beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Kernel: Clear the region lookup cache on exec()

Browse source 
Each process has a 1-level lookup cache for fast repeated lookups of
the same VM region (which tends to be the majority of lookups.)
The cache is used by the following syscalls: munmap, madvise, mprotect
and set_mmap_name.

After a succesful exec(), there could be a stale Region* in the lookup
cache, and the new executable was able to manipulate it using a number
of use-after-free code paths.
This commit is contained in:
Andreas Kling 2020-02-24 12:31:14 +01:00
parent 5ce6215af7
commit 79576f9280
Notes: sideshowbarker 2024-07-19 09:05:19 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/79576f92808
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Process.cpp
View file

@ -952,6 +952,8 @@ int Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Ve
m_futex_queues.clear();
m_region_lookup_cache = {};
disown_all_shared_buffers();
for (int i = 0; i < m_fds.size(); ++i) {