*workaround (upm_base_support): Avoid crashes when fstat is called on…

… restricted FDs Some shmem ops like shmem_getattr() expect to be working with an inode that was allocated by shmem, but in the case of restricted FDs the inode is allocated via alloc_anon_inode() which can result in accesses to uninitialized/unallocated memory. Signed-off-by: Michael Roth <michael.roth@amd.com>
AMDESE · Mar 13, 2023 · 0378116 · 0378116
1 parent 5f19bad
commit 0378116
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/mm/restrictedmem.c b/mm/restrictedmem.c
@@ -81,12 +81,7 @@ static int restrictedmem_getattr(struct user_namespace *mnt_userns,
 				 const struct path *path, struct kstat *stat,
 				 u32 request_mask, unsigned int query_flags)
 {
-	struct inode *inode = d_inode(path->dentry);
-	struct restrictedmem *rm = inode->i_mapping->private_data;
-	struct file *memfd = rm->memfd;
-
-	return memfd->f_inode->i_op->getattr(mnt_userns, path, stat,
-					     request_mask, query_flags);
+	return simple_getattr(mnt_userns, path, stat, request_mask, query_flags);
 }
 
 static int restrictedmem_setattr(struct user_namespace *mnt_userns,