UPSTREAM: packet: fix tp_reserve race in packet_set_ring

[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

BUG=chromium:780782
TEST=trybot

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 63364a508d24944abb0975bd823cb11367c56283)
Signed-off-by: Daniel Wang <wonderfly@google.com>

Change-Id: I427f6c69ac1a57859be921bd3914a62de29ed7f4
Reviewed-on: https://chromium-review.googlesource.com/759137
Tested-by: Daniel Wang <wonderfly@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Commit-Queue: Daniel Wang <wonderfly@google.com>
1 file changed