[Patch?==?utf-8?q? 3/3] Problem with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls

François Legal devel at thom.fr.eu.org
Wed Dec 16 09:45:29 CET 2020


From: François LEGAL <devel at thom.fr.eu.org>

The RTNET sendmsg/recvmsg protocol handlers used to call copy_to/from_user on the struct user_msghdr argument. The syscall entry code already does this copy, so calling again the copy_to/from_user in handlers triggers SPECTRE mitigation protection. This patch removes the calls in the handlers

This patch has not been tested

Signed-off-by: François LEGAL <devel at thom.fr.eu.org>
---
 kernel/drivers/net/stack/ipv4/tcp/tcp.c     | 10 ----------
 1 file changed, 0 insertions(+), 10 deletions(-)

diff --git a/kernel/drivers/net/stack/ipv4/tcp/tcp.c b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
index b8263e5..d8c189c 100644
--- a/kernel/drivers/net/stack/ipv4/tcp/tcp.c
+++ b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
@@ -2137,7 +2137,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
 			      int msg_flags)
 {
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
-	struct user_msghdr _msg;
 	ssize_t ret;
 	size_t len;
 	void *buf;
@@ -2145,10 +2144,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
 	if (msg_flags)
 		return -EOPNOTSUPP;
 
-	msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
-	if (IS_ERR(msg))
-		return PTR_ERR(msg);
-
 	/* loop over all vectors to be implemented */
 	if (msg->msg_iovlen != 1)
 		return -EOPNOTSUPP;
@@ -2175,17 +2170,12 @@ static ssize_t rt_tcp_sendmsg(struct rtdm_fd *fd, const struct user_msghdr *msg,
 			      int msg_flags)
 {
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
-	struct user_msghdr _msg;
 	ssize_t ret;
 	size_t len;
 
 	if (msg_flags)
 		return -EOPNOTSUPP;
 
-	msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
-	if (IS_ERR(msg))
-		return PTR_ERR(msg);
-
 	/* loop over all vectors to be implemented */
 	if (msg->msg_iovlen != 1)
 		return -EOPNOTSUPP;




More information about the Xenomai mailing list