[Patch?==?utf-8?q? 5/5] Problems with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls

François Legal francois.legal at thom.fr.eu.org
Mon Dec 7 12:02:50 CET 2020


From: François LEGAL <devel at thom.fr.eu.org>

Add rtipc_get_arg (copy_from_ser) call on struct user_msghdr.

Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
---
 kernel/drivers/ipc/xddp.c         | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)
 
diff --git a/kernel/drivers/ipc/xddp.c b/kernel/drivers/ipc/xddp.c
index 57275d0..8d52720 100644
--- a/kernel/drivers/ipc/xddp.c
+++ b/kernel/drivers/ipc/xddp.c
@@ -335,12 +335,17 @@ out:
 }
 
 static ssize_t xddp_recvmsg(struct rtdm_fd *fd,
-			    struct user_msghdr *msg, int flags)
+			    struct user_msghdr *u_msg, int flags)
 {
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
 	struct sockaddr_ipc saddr;
+	struct user_msghdr _msg, *msg = & _msg;
 	ssize_t ret;
 
+	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
+	if (ret)
+		return -ret;
+
 	if (flags & ~MSG_DONTWAIT)
 		return -EINVAL;
 
@@ -590,14 +595,19 @@ done:
 }
 
 static ssize_t xddp_sendmsg(struct rtdm_fd *fd,
-			    const struct user_msghdr *msg, int flags)
+			    const struct user_msghdr *u_msg, int flags)
 {
 	struct rtipc_private *priv = rtdm_fd_to_private(fd);
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
 	struct xddp_socket *sk = priv->state;
 	struct sockaddr_ipc daddr;
+	struct user_msghdr _msg, *msg = & _msg;
 	ssize_t ret;
 
+	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
+	if (ret)
+		return -ret;
+
 	/*
 	 * We accept MSG_DONTWAIT, but do not care about it, since
 	 * writing to the real-time endpoint of a message pipe must be




More information about the Xenomai mailing list