On Tue, Oct 27, 2020 at 08:07:00PM -0700, Joelle van Dyne wrote: > On iOS, we cannot allocate RWX pages without special entitlements. As a > workaround, we can allocate a RX region and then mirror map it to a separate > RX region. Then we can write to one region and execute from the other one.
"separate RW region"? The sentence doesn't seem to make sense if both regions are RX. > > When entitlements are available (macOS or jailbroken iOS), a hardware > feature called APRR exists on newer Apple Silicon that can cheaply mark JIT > pages as either RX or RW. Reverse engineered functions from > libsystem_pthread.dylib are implemented to handle this. What does "Reverse engineered functions" mean? We cannot accept code into QEMU that is a potential liability if Apple could claim it has been copied, derived, etc without permission. If libsystem_pthread.dylib is open source, especially under a permissive license, then it's probably okay. Can you clarify?
signature.asc
Description: PGP signature