Merge tag 'net-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

[sfrench/cifs-2.6.git] / net / ipv4 / tcp_cong.c

diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 563d016e7478302847d11a43f4c5832eb3989054..db5831e6c136acfcb28a5bbf6c585635bb7a0482 100644 (file)
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -230,6 +230,10 @@ int tcp_set_default_congestion_control(struct net *net, const char *name)
                ret = -ENOENT;
        } else if (!bpf_try_module_get(ca, ca->owner)) {
                ret = -EBUSY;
+       } else if (!net_eq(net, &init_net) &&
+                       !(ca->flags & TCP_CONG_NON_RESTRICTED)) {
+               /* Only init netns can set default to a restricted algorithm */
+               ret = -EPERM;
        } else {
                prev = xchg(&net->ipv4.tcp_congestion_control, ca);
                if (prev)