[Mac] Specify the MAP_JIT flag when allocating pages for V8.

In the future, macOS executables will be signed with the "runtime" option, which restricts the execution of writable memory. By specifying the MAP_JIT flag to mmap and code signing with the "com.apple.security.cs.allow-jit" entitlement, writable memory can be executed. Neither the runtime option or entitlement are currently specified during signing, but setting the MAP_JIT flag is harmless. The signing options will be specified in follow-up CLs. Bug: 850193 Change-Id: I834a75e65b815d5a9a62ef1e3d00e143b36d2ce4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1613809 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Cr-Commit-Position: refs/heads/master@{#660935}

[Mac] Specify the MAP_JIT flag when allocating pages for V8.
In the future, macOS executables will be signed with the "runtime" option, which restricts the execution of writable memory. By specifying the MAP_JIT flag to mmap and code signing with the "com.apple.security.cs.allow-jit" entitlement, writable memory can be executed. Neither the runtime option or entitlement are currently specified during signing, but setting the MAP_JIT flag is harmless. The signing options will be specified in follow-up CLs. Bug: 850193 Change-Id: I834a75e65b815d5a9a62ef1e3d00e143b36d2ce4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1613809 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Cr-Commit-Position: refs/heads/master@{#660935}
2011c945 · Robert Sesek · Commit Bot · 0dac9bfd · 2011c945
Commit 2011c945 authored May 17, 2019 by Robert Sesek Committed by Commit Bot May 17, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 2 deletions

base/allocator/partition_allocator/page_allocator_internals_posix.h ...ator/partition_allocator/page_allocator_internals_posix.h +13 -2

No files found.
--- a/base/allocator/partition_allocator/page_allocator_internals_posix.h
+++ b/base/allocator/partition_allocator/page_allocator_internals_posix.h
@@ -12,6 +12,8 @@
 #include "build/build_config.h"

 #if defined(OS_MACOSX)
+#include "base/mac/mac_util.h"
+
 #include <mach/mach.h>
 #endif
 #if defined(OS_LINUX)
@@ -66,12 +68,21 @@ void* SystemAllocPagesInternal(void* hint,
  int access_flag = GetAccessFlags(accessibility);
  int map_flags = MAP_ANONYMOUS | MAP_PRIVATE;

-  // TODO(https://crbug.com/927411): Remove once Fuchsia uses a native page
-  // allocator, rather than relying on POSIX compatibility.
+  // TODO(https://crbug.com/927411): Remove OS_FUCHSIA once Fuchsia uses a
+  // native page allocator, rather than relying on POSIX compatibility.
 #if defined(OS_FUCHSIA)
  if (page_tag == PageTag::kV8) {
    map_flags |= MAP_JIT;
  }
+#elif defined(OS_MACOSX)
+  // On macOS 10.14 and higher, executables that are code signed with the
+  // "runtime" option cannot execute writable memory by default. They can opt
+  // into this capability by specifying the "com.apple.security.cs.allow-jit"
+  // code signing entitlement and allocating the region with the MAP_JIT flag.
+  static const bool kNeedMapJIT = mac::IsAtLeastOS10_14();
+  if (page_tag == PageTag::kV8 && kNeedMapJIT) {
+    map_flags |= MAP_JIT;
+  }
 #endif

  void* ret =