diff options
author | Rahat Mahmood <rahat@google.com> | 2021-09-14 16:47:05 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-09-14 16:53:30 -0700 |
commit | d6c99694bcb9a5e4ce50ff48d648ba6ada0b9687 (patch) | |
tree | c672e6d062a4e904368a8a8285c528e1b61046d6 /pkg/sentry/hostmm | |
parent | 8d14edb14b6b757f049faf760c72d58616903d7a (diff) |
Fix race on msgrcv(MSG_COPY).
Previously, we weren't making a copy when a sysv message queue was
receiving a message with the MSG_COPY flag. This flag indicates the
message being received should be left in the queue and a copy of the
message should be returned to userspace. Without the copy, a racing
process can modify the original message while it's being marshalled to
user memory.
Reported-by: syzbot+cb15e644698b20ff4e17@syzkaller.appspotmail.com
PiperOrigin-RevId: 396712856
Diffstat (limited to 'pkg/sentry/hostmm')
0 files changed, 0 insertions, 0 deletions