From 7522bca4d67d68535b66cc1d5e66f7d7fdcc659e Mon Sep 17 00:00:00 2001 From: Daniel Risto Date: Sun, 22 Mar 2026 13:15:16 +0100 Subject: [PATCH] Fix SPRX Loader segfault on Apple ARM64 by excluding MAP_JIT from memory mapping regions On Apple ARM64, memory_reserve unconditionally applies MAP_JIT to all reservations. However, regions marked as is_memory_mapping are later replaced by file-backed MAP_FIXED mappings via shm::map/map_critical. Overlaying a file-backed MAP_FIXED mapping onto a MAP_JIT region causes the resulting pages to be inaccessible, leading to a segfault when the SPRX Loader attempts to write module data into PS3 memory (g_sudo_addr). Fix: Only apply MAP_JIT for non-mapping regions. Memory mapping regions don't need JIT capability since they use shared memory for the PS3 address space, not executable JIT code. Tested on Apple M3 Max, macOS 26.3.1. The SPRX Loader now successfully loads all modules and emulation proceeds past the loading stage. --- rpcs3/util/vm_native.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rpcs3/util/vm_native.cpp b/rpcs3/util/vm_native.cpp index ed1e0060c9..5821300fc3 100644 --- a/rpcs3/util/vm_native.cpp +++ b/rpcs3/util/vm_native.cpp @@ -253,7 +253,11 @@ namespace utils #ifdef __APPLE__ #ifdef ARCH_ARM64 - auto ptr = ::mmap(use_addr, size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_JIT | c_map_noreserve, -1, 0); + // Memory mapping regions will be replaced by file-backed MAP_FIXED mappings + // (via shm::map), which is incompatible with MAP_JIT. Only use MAP_JIT for + // non-mapping regions that need JIT executable support. + const int jit_flag = is_memory_mapping ? 0 : MAP_JIT; + auto ptr = ::mmap(use_addr, size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | jit_flag | c_map_noreserve, -1, 0); #else auto ptr = ::mmap(use_addr, size, PROT_NONE, MAP_ANON | MAP_PRIVATE | MAP_JIT | c_map_noreserve, -1, 0); #endif