tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup

Whenever the ULP data on the socket is mangled, enforce that the
caller has the socket lock held as otherwise things may race with
initialization and cleanup callbacks from ulp ops as both would
mangle internal socket state.

Joint work with John.

Signed-off-by: Daniel Borkmann <[email protected]>
Signed-off-by: John Fastabend <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>

Author: borkmann

net/ipv4/tcp_ulp.c

@@ -123,6 +123,8 @@ void tcp_cleanup_ulp(struct sock *sk)
 {
 	struct inet_connection_sock *icsk = inet_csk(sk);
 
+	sock_owned_by_me(sk);
+
 	if (!icsk->icsk_ulp_ops)
 		return;
 
@@ -140,6 +142,7 @@ int tcp_set_ulp(struct sock *sk, const char *name)
 	const struct tcp_ulp_ops *ulp_ops;
 	int err = 0;
 
+	sock_owned_by_me(sk);
 	if (icsk->icsk_ulp_ops)
 		return -EEXIST;
 
@@ -168,6 +171,7 @@ int tcp_set_ulp_id(struct sock *sk, int ulp)
 	const struct tcp_ulp_ops *ulp_ops;
 	int err;
 
+	sock_owned_by_me(sk);
 	if (icsk->icsk_ulp_ops)
 		return -EEXIST;