diff options
author | Paolo Abeni <pabeni@redhat.com> | 2020-12-16 12:48:32 +0100 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-12-17 10:24:47 -0800 |
commit | 0c14846032f2c0a3b63234e1fc2759f4155b6067 (patch) | |
tree | 71d4f6e72a041532c25b2aa6969639c446be5c7f /net | |
parent | 49e27134f6e9ebcd08c04a98ab7f0574b5a81a35 (diff) | |
download | linux-0c14846032f2c0a3b63234e1fc2759f4155b6067.tar.bz2 |
mptcp: fix security context on server socket
Currently MPTCP is not propagating the security context
from the ingress request socket to newly created msk
at clone time.
Address the issue invoking the missing security helper.
Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/mptcp/protocol.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b812aaae8044..d24243a28fce 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2699,6 +2699,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk, sock_reset_flag(nsk, SOCK_RCU_FREE); /* will be fully established after successful MPC subflow creation */ inet_sk_state_store(nsk, TCP_SYN_RECV); + + security_inet_csk_clone(nsk, req); bh_unlock_sock(nsk); /* keep a single reference */ |