[PATCH 08/12] net/udp: getfrag: remove direct reference to user memory
Philippe Gerum
rpm at xenomai.org
Thu Jan 24 16:34:24 CET 2019
This issue triggers domain violation on ARM, SMAP violation on x86.
Signed-off-by: Philippe Gerum <rpm at xenomai.org>
---
kernel/drivers/net/stack/ipv4/udp/udp.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/kernel/drivers/net/stack/ipv4/udp/udp.c b/kernel/drivers/net/stack/ipv4/udp/udp.c
index e580dac08..d0d35c324 100644
--- a/kernel/drivers/net/stack/ipv4/udp/udp.c
+++ b/kernel/drivers/net/stack/ipv4/udp/udp.c
@@ -549,7 +549,7 @@ static int rt_udp_getfrag(const void *p, unsigned char *to,
unsigned int offset, unsigned int fraglen)
{
struct udpfakehdr *ufh = (struct udpfakehdr *)p;
- int i, ret;
+ int ret;
// We should optimize this function a bit (copy+csum...)!
@@ -558,18 +558,17 @@ static int rt_udp_getfrag(const void *p, unsigned char *to,
return ret < 0 ? ret : 0;
}
- /* Checksum of the complete data part of the UDP message: */
- for (i = 0; i < ufh->iovlen; i++) {
- ufh->wcheck = csum_partial(ufh->iov[i].iov_base, ufh->iov[i].iov_len,
- ufh->wcheck);
- }
-
ret = rtnet_read_from_iov(ufh->fd, ufh->iov, ufh->iovlen,
to + sizeof(struct udphdr),
fraglen - sizeof(struct udphdr));
if (ret < 0)
return ret;
+ /* Checksum of the complete data part of the UDP message: */
+ ufh->wcheck = csum_partial(to + sizeof(struct udphdr),
+ fraglen - sizeof(struct udphdr),
+ ufh->wcheck);
+
/* Checksum of the udp header: */
ufh->wcheck = csum_partial((unsigned char *)ufh,
sizeof(struct udphdr), ufh->wcheck);
@@ -684,7 +683,7 @@ ssize_t rt_udp_sendmsg(struct rtdm_fd *fd, const struct user_msghdr *msg, int ms
ufh.uh.len = htons(ulen);
ufh.uh.check = 0;
ufh.fd = fd;
- ufh.iov = msg->msg_iov;
+ ufh.iov = iov;
ufh.iovlen = msg->msg_iovlen;
ufh.wcheck = 0;
--
2.17.2
More information about the Xenomai
mailing list