Commit 0c148460 authored by Paolo Abeni's avatar Paolo Abeni Committed by Jakub Kicinski
Browse files

mptcp: fix security context on server socket 



Currently MPTCP is not propagating the security context
from the ingress request socket to newly created msk
at clone time.

Address the issue invoking the missing security helper.

Fixes: cf7da0d6 ("mptcp: Create SUBFLOW socket for incoming connections")
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 49e27134

net/mptcp/protocol.c

+2 −0
Original line number Diff line number Diff line
@@ -2699,6 +2699,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk, 
	sock_reset_flag(nsk, SOCK_RCU_FREE);

	/* will be fully established after successful MPC subflow creation */

	inet_sk_state_store(nsk, TCP_SYN_RECV);



	security_inet_csk_clone(nsk, req);

	bh_unlock_sock(nsk);



	/* keep a single reference */

CRA Git | Maintained and supported by SUSTech CRA and CCSE