tcp: fix MSG_PEEK race check

[safe/jmp/linux-2.6] / net / ipv4 / tcp.c

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 1d7f49c..7a0f0b2 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1321,6 +1321,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        struct task_struct *user_recv = NULL;
        int copied_early = 0;
        struct sk_buff *skb;
+       u32 urg_hole = 0;
 
        lock_sock(sk);
 
@@ -1532,7 +1533,8 @@ do_prequeue:
                                }
                        }
                }
-               if ((flags & MSG_PEEK) && peek_seq != tp->copied_seq) {
+               if ((flags & MSG_PEEK) &&
+                   (peek_seq - copied - urg_hole != tp->copied_seq)) {
                        if (net_ratelimit())
                                printk(KERN_DEBUG "TCP(%s:%d): Application bug, race in MSG_PEEK.\n",
                                       current->comm, task_pid_nr(current));
@@ -1553,6 +1555,7 @@ do_prequeue:
                                if (!urg_offset) {
                                        if (!sock_flag(sk, SOCK_URGINLINE)) {
                                                ++*seq;
+                                               urg_hole++;
                                                offset++;
                                                used--;
                                                if (!used)