ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user

Commit 553f770ef71b ("ipc: move compat shmctl to native") moved the
compat IPC syscall handling into ipc/shm.c and refactored the struct
accessors in the process. Unfortunately, the call to
copy_compat_shmid_to_user when handling a compat {IPC,SHM}_STAT command
gets the arguments the wrong way round, passing a kernel stack address
as the user buffer (destination) and the user buffer as the kernel stack
address (source).

This patch fixes the parameter ordering so the buffers are accessed
correctly.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/ipc/shm.c b/ipc/shm.c
index 1b3adfe3c60e259e7366aa76a23b14e7c1a173b5..1e2b1692ba2c6a3a9f4d03c1120334facdb446cf 100644 (file)
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1237,7 +1237,7 @@ COMPAT_SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, void __user *, uptr)
                err = shmctl_stat(ns, shmid, cmd, &sem64);
                if (err < 0)
                        return err;
-               if (copy_compat_shmid_to_user(&sem64, uptr, version))
+               if (copy_compat_shmid_to_user(uptr, &sem64, version))
                        err = -EFAULT;
                return err;