>>
>>> Carlos O'Donnel has stated a project to accomplish it some time ago [1],
>>> but I haven't heard yet if it has been released. Maybe it something we
>>> can work on glibc side as well.
>>
>> No worries. I didn't expect that anyone would pick up the patch. It just occurred to me how brain damaged the present layout is. Not that I also wouldn't make brain damaged layouts myself. If logging something for trace purposes, one probably does not think too much about column order. There is also the field separator and potentially spaces in filenames, which is not addressed. QEMU has good trace infra btw.
>>
>> On windows we have process hacker which has an easy to read scrollable table view but it has an ugly color scheme. There is another tool I use for dependency analysis on windows. depends.exe iirc.
>>
>> It might be a bad idea to make the Linux tools look good.
> 
> Again, I am not against a better tracing output of lld and I do agree with
> you that presenting the information in different ways might help users in
> parse  the information. What I think is we should move this to helper
> program/script/tool and make the loader as concise as possible.

Good. Hopefully it is a standard format that has easy to parse columns.

Count up hours wasted for every user trying to find the pivot character 
to form a regex specific to the tool in use because there is strictly no 
standard format for tabular output from the core utilities. cut may or 
may not work so one moves on to grep, egrep or awk or whatever one knows 
best. No delimiter; space delimiter; comma delimeter; no delimiter but 
value in parenthesis; has spaces in fields; single/double quotes, ...

User googles it...

For tabular output, my preference leans towards Kernighan style:

- https://ampl.com/resources/the-ampl-book/
- https://ampl.com/resources/the-ampl-book/example-files/

...which is in fact implemented in GLPK.

Michael.
diff mbox series

Patch

diff --git a/elf/rtld.c b/elf/rtld.c
index 9918fda05e76..236ccef5b9ec 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -175,6 +175,24 @@  enum mode { normal, list, verify, trace };
    all the entries.  */
 static void process_envvars (enum mode *modep, struct audit_list *);
 
+/* Option to display relative load addresses, with display address
+ * having executable base address subtracted, making output constant
+ * in the presence of ASLR, as well as reducing output differences.
+ * `LD_TRACE_ADDR_ABSOLUTE=1` restores prior behavior.  */
+static int trace_addr_relative = 1;
+
+/* Option to negate load addresses, otherwise the default shows
+ * negative relative offsets beacuase ld.so loads libs downwards,
+ * and brk space is just after the executable in memory. The
+ * aligned format has sign to show negated address offsets.
+ * `LD_TRACE_ADDR_NEGATE=1` to show signed positive offsets.  */
+static int trace_addr_negate = 0;
+
+/* Option to display left-aligned addresses, making the listing
+ * easier to read because addresses are all lined up in one column.
+ * `LD_TRACE_ADDR_ALIGN=1` will left-align addresses.  */
+static int trace_addr_align = 0;
+
 #ifdef DL_ARGV_NOT_RELRO
 int _dl_argc attribute_hidden;
 char **_dl_argv = NULL;
@@ -1683,6 +1701,8 @@  of this helper program; chances are you did not intend to run this program.\n\
   GL(dl_rtld_map).l_phdr = rtld_phdr;
   GL(dl_rtld_map).l_phnum = rtld_ehdr->e_phnum;
 
+  /* base address (ld.so ehdr) used for relative display addresses */
+  size_t disp_addr, base_addr = (size_t) rtld_ehdr;
 
   /* PT_GNU_RELRO is usually the last phdr.  */
   size_t cnt = rtld_ehdr->e_phnum;
@@ -1989,6 +2009,12 @@  of this helper program; chances are you did not intend to run this program.\n\
 	  for (i = 0; i < scope->r_nlist; i++)
 	    {
 	      l = scope->r_list [i];
+
+	      /* Subtract and negate base from load address if requested  */
+	      disp_addr = (size_t) l->l_map_start;
+	      if (trace_addr_relative) disp_addr -= base_addr;
+	      if (trace_addr_negate) disp_addr = -disp_addr;
+
 	      if (l->l_faked)
 		{
 		  _dl_printf ("\t%s => not found\n", l->l_libname->name);
@@ -1996,20 +2022,42 @@  of this helper program; chances are you did not intend to run this program.\n\
 		}
 	      if (_dl_name_match_p (GLRO(dl_trace_prelink), l))
 		GLRO(dl_trace_prelink_map) = l;
-	      _dl_printf ("\t%s => %s (0x%0*Zx, 0x%0*Zx)",
-			  DSO_FILENAME (l->l_libname->name),
-			  DSO_FILENAME (l->l_name),
-			  (int) sizeof l->l_map_start * 2,
-			  (size_t) l->l_map_start,
-			  (int) sizeof l->l_addr * 2,
-			  (size_t) l->l_addr);
-
-	      if (l->l_tls_modid)
-		_dl_printf (" TLS(0x%Zx, 0x%0*Zx)\n", l->l_tls_modid,
-			    (int) sizeof l->l_tls_offset * 2,
-			    (size_t) l->l_tls_offset);
+	      if (trace_addr_align)
+	        {
+		  _dl_printf ("\t(%s0x%0*Zx, 0x%0*Zx)",
+		          trace_addr_negate ? "-" : "+",
+			      (int) sizeof l->l_map_start * 2,
+			      disp_addr,
+			      (int) sizeof l->l_addr * 2,
+			      (size_t) l->l_addr);
+
+		  if (l->l_tls_modid)
+		    _dl_printf (" TLS(0x%Zx, 0x%0*Zx)", l->l_tls_modid,
+				(int) sizeof l->l_tls_offset * 2,
+				(size_t) l->l_tls_offset);
+
+		  _dl_printf (" %s => %s\n",
+			      DSO_FILENAME (l->l_libname->name),
+			      DSO_FILENAME (l->l_name));
+
+		}
 	      else
-		_dl_printf ("\n");
+		{
+		  _dl_printf ("\t%s => %s (0x%0*Zx, 0x%0*Zx)",
+			      DSO_FILENAME (l->l_libname->name),
+			      DSO_FILENAME (l->l_name),
+			      (int) sizeof l->l_map_start * 2,
+			      disp_addr,
+			      (int) sizeof l->l_addr * 2,
+			      (size_t) l->l_addr);
+
+	          if (l->l_tls_modid)
+		    _dl_printf (" TLS(0x%Zx, 0x%0*Zx)\n", l->l_tls_modid,
+			        (int) sizeof l->l_tls_offset * 2,
+			        (size_t) l->l_tls_offset);
+	          else
+		    _dl_printf ("\n");
+	      }
 	    }
 	}
       else if (GLRO(dl_debug_mask) & DL_DEBUG_UNUSED)
@@ -2063,17 +2111,41 @@  of this helper program; chances are you did not intend to run this program.\n\
       else
 	{
 	  for (l = main_map->l_next; l; l = l->l_next)
+	  {
+	    /* Subtract and negate base from load address if requested  */
+	    disp_addr = (size_t) l->l_map_start;
+	    if (trace_addr_relative) disp_addr -= base_addr;
+	    if (trace_addr_negate) disp_addr = -disp_addr;
+
 	    if (l->l_faked)
 	      /* The library was not found.  */
 	      _dl_printf ("\t%s => not found\n", l->l_libname->name);
-	    else if (strcmp (l->l_libname->name, l->l_name) == 0)
-	      _dl_printf ("\t%s (0x%0*Zx)\n", l->l_libname->name,
-			  (int) sizeof l->l_map_start * 2,
-			  (size_t) l->l_map_start);
 	    else
-	      _dl_printf ("\t%s => %s (0x%0*Zx)\n", l->l_libname->name,
-			  l->l_name, (int) sizeof l->l_map_start * 2,
-			  (size_t) l->l_map_start);
+	      if (trace_addr_align)
+		if (strcmp (l->l_libname->name, l->l_name) == 0)
+		  _dl_printf ("\t(%s0x%0*Zx) %s\n",
+			      trace_addr_negate ? "-" : "+",
+			      (int) sizeof l->l_map_start * 2,
+			      disp_addr,
+			      l->l_libname->name);
+		else
+		  _dl_printf ("\t(%s0x%0*Zx) %s => %s\n",
+			      trace_addr_negate ? "-" : "+",
+			      (int) sizeof l->l_map_start * 2,
+			      disp_addr,
+			      l->l_libname->name, l->l_name);
+	      else
+		if (strcmp (l->l_libname->name, l->l_name) == 0)
+		  _dl_printf ("\t%s (0x%0*Zx)\n",
+			      l->l_libname->name,
+			      (int) sizeof l->l_map_start * 2,
+			      disp_addr);
+		else
+		  _dl_printf ("\t%s => %s (0x%0*Zx)\n",
+			      l->l_libname->name,
+			      l->l_name, (int) sizeof l->l_map_start * 2,
+			      disp_addr);
+	  }
 	}
 
       if (__builtin_expect (mode, trace) != trace)
@@ -2759,6 +2831,25 @@  process_envvars (enum mode *modep, struct audit_list *audit_list)
 	      GLRO(dl_debug_mask) |= DL_DEBUG_PRELINK;
 	      GLRO(dl_trace_prelink) = &envline[17];
 	    }
+
+    /* Addresses can be left-aligned.  */
+    if (!__libc_enable_secure
+        && memcmp (envline, "TRACE_ADDR_ALIGN", 16) == 0)
+        trace_addr_align = envline[17] != '\0';
+    break;
+
+  case 17:
+    /* Addresses can be negated.  */
+    if (!__libc_enable_secure
+        && memcmp (envline, "TRACE_ADDR_NEGATE", 17) == 0)
+        trace_addr_negate = envline[18] != '\0';
+    break;
+
+	case 19:
+	  /* Absolute addresses can be displayed.  */
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "TRACE_ADDR_ABSOLUTE", 19) == 0)
+	      trace_addr_relative = envline[20] == '\0';
 	  break;
 
 	case 20: