From: Paolo Abeni <pabeni@redhat.com>

Date: Wed, 18 Jan 2023 13:24:12 +0100

Subject: net/ulp: use consistent error code when blocking ULP

Patch-mainline: v6.2-rc5

Git-commit: 8ccc99362b60c6f27bb46f36fdaaccf4ef0303de

References: CVE-2023-0461 bsc#1208787

The referenced commit changed the error code returned by the kernel

when preventing a non-established socket from attaching the ktls

ULP. Before to such a commit, the user-space got ENOTCONN instead

of EINVAL.

The existing self-tests depend on such error code, and the change

caused a failure:

  RUN           global.non_established ...

 tls.c:1673:non_established:Expected errno (22) == ENOTCONN (107)

 non_established: Test failed at step #3

          FAIL  global.non_established

In the unlikely event existing applications do the same, address

the issue by restoring the prior error code in the above scenario.

Note that the only other ULP performing similar checks at init

time - smc_ulp_ops - also fails with ENOTCONN when trying to attach

the ULP to a non-established socket.

Reported-by: Sabrina Dubroca <sd@queasysnail.net>

Fixes: 2c02d41d71f9 ("net/ulp: prevent ULP without clone op from entering the LISTEN status")

Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>

Link: https://lore.kernel.org/r/7bb199e7a93317fb6f8bf8b9b2dc71c18f337cde.1674042685.git.pabeni@redhat.com

Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Acked-by: Michal Kubecek <mkubecek@suse.cz>

---

 net/ipv4/tcp_ulp.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ipv4/tcp_ulp.c

+++ b/net/ipv4/tcp_ulp.c

@@ -136,7 +136,7 @@ static int __tcp_set_ulp(struct sock *sk, const struct tcp_ulp_ops *ulp_ops)

 	if (icsk->icsk_ulp_ops)

 		goto out_err;

-	err = -EINVAL;

+	err = -ENOTCONN;

 	if (!ulp_ops->clone && sk->sk_state == TCP_LISTEN)

 		goto out_err;