Re:?==?utf-8?q? [Patch?==?utf-8?q? 3/5] Problems with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls

François Legal devel at thom.fr.eu.org
Mon Dec 7 16:40:44 CET 2020


Le Lundi, Décembre 07, 2020 15:36 CET, Philippe Gerum <rpm at xenomai.org> a écrit: 
 
> 
> François Legal via Xenomai <xenomai at xenomai.org> writes:
> 
> > From: François LEGAL <devel at thom.fr.eu.org>
> >
> > Add rtipc_get_arg (copy_from_ser) call on struct user_msghdr.
> >
> > Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
> > ---
> >  kernel/drivers/ipc/bufp.c         | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> >  
> > diff --git a/kernel/drivers/ipc/bufp.c b/kernel/drivers/ipc/bufp.c
> > index 45c917e..c09524c 100644
> > --- a/kernel/drivers/ipc/bufp.c
> > +++ b/kernel/drivers/ipc/bufp.c
> > @@ -352,12 +352,17 @@ static ssize_t __bufp_recvmsg(struct rtdm_fd *fd,
> >  }
> >  
> >  static ssize_t bufp_recvmsg(struct rtdm_fd *fd,
> > -			    struct user_msghdr *msg, int flags)
> > +			    struct user_msghdr *u_msg, int flags)
> >  {
> >  	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
> >  	struct sockaddr_ipc saddr;
> > +	struct user_msghdr _msg, *msg = & _msg;
> >  	ssize_t ret;
> >  
> > +	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
> > +	if (ret)
> > +		return -ret;
> 
> rtipc_get_arg() returns zero on sucess, or negated error codes already
> (-EFAULT typically).
> 

Correct. I missed this one. Thanks.

> > +
> >  	if (flags & ~MSG_DONTWAIT)
> >  		return -EINVAL;
> >  
> > @@ -598,14 +603,19 @@ fail:
> >  }
> >  
> >  static ssize_t bufp_sendmsg(struct rtdm_fd *fd,
> > -			    const struct user_msghdr *msg, int flags)
> > +			    const struct user_msghdr *u_msg, int flags)
> >  {
> >  	struct rtipc_private *priv = rtdm_fd_to_private(fd);
> >  	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
> >  	struct bufp_socket *sk = priv->state;
> >  	struct sockaddr_ipc daddr;
> > +	struct user_msghdr _msg, *msg = & _msg;
> >  	ssize_t ret;
> >  
> > +	ret = rtipc_get_arg(fd, &_msg, u_msg, sizeof(_msg));
> > +	if (ret)
> > +		return -ret;
> > +
> 
> ditto.
> 
> >  	if (flags & ~MSG_DONTWAIT)
> >  		return -EINVAL;
> 
> 
> -- 
> Philippe.




More information about the Xenomai mailing list