Switch to writable executable memory before allocating executable code, as allocation might memset it and segfault.

TautvydasZilys · TautvydasZilys · commit 70524e6b7812 · 2021-03-12T18:43:02.000-08:00
diff --git a/mono/mini/mini-arm64.c b/mono/mini/mini-arm64.c
@@ -5010,12 +5010,13 @@ mono_arch_build_imt_trampoline (MonoVTable *vtable, MonoDomain *domain, MonoIMTC
 		}
 	}
 
+	MONO_SCOPE_ENABLE_JIT_WRITE();
+
 	if (fail_tramp)
 		buf = mono_method_alloc_generic_virtual_trampoline (domain, buf_len);
 	else
 		buf = mono_domain_code_reserve (domain, buf_len);
 	code = buf;
-	MONO_SCOPE_ENABLE_JIT_WRITE();
 
 	/*
 	 * We are called by JITted code, which passes in the IMT argument in
diff --git a/mono/mini/mini-runtime.c b/mono/mini/mini-runtime.c
@@ -351,11 +351,18 @@ void *mono_global_codeman_reserve (int size)
 	if (!global_codeman) {
 		/* This can happen during startup */
 		global_codeman = mono_code_manager_new ();
+
+		MONO_SCOPE_ENABLE_JIT_WRITE();
 		return mono_code_manager_reserve (global_codeman, size);
 	}
 	else {
 		mono_jit_lock ();
-		ptr = mono_code_manager_reserve (global_codeman, size);
+
+		{
+			MONO_SCOPE_ENABLE_JIT_WRITE();
+			ptr = mono_code_manager_reserve (global_codeman, size);
+		}
+
 		mono_jit_unlock ();
 		return ptr;
 	}
@@ -1407,6 +1414,7 @@ mono_resolve_patch_target (MonoMethod *method, MonoDomain *domain, guint8 *code,
 		gpointer *jump_table;
 		int i;
 		if (method && method->dynamic) {
+			MONO_SCOPE_ENABLE_JIT_WRITE();
 			jump_table = (void **)mono_code_manager_reserve (mono_dynamic_code_hash_lookup (domain, method)->code_mp, sizeof (gpointer) * patch_info->data.table->table_size);
 		} else {
 			if (mono_aot_only) {
@@ -3666,7 +3674,11 @@ static void
 dynamic_method_info_free (gpointer key, gpointer value, gpointer user_data)
 {
 	MonoJitDynamicMethodInfo *di = (MonoJitDynamicMethodInfo *)value;
-	mono_code_manager_destroy (di->code_mp);
+
+	{
+		MONO_SCOPE_ENABLE_JIT_WRITE();
+		mono_code_manager_destroy (di->code_mp);
+	}
 	g_free (di);
 }
 
diff --git a/mono/mini/mini.c b/mono/mini/mini.c
@@ -2175,8 +2175,10 @@ mono_postprocess_patches (MonoCompile *cfg)
 		case MONO_PATCH_INFO_SWITCH: {
 			gpointer *table;
 			if (cfg->method->dynamic) {
+				MONO_SCOPE_ENABLE_JIT_WRITE();
 				table = (void **)mono_code_manager_reserve (cfg->dynamic_info->code_mp, sizeof (gpointer) * patch_info->data.table->table_size);
 			} else {
+				MONO_SCOPE_ENABLE_JIT_WRITE();
 				table = (void **)mono_domain_code_reserve (cfg->domain, sizeof (gpointer) * patch_info->data.table->table_size);
 			}
 
@@ -2301,17 +2303,24 @@ mono_codegen (MonoCompile *cfg)
 	if (cfg->method->dynamic) {
 		/* Allocate the code into a separate memory pool so it can be freed */
 		cfg->dynamic_info = g_new0 (MonoJitDynamicMethodInfo, 1);
-		cfg->dynamic_info->code_mp = mono_code_manager_new_dynamic ();
+
+		{
+			MONO_SCOPE_ENABLE_JIT_WRITE();
+			cfg->dynamic_info->code_mp = mono_code_manager_new_dynamic ();
+		}
+
 		mono_domain_lock (cfg->domain);
 		mono_dynamic_code_hash_insert (cfg->domain, cfg->method, cfg->dynamic_info);
 		mono_domain_unlock (cfg->domain);
 
+		MONO_SCOPE_ENABLE_JIT_WRITE();
 		if (mono_using_xdebug)
 			/* See the comment for cfg->code_domain */
 			code = (guint8 *)mono_domain_code_reserve (code_domain, cfg->code_size + cfg->thunk_area + unwindlen);
 		else
 			code = (guint8 *)mono_code_manager_reserve (cfg->dynamic_info->code_mp, cfg->code_size + cfg->thunk_area + unwindlen);
 	} else {
+		MONO_SCOPE_ENABLE_JIT_WRITE();
 		code = (guint8 *)mono_domain_code_reserve (code_domain, cfg->code_size + cfg->thunk_area + unwindlen);
 	}
 
@@ -2399,11 +2408,13 @@ mono_codegen (MonoCompile *cfg)
 #endif
 
 	if (cfg->method->dynamic) {
+		MONO_SCOPE_ENABLE_JIT_WRITE();
 		if (mono_using_xdebug)
 			mono_domain_code_commit (code_domain, cfg->native_code, cfg->code_size, cfg->code_len);
 		else
 			mono_code_manager_commit (cfg->dynamic_info->code_mp, cfg->native_code, cfg->code_size, cfg->code_len);
 	} else {
+		MONO_SCOPE_ENABLE_JIT_WRITE();
 		mono_domain_code_commit (code_domain, cfg->native_code, cfg->code_size, cfg->code_len);
 	}
 	MONO_PROFILER_RAISE (jit_code_buffer, (cfg->native_code, cfg->code_len, MONO_PROFILER_CODE_BUFFER_METHOD, cfg->method));
diff --git a/mono/mini/tramp-arm64.c b/mono/mini/tramp-arm64.c
@@ -355,8 +355,8 @@ mono_arch_get_unbox_trampoline (MonoMethod *m, gpointer addr)
 	guint32 size = 32;
 	MonoDomain *domain = mono_domain_get ();
 
-	start = code = mono_domain_code_reserve (domain, size);
 	MONO_SCOPE_ENABLE_JIT_WRITE();
+	start = code = mono_domain_code_reserve (domain, size);
 
 	code = mono_arm_emit_imm64 (code, ARMREG_IP0, (guint64)addr);
 	arm_addx_imm (code, ARMREG_R0, ARMREG_R0, sizeof (MonoObject));
@@ -374,8 +374,8 @@ mono_arch_get_static_rgctx_trampoline (gpointer arg, gpointer addr)
 	guint32 buf_len = 32;
 	MonoDomain *domain = mono_domain_get ();
 
-	start = code = mono_domain_code_reserve (domain, buf_len);
 	MONO_SCOPE_ENABLE_JIT_WRITE();
+	start = code = mono_domain_code_reserve (domain, buf_len);
 
 	code = mono_arm_emit_imm64 (code, MONO_ARCH_RGCTX_REG, (guint64)arg);
 	code = mono_arm_emit_imm64 (code, ARMREG_IP0, (guint64)addr);

Original file line number	Diff line number	Diff line change
`@@ -5010,12 +5010,13 @@ mono_arch_build_imt_trampoline (MonoVTable vtable, MonoDomain domain, MonoIMTC`
`5010`	`5010`	`}`
`5011`	`5011`	`}`
`5012`	`5012`
	`5013`	`+ MONO_SCOPE_ENABLE_JIT_WRITE();`
	`5014`	`+`
`5013`	`5015`	`if (fail_tramp)`
`5014`	`5016`	`buf = mono_method_alloc_generic_virtual_trampoline (domain, buf_len);`
`5015`	`5017`	`else`
`5016`	`5018`	`buf = mono_domain_code_reserve (domain, buf_len);`
`5017`	`5019`	`code = buf;`
`5018`		`- MONO_SCOPE_ENABLE_JIT_WRITE();`
`5019`	`5020`
`5020`	`5021`	`/*`
`5021`	`5022`	`* We are called by JITted code, which passes in the IMT argument in`