diff options
authorMikulas Patocka <>2012-09-01 12:34:07 -0400
committerGreg Kroah-Hartman <>2012-09-14 10:00:23 -0700
commit43da476d7f734a1b55680668246d0237dde4ea57 (patch)
parent05d71a5a25da396f76ee942af6682dfaecc73e84 (diff)
Fix order of arguments to compat_put_time[spec|val]
commit ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d upstream. Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). Because of the user address range check, that in turn then causes an EFAULT due to the user pointer range checking failing for the kernel address. Incorrectly resuling in a failed system call for 32-bit processes with a 64-bit kernel. On odder architectures like HP-PA (with separate user/kernel address spaces), it can be used read kernel memory. Signed-off-by: Mikulas Patocka <> Signed-off-by: Linus Torvalds <> Signed-off-by: Greg Kroah-Hartman <>
1 files changed, 2 insertions, 2 deletions
diff --git a/net/socket.c b/net/socket.c
index 573b26152a3..06ffa0f2839 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2605,7 +2605,7 @@ static int do_siocgstamp(struct net *net, struct socket *sock,
err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
if (!err)
- err = compat_put_timeval(up, &ktv);
+ err = compat_put_timeval(&ktv, up);
return err;
@@ -2621,7 +2621,7 @@ static int do_siocgstampns(struct net *net, struct socket *sock,
err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
if (!err)
- err = compat_put_timespec(up, &kts);
+ err = compat_put_timespec(&kts, up);
return err;