All of lore.kernel.org
 help / color / mirror / Atom feed
* [Patch 3/3] Problem with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls
@ 2020-12-16  8:45 François Legal
  0 siblings, 0 replies; only message in thread
From: François Legal @ 2020-12-16  8:45 UTC (permalink / raw)
  To: xenomai

From: François LEGAL <devel@thom.fr.eu.org>

The RTNET sendmsg/recvmsg protocol handlers used to call copy_to/from_user on the struct user_msghdr argument. The syscall entry code already does this copy, so calling again the copy_to/from_user in handlers triggers SPECTRE mitigation protection. This patch removes the calls in the handlers

This patch has not been tested

Signed-off-by: François LEGAL <devel@thom.fr.eu.org>
---
 kernel/drivers/net/stack/ipv4/tcp/tcp.c     | 10 ----------
 1 file changed, 0 insertions(+), 10 deletions(-)

diff --git a/kernel/drivers/net/stack/ipv4/tcp/tcp.c b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
index b8263e5..d8c189c 100644
--- a/kernel/drivers/net/stack/ipv4/tcp/tcp.c
+++ b/kernel/drivers/net/stack/ipv4/tcp/tcp.c
@@ -2137,7 +2137,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
 			      int msg_flags)
 {
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
-	struct user_msghdr _msg;
 	ssize_t ret;
 	size_t len;
 	void *buf;
@@ -2145,10 +2144,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
 	if (msg_flags)
 		return -EOPNOTSUPP;

-	msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
-	if (IS_ERR(msg))
-		return PTR_ERR(msg);
-
 	/* loop over all vectors to be implemented */
 	if (msg->msg_iovlen != 1)
 		return -EOPNOTSUPP;
@@ -2175,17 +2170,12 @@ static ssize_t rt_tcp_sendmsg(struct rtdm_fd *fd, const struct user_msghdr *msg,
 			      int msg_flags)
 {
 	struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
-	struct user_msghdr _msg;
 	ssize_t ret;
 	size_t len;

 	if (msg_flags)
 		return -EOPNOTSUPP;

-	msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
-	if (IS_ERR(msg))
-		return PTR_ERR(msg);
-
 	/* loop over all vectors to be implemented */
 	if (msg->msg_iovlen != 1)
 		return -EOPNOTSUPP;



^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-12-16  8:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-16  8:45 [Patch 3/3] Problem with upstream SPECTRE mitigation found in sendmsg/recvmsg syscalls François Legal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.