diff options
-rw-r--r-- | pkg/sentry/kernel/shm/shm.go | 13 | ||||
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_shm.go | 2 |
2 files changed, 12 insertions, 3 deletions
diff --git a/pkg/sentry/kernel/shm/shm.go b/pkg/sentry/kernel/shm/shm.go index 2feffe612..f760f5f76 100644 --- a/pkg/sentry/kernel/shm/shm.go +++ b/pkg/sentry/kernel/shm/shm.go @@ -575,10 +575,19 @@ func (s *Shm) destroy() { func (s *Shm) MarkDestroyed() { s.mu.Lock() defer s.mu.Unlock() + // Prevent the segment from being found in the registry. s.key = linux.IPC_PRIVATE - s.pendingDestruction = true - s.DecRef() + + // Only drop the segment's self-reference once, when destruction is + // requested. Otherwise, repeated calls shmctl(IPC_RMID) would force a + // segment to be destroyed prematurely, potentially with active maps to the + // segment's address range. Remaining references are dropped when the + // segment is detached or unmaped. + if !s.pendingDestruction { + s.pendingDestruction = true + s.DecRef() + } } // checkOwnership verifies whether a segment may be accessed by ctx as an diff --git a/pkg/sentry/syscalls/linux/sys_shm.go b/pkg/sentry/syscalls/linux/sys_shm.go index 5f887523a..8753c2e58 100644 --- a/pkg/sentry/syscalls/linux/sys_shm.go +++ b/pkg/sentry/syscalls/linux/sys_shm.go @@ -144,7 +144,7 @@ func Shmctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal return 0, nil, nil case linux.SHM_LOCK, linux.SHM_UNLOCK: - // We currently do not support memmory locking anywhere. + // We currently do not support memory locking anywhere. // mlock(2)/munlock(2) are currently stubbed out as no-ops so do the // same here. t.Kernel().EmitUnimplementedEvent(t) |