mptcp: fix security context on server socket

Currently MPTCP is not propagating the security context from the ingress request socket to newly created msk at clone time. Address the issue invoking the missing security helper. Fixes: cf7da0d ("mptcp: Create SUBFLOW socket for incoming connections") Signed-off-by: Paolo Abeni <[email protected]> Reviewed-by: Mat Martineau <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]>
tobetter · Dec 17, 2020 · 0c14846 · 0c14846
1 parent 49e2713
commit 0c14846
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
@@ -2699,6 +2699,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk,
 	sock_reset_flag(nsk, SOCK_RCU_FREE);
 	/* will be fully established after successful MPC subflow creation */
 	inet_sk_state_store(nsk, TCP_SYN_RECV);
+
+	security_inet_csk_clone(nsk, req);
 	bh_unlock_sock(nsk);
 
 	/* keep a single reference */