Fwd: [Patch 1/5] Problems with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls

Jan Kiszka jan.kiszka at siemens.com
Fri Dec 11 07:55:22 CET 2020


On 07.12.20 11:55, François Legal via Xenomai wrote:
> From: François LEGAL <devel at thom.fr.eu.org>
> 
> Remove the copy of struct struct user_msghdr onto stack allocated buffer.
> 

Reasoning is missing here: The driver callbacks are supposed to do that
copy-from-user.

But the Question is: why? Is that local copy history left-over, or do
only the drivers know how much to copy?

Jan

> Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
> ---
>  kernel/cobalt/posix/io.c          | 20 ++------------------
>  1 file changed, 2 insertions(+), 18 deletions(-)
>  
> diff --git a/kernel/cobalt/posix/io.c b/kernel/cobalt/posix/io.c
> index f35aaf8..85272a5 100644
> --- a/kernel/cobalt/posix/io.c
> +++ b/kernel/cobalt/posix/io.c
> @@ -79,18 +79,7 @@ COBALT_SYSCALL(write, handover,
>  COBALT_SYSCALL(recvmsg, handover,
>  	       (int fd, struct user_msghdr __user *umsg, int flags))
>  {
> -	struct user_msghdr m;
> -	ssize_t ret;
> -
> -	ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
> -	if (ret)
> -		return ret;
> -
> -	ret = rtdm_fd_recvmsg(fd, &m, flags);
> -	if (ret < 0)
> -		return ret;
> -
> -	return cobalt_copy_to_user(umsg, &m, sizeof(*umsg)) ?: ret;
> +	return rtdm_fd_recvmsg(fd, umsg, flags);
>  }
>  
>  static int get_timespec(struct timespec *ts,
> @@ -123,12 +112,7 @@ COBALT_SYSCALL(recvmmsg, primary,
>  COBALT_SYSCALL(sendmsg, handover,
>  	       (int fd, struct user_msghdr __user *umsg, int flags))
>  {
> -	struct user_msghdr m;
> -	int ret;
> -
> -	ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
> -
> -	return ret ?: rtdm_fd_sendmsg(fd, &m, flags);
> +	return rtdm_fd_sendmsg(fd, umsg, flags);
>  }
>  
>  static int put_mmsglen(void __user **u_mmsg_p, const struct mmsghdr *mmsg)
> 
> 

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux



More information about the Xenomai mailing list