summaryrefslogtreecommitdiffhomepage
path: root/runsc/sandbox/sandbox.go
diff options
context:
space:
mode:
authorRahat Mahmood <rahat@google.com>2018-11-01 15:53:25 -0700
committerShentubot <shentubot@google.com>2018-11-01 15:54:14 -0700
commit0e277a39c8b6f905e289b75e8ad0594e6b3562ca (patch)
treebb255a4872dcde3d666ee016d98b080366e8810b /runsc/sandbox/sandbox.go
parentb23cd33682a9a8bd727fa45b8424eb55d91c3086 (diff)
Prevent premature destruction of shm segments.
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID), which destroys a segment once it is no longer attached to any processes. We were unconditionally decrementing the segment refcount on shmctl(IPC_RMID) which allowed a user to force a segment to be destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding memory maps to the segment. This is problematic because the memory released by a segment destroyed this way can be reused by a different process while remaining accessible by the process with outstanding maps to the segment. PiperOrigin-RevId: 219713660 Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
Diffstat (limited to 'runsc/sandbox/sandbox.go')
0 files changed, 0 insertions, 0 deletions