lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  7 Jul 2017 22:48:51 +1000
From:   Michael Ellerman <mpe@...erman.id.au>
To:     torvalds@...ux-fondation.org
Cc:     viro@...iv.linux.org.uk, linux-kernel@...r.kernel.org,
        linuxppc-dev@...abs.org, linux-fsdevel@...r.kernel.org
Subject: [PATCH] fs/fcntl: Fix F_GET/SETLK etc. for compat processes

Commit 8c6657cb50cb ("Switch flock copyin/copyout primitives to
copy_{from,to}_user()") added copy_flock_fields(from, to), but then in all cases
called it with arguments of (to, from). eg:

  static int get_compat_flock(struct flock *kfl, struct compat_flock __user *ufl)
  {
  	struct compat_flock fl;

  	if (copy_from_user(&fl, ufl, sizeof(struct compat_flock)))
  		return -EFAULT;
  	copy_flock_fields(*kfl, fl);
  	return 0;
  }

We are reading the compat_flock ufl from userspace, into flock kfl. First we
copy all of ufl into fl on the stack, and then we want to assign each field of
fl to kfl. So we are copying from fl and to kfl. But as written the
copy_flock_fields() macro takes the arguments in the other order.

copy_to/from_user() take "to" as the first argument, so change the order of
arguments in the copy_flock_fields() macro, rather than changing the callers.

Fixes: 8c6657cb50cb ("Switch flock copyin/copyout primitives to copy_{from,to}_user()")
Signed-off-by: Michael Ellerman <mpe@...erman.id.au>
---
 fs/fcntl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/fcntl.c b/fs/fcntl.c
index b6bd89628025..f40e3a9c10a5 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -520,7 +520,7 @@ SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
 
 #ifdef CONFIG_COMPAT
 /* careful - don't use anywhere else */
-#define copy_flock_fields(from, to)		\
+#define copy_flock_fields(to, from)		\
 	(to).l_type = (from).l_type;		\
 	(to).l_whence = (from).l_whence;	\
 	(to).l_start = (from).l_start;		\
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ