[Patch?==?utf-8?q? 3/3] Problem with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls
François Legal
devel at thom.fr.eu.org
Wed Dec 16 09:45:29 CET 2020
From: François LEGAL <devel at thom.fr.eu.org>
The RTNET sendmsg/recvmsg protocol handlers used to call copy_to/from_user on the struct user_msghdr argument. The syscall entry code already does this copy, so calling again the copy_to/from_user in handlers triggers SPECTRE mitigation protection. This patch removes the calls in the handlers
This patch has not been tested
Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
---
kernel/drivers/net/stack/ipv4/tcp/tcp.c | 10 ----------
1 file changed, 0 insertions(+), 10 deletions(-)
diff --git a/kernel/drivers/net/stack/ipv4/tcp/tcp.c b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
index b8263e5..d8c189c 100644
--- a/kernel/drivers/net/stack/ipv4/tcp/tcp.c
+++ b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
@@ -2137,7 +2137,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
int msg_flags)
{
struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
- struct user_msghdr _msg;
ssize_t ret;
size_t len;
void *buf;
@@ -2145,10 +2144,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
if (msg_flags)
return -EOPNOTSUPP;
- msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
- if (IS_ERR(msg))
- return PTR_ERR(msg);
-
/* loop over all vectors to be implemented */
if (msg->msg_iovlen != 1)
return -EOPNOTSUPP;
@@ -2175,17 +2170,12 @@ static ssize_t rt_tcp_sendmsg(struct rtdm_fd *fd, const struct user_msghdr *msg,
int msg_flags)
{
struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
- struct user_msghdr _msg;
ssize_t ret;
size_t len;
if (msg_flags)
return -EOPNOTSUPP;
- msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
- if (IS_ERR(msg))
- return PTR_ERR(msg);
-
/* loop over all vectors to be implemented */
if (msg->msg_iovlen != 1)
return -EOPNOTSUPP;
More information about the Xenomai
mailing list