<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 14, 2019 at 8:22 AM Tobias Pape <<a href="mailto:Das.Linux@gmx.de">Das.Linux@gmx.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br>
Hi<br>
<br>
> On 14.08.2019, at 04:29, Ryan Macnak <<a href="mailto:rmacnak@gmail.com" target="_blank">rmacnak@gmail.com</a>> wrote:<br>
> <br>
> Cog will need to be signed with the JIT entitlement and to pass MAP_JIT when it allocates executable memory.<br>
> <br>
> <a href="https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit" rel="noreferrer" target="_blank">https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit</a><br>
<br>
Interesting.<br>
<br>
It seems the ideas of OpenBSD W^X finally reached Mac OS X [1], but in a different way.<br>
<br>
Other JITs handle that by <br>
* mmap-ing the to-be-written code region R/W<br>
* jitting to that region<br>
* when done mprotect to remove the w and add the x<br>
<br>
Example: Firefox [2].<br></blockquote><div><br></div><div>That is a significant change to Cog's JIT. On the top of my head:</div><div>1. When jitting, one would need to control per page the rights inside the machine code zone and write each CogMethod within a page boundary with a 1-to-1 mapping CogMethod per page (likely memory overhead induced).</div><div>2. Inline cache logic (Mono, closedPIC and openPIC) should be changed not to edit the instructions in the machine code zone but a RW structure (likely execution time overhead induced), or to change page protection for relinking (which is think is disallowed, once it is executable it cannot go back to be W).</div><div>3. Machine code zone GC should be changed not to edit the machine code zone to update literals but a RW located structure, which is particulary nasty on back-ends where inlined literals are forced (x86_32) or to change page protection for relinking (which is think is disallowed, once it is executable it cannot go back to be W).</div><div> </div><div>I'd say MAP_JIT is the cheap option unless someone has budget to invest in this change.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I have no idea why Apple came up with MAP_JIT. If we used the above,<br>
maybe we don't need to be singend to at least run…<br>
<br>
Best regards<br>
-Tobias<br>
<br>
<br>
[1]: <a href="https://en.wikipedia.org/wiki/W%5EX" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/W%5EX</a> , <a href="https://www.openbsd.org/33.html" rel="noreferrer" target="_blank">https://www.openbsd.org/33.html</a> <br>
[2]: <a href="https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/" rel="noreferrer" target="_blank">https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><span style="font-size:12.8px">Clément Béra<br></span><span style="color:rgb(0,0,238)"><a href="https://clementbera.github.io/" target="_blank">https://clementbera.github.io/</a></span><div style="font-size:12.8px"><a href="https://clementbera.wordpress.com/" target="_blank">https://clementbera.wordpress.com/</a></div></div></div></div></div></div></div>