Bug 1883457 - Part 2: Use be_memory_inline_jit_restrict_* APIs for JIT on iOS, r=jandem

This change enables the JS_USE_APPLE_FAST_WX option for iOS, but uses the BrowserEngineKit APIs rather than the pthread_jit APIs which are available on macOS. It is unclear to me if there are other differences with these APIs which would need to be handled beyond what has been written so far, as this is just a naive substitution. Given these functions are explicitly "inline", it may be desirable at some point to refactor the code to allow the calls to be made inline within ProcessExecutableMemory.h, however that was left out-of-scope. Differential Revision: https://phabricator.services.mozilla.com/D203499
2024-11-23 21:01:08 +00:00 · 2024-03-25 17:12:53 +00:00 · 2024-03-25 17:12:53 +00:00 · d574456eec
commit d574456eec
parent 5c6cb3e502
3 changed files with 20 additions and 6 deletions
--- a/js/moz.configure
+++ b/js/moz.configure
@ -591,13 +591,14 @@ set_define("MOZ_AARCH64_JSCVT", aarch64_jscvt)


@depends(target)
-def has_pthread_jit_write_protect_np(target):
-    return target.os == "OSX" and target.cpu == "aarch64"
+def has_apple_fast_wx(target):
+    return target.kernel == "Darwin" and target.cpu == "aarch64"


-# On Apple Silicon we use MAP_JIT with pthread_jit_write_protect_np to implement
-# JIT code write protection.
-set_define("JS_USE_APPLE_FAST_WX", True, when=has_pthread_jit_write_protect_np)
+# On Apple Silicon macOS we use MAP_JIT with pthread_jit_write_protect_np to
+# implement JIT code write protection, while on iOS we use MAP_JIT with
+# be_memory_inline_jit_restrict_*.
+set_define("JS_USE_APPLE_FAST_WX", True, when=has_apple_fast_wx)


 # CTypes
--- a/js/src/jit/JitOptions.cpp
+++ b/js/src/jit/JitOptions.cpp
@ -447,7 +447,8 @@ void DefaultJitOptions::resetNormalIonWarmUpThreshold() {

 void DefaultJitOptions::maybeSetWriteProtectCode(bool val) {
 #ifdef JS_USE_APPLE_FAST_WX
-  // On Apple Silicon we always use pthread_jit_write_protect_np.
+  // On Apple Silicon we always use pthread_jit_write_protect_np, or
+  // be_memory_inline_jit_restrict_*.
  MOZ_ASSERT(!writeProtectCode);
 #else
  writeProtectCode = val;
--- a/js/src/jit/ProcessExecutableMemory.cpp
+++ b/js/src/jit/ProcessExecutableMemory.cpp
@ -46,6 +46,10 @@
 #  include <valgrind/valgrind.h>
 #endif

+#if defined(XP_IOS)
+#  include <BrowserEngineCore/BEMemory.h>
+#endif
+
 using namespace js;
 using namespace js::jit;

@ -990,11 +994,19 @@ bool js::jit::ReprotectRegion(void* start, size_t size,
 #ifdef JS_USE_APPLE_FAST_WX
 void js::jit::AutoMarkJitCodeWritableForThread::markExecutable(
    bool executable) {
+#  if defined(XP_IOS)
+  if (executable) {
+    be_memory_inline_jit_restrict_rwx_to_rx_with_witness();
+  } else {
+    be_memory_inline_jit_restrict_rwx_to_rw_with_witness();
+  }
+#  else
  if (__builtin_available(macOS 11.0, *)) {
    pthread_jit_write_protect_np(executable);
  } else {
    MOZ_CRASH("pthread_jit_write_protect_np must be available");
  }
+#  endif
 }
 #endif