diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lj_ccallback.c | 19 | ||||
| -rw-r--r-- | src/lj_mcode.c | 19 |
2 files changed, 35 insertions, 3 deletions
diff --git a/src/lj_ccallback.c b/src/lj_ccallback.c index 52f92932..d93dbc64 100644 --- a/src/lj_ccallback.c +++ b/src/lj_ccallback.c | |||
| @@ -262,6 +262,14 @@ static void *callback_mcode_init(global_State *g, uint32_t *page) | |||
| 262 | #define CCPROT_CREATE 0 | 262 | #define CCPROT_CREATE 0 |
| 263 | #endif | 263 | #endif |
| 264 | 264 | ||
| 265 | /* Check for macOS hardened runtime. */ | ||
| 266 | #if LUAJIT_SECURITY_MCODE != 0 && defined(MAP_JIT) && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 110000 | ||
| 267 | #include <pthread.h> | ||
| 268 | #define CCMAP_CREATE MAP_JIT | ||
| 269 | #else | ||
| 270 | #define CCMAP_CREATE 0 | ||
| 271 | #endif | ||
| 272 | |||
| 265 | #endif | 273 | #endif |
| 266 | 274 | ||
| 267 | /* Allocate and initialize area for callback function pointers. */ | 275 | /* Allocate and initialize area for callback function pointers. */ |
| @@ -276,10 +284,13 @@ static void callback_mcode_new(CTState *cts) | |||
| 276 | if (!p) | 284 | if (!p) |
| 277 | lj_err_caller(cts->L, LJ_ERR_FFI_CBACKOV); | 285 | lj_err_caller(cts->L, LJ_ERR_FFI_CBACKOV); |
| 278 | #elif LJ_TARGET_POSIX | 286 | #elif LJ_TARGET_POSIX |
| 279 | p = mmap(NULL, sz, (PROT_READ|PROT_WRITE|CCPROT_CREATE), MAP_PRIVATE|MAP_ANONYMOUS, | 287 | p = mmap(NULL, sz, PROT_READ|PROT_WRITE|CCPROT_CREATE, |
| 280 | -1, 0); | 288 | MAP_PRIVATE|MAP_ANONYMOUS|CCMAP_CREATE, -1, 0); |
| 281 | if (p == MAP_FAILED) | 289 | if (p == MAP_FAILED) |
| 282 | lj_err_caller(cts->L, LJ_ERR_FFI_CBACKOV); | 290 | lj_err_caller(cts->L, LJ_ERR_FFI_CBACKOV); |
| 291 | #if CCMAP_CREATE | ||
| 292 | pthread_jit_write_protect_np(0); | ||
| 293 | #endif | ||
| 283 | #else | 294 | #else |
| 284 | /* Fallback allocator. Fails if memory is not executable by default. */ | 295 | /* Fallback allocator. Fails if memory is not executable by default. */ |
| 285 | p = lj_mem_new(cts->L, sz); | 296 | p = lj_mem_new(cts->L, sz); |
| @@ -296,8 +307,12 @@ static void callback_mcode_new(CTState *cts) | |||
| 296 | LJ_WIN_VPROTECT(p, sz, PAGE_EXECUTE_READ, &oprot); | 307 | LJ_WIN_VPROTECT(p, sz, PAGE_EXECUTE_READ, &oprot); |
| 297 | } | 308 | } |
| 298 | #elif LJ_TARGET_POSIX | 309 | #elif LJ_TARGET_POSIX |
| 310 | #if CCMAP_CREATE | ||
| 311 | pthread_jit_write_protect_np(1); | ||
| 312 | #else | ||
| 299 | mprotect(p, sz, (PROT_READ|PROT_EXEC)); | 313 | mprotect(p, sz, (PROT_READ|PROT_EXEC)); |
| 300 | #endif | 314 | #endif |
| 315 | #endif | ||
| 301 | } | 316 | } |
| 302 | 317 | ||
| 303 | /* Free area for callback function pointers. */ | 318 | /* Free area for callback function pointers. */ |
diff --git a/src/lj_mcode.c b/src/lj_mcode.c index 864da7fb..43694226 100644 --- a/src/lj_mcode.c +++ b/src/lj_mcode.c | |||
| @@ -98,6 +98,14 @@ static int mcode_setprot(void *p, size_t sz, DWORD prot) | |||
| 98 | #define MAP_ANONYMOUS MAP_ANON | 98 | #define MAP_ANONYMOUS MAP_ANON |
| 99 | #endif | 99 | #endif |
| 100 | 100 | ||
| 101 | /* Check for macOS hardened runtime. */ | ||
| 102 | #if LUAJIT_SECURITY_MCODE != 0 && defined(MAP_JIT) && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 110000 | ||
| 103 | #include <pthread.h> | ||
| 104 | #define MCMAP_CREATE MAP_JIT | ||
| 105 | #else | ||
| 106 | #define MCMAP_CREATE 0 | ||
| 107 | #endif | ||
| 108 | |||
| 101 | #define MCPROT_RW (PROT_READ|PROT_WRITE) | 109 | #define MCPROT_RW (PROT_READ|PROT_WRITE) |
| 102 | #define MCPROT_RX (PROT_READ|PROT_EXEC) | 110 | #define MCPROT_RX (PROT_READ|PROT_EXEC) |
| 103 | #define MCPROT_RWX (PROT_READ|PROT_WRITE|PROT_EXEC) | 111 | #define MCPROT_RWX (PROT_READ|PROT_WRITE|PROT_EXEC) |
| @@ -109,10 +117,14 @@ static int mcode_setprot(void *p, size_t sz, DWORD prot) | |||
| 109 | 117 | ||
| 110 | static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot) | 118 | static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot) |
| 111 | { | 119 | { |
| 112 | void *p = mmap((void *)hint, sz, prot|MCPROT_CREATE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); | 120 | void *p = mmap((void *)hint, sz, prot|MCPROT_CREATE, MAP_PRIVATE|MAP_ANONYMOUS|MCMAP_CREATE, -1, 0); |
| 113 | if (p == MAP_FAILED) { | 121 | if (p == MAP_FAILED) { |
| 114 | if (!hint) lj_trace_err(J, LJ_TRERR_MCODEAL); | 122 | if (!hint) lj_trace_err(J, LJ_TRERR_MCODEAL); |
| 115 | p = NULL; | 123 | p = NULL; |
| 124 | #if MCMAP_CREATE | ||
| 125 | } else { | ||
| 126 | pthread_jit_write_protect_np(0); | ||
| 127 | #endif | ||
| 116 | } | 128 | } |
| 117 | return p; | 129 | return p; |
| 118 | } | 130 | } |
| @@ -125,7 +137,12 @@ static void mcode_free(jit_State *J, void *p, size_t sz) | |||
| 125 | 137 | ||
| 126 | static int mcode_setprot(void *p, size_t sz, int prot) | 138 | static int mcode_setprot(void *p, size_t sz, int prot) |
| 127 | { | 139 | { |
| 140 | #if MCMAP_CREATE | ||
| 141 | pthread_jit_write_protect_np((prot & PROC_EXEC)); | ||
| 142 | return 0; | ||
| 143 | #else | ||
| 128 | return mprotect(p, sz, prot); | 144 | return mprotect(p, sz, prot); |
| 145 | #endif | ||
| 129 | } | 146 | } |
| 130 | 147 | ||
| 131 | #else | 148 | #else |