diff options
author | Rahat Mahmood <rahat@google.com> | 2018-11-01 15:53:25 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-11-01 15:54:14 -0700 |
commit | 0e277a39c8b6f905e289b75e8ad0594e6b3562ca (patch) | |
tree | bb255a4872dcde3d666ee016d98b080366e8810b /runsc/sandbox/sandbox.go | |
parent | b23cd33682a9a8bd727fa45b8424eb55d91c3086 (diff) |
Prevent premature destruction of shm segments.
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID),
which destroys a segment once it is no longer attached to any
processes. We were unconditionally decrementing the segment refcount
on shmctl(IPC_RMID) which allowed a user to force a segment to be
destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding
memory maps to the segment.
This is problematic because the memory released by a segment destroyed
this way can be reused by a different process while remaining
accessible by the process with outstanding maps to the segment.
PiperOrigin-RevId: 219713660
Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
Diffstat (limited to 'runsc/sandbox/sandbox.go')
0 files changed, 0 insertions, 0 deletions