Make ZipOS mmap safer (#735)

- It now runs entirely under __mmi_lock - Hide implementation strace
2025-07-06 03:08:31 +00:00 · 2023-02-22 21:57:36 -05:00 · 2023-02-22 21:57:36 -05:00 · b275e664ec
commit b275e664ec
parent e323527ffa
6 changed files with 44 additions and 29 deletions
--- a/libc/runtime/internal.h
+++ b/libc/runtime/internal.h
@ -44,6 +44,9 @@ int GetDosEnviron(const char16_t *, char *, size_t, char **, size_t);
 bool __intercept_flag(int *, char *[], const char *);
 int sys_mprotect_nt(void *, size_t, int) _Hide;
 int __inflate(void *, size_t, const void *, size_t);
+noasan void *Mmap(void *addr, size_t size, int prot, int flags, int fd,
+                  int64_t off) _Hide;
+noasan int Munmap(char *, size_t) _Hide;

 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
--- a/libc/runtime/mmap.c
+++ b/libc/runtime/mmap.c
@ -238,8 +238,8 @@ static textwindows dontinline noasan void *MapMemories(char *addr, size_t size,
  return addr;
 }

-static noasan inline void *Mmap(void *addr, size_t size, int prot, int flags,
-                                int fd, int64_t off) {
+noasan inline void *Mmap(void *addr, size_t size, int prot, int flags, int fd,
+                         int64_t off) {
  char *p = addr;
  struct DirectMap dm;
  int a, b, i, f, m, n, x;
@ -485,12 +485,7 @@ static noasan inline void *Mmap(void *addr, size_t size, int prot, int flags,
 */
 void *mmap(void *addr, size_t size, int prot, int flags, int fd, int64_t off) {
  void *res;
-  size_t toto;
-  if (__isfdkind(fd, kFdZip)) {
-    return _weaken(__zipos_mmap)(
-        addr, size, prot, flags,
-        (struct ZiposHandle *)(intptr_t)g_fds.p[fd].handle, off);
-  }
+  size_t toto = 0;
 #if defined(SYSDEBUG) && (_KERNTRACE || _NTTRACE)
  if (IsWindows()) {
    STRACE("mmap(%p, %'zu, %s, %s, %d, %'ld) → ...", addr, size,
@ -498,7 +493,13 @@ void *mmap(void *addr, size_t size, int prot, int flags, int fd, int64_t off) {
  }
 #endif
  __mmi_lock();
-  res = Mmap(addr, size, prot, flags, fd, off);
+  if (!__isfdkind(fd, kFdZip)) {
+    res = Mmap(addr, size, prot, flags, fd, off);
+  } else {
+    res = _weaken(__zipos_Mmap)(
+        addr, size, prot, flags,
+        (struct ZiposHandle *)(intptr_t)g_fds.p[fd].handle, off);
+  }
 #if SYSDEBUG
  toto = __strace > 0 ? GetMemtrackSize(&_mmi) : 0;
 #endif
--- a/libc/runtime/munmap.c
+++ b/libc/runtime/munmap.c
@ -40,8 +40,6 @@
 #define ADDR(x)    ((int64_t)((uint64_t)(x) << 32) >> 16)
 #define FRAME(x)   ((int)((intptr_t)(x) >> 16))

-static noasan int Munmap(char *, size_t);
-
 static noasan void MunmapShadow(char *p, size_t n) {
  intptr_t a, b, x, y;
  KERNTRACE("MunmapShadow(%p, %'zu)", p, n);
@ -115,7 +113,7 @@ static noasan void MunmapImpl(char *p, size_t n) {
  }
 }

-static noasan int Munmap(char *p, size_t n) {
+noasan int Munmap(char *p, size_t n) {
  unsigned i;
  char poison;
  intptr_t a, b, x, y;