[vm] Disable --write-protect-code on non-Mac OSes.

We still need to maintain W^X on iOS and Mac OS X. TEST=ci Change-Id: I78f005055d090d54f5da478164a73f18e11a32ac Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/345303 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Slava Egorov <vegorov@google.com>
dart-lang · Jan 9, 2024 · e9f51b8 · e9f51b8
1 parent c338b85
commit e9f51b8
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/runtime/vm/code_patcher.cc b/runtime/vm/code_patcher.cc
@@ -10,7 +10,20 @@
 
 namespace dart {
 
-DEFINE_FLAG(bool, write_protect_code, true, "Write protect jitted code");
+#if defined(DART_HOST_OS_MACOS) || defined(DART_HOST_OS_MACOS_IOS)
+// On iOS even with debugger attached we must still guarantee that memory
+// is never executable and writable at the same time. On Mac OS X
+// com.apple.security.cs.allow-jit entitelement allows WX memory regions to be
+// created - but we should not rely on this entitelement to be present.
+static constexpr bool kShouldWriteProtectCodeByDefault = true;
+#else
+static constexpr bool kShouldWriteProtectCodeByDefault = false;
+#endif
+
+DEFINE_FLAG(bool,
+            write_protect_code,
+            kShouldWriteProtectCodeByDefault,
+            "Write protect jitted code");
 
 #if defined(TARGET_ARCH_IA32)
 WritableInstructionsScope::WritableInstructionsScope(uword address,