diff options
| author | Doug Nazar <nazard@nazar.ca> | 2021-04-09 11:59:53 +0300 |
|---|---|---|
| committer | Doug Nazar <nazard@nazar.ca> | 2021-04-09 13:02:35 +0300 |
| commit | b732715f737595884dd54d1f7860982652b2482f (patch) | |
| tree | a6206ddf5602f47e7f412af386d364f43038cf36 | |
| parent | bb5fcb310ab4334f4228d562f3cc8ee93b1067d4 (diff) | |
orc: Add support for MacOS Hardened runtime.
| -rw-r--r-- | meson.build | 1 | ||||
| -rw-r--r-- | orc/orccodemem.c | 12 | ||||
| -rw-r--r-- | orc/orccompiler.c | 15 |
3 files changed, 27 insertions, 1 deletions
diff --git a/meson.build b/meson.build index c089a2a..d175b53 100644 --- a/meson.build +++ b/meson.build @@ -121,6 +121,7 @@ cdata.set('HAVE_MONOTONIC_CLOCK', cc.compiles(monotonic_test)) cdata.set('HAVE_GETTIMEOFDAY', cc.has_function('gettimeofday')) cdata.set('HAVE_POSIX_MEMALIGN', cc.has_function('posix_memalign', prefix : '#include <stdlib.h>')) cdata.set('HAVE_MMAP', cc.has_function('mmap')) +cdata.set('HAVE_PTHREAD_JIT', cc.has_function('pthread_jit_write_protect_np')) cdata.set('HAVE_SYS_TIME_H', cc.has_header('sys/time.h')) cdata.set('HAVE_UNISTD_H', cc.has_header('unistd.h')) diff --git a/orc/orccodemem.c b/orc/orccodemem.c index a996e76..728f347 100644 --- a/orc/orccodemem.c +++ b/orc/orccodemem.c @@ -264,11 +264,15 @@ orc_code_region_allocate_codemem_dual_map (OrcCodeRegion *region, #define MAP_ANONYMOUS MAP_ANON #endif +#ifndef MAP_JIT +#define MAP_JIT 0 +#endif + static int orc_code_region_allocate_codemem_anon_map (OrcCodeRegion *region) { region->exec_ptr = mmap (NULL, SIZE, PROT_READ|PROT_WRITE|PROT_EXEC, - MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + MAP_PRIVATE|MAP_ANONYMOUS|MAP_JIT, -1, 0); if (region->exec_ptr == MAP_FAILED) { ORC_WARNING("failed to create write/exec map. err=%i", errno); return FALSE; @@ -300,9 +304,15 @@ orc_code_region_allocate_codemem (OrcCodeRegion *region) if (orc_code_region_allocate_codemem_anon_map (region)) return; +#ifdef __APPLE__ + ORC_ERROR("Failed to create write and exec mmap regions. This " + "is probably because the Hardened Runtime is enabled without " + "the com.apple.security.cs.allow-jit entitlement."); +#else ORC_ERROR("Failed to create write and exec mmap regions. This " "is probably because SELinux execmem check is enabled (good) " "and $TMPDIR and $HOME are mounted noexec (bad)."); +#endif } #endif diff --git a/orc/orccompiler.c b/orc/orccompiler.c index 7f7b4d4..a391e86 100644 --- a/orc/orccompiler.c +++ b/orc/orccompiler.c @@ -6,6 +6,10 @@ #include <stdlib.h> #include <stdarg.h> +#if defined(HAVE_PTHREAD_JIT) + #include <pthread.h> +#endif + #if defined(HAVE_CODEMEM_VIRTUALALLOC) #include <windows.h> #ifdef ORC_WINAPI_ONLY_APP @@ -122,6 +126,11 @@ _orc_compiler_init (void) } } #endif + +#if defined(HAVE_PTHREAD_JIT) + ORC_INFO("pthread_jit_write_protect_supported_np() = %i", + pthread_jit_write_protect_supported_np()); +#endif } int @@ -447,6 +456,9 @@ orc_program_compile_full (OrcProgram *program, OrcTarget *target, program->orccode->code_size = compiler->codeptr - compiler->code; orc_code_allocate_codemem (program->orccode, program->orccode->code_size); +#if defined(HAVE_PTHREAD_JIT) + pthread_jit_write_protect_np(0); +#endif #if defined(HAVE_CODEMEM_VIRTUALALLOC) /* Ensure that code region is writable before memcpy */ _set_virtual_protect (program->orccode->code, program->orccode->code_size, @@ -463,6 +475,9 @@ orc_program_compile_full (OrcProgram *program, OrcTarget *target, compiler->target->flush_cache (program->orccode); } +#if defined(HAVE_PTHREAD_JIT) + pthread_jit_write_protect_np(1); +#endif #if defined(HAVE_CODEMEM_VIRTUALALLOC) /* Code region is now ready for execution */ if (!_set_virtual_protect (program->orccode->exec, program->orccode->code_size, |