tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup

Whenever the ULP data on the socket is mangled, enforce that the
caller has the socket lock held as otherwise things may race with
initialization and cleanup callbacks from ulp ops as both would
mangle internal socket state.

Joint work with John.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index a5995bb2eaca2df06ce0abd8f83107b08c1516c3..34e96353f11587372f13256474c196c0e48f9239 100644 (file)
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -123,6 +123,8 @@ void tcp_cleanup_ulp(struct sock *sk)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
 
+       sock_owned_by_me(sk);
+
        if (!icsk->icsk_ulp_ops)
                return;
 
@@ -140,6 +142,7 @@ int tcp_set_ulp(struct sock *sk, const char *name)
        const struct tcp_ulp_ops *ulp_ops;
        int err = 0;
 
+       sock_owned_by_me(sk);
        if (icsk->icsk_ulp_ops)
                return -EEXIST;
 
@@ -168,6 +171,7 @@ int tcp_set_ulp_id(struct sock *sk, int ulp)
        const struct tcp_ulp_ops *ulp_ops;
        int err;
 
+       sock_owned_by_me(sk);
        if (icsk->icsk_ulp_ops)
                return -EEXIST;