VirtualBox

Ignore:
Timestamp:
Feb 16, 2020 8:11:06 PM (5 years ago)
Author:
vboxsync
Message:

IPRT/memobj-r0drv-darwin.cpp: Traced down the problematic vm_fault code, seems to go way back to 10.5, so always do rtR0MemObjNativeProtect in the task_kernel context when kernel_map is modified. Updated comments.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Runtime/r0drv/darwin/memobj-r0drv-darwin.cpp

    r83070 r83087  
    568568     * in XNU's vm_fault.c code, we have to defer allocations of exec memory to
    569569     * a thread running in the kernel_task to get consistent results here.
    570      * Believing is trouble is caused by the page_nx() + exec check, it was
    571      * introduced in 10.10.5 (or 10.11.0).
    572      * (PS. Doubt this is in anyway intentional behaviour, but rather unforseen
    573      * consequences from a pragmatic approach to modifying the complicate VM code.)
     570     *
     571     * Trouble strikes in vm_fault_enter() when cs_enforcement_enabled is determined
     572     * to be true because current process has the CS_ENFORCEMENT flag, the page flag
     573     * vmp_cs_validated is clear, and the protection mask includes VM_PROT_EXECUTE
     574     * (pmap_cs_enforced does not apply to macOS it seems).  This test seems to go
     575     * back to 10.5, though I'm not sure whether it's enabled for macOS that early
     576     * on.  Only VM_PROT_EXECUTE is problematic for kernel memory, (though
     577     * VM_PROT_WRITE on code signed pages is also problematic in theory).  As long as
     578     * kernel_task doesn't have CS_ENFORCEMENT enabled, we'll be fine switching to it.
    574579     */
    575580    if (!fExecutable || fOnKernelThread)
     
    14321437     * in has CS restrictions active, we cannot play around with the EXEC
    14331438     * protection because some vm_fault.c think we're modifying the process map
    1434      * or something.  Looks like this problem was introduced in 10.10.5 or/and
    1435      * 10.11.0, so for for Yosemite and up we'll just push the work off to a thread
    1436      * running in the kernel_task context and hope it has be better chance of
    1437      * consistent results.
     1439     * or something.
    14381440     */
    14391441    int rc;
    1440     if (   version_major >= 14 /* 10.10 = Yosemite */
    1441         && rtR0MemObjDarwinGetMap(pMem) == kernel_map)
     1442    if (rtR0MemObjDarwinGetMap(pMem) == kernel_map)
    14421443    {
    14431444        RTR0MEMOBJDARWINPROTECTARGS Args;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette