diff options
author | Florian Westphal <fw@strlen.de> | 2021-09-23 17:04:11 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2021-09-24 10:51:36 +0100 |
commit | ea1300b9df7c8e8b65695a08b8f6aaf4b25fec9c (patch) | |
tree | f43dbc42ad77111069190f44356c68ca7260f4ff /net/mptcp/subflow.c | |
parent | f7e745f8e94492a8ac0b0a26e25f2b19d342918f (diff) | |
download | lwn-ea1300b9df7c8e8b65695a08b8f6aaf4b25fec9c.tar.gz lwn-ea1300b9df7c8e8b65695a08b8f6aaf4b25fec9c.zip |
mptcp: don't return sockets in foreign netns
mptcp_token_get_sock() may return a mptcp socket that is in
a different net namespace than the socket that received the token value.
The mptcp syncookie code path had an explicit check for this,
this moves the test into mptcp_token_get_sock() function.
Eventually token.c should be converted to pernet storage, but
such change is not suitable for net tree.
Fixes: 2c5ebd001d4f0 ("mptcp: refactor token container")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mptcp/subflow.c')
-rw-r--r-- | net/mptcp/subflow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1de7ce883c37..6172f380dfb7 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -86,7 +86,7 @@ static struct mptcp_sock *subflow_token_join_request(struct request_sock *req) struct mptcp_sock *msk; int local_id; - msk = mptcp_token_get_sock(subflow_req->token); + msk = mptcp_token_get_sock(sock_net(req_to_sk(req)), subflow_req->token); if (!msk) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINNOTOKEN); return NULL; |