Message ID | 3a0d657c067957c1dc18310c63179fade8f9a563.1607704071.git.pabeni@redhat.com |
---|---|
State | Accepted, archived |
Commit | 43befa4d4bfd0ff5ab1b36aee50c1492c4d717b9 |
Delegated to: | Matthieu Baerts |
Headers | show |
Series | [mptcp-net] mptcp: fix security context on server socket | expand |
Hi Paolo, On 11/12/2020 17:28, Paolo Abeni wrote: > Currently MPTCP is not propagating the security context > from the ingress request socket to newly created msk > at clone time. > > Address the issue invoking the missing security helper. Thank you for this fix! Now in our tree! - 43befa4d4bfd: mptcp: fix security context on server socket - Results: d73b2c933a85..e1e3f281c849 Tests + export are going to be started soon! Cheers, Matt
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 88f2a7a0ccb8..967ce9ccfc0d 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2081,6 +2081,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk, sock_reset_flag(nsk, SOCK_RCU_FREE); /* will be fully established after successful MPC subflow creation */ inet_sk_state_store(nsk, TCP_SYN_RECV); + + security_inet_csk_clone(nsk, req); bh_unlock_sock(nsk); /* keep a single reference */
Currently MPTCP is not propagating the security context from the ingress request socket to newly created msk at clone time. Address the issue invoking the missing security helper. Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections") Signed-off-by: Paolo Abeni <pabeni@redhat.com> --- net/mptcp/protocol.c | 2 ++ 1 file changed, 2 insertions(+)