Fix panic on creation of zero-len shm segments.

Attempting to create a zero-len shm segment causes a panic since we try to allocate a zero-len filemem region. The existing code had a guard to disallow this, but the check didn't encode the fact that requesting a private segment implies a segment creation regardless of whether IPC_CREAT is explicitly specified. PiperOrigin-RevId: 218405743 Change-Id: I30aef1232b2125ebba50333a73352c2f907977da
author: Rahat Mahmood <rahat@google.com> 2018-10-23 14:17:47 -0700
committer: Shentubot <shentubot@google.com> 2018-10-23 14:18:54 -0700
commit: 46603b569c3ab20f45cf1b651d1fd3d2dda33243 (patch)
tree: 72ebbd8001a9ffad922e2192f8e3afec3f6d653a /pkg/sentry/kernel
parent: 1369e17504f994024aea84bb0e4aa9ddce00f70a (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pkg/sentry/kernel/shm/shm.go b/pkg/sentry/kernel/shm/shm.go
index 8d0d14e45..2feffe612 100644
--- a/pkg/sentry/kernel/shm/shm.go
+++ b/pkg/sentry/kernel/shm/shm.go
@@ -101,9 +101,12 @@ func (r *Registry) findByKey(key int32) *Shm {
 // FindOrCreate looks up or creates a segment in the registry. It's functionally
 // analogous to open(2).
 func (r *Registry) FindOrCreate(ctx context.Context, pid, key int32, size uint64, mode linux.FileMode, private, create, exclusive bool) (*Shm, error) {
-	if create && (size < linux.SHMMIN || size > linux.SHMMAX) {
+	if (create || private) && (size < linux.SHMMIN || size > linux.SHMMAX) {
 		// "A new segment was to be created and size is less than SHMMIN or
 		// greater than SHMMAX." - man shmget(2)
+		//
+		// Note that 'private' always implies the creation of a new segment
+		// whether IPC_CREAT is specified or not.
 		return nil, syserror.EINVAL
 	}
author	Rahat Mahmood <rahat@google.com>	2018-10-23 14:17:47 -0700
committer	Shentubot <shentubot@google.com>	2018-10-23 14:18:54 -0700
commit	46603b569c3ab20f45cf1b651d1fd3d2dda33243 (patch)
tree	72ebbd8001a9ffad922e2192f8e3afec3f6d653a /pkg/sentry/kernel
parent	1369e17504f994024aea84bb0e4aa9ddce00f70a (diff)