Commit ca740aa7 authored by François LEGAL's avatar François LEGAL Committed by Jan Kiszka

rtnet: af_packet: Remove duplicate copy_from/to_user

The RTNET sendmsg/recvmsg protocol handlers used to call
copy_to/from_user on the struct user_msghdr argument. The syscall entry
code already does this copy, so calling again the copy_to/from_user in
handlers triggers SPECTRE mitigation protection on ARM. This patch
removes the calls in the handlers.

This patch has been tested with 4.4.x kernel
Signed-off-by: default avatarFrançois LEGAL <devel@thom.fr.eu.org>
[Jan: massage commit log]
Signed-off-by: Jan Kiszka's avatarJan Kiszka <jan.kiszka@siemens.com>
parent 98636675
......@@ -294,7 +294,7 @@ static int rt_packet_ioctl(struct rtdm_fd *fd, unsigned int request,
/***
* rt_packet_recvmsg
*/
static ssize_t rt_packet_recvmsg(struct rtdm_fd *fd, struct user_msghdr *u_msg,
static ssize_t rt_packet_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg,
int msg_flags)
{
struct rtsocket *sock = rtdm_fd_to_private(fd);
......@@ -304,14 +304,9 @@ static ssize_t rt_packet_recvmsg(struct rtdm_fd *fd, struct user_msghdr *u_msg,
struct sockaddr_ll sll;
int ret, flags;
nanosecs_rel_t timeout = sock->timeout;
struct user_msghdr _msg, *msg;
socklen_t namelen;
struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
msg = rtnet_get_arg(fd, &_msg, u_msg, sizeof(_msg));
if (IS_ERR(msg))
return PTR_ERR(msg);
if (msg->msg_iovlen < 0)
return -EINVAL;
......@@ -360,7 +355,7 @@ static ssize_t rt_packet_recvmsg(struct rtdm_fd *fd, struct user_msghdr *u_msg,
goto fail;
namelen = sizeof(sll);
ret = rtnet_put_arg(fd, &u_msg->msg_namelen, &namelen,
ret = rtnet_put_arg(fd, &msg->msg_namelen, &namelen,
sizeof(namelen));
if (ret)
goto fail;
......@@ -381,7 +376,7 @@ static ssize_t rt_packet_recvmsg(struct rtdm_fd *fd, struct user_msghdr *u_msg,
if (copy_len > len) {
copy_len = len;
flags = msg->msg_flags | MSG_TRUNC;
ret = rtnet_put_arg(fd, &u_msg->msg_flags, &flags,
ret = rtnet_put_arg(fd, &msg->msg_flags, &flags,
sizeof(flags));
if (ret)
goto fail;
......@@ -420,7 +415,6 @@ static ssize_t rt_packet_sendmsg(struct rtdm_fd *fd,
unsigned char *addr;
int ifindex;
ssize_t ret;
struct user_msghdr _msg;
struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov;
if (msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */
......@@ -428,10 +422,6 @@ static ssize_t rt_packet_sendmsg(struct rtdm_fd *fd,
if (msg_flags & ~MSG_DONTWAIT)
return -EINVAL;
msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg));
if (IS_ERR(msg))
return PTR_ERR(msg);
if (msg->msg_iovlen < 0)
return -EINVAL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment