Patch "Fix order of arguments to compat_put_time[spec|val]" has been added to the 3.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    Fix order of arguments to compat_put_time[spec|val]

to the 3.4-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fix-order-of-arguments-to-compat_put_time.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d Mon Sep 17 00:00:00 2001
From: Mikulas Patocka <mpato...@redhat.com>
Date: Sat, 1 Sep 2012 12:34:07 -0400
Subject: Fix order of arguments to compat_put_time[spec|val]

From: Mikulas Patocka <mpato...@redhat.com>

commit ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d upstream.

Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
net/socket.c") introduced a bug where the helper functions to take
either a 64-bit or compat time[spec|val] got the arguments in the wrong
order, passing the kernel stack pointer off as a user pointer (and vice
versa).

Because of the user address range check, that in turn then causes an
EFAULT due to the user pointer range checking failing for the kernel
address.  Incorrectly resuling in a failed system call for 32-bit
processes with a 64-bit kernel.

On odder architectures like HP-PA (with separate user/kernel address
spaces), it can be used read kernel memory.

Signed-off-by: Mikulas Patocka <mpato...@redhat.com>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 net/socket.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/socket.c
+++ b/net/socket.c
@@ -2605,7 +2605,7 @@ static int do_siocgstamp(struct net *net
        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
        set_fs(old_fs);
        if (!err)
-               err = compat_put_timeval(up, &ktv);
+               err = compat_put_timeval(&ktv, up);
 
        return err;
 }
@@ -2621,7 +2621,7 @@ static int do_siocgstampns(struct net *n
        err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
        set_fs(old_fs);
        if (!err)
-               err = compat_put_timespec(up, &kts);
+               err = compat_put_timespec(&kts, up);
 
        return err;
 }


Patches currently in stable-queue which might be from mpato...@redhat.com are

queue-3.4/fix-order-of-arguments-to-compat_put_time.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html