From patchwork Mon Sep 18 16:47:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 112937 Delivered-To: patch@linaro.org Received: by 10.80.163.150 with SMTP id s22csp81019edb; Mon, 18 Sep 2017 09:47:33 -0700 (PDT) X-Google-Smtp-Source: AOwi7QC53sX9zhg1o1ujQ8qpBhyf0azkuW+cfKdttdLNFEBtQiByWivY/1wvZKrYqmKUbWvuTipw X-Received: by 10.84.246.203 with SMTP id j11mr5790740plt.312.1505753253673; Mon, 18 Sep 2017 09:47:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505753253; cv=none; d=google.com; s=arc-20160816; b=RmYi4GQ5J2nUgomfjuJDJ6+v7omn63sy+RKmXUd5qZKwLIW8o/qyAxFTan+7fTBVLV A32OJ86HD+d6o8EKv73CY80byEb6MoIEDrXhvzHdvC33W+BnTJmvThZlEjiDZ5xPrPWQ cGIUhPoCEqfNKH2a0ictm6xMgnayIusGR0WdY+JFVCuzY8Pya+8JsIMgy+Gdx8pAvPST NmtnhUY5MewHmu8ONva2nAFZSZC1M79maNRNIwNq6Tze8tokVg2ImYvP7YyIDJuLC4xX 1u+kz8mBcwjvlW4gaHj7sT2xmLjaHaqcAFxNysudf1PiqGOWjG1JmgVYGqq/d3PuoF2+ zUzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=xS0QdfN/TKD2+YF2S1B0xsz40PcjjeMeKoaqulrNBbM=; b=uNb9UK5/VyhuMSZWOur2GcL95cIQ6vqoizBOF4kRhXy0uAyWJQC8kc/fbK7Spo+AUy bYwmPCZuLz+ErnAtSap5PJTlTCgMzPx/PHqnw9UcVq2psjxk3dmnwqyBcdc9fea8WyK1 7awVa4hpOp/uQdBKQhFQhBKKbeI2GB44DXIWJYH7QbdwNxcCQ2tMQrxsv9stC/ubA2K3 NUxH69Pd0hJ7DhVihYCu3uHJlfwy61RCH4n1a+YTl3Sd82IQhMf3APL63S0oca2C6JM6 ltXVL0/6eVZ+P/p8FMR7nI7pgiSuRhmiZm3Xv15X3Epx/PMdXLIVdiJsOxnEJV9djshf pG5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p33si983424pld.217.2017.09.18.09.47.33; Mon, 18 Sep 2017 09:47:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932957AbdIRQrb (ORCPT + 26 others); Mon, 18 Sep 2017 12:47:31 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41116 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932658AbdIRQr2 (ORCPT ); Mon, 18 Sep 2017 12:47:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0ABBF1435; Mon, 18 Sep 2017 09:47:28 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CCE923F578; Mon, 18 Sep 2017 09:47:27 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 311FA1AE3BB5; Mon, 18 Sep 2017 17:47:39 +0100 (BST) From: Will Deacon To: viro@zeniv.linux.org.uk Cc: linux-kernel@vger.kernel.org, Will Deacon , Andrew Morton Subject: [PATCH] ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user Date: Mon, 18 Sep 2017 17:47:38 +0100 Message-Id: <1505753258-19470-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 553f770ef71b ("ipc: move compat shmctl to native") moved the compat IPC syscall handling into ipc/shm.c and refactored the struct accessors in the process. Unfortunately, the call to copy_compat_shmid_to_user when handling a compat {IPC,SHM}_STAT command gets the arguments the wrong way round, passing a kernel stack address as the user buffer (destination) and the user buffer as the kernel stack address (source). This patch fixes the parameter ordering so the buffers are accessed correctly. Cc: Al Viro Cc: Andrew Morton Signed-off-by: Will Deacon --- ipc/shm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.1.4 diff --git a/ipc/shm.c b/ipc/shm.c index 1b3adfe3c60e..1e2b1692ba2c 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1237,7 +1237,7 @@ COMPAT_SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, void __user *, uptr) err = shmctl_stat(ns, shmid, cmd, &sem64); if (err < 0) return err; - if (copy_compat_shmid_to_user(&sem64, uptr, version)) + if (copy_compat_shmid_to_user(uptr, &sem64, version)) err = -EFAULT; return err;