src/lj_mcode.c

   1 /*
   2 ** Machine code management.
   3 ** Copyright (C) 2005-2010 Mike Pall. See Copyright Notice in luajit.h
   4 */
   5
   6 #define lj_mcode_c
   7 #define LUA_CORE
   8
   9 #include "lj_obj.h"
  10
  11 #if LJ_HASJIT
  12
  13 #include "lj_gc.h"
  14 #include "lj_jit.h"
  15 #include "lj_mcode.h"
  16 #include "lj_trace.h"
  17 #include "lj_dispatch.h"
  18
  19 /* -- OS-specific functions ----------------------------------------------- */
  20
  21 #if defined(LUA_USE_WIN)
  22
  23 #define WIN32_LEAN_AND_MEAN
  24 #include <windows.h>
  25
  26 #define MCPROT_RW       PAGE_READWRITE
  27 #define MCPROT_RX       PAGE_EXECUTE_READ
  28 #define MCPROT_RWX      PAGE_EXECUTE_READWRITE
  29
  30 static LJ_AINLINE void *mcode_alloc(jit_State *J, size_t sz, DWORD prot)
  31 {
  32   void *p = VirtualAlloc(NULL, sz, MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN, prot);
  33   if (!p)
  34     lj_trace_err(J, LJ_TRERR_MCODEAL);
  35   return p;
  36 }
  37
  38 static LJ_AINLINE void mcode_free(jit_State *J, void *p, size_t sz)
  39 {
  40   UNUSED(J); UNUSED(sz);
  41   VirtualFree(p, 0, MEM_RELEASE);
  42 }
  43
  44 static LJ_AINLINE void mcode_setprot(void *p, size_t sz, DWORD prot)
  45 {
  46   DWORD oprot;
  47   VirtualProtect(p, sz, prot, &oprot);
  48 }
  49
  50 #elif defined(LUA_USE_POSIX)
  51
  52 #include <sys/mman.h>
  53
  54 #ifndef MAP_ANONYMOUS
  55 #define MAP_ANONYMOUS   MAP_ANON
  56 #endif
  57
  58 #define MCPROT_RW       (PROT_READ|PROT_WRITE)
  59 #define MCPROT_RX       (PROT_READ|PROT_EXEC)
  60 #define MCPROT_RWX      (PROT_READ|PROT_WRITE|PROT_EXEC)
  61
  62 static LJ_AINLINE void *mcode_alloc(jit_State *J, size_t sz, int prot)
  63 {
  64   void *p = mmap(NULL, sz, prot, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
  65   if (p == MAP_FAILED)
  66     lj_trace_err(J, LJ_TRERR_MCODEAL);
  67   return p;
  68 }
  69
  70 static LJ_AINLINE void mcode_free(jit_State *J, void *p, size_t sz)
  71 {
  72   UNUSED(J);
  73   munmap(p, sz);
  74 }
  75
  76 static LJ_AINLINE void mcode_setprot(void *p, size_t sz, int prot)
  77 {
  78   mprotect(p, sz, prot);
  79 }
  80
  81 #else
  82
  83 /* Fallback allocator. This will fail if memory is not executable by default. */
  84 #define LUAJIT_UNPROTECT_MCODE
  85 #define MCPROT_RW       0
  86 #define MCPROT_RX       0
  87 #define MCPROT_RWX      0
  88
  89 static LJ_AINLINE void *mcode_alloc(jit_State *J, size_t sz, int prot)
  90 {
  91   UNUSED(prot);
  92   return lj_mem_new(J->L, sz);
  93 }
  94
  95 static LJ_AINLINE void mcode_free(jit_State *J, void *p, size_t sz)
  96 {
  97   lj_mem_free(J2G(J), p, sz);
  98 }
  99
 100 #define mcode_setprot(p, sz, prot)      UNUSED(p)
 101
 102 #endif
 103
 104 /* -- MCode area management ----------------------------------------------- */
 105
 106 /* Define this ONLY if the page protection twiddling becomes a bottleneck. */
 107 #ifdef LUAJIT_UNPROTECT_MCODE
 108
 109 /* It's generally considered to be a potential security risk to have
 110 ** pages with simultaneous write *and* execute access in a process.
 111 **
 112 ** Do not even think about using this mode for server processes or
 113 ** apps handling untrusted external data (such as a browser).
 114 **
 115 ** The security risk is not in LuaJIT itself -- but if an adversary finds
 116 ** any *other* flaw in your C application logic, then any RWX memory page
 117 ** simplifies writing an exploit considerably.
 118 */
 119 #define MCPROT_GEN      MCPROT_RWX
 120 #define MCPROT_RUN      MCPROT_RWX
 121
 122 #else
 123
 124 /* This is the default behaviour and much safer:
 125 **
 126 ** Most of the time the memory pages holding machine code are executable,
 127 ** but NONE of them is writable.
 128 **
 129 ** The current memory area is marked read-write (but NOT executable) only
 130 ** during the short time window while the assembler generates machine code.
 131 */
 132 #define MCPROT_GEN      MCPROT_RW
 133 #define MCPROT_RUN      MCPROT_RX
 134
 135 #endif
 136
 137 /* Change protection of MCode area. */
 138 static void mcode_protect(jit_State *J, int prot)
 139 {
 140 #ifdef LUAJIT_UNPROTECT_MCODE
 141   UNUSED(J); UNUSED(prot);
 142 #else
 143   if (J->mcprot != prot) {
 144     mcode_setprot(J->mcarea, J->szmcarea, prot);
 145     J->mcprot = prot;
 146   }
 147 #endif
 148 }
 149
 150 /* Linked list of MCode areas. */
 151 typedef struct MCLink {
 152   MCode *next;          /* Next area. */
 153   size_t size;          /* Size of current area. */
 154 } MCLink;
 155
 156 /* Allocate a new MCode area. */
 157 static void mcode_allocarea(jit_State *J)
 158 {
 159   MCode *oldarea = J->mcarea;
 160   size_t sz = (size_t)J->param[JIT_P_sizemcode] << 10;
 161   sz = (sz + LJ_PAGESIZE-1) & ~(size_t)(LJ_PAGESIZE - 1);
 162   J->mcarea = (MCode *)mcode_alloc(J, sz, MCPROT_GEN);
 163   J->szmcarea = sz;
 164   J->mcprot = MCPROT_GEN;
 165   J->mctop = (MCode *)((char *)J->mcarea + J->szmcarea);
 166   J->mcbot = (MCode *)((char *)J->mcarea + sizeof(MCLink));
 167   ((MCLink *)J->mcarea)->next = oldarea;
 168   ((MCLink *)J->mcarea)->size = sz;
 169   J->szallmcarea += sz;
 170 }
 171
 172 /* Free all MCode areas. */
 173 void lj_mcode_free(jit_State *J)
 174 {
 175   MCode *mc = J->mcarea;
 176   J->mcarea = NULL;
 177   J->szallmcarea = 0;
 178   while (mc) {
 179     MCode *next = ((MCLink *)mc)->next;
 180     mcode_free(J, mc, ((MCLink *)mc)->size);
 181     mc = next;
 182   }
 183 }
 184
 185 /* -- MCode transactions -------------------------------------------------- */
 186
 187 /* Reserve the remainder of the current MCode area. */
 188 MCode *lj_mcode_reserve(jit_State *J, MCode **lim)
 189 {
 190   if (!J->mcarea)
 191     mcode_allocarea(J);
 192   else
 193     mcode_protect(J, MCPROT_GEN);
 194   *lim = J->mcbot;
 195   return J->mctop;
 196 }
 197
 198 /* Commit the top part of the current MCode area. */
 199 void lj_mcode_commit(jit_State *J, MCode *top)
 200 {
 201   J->mctop = top;
 202   mcode_protect(J, MCPROT_RUN);
 203 }
 204
 205 /* Abort the reservation. */
 206 void lj_mcode_abort(jit_State *J)
 207 {
 208   mcode_protect(J, MCPROT_RUN);
 209 }
 210
 211 /* Set/reset protection to allow patching of MCode areas. */
 212 MCode *lj_mcode_patch(jit_State *J, MCode *ptr, int finish)
 213 {
 214 #ifdef LUAJIT_UNPROTECT_MCODE
 215   UNUSED(J); UNUSED(ptr); UNUSED(finish);
 216   return NULL;
 217 #else
 218   if (finish) {
 219     if (J->mcarea == ptr)
 220       mcode_protect(J, MCPROT_RUN);
 221     else
 222       mcode_setprot(ptr, ((MCLink *)ptr)->size, MCPROT_RUN);
 223     return NULL;
 224   } else {
 225     MCode *mc = J->mcarea;
 226     /* Try current area first to use the protection cache. */
 227     if (ptr >= mc && ptr < mc + J->szmcarea) {
 228       mcode_protect(J, MCPROT_GEN);
 229       return mc;
 230     }
 231     /* Otherwise search through the list of MCode areas. */
 232     for (;;) {
 233       mc = ((MCLink *)mc)->next;
 234       lua_assert(mc != NULL);
 235       if (ptr >= mc && ptr < mc + ((MCLink *)mc)->size) {
 236         mcode_setprot(mc, ((MCLink *)mc)->size, MCPROT_GEN);
 237         return mc;
 238       }
 239     }
 240   }
 241 #endif
 242 }
 243
 244 /* Limit of MCode reservation reached. */
 245 void lj_mcode_limiterr(jit_State *J, size_t need)
 246 {
 247   size_t sizemcode, maxmcode;
 248   lj_mcode_abort(J);
 249   sizemcode = (size_t)J->param[JIT_P_sizemcode] << 10;
 250   sizemcode = (sizemcode + LJ_PAGESIZE-1) & ~(size_t)(LJ_PAGESIZE - 1);
 251   maxmcode = (size_t)J->param[JIT_P_maxmcode] << 10;
 252   if ((size_t)need > sizemcode)
 253     lj_trace_err(J, LJ_TRERR_MCODEOV);  /* Too long for any area. */
 254   if (J->szallmcarea + sizemcode > maxmcode)
 255     lj_trace_err(J, LJ_TRERR_MCODEAL);
 256   mcode_allocarea(J);
 257   lj_trace_err(J, LJ_TRERR_MCODELM);  /* Retry with new area. */
 258 }
 259
 260 #endif