From 6c92ce6049223fbab9f8d18fdc17f698e6b8b338 Mon Sep 17 00:00:00 2001 From: Vyacheslav Egorov Date: Wed, 1 Nov 2023 22:38:27 +0000 Subject: [PATCH] [vm] Make sure to use MAP_JIT for callback pages This is follow up to bd57548 which switched us to use manual copying for call back pages on Mac OS and iOS. However these newly allocated pages need to be created with MAP_JIT flag otherwise OS will kill us with code signing violation if hardened runtime is enabled. This can only be observed when the binary is signed that's why we have not seen it on CI. TEST=manually signed and tested that it no longer crashes. Fixes https://github.com/dart-lang/sdk/issues/53928 Change-Id: Ic15673d354d4fdf1bb8179066b37c7ae90877982 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/333260 Reviewed-by: Ryan Macnak Reviewed-by: Daco Harkes Commit-Queue: Slava Egorov --- runtime/vm/ffi_callback_metadata.cc | 13 ++++++++++++- runtime/vm/virtual_memory.cc | 3 +-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/runtime/vm/ffi_callback_metadata.cc b/runtime/vm/ffi_callback_metadata.cc index 94ba8726444..c8d5f3c816f 100644 --- a/runtime/vm/ffi_callback_metadata.cc +++ b/runtime/vm/ffi_callback_metadata.cc @@ -97,8 +97,19 @@ VirtualMemory* FfiCallbackMetadata::AllocateTrampolinePage() { UNREACHABLE(); return nullptr; #else + +#if defined(DART_HOST_OS_MACOS) && !defined(DART_PRECOMPILED_RUNTIME) + // If we are not going to use vm_remap then we need to pass + // is_executable=true so that pages get allocated with MAP_JIT flag if + // necessary. Otherwise OS will kill us with a codesigning violation if + // hardened runtime is enabled. + const bool is_executable = true; +#else + const bool is_executable = false; +#endif + VirtualMemory* new_page = VirtualMemory::AllocateAligned( - MappingSize(), MappingAlignment(), /*is_executable=*/false, + MappingSize(), MappingAlignment(), is_executable, /*is_compressed=*/false, "FfiCallbackMetadata::TrampolinePage"); if (new_page == nullptr) { return nullptr; diff --git a/runtime/vm/virtual_memory.cc b/runtime/vm/virtual_memory.cc index b6a54951aff..0220cd7f1fb 100644 --- a/runtime/vm/virtual_memory.cc +++ b/runtime/vm/virtual_memory.cc @@ -54,8 +54,7 @@ bool VirtualMemory::DuplicateRX(VirtualMemory* target) { const intptr_t aligned_size = Utils::RoundUp(size(), PageSize()); ASSERT_LESS_OR_EQUAL(aligned_size, target->size()); -#if defined(DART_HOST_OS_MACOS) && \ - (defined(DART_PRECOMPILED_RUNTIME) || defined(DART_PRECOMPILER)) +#if defined(DART_HOST_OS_MACOS) && defined(DART_PRECOMPILED_RUNTIME) // Mac is special cased because iOS doesn't allow allocating new executable // memory, so the default approach would fail. We are allowed to make new // mappings of existing executable memory using vm_remap though, which is