smc: disallow TCP_ULP in smc_setsockopt()

syzbot is able to setup kTLS on an SMC socket which coincidentally
uses sk_user_data too. Later, kTLS treats it as psock so triggers a
refcnt warning. The root cause is that smc_setsockopt() simply calls
TCP setsockopt() which includes TCP_ULP. I do not think it makes
sense to setup kTLS on top of SMC sockets, so we should just disallow
this setup.

It is hard to find a commit to blame, but we can apply this patch
since the beginning of TCP_ULP.

Reported-and-tested-by: syzbot+b54a1ce86ba4a623b7f0@syzkaller.appspotmail.com
Fixes: 734942cc4e ("tcp: ULP infrastructure")
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Cong Wang 2021-05-05 12:40:48 -07:00 committed by David S. Miller
parent 2c16db6c92
commit 8621436671

View File

@ -2161,6 +2161,9 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
struct smc_sock *smc;
int val, rc;
if (level == SOL_TCP && optname == TCP_ULP)
return -EOPNOTSUPP;
smc = smc_sk(sk);
/* generic setsockopts reaching us here always apply to the
@ -2185,7 +2188,6 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
if (rc || smc->use_fallback)
goto out;
switch (optname) {
case TCP_ULP:
case TCP_FASTOPEN:
case TCP_FASTOPEN_CONNECT:
case TCP_FASTOPEN_KEY: