wangzhi16 opened a new pull request, #18252:
URL: https://github.com/apache/nuttx/pull/18252
## Summary
Add pre-check before mm_map_add to avoid duplicate memory mappings
Reproduce testcase:
test(void)
{
void *buffer;
int memfd = memfd_create("optee", O_CREAT | O_CLOEXEC);
ftruncate(memfd, size);
buffer = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, memfd, 0);
close(memfd);
*((int *)buffer) = 0xdeadbeef;
usleep(10);
*((int *)buffer) = 0xdeadbeef;
munmap(buffer, size);
}
loop run test() in several pthreads, you will find used-after-free
Root cause:
thread 1: thread2:
memfd_create() -- refs = 1
ftruncate() -- alloc mem
mmap() -- refs = 2
close() -- refs = 1
memfd_create() -- refs = 2
ftruncate()
mmap() -- refs = 3
close() -- refs = 2
munmap() -- refs = 2
munmap() -- refs = 1 //error
-- free mem
access used after free
mmap() -- refs = 1
free mem
## Impact
None
## Testing
ostest PASS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
