fix(whp): handle unaligned files in map_file_cow#1388
Open
danbugs wants to merge 1 commit intohyperlight-dev:mainfrom
Open
fix(whp): handle unaligned files in map_file_cow#1388danbugs wants to merge 1 commit intohyperlight-dev:mainfrom
danbugs wants to merge 1 commit intohyperlight-dev:mainfrom
Conversation
Windows CreateFileMappingW with a read-only file handle caps the section size at the file's actual size on disk (requesting max_size > file_size fails with ERROR_NOT_ENOUGH_MEMORY). For files whose size is not a multiple of the page size, the surrogate's MapViewOfFileNuma2 call was passing a page-aligned host_size that exceeded the section, failing with ERROR_ACCESS_DENIED — the map_file_cow zero-copy path was broken for any non-page-aligned file. Pass NumberOfBytesToMap=0 for ReadOnlyFile mappings so Windows maps the section to its end. MapViewOfFile always returns a view whose region is rounded up to a page boundary, and the OS zero-fills the tail of the final page — matching POSIX mmap semantics. SandboxMemory sections are always created with an explicit page-aligned size and still need the exact host_size so the guard-page bookkeeping below lines up, so keep host_size for that case. The map-file-cow-test example now covers an intentionally 8193-byte file to exercise the unaligned path. Signed-off-by: danbugs <danilochiarlone@gmail.com>
danbugs
requested review from
dblnz,
devigned,
jprendes,
ludfjig,
marosset,
simongdavies and
syntactically
as code owners
danbugs
added a commit
to danbugs/hyperlight-unikraft
that referenced
this pull request
Apr 18, 2026
hyperlight-dev/hyperlight#1388 is a required fix for running on Windows: any initrd CPIO whose size isn't a multiple of the page size (nearly all real-world initrds) fails MapViewOfFileNuma2 with ACCESS_DENIED. Revert to hyperlight-dev/hyperlight main once the PR merges. Signed-off-by: danbugs <danilochiarlone@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
map_file_cowsilently fails on Windows for any file whose size is not a multiple of the page size (i.e. almost every real-world initrd / filesystem image).CreateFileMappingWon a read-only file handle caps the section's max size at the file's on-disk size — requesting a larger size fails withERROR_NOT_ENOUGH_MEMORY. The surrogate then asksMapViewOfFileNuma2for a page-alignedhost_sizethat exceeds the section, which fails withERROR_ACCESS_DENIED.ReadOnlyFilemappings in the surrogate, passNumberOfBytesToMap=0(= "to end of section") instead of the caller's page-alignedhost_size.MapViewOfFilealways rounds the view up to a page boundary, and the OS zero-fills the tail of the final page — matching POSIXmmapsemantics. Zero-copy is preserved.SandboxMemorymappings still passhost_sizebecause the guard-page bookkeeping that follows depends on knowing the exact extent.map-file-cow-testnow maps both an aligned (8192-byte) and an intentionally unaligned (8193-byte) file as a regression test. The previous single-file test used exactly 2 pages and coincidentally masked this bug.