diff options
author | Al Viro <viro@ZenIV.linux.org.uk> | 2015-03-14 05:34:56 +0000 |
---|---|---|
committer | Willy Tarreau <w@1wt.eu> | 2015-05-24 10:10:49 +0200 |
commit | 876846f70a6a1fbee8fadea9eb1a82e3ef04729f (patch) | |
tree | e936e79acb6ed6e2410a824df70c9dadb1541727 | |
parent | 71372d0e02d5ce142d36f963b7eda542876da75f (diff) | |
download | lwn-876846f70a6a1fbee8fadea9eb1a82e3ef04729f.tar.gz lwn-876846f70a6a1fbee8fadea9eb1a82e3ef04729f.zip |
rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg()
[ Upstream commit 7d985ed1dca5c90535d67ce92ef6ca520302340a ]
[I would really like an ACK on that one from dhowells; it appears to be
quite straightforward, but...]
MSG_PEEK isn't passed to ->recvmsg() via msg->msg_flags; as the matter of
fact, neither the kernel users of rxrpc, nor the syscalls ever set that bit
in there. It gets passed via flags; in fact, another such check in the same
function is done correctly - as flags & MSG_PEEK.
It had been that way (effectively disabled) for 8 years, though, so the patch
needs beating up - that case had never been tested. If it is correct, it's
-stable fodder.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
(cherry picked from commit 10c82cd7d46e4c525b046c399fcd285ce138198e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
-rw-r--r-- | net/rxrpc/ar-recvmsg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c index d5630d915d9c..b6076b231b49 100644 --- a/net/rxrpc/ar-recvmsg.c +++ b/net/rxrpc/ar-recvmsg.c @@ -86,7 +86,7 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, if (!skb) { /* nothing remains on the queue */ if (copied && - (msg->msg_flags & MSG_PEEK || timeo == 0)) + (flags & MSG_PEEK || timeo == 0)) goto out; /* wait for a message to turn up */ |