Security: Potential race condition during syscalls
Created by: Yoric
Consider a process P with two threads T and U.
- Thread T allocates a buffer
bufand shares the address of
- Thread T places
- Syscall starts. Thread T is blocked.
- Kernel receives
bufas a pointer.
- Thread U (which is not blocked) releases the entire page containing
- Kernel writes to
buf, which is probably unallocated, or could now belong to any process, or even to the kernel.
Cross-process or process-to-kernel memory corruption ensues.
To upload designs, you'll need to enable LFS. More information