From: François LEGAL <[email protected]> The RTNET sendmsg/recvmsg protocol handlers used to call copy_to/from_user on the struct user_msghdr argument. The syscall entry code already does this copy, so calling again the copy_to/from_user in handlers triggers SPECTRE mitigation protection. This patch removes the calls in the handlers
This patch has not been tested Signed-off-by: François LEGAL <[email protected]> --- kernel/drivers/net/stack/ipv4/tcp/tcp.c | 10 ---------- 1 file changed, 0 insertions(+), 10 deletions(-) diff --git a/kernel/drivers/net/stack/ipv4/tcp/tcp.c b/kernel/drivers/net/stack/ipv4/tcp/tcp.c index b8263e5..d8c189c 100644 --- a/kernel/drivers/net/stack/ipv4/tcp/tcp.c +++ b/kernel/drivers/net/stack/ipv4/tcp/tcp.c @@ -2137,7 +2137,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg, int msg_flags) { struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov; - struct user_msghdr _msg; ssize_t ret; size_t len; void *buf; @@ -2145,10 +2144,6 @@ static ssize_t rt_tcp_recvmsg(struct rtdm_fd *fd, struct user_msghdr *msg, if (msg_flags) return -EOPNOTSUPP; - msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg)); - if (IS_ERR(msg)) - return PTR_ERR(msg); - /* loop over all vectors to be implemented */ if (msg->msg_iovlen != 1) return -EOPNOTSUPP; @@ -2175,17 +2170,12 @@ static ssize_t rt_tcp_sendmsg(struct rtdm_fd *fd, const struct user_msghdr *msg, int msg_flags) { struct iovec iov_fast[RTDM_IOV_FASTMAX], *iov; - struct user_msghdr _msg; ssize_t ret; size_t len; if (msg_flags) return -EOPNOTSUPP; - msg = rtnet_get_arg(fd, &_msg, msg, sizeof(*msg)); - if (IS_ERR(msg)) - return PTR_ERR(msg); - /* loop over all vectors to be implemented */ if (msg->msg_iovlen != 1) return -EOPNOTSUPP;
