sctp: do not peel off an assoc from one netns to another one

[pandora-kernel.git] / net / sctp / socket.c

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 93ea5ac..3975265 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -71,6 +71,7 @@
 #include <linux/crypto.h>
 #include <linux/slab.h>
 #include <linux/compat.h>
+#include <linux/nsproxy.h>
 
 #include <net/ip.h>
 #include <net/icmp.h>
@@ -4242,6 +4243,10 @@ SCTP_STATIC int sctp_do_peeloff(struct sctp_association *asoc,
        struct sctp_af *af;
        int err = 0;
 
+       /* Do not peel off from one netns to another one. */
+       if (!net_eq(current->nsproxy->net_ns, sock_net(sk)))
+               return -EINVAL;
+
        /* If there is a thread waiting on more sndbuf space for
         * sending on this asoc, it cannot be peeled.
         */