Fwd: [Patch 1/5] Problems with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls
Jan Kiszka
jan.kiszka at siemens.com
Fri Dec 11 07:55:22 CET 2020
On 07.12.20 11:55, François Legal via Xenomai wrote:
> From: François LEGAL <devel at thom.fr.eu.org>
>
> Remove the copy of struct struct user_msghdr onto stack allocated buffer.
>
Reasoning is missing here: The driver callbacks are supposed to do that
copy-from-user.
But the Question is: why? Is that local copy history left-over, or do
only the drivers know how much to copy?
Jan
> Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
> ---
> kernel/cobalt/posix/io.c | 20 ++------------------
> 1 file changed, 2 insertions(+), 18 deletions(-)
>
> diff --git a/kernel/cobalt/posix/io.c b/kernel/cobalt/posix/io.c
> index f35aaf8..85272a5 100644
> --- a/kernel/cobalt/posix/io.c
> +++ b/kernel/cobalt/posix/io.c
> @@ -79,18 +79,7 @@ COBALT_SYSCALL(write, handover,
> COBALT_SYSCALL(recvmsg, handover,
> (int fd, struct user_msghdr __user *umsg, int flags))
> {
> - struct user_msghdr m;
> - ssize_t ret;
> -
> - ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
> - if (ret)
> - return ret;
> -
> - ret = rtdm_fd_recvmsg(fd, &m, flags);
> - if (ret < 0)
> - return ret;
> -
> - return cobalt_copy_to_user(umsg, &m, sizeof(*umsg)) ?: ret;
> + return rtdm_fd_recvmsg(fd, umsg, flags);
> }
>
> static int get_timespec(struct timespec *ts,
> @@ -123,12 +112,7 @@ COBALT_SYSCALL(recvmmsg, primary,
> COBALT_SYSCALL(sendmsg, handover,
> (int fd, struct user_msghdr __user *umsg, int flags))
> {
> - struct user_msghdr m;
> - int ret;
> -
> - ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
> -
> - return ret ?: rtdm_fd_sendmsg(fd, &m, flags);
> + return rtdm_fd_sendmsg(fd, umsg, flags);
> }
>
> static int put_mmsglen(void __user **u_mmsg_p, const struct mmsghdr *mmsg)
>
>
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
More information about the Xenomai
mailing list