1837194 - Support MAP_JIT with pthread_jit_write_protect_np on Apple Silicon

Status: RESOLVED FIXED

(Core :: JavaScript Engine: JIT, task)

Description

[Jan de Mooij [:jandem]]

See bug 1835876 comment 5. We can't do RWX on this platform, so we need to use Apple's thread-local permission switching APIs. I have a prototype of this working locally for the JS JITs.

Comment 1

[Jan de Mooij [:jandem]]

Attachment: Bug 1837194 - Use MAP_JIT with pthread_jit_write_protect_np on Apple Silicon. r?nbp!,mstange!,rhunt!

On Mac ARM64 hardware we still use mprotect and W^X because supporting RWX pages
requires additional changes. This patch makes those changes.

With Apple's fast thread-local writable/executable toggling API for all JIT pages
(pthread_jit_write_protect_np) this is a much more efficient version of W^X.

Using MAP_JIT requires some changes to how we reserve and commit JIT pages because
of additional restrictions the kernel enforces for these regions.

Comment 2

[Jan de Mooij [:jandem]]

Attachment: Bug 1837194 - Add com.apple.security.cs.allow-jit entitlement. r?haik!

Now that we're using MAP_JIT on Apple Silicon we should also use the allow-jit
entitlement.

The weaker allow-unsigned-executable-memory entitlement is still needed for the Intel
hardware where we don't use MAP_JIT yet. We'll probably be able to use MAP_JIT there
too at some point, but for now this is a step in the right direction.

Depends on D180407

Comment 3

[Pulsebot]

Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fa183f58a682
Use MAP_JIT with pthread_jit_write_protect_np on Apple Silicon. r=nbp,mstange,rhunt
https://hg.mozilla.org/integration/autoland/rev/1dc3aecfed3a
Add com.apple.security.cs.allow-jit entitlement. r=haik

Comment 4

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/fa183f58a682
https://hg.mozilla.org/mozilla-central/rev/1dc3aecfed3a