mptcp: fix security context on server socket

[ Upstream commit 0c14846032f2c0a3b63234e1fc2759f4155b6067 ]

Currently MPTCP is not propagating the security context
from the ingress request socket to newly created msk
at clone time.

Address the issue invoking the missing security helper.

Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 88f2a7a..967ce9c 100644 (file)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2081,6 +2081,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk,
        sock_reset_flag(nsk, SOCK_RCU_FREE);
        /* will be fully established after successful MPC subflow creation */
        inet_sk_state_store(nsk, TCP_SYN_RECV);
+
+       security_inet_csk_clone(nsk, req);
        bh_unlock_sock(nsk);
 
        /* keep a single reference */