Skip to content

Commit 21e4356

Browse files
Paolo Abenidavem330
Paolo Abeni
authored and
davem330
committed
mptcp: fix locking for setsockopt corner-case
We need to call the __mptcp_nmpc_socket(), and later subflow socket access under the msk socket lock, or e.g. a racing connect() could change the socket status under the hood, with unexpected results. Fixes: 54635bd ("mptcp: add TCP_FASTOPEN_CONNECT socket option") Cc: [email protected] Signed-off-by: Paolo Abeni <[email protected]> Reviewed-by: Matthieu Baerts <[email protected]> Signed-off-by: Matthieu Baerts <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent d4e8592 commit 21e4356

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

net/mptcp/sockopt.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -760,14 +760,21 @@ static int mptcp_setsockopt_v4(struct mptcp_sock *msk, int optname,
760760
static int mptcp_setsockopt_first_sf_only(struct mptcp_sock *msk, int level, int optname,
761761
sockptr_t optval, unsigned int optlen)
762762
{
763+
struct sock *sk = (struct sock *)msk;
763764
struct socket *sock;
765+
int ret = -EINVAL;
764766

765767
/* Limit to first subflow, before the connection establishment */
768+
lock_sock(sk);
766769
sock = __mptcp_nmpc_socket(msk);
767770
if (!sock)
768-
return -EINVAL;
771+
goto unlock;
769772

770-
return tcp_setsockopt(sock->sk, level, optname, optval, optlen);
773+
ret = tcp_setsockopt(sock->sk, level, optname, optval, optlen);
774+
775+
unlock:
776+
release_sock(sk);
777+
return ret;
771778
}
772779

773780
static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,

0 commit comments

Comments
 (0)