Commit 21e43569 authored by Paolo Abeni's avatar Paolo Abeni Committed by David S. Miller
Browse files

mptcp: fix locking for setsockopt corner-case 



We need to call the __mptcp_nmpc_socket(), and later subflow socket
access under the msk socket lock, or e.g. a racing connect() could
change the socket status under the hood, with unexpected results.

Fixes: 54635bd0 ("mptcp: add TCP_FASTOPEN_CONNECT socket option")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d4e85922

net/mptcp/sockopt.c

+9 −2
Original line number Diff line number Diff line
@@ -760,14 +760,21 @@ static int mptcp_setsockopt_v4(struct mptcp_sock *msk, int optname, 
static int mptcp_setsockopt_first_sf_only(struct mptcp_sock *msk, int level, int optname,

					  sockptr_t optval, unsigned int optlen)

{

	struct sock *sk = (struct sock *)msk;

	struct socket *sock;

	int ret = -EINVAL;



	/* Limit to first subflow, before the connection establishment */

	lock_sock(sk);

	sock = __mptcp_nmpc_socket(msk);

	if (!sock)

		return -EINVAL;

		goto unlock;



	return tcp_setsockopt(sock->sk, level, optname, optval, optlen);

	ret = tcp_setsockopt(sock->sk, level, optname, optval, optlen);



unlock:

	release_sock(sk);

	return ret;

}



static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,