Fix order of arguments to compat_put_time[spec|val]

Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Mikulas Patocka <mpatocka@redhat.com> 2012-09-01 12:34:07 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-09-05 21:34:13 -0400
commit: ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d (patch)
tree: 21944562e0935f46f45c30986ddbe005c63feaca /net/socket.c
parent: 5b716ac728bcc01b1f2a7ed6e437196602237c27 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/socket.c b/net/socket.c
index a5471f804d99..edc3c4af9085 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2604,7 +2604,7 @@ static int do_siocgstamp(struct net *net, struct socket *sock,
        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
        set_fs(old_fs);
        if (!err)
-                err = compat_put_timeval(up, &ktv);
+                err = compat_put_timeval(&ktv, up);
        return err;
 }
@@ -2620,7 +2620,7 @@ static int do_siocgstampns(struct net *net, struct socket *sock,
        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
        set_fs(old_fs);
        if (!err)
-                err = compat_put_timespec(up, &kts);
+                err = compat_put_timespec(&kts, up);
        return err;
 }
author	Mikulas Patocka <mpatocka@redhat.com>	2012-09-01 12:34:07 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-09-05 21:34:13 -0400
commit	ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d (patch)
tree	21944562e0935f46f45c30986ddbe005c63feaca /net/socket.c
parent	5b716ac728bcc01b1f2a7ed6e437196602237c27 (diff)

diff --git a/net/socket.c b/net/socket.c index a5471f804d99..edc3c4af9085 100644 --- a/net/socket.c +++ b/net/socket.c
@@ -2604,7 +2604,7 @@ static int do_siocgstamp(struct net net, struct socket sock,
2604	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);	2604	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
2605	set_fs(old_fs);	2605	set_fs(old_fs);
2606	if (!err)	2606	if (!err)
2607	err = compat_put_timeval(up, &ktv);	2607	err = compat_put_timeval(&ktv, up);
2608		2608
2609	return err;	2609	return err;
2610	}	2610	}
@@ -2620,7 +2620,7 @@ static int do_siocgstampns(struct net net, struct socket sock,
2620	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);	2620	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
2621	set_fs(old_fs);	2621	set_fs(old_fs);
2622	if (!err)	2622	if (!err)
2623	err = compat_put_timespec(up, &kts);	2623	err = compat_put_timespec(&kts, up);
2624		2624
2625	return err;	2625	return err;
2626	}	2626	}