[Vm-dev] Cog will require changes to JIT on the next version of Mac

Tobias Pape Das.Linux at gmx.de
Wed Aug 14 06:22:21 UTC 2019


> On 14.08.2019, at 04:29, Ryan Macnak <rmacnak at gmail.com> wrote:
> Cog will need to be signed with the JIT entitlement and to pass MAP_JIT when it allocates executable memory.
> https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit


It seems the ideas of OpenBSD W^X finally reached Mac OS X [1], but in a different way.

Other JITs handle that by 
 * mmap-ing the to-be-written code region R/W
 * jitting to that region
 * when done mprotect to remove the w and add the x

Example: Firefox [2].

I have no idea why Apple came up with MAP_JIT. If we used the above,
maybe we don't need to be singend to at least run…

Best regards

[1]: https://en.wikipedia.org/wiki/W%5EX , https://www.openbsd.org/33.html 
[2]: https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/

More information about the Vm-dev mailing list