UPSTREAM: packet: fix tp_reserve race in packet_set_ring

[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.


Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <>
Signed-off-by: Willem de Bruijn <>
Signed-off-by: David S. Miller <>
Signed-off-by: Greg Kroah-Hartman <>
(cherry picked from commit 63364a508d24944abb0975bd823cb11367c56283)
Signed-off-by: Daniel Wang <>

Change-Id: I427f6c69ac1a57859be921bd3914a62de29ed7f4
Tested-by: Daniel Wang <>
Reviewed-by: Guenter Roeck <>
Commit-Queue: Daniel Wang <>
1 file changed