Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an map_copy_read_only API #81

Open
rocallahan opened this issue Nov 6, 2018 · 4 comments
Open

Add an map_copy_read_only API #81

rocallahan opened this issue Nov 6, 2018 · 4 comments

Comments

@rocallahan
Copy link

It's useful to be able to map a file PROT_READ and MAP_PRIVATE on Linux. Later on you can make some pages writeable and write them, or use /proc/.../mem to write them. Currently memmap can do this but it takes two steps: a map_copy followed by make_read_only, during which there's a short window when the pages are writeable.
@fogti
Copy link

fogti commented Jan 2, 2019

PROT_READ + MAP_PRIVATE is also useful if one then casts the slice into utf8 because this allows an safer usage of mmap (verified const utf8 content (&[u8]) will stay the same, without violation of Rusts strict aliasing rules).

@fogti
Copy link

fogti commented Jan 4, 2019
edited
Loading

example usage: https://github.com/zserik/readfilez/blob/master/src/lib.rs

@fogti fogti mentioned this issue Jan 6, 2019
Closed
@adamreichold
Copy link

adamreichold commented Mar 21, 2021
edited
Loading

@zseri I am somewhat late to comment on this, but I think

PROT_READ + MAP_PRIVATE is also useful if one then casts the slice into utf8 because this allows an safer usage of mmap (verified const utf8 content (&[u8]) will stay the same, without violation of Rusts strict aliasing rules).

is not correct as the Linux manual page for mmap says

It is unspecified whether changes made to the file after the mmap() call are visible in the mapped region.

concerning MAP_PRIVATE, i.e. it ensures that your changes do not propagate to the underlying file, but it does not seem to ensure that changes to the underlying file do not propagate into your mapping, i.e. another process could possibly turn the file contents into invalid UTF-8 after you validated it.

As a result of the discussion at https://users.rust-lang.org/t/how-unsafe-is-mmap/19635, I think we need another mapping mode that is sort of the converse of MAP_PRIVATE, maybe MAP_SNAPSHOT, which ensures that if a process has read a page at least once, it will not change even if the underlying file changes. Or alternatively, the unspecified part of the behaviour of MAP_PRIVATE would need to be strengthened into that direction.

@fogti
Copy link

fogti commented Mar 21, 2021

Yeah, I also noticed that... A far bigger problem is also that the underlying file can suddenly become truncated, and if the mapping is then read, it might fail with SIGBUS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add an map_copy_read_only API
3 participants
@rocallahan @fogti @adamreichold