!8913 修复linux内核版本jit签名必现问题

Merge pull request !8913 from Yiwei/jitfort

ecmascript/compiler/baseline/baseline_compiler.cpp

@@ -110,7 +110,7 @@ static void SetupCodeSigner([[maybe_unused]] EcmaVM *vm)
 {
 #ifdef JIT_ENABLE_CODE_SIGN
     bool enableCodeSign = !vm->GetJSOptions().GetDisableCodeSign();
-    if (enableCodeSign && IsSupportJitCodeSigner()) {
+    if (enableCodeSign && JitFort::IsResourceAvailable()) {
         JitSignCode *singleton = JitSignCode::GetInstance();
         singleton->Reset();
         JitCodeSignerBase *jitSigner = CreateJitCodeSigner(JitBufferIntegrityLevel::Level0);

ecmascript/compiler/codegen/maple/litecg_codegen.cpp

@@ -114,7 +114,7 @@ void LiteCGAssembler::Run(const CompilerLog &log, [[maybe_unused]] bool fastComp
                                         SaveFunc2Addr, SaveFunc2FPtoPrevSPDelta, SaveFunc2CalleeOffsetInfo,
                                         SavePC2DeoptInfo, SavePC2CallSiteInfo);
 #ifdef JIT_ENABLE_CODE_SIGN
-    isJit &= IsSupportJitCodeSigner();
+    isJit &= JitFort::IsResourceAvailable();
     if (isJit) {
         JitCodeSignerBase *jitSigner = CreateJitCodeSigner(JitBufferIntegrityLevel::Level0);
         JitSignCode *singleton = JitSignCode::GetInstance();

ecmascript/jit/jit_task.cpp

@@ -16,6 +16,9 @@
 #include "ecmascript/jit/jit_task.h"
 #include "ecmascript/jspandafile/program_object.h"
 #include "ecmascript/ohos/jit_tools.h"
+#ifdef JIT_ENABLE_CODE_SIGN
+#include "jit_buffer_integrity.h"
+#endif
 
 namespace panda::ecmascript {
 
@@ -399,7 +402,36 @@ bool JitTask::AsyncTask::CopyCodeToFort()
     if (desc.rodataSizeBeforeTextAlign != 0) {
         pText += desc.rodataSizeBeforeTextAlign;
     }
-    return MachineCode::CopyToCache(desc, pText, "CopyCodeToFort");
+#ifdef JIT_ENABLE_CODE_SIGN
+    if ((uintptr_t)desc.codeSigner == 0) {
+        if (memcpy_s(pText, desc.codeSizeAlign, reinterpret_cast<uint8_t*>(desc.codeAddr), desc.codeSize) != EOK) {
+            LOG_JIT(ERROR) << "memcpy failed in CopyToCache";
+            return false;
+        }
+    } else {
+        LOG_JIT(DEBUG) << "Copy: "
+                       << std::hex << (uintptr_t)pText << " <- "
+                       << std::hex << (uintptr_t)desc.codeAddr << " size: " << desc.codeSize;
+        LOG_JIT(DEBUG) << "     codeSigner = " << std::hex << (uintptr_t)desc.codeSigner;
+        OHOS::Security::CodeSign::JitCodeSignerBase *signer =
+            reinterpret_cast<OHOS::Security::CodeSign::JitCodeSignerBase*>(desc.codeSigner);
+        int err = OHOS::Security::CodeSign::CopyToJitCode(
+            signer, pText, reinterpret_cast<void *>(desc.codeAddr), desc.codeSize);
+        if (err != EOK) {
+            LOG_JIT(ERROR) << "     CopyToJitCode failed, err: " << err;
+            return false;
+        } else {
+            LOG_JIT(DEBUG) << "     CopyToJitCode success!!";
+        }
+        delete reinterpret_cast<OHOS::Security::CodeSign::JitCodeSignerBase*>(desc.codeSigner);
+    }
+#else
+    if (memcpy_s(pText, desc.codeSizeAlign, reinterpret_cast<uint8_t*>(desc.codeAddr), desc.codeSize) != EOK) {
+        LOG_JIT(ERROR) << "memcpy failed in CopyToCache";
+        return false;
+    }
+#endif
+    return true;
 }
 
 bool JitTask::AsyncTask::AllocFromFortAndCopy()

ecmascript/jit/jit_task.h

@@ -266,9 +266,9 @@ public:
         }
 
         bool AllocFromFortAndCopy();
-        bool CopyCodeToFort();
 
     private:
+        ARK_INLINE bool CopyCodeToFort();
         std::shared_ptr<JitTask> jitTask_ { nullptr };
     };
 private:

ecmascript/mem/jit_fort.cpp

@@ -36,8 +36,9 @@ FreeListAllocator<MemDesc>::FreeListAllocator(BaseHeap *heap, MemDescPool *pool,
 
 JitFort::JitFort()
 {
-    jitFortMem_ = PageMap(JIT_FORT_REG_SPACE_MAX, PageProtectProt(Jit::GetInstance()->IsDisableCodeSign()),
-        DEFAULT_REGION_SIZE, nullptr, MAP_JITFORT);
+    jitFortMem_ = PageMap(JIT_FORT_REG_SPACE_MAX,
+                          PageProtectProt(Jit::GetInstance()->IsDisableCodeSign() || !IsResourceAvailable()),
+                          DEFAULT_REGION_SIZE, nullptr, MAP_JITFORT);
     jitFortBegin_ = reinterpret_cast<uintptr_t>(jitFortMem_.GetMem());
     jitFortSize_ = JIT_FORT_REG_SPACE_MAX;
     memDescPool_ = new MemDescPool(jitFortBegin_, jitFortSize_);
@@ -256,6 +257,11 @@ JitFortRegion *JitFort::ObjectAddressToRange(uintptr_t objAddress)
     return region;
 }
 
+bool JitFort::isResourceAvailable_ = true;
+bool JitFort::IsResourceAvailable()
+{
+    return isResourceAvailable_;
+}
 void JitFort::InitJitFortResource()
 {
 #if defined(JIT_ENABLE_CODE_SIGN) && !defined(JIT_FORT_DISABLE)
@@ -263,11 +269,13 @@ void JitFort::InitJitFortResource()
     if (!Jit::GetInstance()->IsAppJit()) {
         int fd = open("/dev/xpm", O_RDWR);
         if (fd < 0) {
+            isResourceAvailable_ = false;
             LOG_JIT(ERROR) << "Failed to init jitfort resource, open xpm failed: " << strerror(errno);
             return;
         }
         int rc = ioctl(fd, XPM_SET_JITFORT_ENABLE, 0);
         if (rc < 0) {
+            isResourceAvailable_ = false;
             LOG_JIT(ERROR) << "Failed to init jitfort resource, enable xpm failed: " << strerror(errno);
             close(fd);
             return;
@@ -278,7 +286,14 @@ void JitFort::InitJitFortResource()
     constexpr int jitFortInit = 5;
     int res = prctl(prSetJitFort, jitFortInit, 0);
     if (res < 0) {
-        LOG_JIT(ERROR) << "Failed to init jitfort resource";
+        isResourceAvailable_ = false;
+        LOG_JIT(ERROR) << "Failed to init jitfort resource: " << strerror(errno);
+        return;
+    }
+    res = prctl(prSetJitFort, jitFortInit, 0);
+    if (res >= 0 || errno != EEXIST) {
+        isResourceAvailable_ = false;
+        LOG_JIT(ERROR) << "jitfort not support";
     }
 #endif
 }

ecmascript/mem/jit_fort.h

@@ -74,8 +74,10 @@ public:
     void UpdateFreeSpace();
     JitFortRegion *ObjectAddressToRange(uintptr_t objAddress);
     static void InitJitFortResource();
+    PUBLIC_API static bool IsResourceAvailable();
 
 private:
+    static bool isResourceAvailable_;
     FreeListAllocator<MemDesc> *allocator_ {nullptr};
 
     // Fort memory space

ecmascript/mem/machine_code.cpp

@@ -37,9 +37,8 @@ static bool SetPageProtect(uint8_t *textStart, size_t dataSize)
     return true;
 }
 
-int MachineCode::CopyToCache(const MachineCodeDesc &desc, uint8_t *pText, std::string str)
+ARK_INLINE static int MachineCodeCopyToCache(const MachineCodeDesc &desc, uint8_t *pText)
 {
-    std::string title = str;
 #ifdef JIT_ENABLE_CODE_SIGN
     if ((uintptr_t)desc.codeSigner == 0) {
         if (memcpy_s(pText, desc.codeSizeAlign, reinterpret_cast<uint8_t*>(desc.codeAddr), desc.codeSize) != EOK) {
@@ -85,7 +84,7 @@ bool MachineCode::SetText(const MachineCodeDesc &desc)
     }
     if (!Jit::GetInstance()->IsEnableJitFort() || !Jit::GetInstance()->IsEnableAsyncCopyToFort() ||
         !desc.isAsyncCompileMode) {
-        if (CopyToCache(desc, pText, "FastJit") == false) {
+        if (MachineCodeCopyToCache(desc, pText) == false) {
             return false;
         }
     }
@@ -211,7 +210,7 @@ bool MachineCode::SetBaselineCodeData(const MachineCodeDesc &desc,
 
     if (!Jit::GetInstance()->IsEnableJitFort() || !Jit::GetInstance()->IsEnableAsyncCopyToFort() ||
         !desc.isAsyncCompileMode) {
-        if (CopyToCache(desc, pText, "Baseline") == false) {
+        if (MachineCodeCopyToCache(desc, pText) == false) {
             return false;
         }
     }

ecmascript/mem/machine_code.h

@@ -207,7 +207,6 @@ public:
     bool SetData(const MachineCodeDesc &desc, JSHandle<Method> &method, size_t dataSize);
     bool SetText(const MachineCodeDesc &desc);
     bool SetNonText(const MachineCodeDesc &desc, EntityId methodId);
-    static int CopyToCache(const MachineCodeDesc &desc, uint8_t *pText, std::string str);
 
     template <VisitType visitType>
     void VisitRangeSlot(const EcmaObjectRangeVisitor &visitor)

ecmascript/mem/space.cpp

@@ -150,7 +150,8 @@ Region *HugeMachineCodeSpace::AllocateFort(size_t objectSize, JSThread *thread,
 
     // Enabe JitFort rights control
     [[maybe_unused]] void *addr = PageMapExecFortSpace((void *)desc->instructionsAddr, allocSize - mutableSize,
-        PageProtectProt(reinterpret_cast<Heap *>(heap_)->GetEcmaVM()->GetJSOptions().GetDisableCodeSign()));
+        PageProtectProt(reinterpret_cast<Heap *>(heap_)->GetEcmaVM()->GetJSOptions().GetDisableCodeSign() ||
+            !JitFort::IsResourceAvailable()));
 
     ASSERT(addr == (void *)desc->instructionsAddr);
     return region;

ecmascript/ohos/jit_tools.h

@@ -19,9 +19,12 @@
 #include "ecmascript/pgo_profiler/pgo_profiler_manager.h"
 #include "ecmascript/platform/aot_crash_info.h"
 
-#if defined(JIT_ESCAPE_ENABLE) || defined(GET_PARAMETER_FOR_JIT)
+#if defined(JIT_ESCAPE_ENABLE) || defined(GET_PARAMETER_FOR_JIT) || defined(JIT_ENABLE_CODE_SIGN)
 #include "base/startup/init/interfaces/innerkits/include/syspara/parameters.h"
 #endif
+#if defined(JIT_ENABLE_CODE_SIGN)
+#include "jit_buffer_integrity.h"
+#endif
 
 namespace panda::ecmascript::ohos {
 using PGOProfilerManager = panda::ecmascript::pgo::PGOProfilerManager;
@@ -85,7 +88,8 @@ public:
     static bool GetCodeSignDisable(bool value)
     {
     #ifdef JIT_ENABLE_CODE_SIGN
-        return OHOS::system::GetBoolParameter("persist.ark.jit.codesign.disable", false);
+        return OHOS::system::GetBoolParameter("persist.ark.jit.codesign.disable", false) ||
+               !OHOS::Security::CodeSign::IsSupportJitCodeSigner();
     #endif
         return value;
     }

libark_jsruntime.map

@@ -226,6 +226,7 @@
       panda::ecmascript::JITProfiler::ProfileBytecode*;
       panda::ecmascript::JitThread::GetHostThread*;
       panda::ecmascript::Jit::TimeScope::~TimeScope*;
+      panda::ecmascript::JitFort::IsResourceAvailable*;
       panda::ecmascript::Heap::AddGCListener*;
       panda::ecmascript::Heap::RemoveGCListener*;
       panda::ecmascript::JSTaggedValue::SetProperty*;