Hello,
On a x86_64 host I'm building an executable that uses JIT (asmjit) and dynamically loads a library. When running on arm64, running that executable segfaults:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000058
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [2107]
I'm using the following entitlements:
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
and that's how I sign it:
codesign \
--sign "-" \
--verbose=4 \
--options=runtime \
--entitlements=erts/etc/darwin/Entitlements.plist \
release/*/erts-*/bin/*
I noticed that when JIT is disabled, everything works fine.
When JIT is enabled, but there's no disable-library-validation
entitlement, there's no segfault but loading the library fails:
dlopen(/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so, 2): no suitable image found. Did find:
/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so: code signature in (/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so: stat() failed with errno=35
If I code sign the library:
codesign \
--sign "-" \
--verbose=4 \
--options=runtime \
release/*/lib/crypto-*/priv/lib/crypto.so
then the error becomes:
dlopen(/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so, 2): no suitable image found. Did find:
/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so: code signature in (/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so) not valid for use in process using Library Validation: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)
/Users/wojtek/otp/lib/crypto-5.0.3/priv/lib/crypto.so: stat() failed with errno=35
In terms of reproducing this issue, unfortunately I wasn't able to create a minimal program that does it. You should see the error when following https://github.com/erlang/otp/pull/5036#issuecomment-933397076 though.
Any guidance would be very appreciated.
The library validation errors you’re seeing are only relevant if you have the hardened runtime enabled. Just for investigative purposes, disable the hardened runtime (and remove those entitlements because they’re pointless if the hardened runtime is disabled) and see if you continue to experience the problem.
If so, please post a full crash report. See Posting a Crash Report for some advice on how to do that.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"