macos: avoid mprotect checks for JIT pages (zherczeg#105)

Starting with macOS 11.2, mprotect calls for RWX pages will fail in Apple Silicon, even if the page was granted permission and it was requested the MAP_JIT flag, to better reflect the fact that the page returned by mmap wasn't really RWX. In macOS, there is an implementation for the executable allocator since e87e1cc (macos: add BigSur support to execalloc (zherczeg#90), 2020-11-30) that flips the bits as needed, so this extra safeward is no longer needed. HardenedBSD seems to be the last implementation of PaX that still lies, so restrict the code only to that platform. Fixes: zherczeg#99
vorosl · Oct 18, 2021 · d6a0fa6 · d6a0fa6
1 parent a3caf49
commit d6a0fa6
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/sljit_src/sljitExecAllocator.c b/sljit_src/sljitExecAllocator.c
@@ -192,10 +192,13 @@ static SLJIT_INLINE void* alloc_chunk(sljit_uw size)
 	if (retval == MAP_FAILED)
 		return NULL;
 
+#ifdef __FreeBSD__
+        /* HardenedBSD's mmap lies, so check permissions again */
 	if (mprotect(retval, size, PROT_READ | PROT_WRITE | PROT_EXEC) < 0) {
 		munmap(retval, size);
 		return NULL;
 	}
+#endif /* FreeBSD */
 
 	SLJIT_UPDATE_WX_FLAGS(retval, (uint8_t *)retval + size, 0);