From 09c089a8420b43196b5462dd70119ea4e581632a Mon Sep 17 00:00:00 2001
From: Lukasz Dorau <lukasz.dorau@intel.com>
Date: Mon, 29 Jul 2024 16:43:24 +0200
Subject: [PATCH] Fix: size_fd has to be read under a lock

Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
---
 src/provider/provider_os_memory.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/provider/provider_os_memory.c b/src/provider/provider_os_memory.c
index 38cb3ff4a..00251e53b 100644
--- a/src/provider/provider_os_memory.c
+++ b/src/provider/provider_os_memory.c
@@ -637,7 +637,8 @@ static inline void assert_is_page_aligned(uintptr_t ptr, size_t page_size) {
 static int os_mmap_aligned(void *hint_addr, size_t length, size_t alignment,
                            size_t page_size, int prot, int flag, int fd,
                            size_t max_fd_size, os_mutex_t *lock_fd,
-                           void **out_addr, size_t *fd_size) {
+                           void **out_addr, size_t *fd_size,
+                           size_t *fd_offset) {
     assert(out_addr);
 
     size_t extended_length = length;
@@ -650,7 +651,7 @@ static int os_mmap_aligned(void *hint_addr, size_t length, size_t alignment,
         extended_length += alignment;
     }
 
-    size_t fd_offset = 0;
+    *fd_offset = 0;
 
     if (fd > 0) {
         if (util_mutex_lock(lock_fd)) {
@@ -664,12 +665,12 @@ static int os_mmap_aligned(void *hint_addr, size_t length, size_t alignment,
             return -1;
         }
 
-        fd_offset = *fd_size;
+        *fd_offset = *fd_size;
         *fd_size += extended_length;
         util_mutex_unlock(lock_fd);
     }
 
-    void *ptr = os_mmap(hint_addr, extended_length, prot, flag, fd, fd_offset);
+    void *ptr = os_mmap(hint_addr, extended_length, prot, flag, fd, *fd_offset);
     if (ptr == NULL) {
         LOG_PDEBUG("memory mapping failed");
         return -1;
@@ -912,14 +913,14 @@ static umf_result_t os_alloc(void *provider, size_t size, size_t alignment,
         return UMF_RESULT_ERROR_INVALID_ARGUMENT;
     }
 
-    size_t fd_offset = os_provider->size_fd; // needed for critnib_insert()
+    size_t fd_offset; // needed for critnib_insert()
 
     void *addr = NULL;
     errno = 0;
-    ret = os_mmap_aligned(NULL, size, alignment, page_size,
-                          os_provider->protection, os_provider->visibility,
-                          os_provider->fd, os_provider->max_size_fd,
-                          &os_provider->lock_fd, &addr, &os_provider->size_fd);
+    ret = os_mmap_aligned(
+        NULL, size, alignment, page_size, os_provider->protection,
+        os_provider->visibility, os_provider->fd, os_provider->max_size_fd,
+        &os_provider->lock_fd, &addr, &os_provider->size_fd, &fd_offset);
     if (ret) {
         os_store_last_native_error(UMF_OS_RESULT_ERROR_ALLOC_FAILED, 0);
         LOG_ERR("memory allocation failed");