Kernel: Disown shared buffers on sys$execve()

When committing to a new executable, disown any shared buffers that the process was previously co-owning. Otherwise accessing the same shared buffer ID from the new program would cause the kernel to find a cached (and stale!) reference to the previous program's VM region corresponding to that shared buffer, leading to a Region* use-after-free. Fixes #1270.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/fc5ebe2a500
2024-12-03 04:50:29 +00:00 · 2020-02-22 12:27:12 +01:00 · 2020-02-22 12:27:12 +01:00 · fc5ebe2a50 · 2024-07-19 09:10:19 +09:00
commit fc5ebe2a50
parent af02d0ee97
1 changed files with 2 additions and 0 deletions
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -952,6 +952,8 @@ int Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Ve

    m_futex_queues.clear();

+    disown_all_shared_buffers();
+
    for (int i = 0; i < m_fds.size(); ++i) {
        auto& daf = m_fds[i];
        if (daf.description && daf.flags & FD_CLOEXEC) {