[vm] When dual mapping is enabled map the executable part as RX immediately

Currently the initial mapping for the executable mapping is read-only.
Once the first instruction object was allocated into an OS page we would
map that page as RX. Any further allocations of instructions objects
into the same page would just end up mapping it to RX again (even though
it is already that way).

To avoid those additional protection calls we can map the executable
mapping RX from the beginning (it will be filled with zeros after
allocation).

Issue #37739
Issue #36097

Change-Id: Ib83f0be8ea8dacc86646c0a3c0335f4886516caa
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/112244
Commit-Queue: Martin Kustermann <[email protected]>
Reviewed-by: Régis Crelier <[email protected]>

Author: mkustermann

runtime/vm/object.cc

@@ -80,6 +80,7 @@ DEFINE_FLAG(bool,
             false,
             "Remove script timestamps to allow for deterministic testing.");
 
+DECLARE_FLAG(bool, dual_map_code);
 DECLARE_FLAG(bool, intrinsify);
 DECLARE_FLAG(bool, show_invisible_frames);
 DECLARE_FLAG(bool, trace_deoptimization);
@@ -14964,15 +14965,24 @@ RawCode* Code::FinalizeCode(FlowGraphCompiler* compiler,
       // Check if a dual mapping exists.
       instrs = Instructions::RawCast(HeapPage::ToExecutable(instrs.raw()));
       uword exec_address = RawObject::ToAddr(instrs.raw());
-      if (exec_address != address) {
+      const bool use_dual_mapping = exec_address != address;
+      ASSERT(use_dual_mapping == FLAG_dual_map_code);
+
+      // When dual mapping is enabled the executable mapping is RX from the
+      // point of allocation and never changes protection.
+      // Yet the writable mapping is still turned back from RW to R.
+      if (use_dual_mapping) {
         VirtualMemory::Protect(reinterpret_cast<void*>(address),
                                instrs.raw()->HeapSize(),
                                VirtualMemory::kReadOnly);
         address = exec_address;
+      } else {
+        // If dual mapping is disabled and we write protect then we have to
+        // change the single mapping from RW -> RX.
+        VirtualMemory::Protect(reinterpret_cast<void*>(address),
+                               instrs.raw()->HeapSize(),
+                               VirtualMemory::kReadExecute);
       }
-      VirtualMemory::Protect(reinterpret_cast<void*>(address),
-                             instrs.raw()->HeapSize(),
-                             VirtualMemory::kReadExecute);
     }
 
     // Hook up Code and Instructions objects.

runtime/vm/virtual_memory_fuchsia.cc

@@ -69,6 +69,10 @@ VirtualMemory* VirtualMemory::AllocateAligned(intptr_t size,
   // is_executable = true) is allocated as non-executable and later
   // changed to executable via VirtualMemory::Protect, which requires
   // ZX_RIGHT_EXECUTE on the underlying VMO.
+  //
+  // If FLAG_dual_map_code is active, the executable mapping will be mapped RX
+  // immediately and never changes protection until it is eventually unmapped.
+  //
   // In addition, dual mapping of the same underlying code memory is provided.
   const bool dual_mapping =
       is_executable && FLAG_write_protect_code && FLAG_dual_map_code;
@@ -122,8 +126,10 @@ VirtualMemory* VirtualMemory::AllocateAligned(intptr_t size,
   VirtualMemory* result;
 
   if (dual_mapping) {
-    // ZX_VM_PERM_EXECUTE is added later via VirtualMemory::Protect.
-    const zx_vm_option_t alias_options = ZX_VM_PERM_READ | align_flag;
+    // The mapping will be RX and stays that way until it will eventually be
+    // unmapped.
+    const zx_vm_option_t alias_options =
+        ZX_VM_PERM_READ | ZX_VM_PERM_EXECUTE | align_flag;
     status = zx_vmar_map(vmar, alias_options, 0, vmo, 0u, size, &base);
     LOG_INFO("zx_vmar_map(%u, 0x%lx, 0x%lx)\n", alias_options, base, size);
     if (status != ZX_OK) {

runtime/vm/virtual_memory_posix.cc

@@ -164,6 +164,9 @@ VirtualMemory* VirtualMemory::AllocateAligned(intptr_t size,
   // When FLAG_write_protect_code is active, code memory (indicated by
   // is_executable = true) is allocated as non-executable and later
   // changed to executable via VirtualMemory::Protect.
+  //
+  // If FLAG_dual_map_code is active, the executable mapping will be mapped RX
+  // immediately and never changes protection until it is eventually unmapped.
   ASSERT(Utils::IsAligned(size, page_size_));
   ASSERT(Utils::IsPowerOfTwo(alignment));
   ASSERT(Utils::IsAligned(alignment, page_size_));
@@ -188,9 +191,10 @@ VirtualMemory* VirtualMemory::AllocateAligned(intptr_t size,
       close(fd);
       return NULL;
     }
+    // The mapping will be RX and stays that way until it will eventually be
+    // unmapped.
     MemoryRegion region(region_ptr, size);
-    // PROT_EXEC is added later via VirtualMemory::Protect.
-    const int alias_prot = PROT_READ;
+    const int alias_prot = PROT_READ | PROT_EXEC;
     void* alias_ptr =
         MapAligned(fd, alias_prot, size, alignment, allocated_size);
     close(fd);