net/tcp: Limit TCP_AO_REPAIR to non-listen sockets

Listen socket is not an established TCP connection, so setsockopt(TCP_AO_REPAIR) doesn't have any impact. Restrict this uAPI for listen sockets. Fixes: faadfaba5e01 ("net/tcp: Add TCP_AO_REPAIR") Signed-off-by: Dmitry Safonov <dima@arista.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
author: Dmitry Safonov <dima@arista.com> 2023-12-04 19:00:42 +0000
committer: Paolo Abeni <pabeni@redhat.com> 2023-12-06 12:36:55 +0100
commit: 965c00e4ea2e4df986ecd73c2fe9d3a00a2858db (patch)
tree: 7359e58c475214fa2e3762ccd44d7d2cbfd9882a
parent: da7dfaa6d6f731c30eca6ffa808b83634d43e26f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c9f078224569..ff6838ca2e58 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3610,6 +3610,10 @@ int do_tcp_setsockopt(struct sock *sk, int level, int optname,
 		break;
 
 	case TCP_AO_REPAIR:
+		if (!tcp_can_repair_sock(sk)) {
+			err = -EPERM;
+			break;
+		}
 		err = tcp_ao_set_repair(sk, optval, optlen);
 		break;
 #ifdef CONFIG_TCP_AO
@@ -4309,6 +4313,8 @@ zerocopy_rcv_out:
 	}
 #endif
 	case TCP_AO_REPAIR:
+		if (!tcp_can_repair_sock(sk))
+			return -EPERM;
 		return tcp_ao_get_repair(sk, optval, optlen);
 	case TCP_AO_GET_KEYS:
 	case TCP_AO_INFO: {
author	Dmitry Safonov <dima@arista.com>	2023-12-04 19:00:42 +0000
committer	Paolo Abeni <pabeni@redhat.com>	2023-12-06 12:36:55 +0100
commit	965c00e4ea2e4df986ecd73c2fe9d3a00a2858db (patch)
tree	7359e58c475214fa2e3762ccd44d7d2cbfd9882a
parent	da7dfaa6d6f731c30eca6ffa808b83634d43e26f (diff)