[Patch 3/5] Problems with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls

Philippe Gerum rpm at xenomai.org
Mon Dec 7 15:36:25 CET 2020


François Legal via Xenomai <xenomai at xenomai.org> writes:

> From: François LEGAL <devel at thom.fr.eu.org>
>
> Add rtipc_get_arg (copy_from_ser) call on struct user_msghdr.
>
> Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
> ---
>  kernel/drivers/ipc/bufp.c         | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
>  
> diff --git a/kernel/drivers/ipc/bufp.c b/kernel/drivers/ipc/bufp.c
> index 45c917e..c09524c 100644
> --- a/kernel/drivers/ipc/bufp.c
> +++ b/kernel/drivers/ipc/bufp.c
> @@ -352,12 +352,17 @@ static ssize_t __bufp_recvmsg(struct rtdm_fd *fd,
>  }
>  
>  static ssize_t bufp_recvmsg(struct rtdm_fd *fd,
> -			    struct user_msghdr *msg, int flags)
> +			    struct user_msghdr *u_msg, int flags)
>  {
>  	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
>  	struct sockaddr_ipc saddr;
> +	struct user_msghdr _msg, *msg = & _msg;
>  	ssize_t ret;
>  
> +	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
> +	if (ret)
> +		return -ret;

rtipc_get_arg() returns zero on sucess, or negated error codes already
(-EFAULT typically).

> +
>  	if (flags & ~MSG_DONTWAIT)
>  		return -EINVAL;
>  
> @@ -598,14 +603,19 @@ fail:
>  }
>  
>  static ssize_t bufp_sendmsg(struct rtdm_fd *fd,
> -			    const struct user_msghdr *msg, int flags)
> +			    const struct user_msghdr *u_msg, int flags)
>  {
>  	struct rtipc_private *priv = rtdm_fd_to_private(fd);
>  	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
>  	struct bufp_socket *sk = priv->state;
>  	struct sockaddr_ipc daddr;
> +	struct user_msghdr _msg, *msg = & _msg;
>  	ssize_t ret;
>  
> +	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
> +	if (ret)
> +		return -ret;
> +

ditto.

>  	if (flags & ~MSG_DONTWAIT)
>  		return -EINVAL;


-- 
Philippe.



More information about the Xenomai mailing list