Mmap and Genode - bug with MAP_ANON?

Alexander Tormasov a.tormasov at innopolis.ru
Sun Sep 1 02:52:17 CEST 2019 

I try to run a program which use the following hidden from me code:
It  call function to reserve some mem area using the following:

func sysReserve(v unsafe.Pointer, n uintptr, reserved *bool) unsafe.Pointer {
    // On 64-bit, people with ulimit -v set complain if we reserve too
    // much address space. Instead, assume that the reservation is okay
    // if we can reserve at least 64K and check the assumption in SysMap.
    // Only user-mode Linux (UML) rejects these requests.
    if sys.PtrSize == 8 && uint64(n) > 1<<32 {
        p, err := mmap_fixed(v, 64<<10, _PROT_NONE, _MAP_ANON|_MAP_PRIVATE, mmapFD, 0)
        if p != v || err != 0 {
            if err == 0 {
                munmap(p, 64<<10)
            }
            return nil
        }
        munmap(p, 64<<10)
        *reserved = false
        return v
    }
In Man page related to mmap I found that this combination of flags ignore FD:
MAP_PRIVATE
              Create a private copy-on-write mapping.  Updates to the
              mapping are not visible to other processes mapping the same
              file, and are not carried through to the underlying file.  It
              is unspecified whether changes made to the file after the
              mmap() call are visible in the mapped region.

MAP_ANONYMOUS
              The mapping is not backed by any file; its contents are
              initialized to zero.  The fd argument is ignored; however,
              some implementations require fd to be -1 if MAP_ANONYMOUS (or
              MAP_ANON) is specified, and portable applications should
              ensure this.  The offset argument should be zero.  The use of
              MAP_ANONYMOUS in conjunction with MAP_SHARED is supported on
              Linux only since kernel 2.4.

The code in Genode mmap wrapper try to find anyway the mapping for fd descriptor (-1 in my case) and fail because of
 libc_fd_to_fd(libc_fd, "mmap");:

__SYS_(void *, mmap, (void *addr, ::size_t length,
                      int prot, int flags,
                      int libc_fd, ::off_t offset),
{

    /* handle requests for anonymous memory */
    if (!addr && libc_fd == -1) {
        bool const executable = prot & PROT_EXEC;
        void *start = Libc::mem_alloc(executable)->alloc(length, PAGE_SHIFT);
        if (!start) {
            errno = ENOMEM;
            return MAP_FAILED;
        }
        mmap_registry()->insert(start, length, 0);
        return start;
    }

    /* lookup plugin responsible for file descriptor */
    File_descriptor *fd = libc_fd_to_fd(libc_fd, "mmap");
    if (!fd || !fd->plugin || !fd->plugin->supports_mmap()) {
        Genode::warning("mmap not supported for file descriptor ", libc_fd);
        errno = EBADF;
        return MAP_FAILED;
    }

    void *start = fd->plugin->mmap(addr, length, prot, flags, fd, offset);
    mmap_registry()->insert(start, length, fd->plugin);
    return start;
})

More information about the users mailing list