Apple says that on ARM64 Macs memory regions can have either write or execution permissions for a thread. How would someone find out the current permissions for a memory region for a thread in lldb? I have tried 'memory region ' but that returns rwx. I am working on a Just-In-Time compiler that will run on my M1 Mac. For testing I made a small simulation of a Just-In-Time compiler.
#include <cstdio>
#include <sys/mman.h>
#include <pthread.h>
#include <libkern/OSCacheControl.h>
#include <stdlib.h>
int main(int argc, const char * argv[]) {
size_t size = 1024 * 1024 * 640;
int prot = PROT_READ | PROT_WRITE | PROT_EXEC;
int flags = MAP_PRIVATE | MAP_ANONYMOUS | MAP_JIT;
int fd = -1;
int offset = 0;
unsigned *addr = 0;
// allocate a mmap'ed region of memory
addr = (unsigned *)mmap(0, size, prot, flags, fd, offset);
if (addr == MAP_FAILED){
printf("failure detected\n");
exit(-1);
}
pthread_jit_write_protect_np(0);
// Write instructions to the memory
addr[0] = 0xd2800005; // mov x5, #0x0
addr[1] = 0x910004a5; // add x5, x5, #0x1
addr[2] = 0x17ffffff; // b <address>
pthread_jit_write_protect_np(1);
sys_icache_invalidate(addr, size);
// Execute the code
int(*f)() = (int (*)()) addr;
(*f)();
return 0;
}
Once the assembly instructions start executing thru the (*f)() call, I can pause execution in Xcode and type
memory region {address of instructions}
into the debugger. For some reason it keeps returning 'rwx'. Am I using the right command or could this be a bug with lldb?
I found out the answer to my question is to read an undocumented Apple register called S3_6_c15_c1_5.
This code reads the raw value from the register:
// Returns the S3_6_c15_c1_5 register's value
uint64_t read_S3_6_c15_c1_5_register(void)
{
uint64_t v;
__asm__ __volatile__("isb sy\n"
"mrs %0, S3_6_c15_c1_5\n"
: "=r"(v)::"memory");
return v;
}
This code tells you what your thread's current mode is:
// Returns the mode for a thread.
// Returns "Executable" or "Writable".
// Remember to free() the value returned by this function.
char *get_thread_mode()
{
uint64_t value = read_S3_6_c15_c1_5_register();
char *return_value = (char *) malloc(50);
switch(value)
{
case 0x2010000030300000:
sprintf(return_value, "Writable");
break;
case 0x2010000030100000:
sprintf(return_value, "Executable");
break;
default:
sprintf(return_value, "Unknown state: %llx", value);
}
return return_value;
}
This is a small test program to demonstrate these two functions:
int main(int argc, char *argv[]) {
pthread_jit_write_protect_np(1);
printf("Thread's mode: %s\n", get_thread_mode());
// The mode is Executable
pthread_jit_write_protect_np(0);
printf("Thread's mode: %s\n", get_thread_mode());
// The mode is Writable
return 0;
}