diff options
Diffstat (limited to 'src/lj_mcode.c')
| -rw-r--r-- | src/lj_mcode.c | 41 |
1 files changed, 12 insertions, 29 deletions
diff --git a/src/lj_mcode.c b/src/lj_mcode.c index e64c5878..b2d12118 100644 --- a/src/lj_mcode.c +++ b/src/lj_mcode.c | |||
| @@ -14,6 +14,7 @@ | |||
| 14 | #include "lj_mcode.h" | 14 | #include "lj_mcode.h" |
| 15 | #include "lj_trace.h" | 15 | #include "lj_trace.h" |
| 16 | #include "lj_dispatch.h" | 16 | #include "lj_dispatch.h" |
| 17 | #include "lj_prng.h" | ||
| 17 | #endif | 18 | #endif |
| 18 | #if LJ_HASJIT || LJ_HASFFI | 19 | #if LJ_HASJIT || LJ_HASFFI |
| 19 | #include "lj_vm.h" | 20 | #include "lj_vm.h" |
| @@ -118,52 +119,34 @@ static int mcode_setprot(void *p, size_t sz, int prot) | |||
| 118 | return mprotect(p, sz, prot); | 119 | return mprotect(p, sz, prot); |
| 119 | } | 120 | } |
| 120 | 121 | ||
| 121 | #elif LJ_64 | ||
| 122 | |||
| 123 | #error "Missing OS support for explicit placement of executable memory" | ||
| 124 | |||
| 125 | #else | 122 | #else |
| 126 | 123 | ||
| 127 | /* Fallback allocator. This will fail if memory is not executable by default. */ | 124 | #error "Missing OS support for explicit placement of executable memory" |
| 128 | #define LUAJIT_UNPROTECT_MCODE | ||
| 129 | #define MCPROT_RW 0 | ||
| 130 | #define MCPROT_RX 0 | ||
| 131 | #define MCPROT_RWX 0 | ||
| 132 | |||
| 133 | static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot) | ||
| 134 | { | ||
| 135 | UNUSED(hint); UNUSED(prot); | ||
| 136 | return lj_mem_new(J->L, sz); | ||
| 137 | } | ||
| 138 | |||
| 139 | static void mcode_free(jit_State *J, void *p, size_t sz) | ||
| 140 | { | ||
| 141 | lj_mem_free(J2G(J), p, sz); | ||
| 142 | } | ||
| 143 | 125 | ||
| 144 | #endif | 126 | #endif |
| 145 | 127 | ||
| 146 | /* -- MCode area protection ----------------------------------------------- */ | 128 | /* -- MCode area protection ----------------------------------------------- */ |
| 147 | 129 | ||
| 148 | /* Define this ONLY if page protection twiddling becomes a bottleneck. */ | 130 | #if LUAJIT_SECURITY_MCODE == 0 |
| 149 | #ifdef LUAJIT_UNPROTECT_MCODE | ||
| 150 | 131 | ||
| 151 | /* It's generally considered to be a potential security risk to have | 132 | /* Define this ONLY if page protection twiddling becomes a bottleneck. |
| 133 | ** | ||
| 134 | ** It's generally considered to be a potential security risk to have | ||
| 152 | ** pages with simultaneous write *and* execute access in a process. | 135 | ** pages with simultaneous write *and* execute access in a process. |
| 153 | ** | 136 | ** |
| 154 | ** Do not even think about using this mode for server processes or | 137 | ** Do not even think about using this mode for server processes or |
| 155 | ** apps handling untrusted external data (such as a browser). | 138 | ** apps handling untrusted external data. |
| 156 | ** | 139 | ** |
| 157 | ** The security risk is not in LuaJIT itself -- but if an adversary finds | 140 | ** The security risk is not in LuaJIT itself -- but if an adversary finds |
| 158 | ** any *other* flaw in your C application logic, then any RWX memory page | 141 | ** any *other* flaw in your C application logic, then any RWX memory pages |
| 159 | ** simplifies writing an exploit considerably. | 142 | ** simplify writing an exploit considerably. |
| 160 | */ | 143 | */ |
| 161 | #define MCPROT_GEN MCPROT_RWX | 144 | #define MCPROT_GEN MCPROT_RWX |
| 162 | #define MCPROT_RUN MCPROT_RWX | 145 | #define MCPROT_RUN MCPROT_RWX |
| 163 | 146 | ||
| 164 | static void mcode_protect(jit_State *J, int prot) | 147 | static void mcode_protect(jit_State *J, int prot) |
| 165 | { | 148 | { |
| 166 | UNUSED(J); UNUSED(prot); | 149 | UNUSED(J); UNUSED(prot); UNUSED(mcode_setprot); |
| 167 | } | 150 | } |
| 168 | 151 | ||
| 169 | #else | 152 | #else |
| @@ -242,7 +225,7 @@ static void *mcode_alloc(jit_State *J, size_t sz) | |||
| 242 | } | 225 | } |
| 243 | /* Next try probing 64K-aligned pseudo-random addresses. */ | 226 | /* Next try probing 64K-aligned pseudo-random addresses. */ |
| 244 | do { | 227 | do { |
| 245 | hint = LJ_PRNG_BITS(J, LJ_TARGET_JUMPRANGE-16) << 16; | 228 | hint = lj_prng_u64(&J2G(J)->prng) & ((1u<<LJ_TARGET_JUMPRANGE)-0x10000); |
| 246 | } while (!(hint + sz < range+range)); | 229 | } while (!(hint + sz < range+range)); |
| 247 | hint = target + hint - range; | 230 | hint = target + hint - range; |
| 248 | } | 231 | } |
| @@ -331,7 +314,7 @@ void lj_mcode_abort(jit_State *J) | |||
| 331 | /* Set/reset protection to allow patching of MCode areas. */ | 314 | /* Set/reset protection to allow patching of MCode areas. */ |
| 332 | MCode *lj_mcode_patch(jit_State *J, MCode *ptr, int finish) | 315 | MCode *lj_mcode_patch(jit_State *J, MCode *ptr, int finish) |
| 333 | { | 316 | { |
| 334 | #ifdef LUAJIT_UNPROTECT_MCODE | 317 | #if LUAJIT_SECURITY_MCODE == 0 |
| 335 | UNUSED(J); UNUSED(ptr); UNUSED(finish); | 318 | UNUSED(J); UNUSED(ptr); UNUSED(finish); |
| 336 | return NULL; | 319 | return NULL; |
| 337 | #else | 320 | #else |