diff options
author | Rahat Mahmood <rahat@google.com> | 2018-11-01 15:53:25 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-11-01 15:54:14 -0700 |
commit | 0e277a39c8b6f905e289b75e8ad0594e6b3562ca (patch) | |
tree | bb255a4872dcde3d666ee016d98b080366e8810b /pkg/sentry/syscalls/linux | |
parent | b23cd33682a9a8bd727fa45b8424eb55d91c3086 (diff) |
Prevent premature destruction of shm segments.
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID),
which destroys a segment once it is no longer attached to any
processes. We were unconditionally decrementing the segment refcount
on shmctl(IPC_RMID) which allowed a user to force a segment to be
destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding
memory maps to the segment.
This is problematic because the memory released by a segment destroyed
this way can be reused by a different process while remaining
accessible by the process with outstanding maps to the segment.
PiperOrigin-RevId: 219713660
Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
Diffstat (limited to 'pkg/sentry/syscalls/linux')
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_shm.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_shm.go b/pkg/sentry/syscalls/linux/sys_shm.go index 5f887523a..8753c2e58 100644 --- a/pkg/sentry/syscalls/linux/sys_shm.go +++ b/pkg/sentry/syscalls/linux/sys_shm.go @@ -144,7 +144,7 @@ func Shmctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal return 0, nil, nil case linux.SHM_LOCK, linux.SHM_UNLOCK: - // We currently do not support memmory locking anywhere. + // We currently do not support memory locking anywhere. // mlock(2)/munlock(2) are currently stubbed out as no-ops so do the // same here. t.Kernel().EmitUnimplementedEvent(t) |