fix(whp): use NULL DACL for map_file_cow file mapping sections#1386
Merged
jprendes merged 4 commits intohyperlight-dev:mainfrom Apr 17, 2026
Merged
fix(whp): use NULL DACL for map_file_cow file mapping sections#1386jprendes merged 4 commits intohyperlight-dev:mainfrom
jprendes merged 4 commits intohyperlight-dev:mainfrom
Conversation
danbugs
requested review from
dblnz,
devigned,
jprendes,
ludfjig,
marosset,
simongdavies and
syntactically
as code owners
danbugs
force-pushed
the
fix/whp-map-file-cow-dacl
branch
from
8e90e1c to
397dec1
Compare
File-backed sections created with the default DACL via CreateFileMappingW fail with ERROR_ACCESS_DENIED when mapped into a surrogate process via MapViewOfFileNuma2 on modern Windows. Create the section with a NULL DACL security descriptor which grants unrestricted access. The mapping remains file-backed and zero-copy (FILE_MAP_READ, no data copied). Also adds a map-file-cow-test example that exercises the full lifecycle (create → map_file_cow → evolve → call) and would fail before this change on Windows. Signed-off-by: danbugs <danilochiarlone@gmail.com>
danbugs
force-pushed
the
fix/whp-map-file-cow-dacl
branch
from
397dec1 to
fa1a5ac
Compare
andreiltd
force-pushed
the
fix/whp-map-file-cow-dacl
branch
2 times, most recently
from
e77a3ad to
9bd786c
Compare
andreiltd
reviewed
Apr 17, 2026
andreiltd
reviewed
Apr 17, 2026
dblnz
reviewed
Apr 17, 2026
Contributor
dblnz
left a comment
dblnz
left a comment
There was a problem hiding this comment.
I don't have anything else to add. Once the other comments are fixed, I'll approve
andreiltd
force-pushed
the
fix/whp-map-file-cow-dacl
branch
2 times, most recently
from
18b6c26 to
46879cc
Compare
jprendes
approved these changes
Apr 17, 2026
Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>
Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>
Signed-off-by: Tomasz Andrzejak <andreiltd@gmail.com>
andreiltd
force-pushed
the
fix/whp-map-file-cow-dacl
branch
from
46879cc to
c24e4f3
Compare
dblnz
approved these changes
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CreateFileMappingWfail withERROR_ACCESS_DENIEDwhen mapped into a surrogate process viaMapViewOfFileNuma2on modern WindowsFILE_MAP_READ, no data copied)map-file-cow-testexample that exercises the full lifecycle (create → map_file_cow → evolve → call) — fails before this change on Windows, succeeds after