Fix restriction on RWX pages on macOS arm64

Signed-off-by: Tautvydas Žilys <[email protected]>

Author: GeoffroyAubey

mono/mini/exceptions-arm64.c

@@ -36,6 +36,7 @@ mono_arch_get_restore_context (MonoTrampInfo **info, gboolean aot)
 
 	size = 256;
 	code = start = mono_global_codeman_reserve (size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	arm_movx (code, ARMREG_IP0, ARMREG_R0);
 	ctx_reg = ARMREG_IP0;
@@ -85,6 +86,7 @@ mono_arch_get_call_filter (MonoTrampInfo **info, gboolean aot)
 
 	size = 512;
 	start = code = mono_global_codeman_reserve (size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/* Compute stack frame size and offsets */
 	offset = 0;
@@ -171,6 +173,7 @@ get_throw_trampoline (int size, gboolean corlib, gboolean rethrow, gboolean llvm
 	int i, offset, gregs_offset, fregs_offset, frame_size, num_fregs;
 
 	code = start = mono_global_codeman_reserve (size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/* We are being called by JITted code, the exception object/type token is in R0 */
 

mono/mini/mini-arm64.c

@@ -56,6 +56,10 @@ static gpointer bp_trampoline;
 
 static gboolean ios_abi;
 
+#if defined(__APPLE__)
+__thread jit_protect_mode arm_current_jit_protect_mode = JPM_NONE;
+#endif
+
 static __attribute__ ((__warn_unused_result__)) guint8* emit_load_regset (guint8 *code, guint64 regs, int basereg, int offset);
 
 const char*
@@ -100,6 +104,8 @@ get_delegate_invoke_impl (gboolean has_target, gboolean param_count, guint32 *co
 {
 	guint8 *code, *start;
 
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	if (has_target) {
 		start = code = mono_global_codeman_reserve (12);
 
@@ -5009,6 +5015,7 @@ mono_arch_build_imt_trampoline (MonoVTable *vtable, MonoDomain *domain, MonoIMTC
 	else
 		buf = mono_domain_code_reserve (domain, buf_len);
 	code = buf;
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/*
 	 * We are called by JITted code, which passes in the IMT argument in

mono/mini/mini-runtime.c

@@ -2173,6 +2173,8 @@ mono_jit_compile_method_with_opt (MonoMethod *method, guint32 opt, gboolean jit_
 gpointer
 mono_jit_compile_method (MonoMethod *method, MonoError *error)
 {
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	gpointer code;
 
 	code = mono_jit_compile_method_with_opt (method, mono_get_optimizations_for_method (method, default_opt), FALSE, error);
@@ -2804,6 +2806,7 @@ mono_jit_runtime_invoke (MonoMethod *method, void *obj, void **params, MonoObjec
 		if (!is_ok (error))
 			return NULL;
 	} else {
+		MONO_SCOPE_ENABLE_JIT_EXEC();
 		runtime_invoke = (MonoObject *(*)(MonoObject *, void **, MonoObject **, void *))info->runtime_invoke;
 
 		result = runtime_invoke ((MonoObject *)obj, params, exc, info->compiled_method);

mono/mini/mini.c

@@ -2223,6 +2223,8 @@ mono_codegen (MonoCompile *cfg)
 	MonoDomain *code_domain;
 	guint unwindlen = 0;
 
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	if (mono_using_xdebug)
 		/*
 		 * Recent gdb versions have trouble processing symbol files containing
@@ -3096,6 +3098,8 @@ init_backend (MonoBackend *backend)
 MonoCompile*
 mini_method_compile (MonoMethod *method, guint32 opts, MonoDomain *domain, JitFlags flags, int parts, int aot_method_index)
 {
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	MonoMethodHeader *header;
 	MonoMethodSignature *sig;
 	MonoError err;

mono/mini/mini.h

@@ -2886,4 +2886,66 @@ gboolean MONO_SIG_HANDLER_SIGNATURE (mono_chain_signal);
 MonoGenericContext
 mono_get_generic_context_from_stack_frame (MonoJitInfo *ji, gpointer generic_info);
 
+#if defined(__APPLE__) && defined(__arm64__)
+
+typedef enum {
+	JPM_NONE,
+	JPM_ENABLED,
+	JPM_DISABLED,
+} jit_protect_mode;
+
+extern __thread jit_protect_mode arm_current_jit_protect_mode;
+
+static void mono_arm_jit_write_protect_enable()
+{
+	if (__builtin_available(macOS 11, *)) {
+		if (arm_current_jit_protect_mode != JPM_ENABLED) {
+			pthread_jit_write_protect_np(1);
+			arm_current_jit_protect_mode = JPM_ENABLED;
+		}
+	}
+}
+
+static void mono_arm_jit_write_protect_disable()
+{
+	if (__builtin_available(macOS 11, *)) {
+		if (arm_current_jit_protect_mode != JPM_DISABLED) {
+			pthread_jit_write_protect_np(0);
+			arm_current_jit_protect_mode = JPM_DISABLED;
+		}
+	}
+}
+
+#define MONO_SCOPE_ENABLE_JIT_WRITE()					\
+	__attribute__((unused, cleanup(mono_arm_restore_jit_protect_mode))) \
+	jit_protect_mode scope_restrict_mode = arm_current_jit_protect_mode; \
+        mono_arm_jit_write_protect_disable();					\
+
+#define MONO_SCOPE_ENABLE_JIT_EXEC()					\
+	__attribute__((unused, cleanup(mono_arm_restore_jit_protect_mode))) \
+	jit_protect_mode scope_restrict_mode = arm_current_jit_protect_mode; \
+	mono_arm_jit_write_protect_enable();				\
+
+static void mono_arm_restore_jit_protect_mode(jit_protect_mode* previous_jit_protect_mode)
+{
+	if (*previous_jit_protect_mode == arm_current_jit_protect_mode)
+		return;
+
+	switch (*previous_jit_protect_mode)
+	{
+	case JPM_ENABLED:
+		mono_arm_jit_write_protect_enable();
+		break;
+	case JPM_DISABLED:
+	case JPM_NONE:
+	default:
+		mono_arm_jit_write_protect_disable();
+	}
+}
+
+#else
+#define MONO_SCOPE_ENABLE_JIT_WRITE()
+#define MONO_SCOPE_ENABLE_JIT_EXEC()
+#endif
+
 #endif /* __MONO_MINI_H__ */

mono/mini/tramp-arm64.c

@@ -32,6 +32,8 @@
 void
 mono_arch_patch_callsite (guint8 *method_start, guint8 *code_ptr, guint8 *addr)
 {
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	mono_arm_patch (code_ptr - 4, addr, MONO_R_ARM64_BL);
 	mono_arch_flush_icache (code_ptr - 4, 4);
 }
@@ -113,6 +115,7 @@ mono_arch_create_generic_trampoline (MonoTrampolineType tramp_type, MonoTrampInf
 
 	buf_len = 768;
 	buf = code = mono_global_codeman_reserve (buf_len);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/*
 	 * We are getting called by a specific trampoline, ip1 contains the trampoline argument.
@@ -328,6 +331,7 @@ mono_arch_create_specific_trampoline (gpointer arg1, MonoTrampolineType tramp_ty
 	 * Pass the argument in ip1, clobbering ip0.
 	 */
 	tramp = mono_get_trampoline_code (tramp_type);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	buf = code = mono_global_codeman_reserve (buf_len);
 
@@ -352,6 +356,8 @@ mono_arch_get_unbox_trampoline (MonoMethod *m, gpointer addr)
 	MonoDomain *domain = mono_domain_get ();
 
 	start = code = mono_domain_code_reserve (domain, size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	code = mono_arm_emit_imm64 (code, ARMREG_IP0, (guint64)addr);
 	arm_addx_imm (code, ARMREG_R0, ARMREG_R0, sizeof (MonoObject));
 	arm_brx (code, ARMREG_IP0);
@@ -369,6 +375,8 @@ mono_arch_get_static_rgctx_trampoline (gpointer arg, gpointer addr)
 	MonoDomain *domain = mono_domain_get ();
 
 	start = code = mono_domain_code_reserve (domain, buf_len);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	code = mono_arm_emit_imm64 (code, MONO_ARCH_RGCTX_REG, (guint64)arg);
 	code = mono_arm_emit_imm64 (code, ARMREG_IP0, (guint64)addr);
 	arm_brx (code, ARMREG_IP0);
@@ -407,6 +415,7 @@ mono_arch_create_rgctx_lazy_fetch_trampoline (guint32 slot, MonoTrampInfo **info
 
 	buf_size = 64 + 16 * depth;
 	code = buf = mono_global_codeman_reserve (buf_size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	rgctx_null_jumps = g_malloc0 (sizeof (guint8*) * (depth + 2));
 	njumps = 0;
@@ -493,6 +502,7 @@ mono_arch_create_general_rgctx_lazy_fetch_trampoline (MonoTrampInfo **info, gboo
 	tramp_size = 32;
 
 	code = buf = mono_global_codeman_reserve (tramp_size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	mono_add_unwind_op_def_cfa (unwind_ops, code, buf, ARMREG_SP, 0);
 
@@ -531,6 +541,7 @@ mono_arch_create_sdb_trampoline (gboolean single_step, MonoTrampInfo **info, gbo
 	MonoJumpInfo *ji = NULL;
 
 	code = buf = mono_global_codeman_reserve (tramp_size);
+	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/* Compute stack frame size and offsets */
 	offset = 0;
@@ -631,6 +642,8 @@ mono_arch_get_enter_icall_trampoline (MonoTrampInfo **info)
 	buf_len = 512 + 1024;
 	start = code = (guint8 *) mono_global_codeman_reserve (buf_len);
 
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	/* save FP and LR */
 	framesize += 2 * sizeof (mgreg_t);
 

mono/mini/unwind.c

@@ -518,6 +518,8 @@ mono_unwind_frame (guint8 *unwind_info, guint32 unwind_info_len,
 				   mgreg_t **save_locations, int save_locations_len,
 				   guint8 **out_cfa)
 {
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	Loc locations [NUM_HW_REGS];
 	guint8 reg_saved [NUM_HW_REGS];
 	int pos, reg, hwreg, cfa_reg = -1, cfa_offset = 0, offset;