[AArch64][PAC][lldb][ELF][Dwarf] Support GNU_PROPERTY_AARCH64_FEATURE_PAUTH

Apply signing schema for user expressions when debugging AArch64 ELFs
depending on the `GNU_PROPERTY_AARCH64_FEATURE_PAUTH` property in
`.note.gnu.property` section in the executable object file.

To avoid linking against ObjectFileELF plugin everywhere, define
`ParseGNUPropertyAArch64PAuthABI` as a virtual function in the base
`ObjectFile` class.

Author: kovdan01

lldb/include/lldb/Symbol/ObjectFile.h

@@ -23,6 +23,7 @@
 #include "llvm/Support/Threading.h"
 #include "llvm/Support/VersionTuple.h"
 #include <optional>
+#include <utility>
 
 namespace lldb_private {
 
@@ -331,6 +332,15 @@ class ObjectFile : public std::enable_shared_from_this<ObjectFile>,
   ///
   virtual void RelocateSection(lldb_private::Section *section);
 
+  /// Parse ELF's AArch64 PAuth ABI from GNU property section. If it's missing
+  /// or the object file is not an ELF, return std::nullopt. Define this as a
+  /// virtual function in a base class since direct usage of ObjectFileELF in
+  /// ClangExpressionParser requires linking against the ObjectFileELF plugin.
+  virtual std::optional<std::pair<uint64_t, uint64_t>>
+  ParseGNUPropertyAArch64PAuthABI() {
+    return std::nullopt;
+  }
+
   /// Appends a Symbol for the specified so_addr to the symbol table.
   ///
   /// If verify_unique is false, the symbol table is not searched to determine

lldb/include/lldb/Target/LanguageRuntime.h

@@ -226,6 +226,8 @@ class LanguageRuntime : public Runtime, public PluginInterface {
   }
 
   LanguageRuntime(Process *process);
+
+  std::pair<uint64_t, uint64_t> m_aarch64_pauth_abi_tag;
 };
 
 } // namespace lldb_private

lldb/source/Plugins/ExpressionParser/Clang/ClangExpressionParser.cpp

@@ -445,6 +445,11 @@ ClangExpressionParser::ClangExpressionParser(
   // Supported subsets of x86
   if (target_machine == llvm::Triple::x86 ||
       target_machine == llvm::Triple::x86_64) {
+    // FIXME: shouldn't this be placed after
+    // `auto target_info = TargetInfo::CreateTargetInfo(...)`
+    // (see `if (target_machine == llvm::Triple::aarch64)`)?
+    // It computes `Features` from `FeatureMap` and `FeaturesAsWritten` and
+    // erases initial `Features` vector.
     m_compiler->getTargetOpts().Features.push_back("+sse");
     m_compiler->getTargetOpts().Features.push_back("+sse2");
   }
@@ -467,6 +472,22 @@ ClangExpressionParser::ClangExpressionParser(
 
   auto target_info = TargetInfo::CreateTargetInfo(
       m_compiler->getDiagnostics(), m_compiler->getInvocation().TargetOpts);
+
+  std::optional<std::pair<uint64_t, uint64_t>> elf_pauth_abi_tag;
+  if (target_machine == llvm::Triple::aarch64) {
+    do {
+      Module *module_sp = target_sp->GetExecutableModulePointer();
+      if (module_sp == nullptr)
+        break;
+      ObjectFile *obj_file = module_sp->GetObjectFile();
+      if (obj_file == nullptr)
+        break;
+      elf_pauth_abi_tag = obj_file->ParseGNUPropertyAArch64PAuthABI();
+      if (elf_pauth_abi_tag != std::nullopt)
+        target_info->getTargetOpts().Features.push_back("+pauth");
+    } while (false);
+  }
+
   if (log) {
     LLDB_LOGF(log, "Target datalayout string: '%s'",
               target_info->getDataLayoutString());
@@ -482,6 +503,22 @@ ClangExpressionParser::ClangExpressionParser(
   lldb::LanguageType language = expr.Language();
   LangOptions &lang_opts = m_compiler->getLangOpts();
 
+  if (elf_pauth_abi_tag != std::nullopt) {
+    uint64_t elf_pauth_abi_platform = elf_pauth_abi_tag->first;
+    // TODO: store this magic constant corresponding to Linux platform in some
+    // header
+    if (elf_pauth_abi_platform == 2) {
+      uint64_t elf_pauth_abi_version = elf_pauth_abi_tag->second;
+      lang_opts.PointerAuthCalls = elf_pauth_abi_version & (1 << 0);
+      lang_opts.PointerAuthReturns = elf_pauth_abi_version & (1 << 1);
+      lang_opts.PointerAuthVTPtrAddressDiscrimination =
+          elf_pauth_abi_version & (1 << 2);
+      lang_opts.PointerAuthVTPtrTypeDiscrimination =
+          elf_pauth_abi_version & (1 << 3);
+      lang_opts.PointerAuthInitFini = elf_pauth_abi_version & (1 << 4);
+    }
+  }
+
   switch (language) {
   case lldb::eLanguageTypeC:
   case lldb::eLanguageTypeC89:
@@ -622,6 +659,10 @@ ClangExpressionParser::ClangExpressionParser(
   else
     m_compiler->getCodeGenOpts().setDebugInfo(codegenoptions::NoDebugInfo);
 
+  CompilerInvocation::setDefaultPointerAuthOptions(
+      m_compiler->getCodeGenOpts().PointerAuth, lang_opts,
+      target_arch.GetTriple());
+
   // Disable some warnings.
   SetupDefaultClangDiagnostics(*m_compiler);
 

lldb/source/Plugins/ObjectFile/ELF/ObjectFileELF.cpp

@@ -1284,6 +1284,68 @@ ObjectFileELF::RefineModuleDetailsFromNote(lldb_private::DataExtractor &data,
   return error;
 }
 
+std::optional<std::pair<uint64_t, uint64_t>>
+ObjectFileELF::ParseGNUPropertyAArch64PAuthABI() {
+  // TODO: store parsing results in some kind of cache to avoid recurrent
+  // parsing on multiple calls
+  assert(m_arch_spec.GetMachine() == llvm::Triple::aarch64);
+
+  SectionList *SL = GetSectionList();
+  if (SL == nullptr)
+    return std::nullopt;
+
+  lldb::SectionSP GNUPropSecSP =
+      SL->FindSectionByName(ConstString(".note.gnu.property"));
+  if (GNUPropSecSP == nullptr)
+    return std::nullopt;
+
+  DataExtractor Data;
+  lldb::offset_t Length = GNUPropSecSP->GetSectionData(Data);
+  if (Length < 16)
+    return std::nullopt;
+
+  lldb::offset_t Offset = 0;
+  uint32_t NameSz = Data.GetU32(&Offset);
+  if (NameSz != 4)
+    return std::nullopt;
+
+  uint32_t ContentSz = Data.GetU32(&Offset);
+  if (ContentSz + 16 != Length) // the section is ill-formed
+    return std::nullopt;
+  uint32_t SectionType = Data.GetU32(&Offset);
+  if (SectionType != NT_GNU_PROPERTY_TYPE_0)
+    return std::nullopt;
+
+  llvm::StringRef Name = Data.GetCStr(&Offset, NameSz);
+  if (Name != "GNU")
+    return std::nullopt;
+
+  while (Offset < Length) {
+    lldb::offset_t OldOffset = Offset;
+
+    uint32_t FeatureType = Data.GetU32(&Offset);
+    uint32_t Size = Data.GetU32(&Offset);
+    if (OldOffset + 8 != Offset) // there were not enough bytes
+      return std::nullopt;
+    if (FeatureType != GNU_PROPERTY_AARCH64_FEATURE_PAUTH) {
+      Offset += Size;
+      Offset =
+          llvm::alignTo(Offset, (uint64_t(1) << GNUPropSecSP->GetLog2Align()));
+      continue;
+    }
+    if (Size != 16)
+      return std::nullopt;
+
+    uint64_t PAuthABIPlatform = Data.GetU64(&Offset);
+    uint64_t PAuthABIVersion = Data.GetU64(&Offset);
+    if (OldOffset + 24 != Offset) // there were not enough bytes
+      return std::nullopt;
+    return std::make_pair(PAuthABIPlatform, PAuthABIVersion);
+  }
+
+  return std::nullopt;
+}
+
 void ObjectFileELF::ParseARMAttributes(DataExtractor &data, uint64_t length,
                                        ArchSpec &arch_spec) {
   lldb::offset_t Offset = 0;

lldb/source/Plugins/ObjectFile/ELF/ObjectFileELF.h

@@ -12,6 +12,7 @@
 #include <cstdint>
 
 #include <optional>
+#include <utility>
 #include <vector>
 
 #include "lldb/Symbol/ObjectFile.h"
@@ -155,6 +156,9 @@ class ObjectFileELF : public lldb_private::ObjectFile {
 
   void RelocateSection(lldb_private::Section *section) override;
 
+  std::optional<std::pair<uint64_t, uint64_t>>
+  ParseGNUPropertyAArch64PAuthABI() override;
+
 protected:
 
   std::vector<LoadableData>

lldb/unittests/ObjectFile/ELF/TestObjectFileELF.cpp

@@ -117,6 +117,161 @@ TEST_F(ObjectFileELFTest, SectionsResolveConsistently) {
   EXPECT_EQ(text_sp, start->GetAddress().GetSection());
 }
 
+TEST_F(ObjectFileELFTest, GNUPropertyAArch64PAuthABI) {
+  // Successful parsing
+  {
+    llvm::StringRef SinglePropertyYaml = R"(
+--- !ELF
+FileHeader:
+  Class:           ELFCLASS64
+  Data:            ELFDATA2LSB
+  Type:            ET_DYN
+  Machine:         EM_AARCH64
+Sections:
+  - Name:            .note.gnu.property
+    Type:            SHT_NOTE
+    Flags:           [ SHF_ALLOC ]
+    AddressAlign:    0x8
+    Notes:
+      - Name:            GNU
+        Desc:            010000C01000000002000000000000001F00000000000000
+        #                ^^^^^^^^
+        #                type = 0xC0000001 = GNU_PROPERTY_AARCH64_FEATURE_PAUTH
+        #                        ^^^^^^^^
+        #                        size = 0x00000010 = 16
+        #                                ^^^^^^^^^^^^^^^^
+        #                                platform = 0x0000000000000002 = 2
+        #                                                ^^^^^^^^^^^^^^^^
+        #                                                version = 0x000000000000001F = 31
+        Type:            NT_GNU_PROPERTY_TYPE_0
+...
+)";
+    llvm::StringRef MultiplePropertiesYaml = R"(
+--- !ELF
+FileHeader:
+  Class:           ELFCLASS64
+  Data:            ELFDATA2LSB
+  Type:            ET_DYN
+  Machine:         EM_AARCH64
+Sections:
+  - Name:            .note.gnu.property
+    Type:            SHT_NOTE
+    Flags:           [ SHF_ALLOC ]
+    AddressAlign:    0x8
+    Notes:
+      - Name:            GNU
+        Desc:            42424242040000001234567800000000010000C01000000002000000000000001F00000000000000
+        #                ^^^^^^^^
+        #                dummy property type = 0x42424242
+        #                        ^^^^^^^^
+        #                        dummy property size = 0x00000008 = 4
+        #                                ^^^^^^^^________
+        #                                dummy property contents = 0x78563412 and padding
+        #                                                ^^^^^^^^
+        #                                                type = 0xC0000001 = GNU_PROPERTY_AARCH64_FEATURE_PAUTH
+        #                                                        ^^^^^^^^
+        #                                                        size = 0x00000010 = 16
+        #                                                                ^^^^^^^^^^^^^^^^
+        #                                                                platform = 0x0000000000000002 = 2
+        #                                                                                ^^^^^^^^^^^^^^^^
+        #                                                                                version = 0x000000000000001F = 31
+        Type:            NT_GNU_PROPERTY_TYPE_0
+...
+)";
+    std::array<llvm::Expected<TestFile>, 2> TestFiles = {
+        TestFile::fromYaml(SinglePropertyYaml),
+        TestFile::fromYaml(MultiplePropertiesYaml)};
+
+    for (auto &TF : TestFiles) {
+      ASSERT_THAT_EXPECTED(TF, llvm::Succeeded());
+
+      auto module_sp = std::make_shared<Module>(TF->moduleSpec());
+      ObjectFile *obj_file = module_sp->GetObjectFile();
+      ASSERT_NE(nullptr, obj_file);
+
+      std::optional<std::pair<uint64_t, uint64_t>> pauthabi =
+          obj_file->ParseGNUPropertyAArch64PAuthABI();
+      ASSERT_NE(std::nullopt, pauthabi);
+      ASSERT_EQ(uint64_t(2),  pauthabi->first);
+      ASSERT_EQ(uint64_t(31), pauthabi->second);
+    }
+  }
+
+  // Error during parsing
+  {
+    llvm::StringRef InvalidNameSizeYaml = R"(
+--- !ELF
+FileHeader:
+  Class:           ELFCLASS64
+  Data:            ELFDATA2LSB
+  Type:            ET_DYN
+  Machine:         EM_AARCH64
+Sections:
+  - Name:            .note.gnu.property
+    Type:            SHT_NOTE
+    Flags:           [ SHF_ALLOC ]
+    AddressAlign:    0x8
+    Notes:
+      - Name:            XXXXX
+        Desc:            010000C01000000002000000000000001F00000000000000
+        Type:            NT_GNU_PROPERTY_TYPE_0
+...
+)";
+    llvm::StringRef InvalidNameYaml = R"(
+--- !ELF
+FileHeader:
+  Class:           ELFCLASS64
+  Data:            ELFDATA2LSB
+  Type:            ET_DYN
+  Machine:         EM_AARCH64
+Sections:
+  - Name:            .note.gnu.property
+    Type:            SHT_NOTE
+    Flags:           [ SHF_ALLOC ]
+    AddressAlign:    0x8
+    Notes:
+      - Name:            XXX
+        Desc:            010000C01000000002000000000000001F00000000000000
+        Type:            NT_GNU_PROPERTY_TYPE_0
+...
+)";
+    llvm::StringRef InvalidPropertySizeYaml = R"(
+--- !ELF
+FileHeader:
+  Class:           ELFCLASS64
+  Data:            ELFDATA2LSB
+  Type:            ET_DYN
+  Machine:         EM_AARCH64
+Sections:
+  - Name:            .note.gnu.property
+    Type:            SHT_NOTE
+    Flags:           [ SHF_ALLOC ]
+    AddressAlign:    0x8
+    Notes:
+      - Name:            XXXXX
+        Desc:            0000000000000000
+        Type:            NT_GNU_PROPERTY_TYPE_0
+...
+)";
+    std::array<llvm::Expected<TestFile>, 3> TestFiles = {
+        TestFile::fromYaml(InvalidNameSizeYaml),
+        TestFile::fromYaml(InvalidNameYaml),
+        TestFile::fromYaml(InvalidPropertySizeYaml)};
+
+    for (auto &TF : TestFiles) {
+      ASSERT_THAT_EXPECTED(TF, llvm::Succeeded());
+
+      auto module_sp = std::make_shared<Module>(TF->moduleSpec());
+      ObjectFile *obj_file = module_sp->GetObjectFile();
+      ASSERT_NE(nullptr, obj_file);
+
+      std::optional<std::pair<uint64_t, uint64_t>> pauthabi =
+          obj_file->ParseGNUPropertyAArch64PAuthABI();
+      ASSERT_EQ(std::nullopt, pauthabi);
+    }
+  }
+}
+
 // Test that GetModuleSpecifications works on an "atypical" object file which
 // has section headers right after the ELF header (instead of the more common
 // layout where the section headers are at the very end of the object file).