10

How is runtime-generated machine-code (such as the output of a JIT), actually executed by the CPU if the CPU/OS has an Execution Disable bit?

As far as I know, many modern processors and Operating Systems include support for an NX bit, (including Intel and ARM), which prevents machine code that is stored at any address other than the code section of a compiled binary from being executed. Clearly, this is a nice security advantage, because it prevents shell-code injection attacks.

But how do JIT engines, like LLVM, which dynamically generate machine-code, get around this?

asked Sep 8, 2014 at 18:45
1
  • Take a look at the implementations of Memory::allocateMappedMemory to see how it is done in LLVM. - For *nix - For Windows Commented Sep 8, 2014 at 19:51

1 Answer 1

6

On Linux and many Posix systems, an application can change the protection of some range of the process address space in virtual memory using the mmap(2) and mprotect(2) syscalls.

So the JIT engine could use these (probably before emission of the machine code, but perhaps after it).

BTW, on some architectures, you may need to inform the CPU cache about newly available machine code segments, e.g. __builtin_clear_cache of GCC.

answered Sep 8, 2014 at 19:09

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.