Commit 0c148460 authored by Paolo Abeni's avatar Paolo Abeni Committed by Jakub Kicinski

mptcp: fix security context on server socket

Currently MPTCP is not propagating the security context
from the ingress request socket to newly created msk
at clone time.

Address the issue invoking the missing security helper.

Fixes: cf7da0d6 ("mptcp: Create SUBFLOW socket for incoming connections")
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 49e27134
...@@ -2699,6 +2699,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk, ...@@ -2699,6 +2699,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk,
sock_reset_flag(nsk, SOCK_RCU_FREE); sock_reset_flag(nsk, SOCK_RCU_FREE);
/* will be fully established after successful MPC subflow creation */ /* will be fully established after successful MPC subflow creation */
inet_sk_state_store(nsk, TCP_SYN_RECV); inet_sk_state_store(nsk, TCP_SYN_RECV);
security_inet_csk_clone(nsk, req);
bh_unlock_sock(nsk); bh_unlock_sock(nsk);
/* keep a single reference */ /* keep a single reference */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment