diff options
author | Andrei Vagin <avagin@google.com> | 2021-06-24 15:33:26 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-06-24 15:36:01 -0700 |
commit | 2e6195ffe0ad452b2137c32d635d890c9d872e8d (patch) | |
tree | 878d54842323fcec80f7bca269ac728a4c113e1f /pkg/sentry/kernel/sessions.go | |
parent | fdf7c49030c11fae17c6f7bf99344c43654dd258 (diff) |
CreateProcessGroup has to check whether a target process stil exists or not
A caller of CreateProcessGroup looks up a thread group without locks, so
the target process can exit before CreateProcessGroup will be called.
Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com
PiperOrigin-RevId: 381351069
Diffstat (limited to 'pkg/sentry/kernel/sessions.go')
-rw-r--r-- | pkg/sentry/kernel/sessions.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/sessions.go b/pkg/sentry/kernel/sessions.go index ca9076406..973d708a3 100644 --- a/pkg/sentry/kernel/sessions.go +++ b/pkg/sentry/kernel/sessions.go @@ -369,6 +369,11 @@ func (tg *ThreadGroup) CreateProcessGroup() error { // Get the ID for this thread in the current namespace. id := tg.pidns.tgids[tg] + // Check whether a process still exists or not. + if id == 0 { + return syserror.ESRCH + } + // Per above, check for a Session leader or existing group. for s := tg.pidns.owner.sessions.Front(); s != nil; s = s.Next() { if s.leader.pidns != tg.pidns { |