One Level Up Top Level

src/lj_mcode.c - luajit-2.0-src

Data types defined

Functions defined

Macros defined

Source code

  1. /*
  2. ** Machine code management.
  3. ** Copyright (C) 2005-2015 Mike Pall. See Copyright Notice in luajit.h
  4. */

  6. #define lj_mcode_c
  7. #define LUA_CORE

  9. #include "lj_obj.h"
  10. #if LJ_HASJIT
  11. #include "lj_gc.h"
  12. #include "lj_err.h"
  13. #include "lj_jit.h"
  14. #include "lj_mcode.h"
  15. #include "lj_trace.h"
  16. #include "lj_dispatch.h"
  17. #endif
  18. #if LJ_HASJIT || LJ_HASFFI
  19. #include "lj_vm.h"
  20. #endif

  22. /* -- OS-specific functions ----------------------------------------------- */

  24. #if LJ_HASJIT || LJ_HASFFI

  26. /* Define this if you want to run LuaJIT with Valgrind. */
  27. #ifdef LUAJIT_USE_VALGRIND
  28. #include <valgrind/valgrind.h>
  29. #endif

  31. #if LJ_TARGET_IOS
  32. void sys_icache_invalidate(void *start, size_t len);
  33. #endif

  35. /* Synchronize data/instruction cache. */
  36. void lj_mcode_sync(void *start, void *end)
  37. {
  38. #ifdef LUAJIT_USE_VALGRIND
  39.   VALGRIND_DISCARD_TRANSLATIONS(start, (char *)end-(char *)start);
  40. #endif
  41. #if LJ_TARGET_X86ORX64
  42.   UNUSED(start); UNUSED(end);
  43. #elif LJ_TARGET_IOS
  44.   sys_icache_invalidate(start, (char *)end-(char *)start);
  45. #elif LJ_TARGET_PPC
  46.   lj_vm_cachesync(start, end);
  47. #elif defined(__GNUC__)
  48.   __clear_cache(start, end);
  49. #else
  50. #error "Missing builtin to flush instruction cache"
  51. #endif
  52. }

  54. #endif

  56. #if LJ_HASJIT

  58. #if LJ_TARGET_WINDOWS

  60. #define WIN32_LEAN_AND_MEAN
  61. #include <windows.h>

  63. #define MCPROT_RW        PAGE_READWRITE
  64. #define MCPROT_RX        PAGE_EXECUTE_READ
  65. #define MCPROT_RWX        PAGE_EXECUTE_READWRITE

  67. static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, DWORD prot)
  68. {
  69.   void *p = VirtualAlloc((void *)hint, sz,
  70.                          MEM_RESERVE|MEM_COMMIT|MEM_TOP_DOWN, prot);
  71.   if (!p && !hint)
  72.     lj_trace_err(J, LJ_TRERR_MCODEAL);
  73.   return p;
  74. }

  76. static void mcode_free(jit_State *J, void *p, size_t sz)
  77. {
  78.   UNUSED(J); UNUSED(sz);
  79.   VirtualFree(p, 0, MEM_RELEASE);
  80. }

  82. static int mcode_setprot(void *p, size_t sz, DWORD prot)
  83. {
  84.   DWORD oprot;
  85.   return !VirtualProtect(p, sz, prot, &oprot);
  86. }

  88. #elif LJ_TARGET_POSIX

  90. #include <sys/mman.h>

  92. #ifndef MAP_ANONYMOUS
  93. #define MAP_ANONYMOUS        MAP_ANON
  94. #endif

  96. #define MCPROT_RW        (PROT_READ|PROT_WRITE)
  97. #define MCPROT_RX        (PROT_READ|PROT_EXEC)
  98. #define MCPROT_RWX        (PROT_READ|PROT_WRITE|PROT_EXEC)

  100. static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot)
  101. {
  102.   void *p = mmap((void *)hint, sz, prot, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
  103.   if (p == MAP_FAILED) {
  104.     if (!hint) lj_trace_err(J, LJ_TRERR_MCODEAL);
  105.     p = NULL;
  106.   }
  107.   return p;
  108. }

  110. static void mcode_free(jit_State *J, void *p, size_t sz)
  111. {
  112.   UNUSED(J);
  113.   munmap(p, sz);
  114. }

  116. static int mcode_setprot(void *p, size_t sz, int prot)
  117. {
  118.   return mprotect(p, sz, prot);
  119. }

  121. #elif LJ_64

  123. #error "Missing OS support for explicit placement of executable memory"

  125. #else

  127. /* Fallback allocator. This will fail if memory is not executable by default. */
  128. #define LUAJIT_UNPROTECT_MCODE
  129. #define MCPROT_RW        0
  130. #define MCPROT_RX        0
  131. #define MCPROT_RWX        0

  133. static void *mcode_alloc_at(jit_State *J, uintptr_t hint, size_t sz, int prot)
  134. {
  135.   UNUSED(hint); UNUSED(prot);
  136.   return lj_mem_new(J->L, sz);
  137. }

  139. static void mcode_free(jit_State *J, void *p, size_t sz)
  140. {
  141.   lj_mem_free(J2G(J), p, sz);
  142. }

  144. #endif

  146. /* -- MCode area protection ----------------------------------------------- */

  148. /* Define this ONLY if page protection twiddling becomes a bottleneck. */
  149. #ifdef LUAJIT_UNPROTECT_MCODE

  151. /* It's generally considered to be a potential security risk to have
  152. ** pages with simultaneous write *and* execute access in a process.
  153. **
  154. ** Do not even think about using this mode for server processes or
  155. ** apps handling untrusted external data (such as a browser).
  156. **
  157. ** The security risk is not in LuaJIT itself -- but if an adversary finds
  158. ** any *other* flaw in your C application logic, then any RWX memory page
  159. ** simplifies writing an exploit considerably.
  160. */
  161. #define MCPROT_GEN        MCPROT_RWX
  162. #define MCPROT_RUN        MCPROT_RWX

  164. static void mcode_protect(jit_State *J, int prot)
  165. {
  166.   UNUSED(J); UNUSED(prot);
  167. }

  169. #else

  171. /* This is the default behaviour and much safer:
  172. **
  173. ** Most of the time the memory pages holding machine code are executable,
  174. ** but NONE of them is writable.
  175. **
  176. ** The current memory area is marked read-write (but NOT executable) only
  177. ** during the short time window while the assembler generates machine code.
  178. */
  179. #define MCPROT_GEN        MCPROT_RW
  180. #define MCPROT_RUN        MCPROT_RX

  182. /* Protection twiddling failed. Probably due to kernel security. */
  183. static LJ_NOINLINE void mcode_protfail(jit_State *J)
  184. {
  185.   lua_CFunction panic = J2G(J)->panic;
  186.   if (panic) {
  187.     lua_State *L = J->L;
  188.     setstrV(L, L->top++, lj_err_str(L, LJ_ERR_JITPROT));
  189.     panic(L);
  190.   }
  191. }

  193. /* Change protection of MCode area. */
  194. static void mcode_protect(jit_State *J, int prot)
  195. {
  196.   if (J->mcprot != prot) {
  197.     if (LJ_UNLIKELY(mcode_setprot(J->mcarea, J->szmcarea, prot)))
  198.       mcode_protfail(J);
  199.     J->mcprot = prot;
  200.   }
  201. }

  203. #endif

  205. /* -- MCode area allocation ----------------------------------------------- */

  207. #if LJ_TARGET_X64
  208. #define mcode_validptr(p)        ((p) && (uintptr_t)(p) < (uintptr_t)1<<47)
  209. #else
  210. #define mcode_validptr(p)        ((p) && (uintptr_t)(p) < 0xffff0000)
  211. #endif

  213. #ifdef LJ_TARGET_JUMPRANGE

  215. /* Get memory within relative jump distance of our code in 64 bit mode. */
  216. static void *mcode_alloc(jit_State *J, size_t sz)
  217. {
  218.   /* Target an address in the static assembler code (64K aligned).
  219.   ** Try addresses within a distance of target-range/2+1MB..target+range/2-1MB.
  220.   ** Use half the jump range so every address in the range can reach any other.
  221.   */
  222. #if LJ_TARGET_MIPS
  223.   /* Use the middle of the 256MB-aligned region. */
  224.   uintptr_t target = ((uintptr_t)(void *)lj_vm_exit_handler & 0xf0000000u) +
  225.                      0x08000000u;
  226. #else
  227.   uintptr_t target = (uintptr_t)(void *)lj_vm_exit_handler & ~(uintptr_t)0xffff;
  228. #endif
  229.   const uintptr_t range = (1u << (LJ_TARGET_JUMPRANGE-1)) - (1u << 21);
  230.   /* First try a contiguous area below the last one. */
  231.   uintptr_t hint = J->mcarea ? (uintptr_t)J->mcarea - sz : 0;
  232.   int i;
  233.   for (i = 0; i < 32; i++) {  /* 32 attempts ought to be enough ... */
  234.     if (mcode_validptr(hint)) {
  235.       void *p = mcode_alloc_at(J, hint, sz, MCPROT_GEN);

  237.       if (mcode_validptr(p) &&
  238.           ((uintptr_t)p + sz - target < range || target - (uintptr_t)p < range))
  239.         return p;
  240.       if (p) mcode_free(J, p, sz);  /* Free badly placed area. */
  241.     }
  242.     /* Next try probing pseudo-random addresses. */
  243.     do {
  244.       hint = (0x78fb ^ LJ_PRNG_BITS(J, 15)) << 16/* 64K aligned. */
  245.     } while (!(hint + sz < range));
  246.     hint = target + hint - (range>>1);
  247.   }
  248.   lj_trace_err(J, LJ_TRERR_MCODEAL);  /* Give up. OS probably ignores hints? */
  249.   return NULL;
  250. }

  252. #else

  254. /* All memory addresses are reachable by relative jumps. */
  255. static void *mcode_alloc(jit_State *J, size_t sz)
  256. {
  257. #ifdef __OpenBSD__
  258.   /* Allow better executable memory allocation for OpenBSD W^X mode. */
  259.   void *p = mcode_alloc_at(J, 0, sz, MCPROT_RUN);
  260.   if (p && mcode_setprot(p, sz, MCPROT_GEN)) {
  261.     mcode_free(J, p, sz);
  262.     return NULL;
  263.   }
  264.   return p;
  265. #else
  266.   return mcode_alloc_at(J, 0, sz, MCPROT_GEN);
  267. #endif
  268. }

  270. #endif

  272. /* -- MCode area management ----------------------------------------------- */

  274. /* Linked list of MCode areas. */
  275. typedef struct MCLink {
  276.   MCode *next;                /* Next area. */
  277.   size_t size;                /* Size of current area. */
  278. } MCLink;

  280. /* Allocate a new MCode area. */
  281. static void mcode_allocarea(jit_State *J)
  282. {
  283.   MCode *oldarea = J->mcarea;
  284.   size_t sz = (size_t)J->param[JIT_P_sizemcode] << 10;
  285.   sz = (sz + LJ_PAGESIZE-1) & ~(size_t)(LJ_PAGESIZE - 1);
  286.   J->mcarea = (MCode *)mcode_alloc(J, sz);
  287.   J->szmcarea = sz;
  288.   J->mcprot = MCPROT_GEN;
  289.   J->mctop = (MCode *)((char *)J->mcarea + J->szmcarea);
  290.   J->mcbot = (MCode *)((char *)J->mcarea + sizeof(MCLink));
  291.   ((MCLink *)J->mcarea)->next = oldarea;
  292.   ((MCLink *)J->mcarea)->size = sz;
  293.   J->szallmcarea += sz;
  294. }

  296. /* Free all MCode areas. */
  297. void lj_mcode_free(jit_State *J)
  298. {
  299.   MCode *mc = J->mcarea;
  300.   J->mcarea = NULL;
  301.   J->szallmcarea = 0;
  302.   while (mc) {
  303.     MCode *next = ((MCLink *)mc)->next;
  304.     mcode_free(J, mc, ((MCLink *)mc)->size);
  305.     mc = next;
  306.   }
  307. }

  309. /* -- MCode transactions -------------------------------------------------- */

  311. /* Reserve the remainder of the current MCode area. */
  312. MCode *lj_mcode_reserve(jit_State *J, MCode **lim)
  313. {
  314.   if (!J->mcarea)
  315.     mcode_allocarea(J);
  316.   else
  317.     mcode_protect(J, MCPROT_GEN);
  318.   *lim = J->mcbot;
  319.   return J->mctop;
  320. }

  322. /* Commit the top part of the current MCode area. */
  323. void lj_mcode_commit(jit_State *J, MCode *top)
  324. {
  325.   J->mctop = top;
  326.   mcode_protect(J, MCPROT_RUN);
  327. }

  329. /* Abort the reservation. */
  330. void lj_mcode_abort(jit_State *J)
  331. {
  332.   if (J->mcarea)
  333.     mcode_protect(J, MCPROT_RUN);
  334. }

  336. /* Set/reset protection to allow patching of MCode areas. */
  337. MCode *lj_mcode_patch(jit_State *J, MCode *ptr, int finish)
  338. {
  339. #ifdef LUAJIT_UNPROTECT_MCODE
  340.   UNUSED(J); UNUSED(ptr); UNUSED(finish);
  341.   return NULL;
  342. #else
  343.   if (finish) {
  344.     if (J->mcarea == ptr)
  345.       mcode_protect(J, MCPROT_RUN);
  346.     else if (LJ_UNLIKELY(mcode_setprot(ptr, ((MCLink *)ptr)->size, MCPROT_RUN)))
  347.       mcode_protfail(J);
  348.     return NULL;
  349.   } else {
  350.     MCode *mc = J->mcarea;
  351.     /* Try current area first to use the protection cache. */
  352.     if (ptr >= mc && ptr < (MCode *)((char *)mc + J->szmcarea)) {
  353.       mcode_protect(J, MCPROT_GEN);
  354.       return mc;
  355.     }
  356.     /* Otherwise search through the list of MCode areas. */
  357.     for (;;) {
  358.       mc = ((MCLink *)mc)->next;
  359.       lua_assert(mc != NULL);
  360.       if (ptr >= mc && ptr < (MCode *)((char *)mc + ((MCLink *)mc)->size)) {
  361.         if (LJ_UNLIKELY(mcode_setprot(mc, ((MCLink *)mc)->size, MCPROT_GEN)))
  362.           mcode_protfail(J);
  363.         return mc;
  364.       }
  365.     }
  366.   }
  367. #endif
  368. }

  370. /* Limit of MCode reservation reached. */
  371. void lj_mcode_limiterr(jit_State *J, size_t need)
  372. {
  373.   size_t sizemcode, maxmcode;
  374.   lj_mcode_abort(J);
  375.   sizemcode = (size_t)J->param[JIT_P_sizemcode] << 10;
  376.   sizemcode = (sizemcode + LJ_PAGESIZE-1) & ~(size_t)(LJ_PAGESIZE - 1);
  377.   maxmcode = (size_t)J->param[JIT_P_maxmcode] << 10;
  378.   if ((size_t)need > sizemcode)
  379.     lj_trace_err(J, LJ_TRERR_MCODEOV);  /* Too long for any area. */
  380.   if (J->szallmcarea + sizemcode > maxmcode)
  381.     lj_trace_err(J, LJ_TRERR_MCODEAL);
  382.   mcode_allocarea(J);
  383.   lj_trace_err(J, LJ_TRERR_MCODELM);  /* Retry with new area. */
  384. }

  386. #endif

One Level Up Top Level