[vm] Disable --write-protect-code on non-Mac OSes.

We still need to maintain W^X on iOS and Mac OS X. TEST=ci Change-Id: I78f005055d090d54f5da478164a73f18e11a32ac Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/345303 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Slava Egorov <vegorov@google.com>
2024-10-14 23:28:09 +00:00 · 2024-01-09 20:28:55 +00:00 · 2024-01-09 20:28:55 +00:00 · e9f51b8534
parent c338b85771
commit e9f51b8534
1 changed files with 14 additions and 1 deletions
--- a/runtime/vm/code_patcher.cc
+++ b/runtime/vm/code_patcher.cc
@ -10,7 +10,20 @@

 namespace dart {

-DEFINE_FLAG(bool, write_protect_code, true, "Write protect jitted code");
+#if defined(DART_HOST_OS_MACOS) || defined(DART_HOST_OS_MACOS_IOS)
+// On iOS even with debugger attached we must still guarantee that memory
+// is never executable and writable at the same time. On Mac OS X
+// com.apple.security.cs.allow-jit entitelement allows WX memory regions to be
+// created - but we should not rely on this entitelement to be present.
+static constexpr bool kShouldWriteProtectCodeByDefault = true;
+#else
+static constexpr bool kShouldWriteProtectCodeByDefault = false;
+#endif
+
+DEFINE_FLAG(bool,
+            write_protect_code,
+            kShouldWriteProtectCodeByDefault,
+            "Write protect jitted code");

 #if defined(TARGET_ARCH_IA32)
 WritableInstructionsScope::WritableInstructionsScope(uword address,