summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux
diff options
context:
space:
mode:
authorRahat Mahmood <rahat@google.com>2018-11-01 15:53:25 -0700
committerShentubot <shentubot@google.com>2018-11-01 15:54:14 -0700
commit0e277a39c8b6f905e289b75e8ad0594e6b3562ca (patch)
treebb255a4872dcde3d666ee016d98b080366e8810b /pkg/sentry/syscalls/linux
parentb23cd33682a9a8bd727fa45b8424eb55d91c3086 (diff)
Prevent premature destruction of shm segments.
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID), which destroys a segment once it is no longer attached to any processes. We were unconditionally decrementing the segment refcount on shmctl(IPC_RMID) which allowed a user to force a segment to be destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding memory maps to the segment. This is problematic because the memory released by a segment destroyed this way can be reused by a different process while remaining accessible by the process with outstanding maps to the segment. PiperOrigin-RevId: 219713660 Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
Diffstat (limited to 'pkg/sentry/syscalls/linux')
-rw-r--r--pkg/sentry/syscalls/linux/sys_shm.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_shm.go b/pkg/sentry/syscalls/linux/sys_shm.go
index 5f887523a..8753c2e58 100644
--- a/pkg/sentry/syscalls/linux/sys_shm.go
+++ b/pkg/sentry/syscalls/linux/sys_shm.go
@@ -144,7 +144,7 @@ func Shmctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
return 0, nil, nil
case linux.SHM_LOCK, linux.SHM_UNLOCK:
- // We currently do not support memmory locking anywhere.
+ // We currently do not support memory locking anywhere.
// mlock(2)/munlock(2) are currently stubbed out as no-ops so do the
// same here.
t.Kernel().EmitUnimplementedEvent(t)