[PATCH rdma-rc v1] RDMA/mlx5: Block delay drop to unprivileged users

Leon Romanovsky <leon@xxxxxxxxxx> · Sun, 22 Mar 2020 14:49:06 +0200

From: Maor Gottlieb <maorg@xxxxxxxxxxxx>

Since this feature can globally block the RX port, it should
be allowed to privileged users only.

Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
---
 Changelog:
 v1: Changed permission from CAP_NET_RAW to be CAP_SYS_RAWIO like in
    the devx code.
 v0: https://lore.kernel.org/linux-rdma/20200318100223.46436-1-leon@xxxxxxxxxx
---
 drivers/infiniband/hw/mlx5/qp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index d3055f3eb0b6..cf44c5a21f18 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -6247,6 +6247,10 @@ struct ib_wq *mlx5_ib_create_wq(struct ib_pd *pd,
 	if (udata->outlen && udata->outlen < min_resp_len)
 		return ERR_PTR(-EINVAL);

+	if (!capable(CAP_SYS_RAWIO) &&
+	    init_attr->create_flags & IB_WQ_FLAGS_DELAY_DROP)
+		return ERR_PTR(-EPERM);
+
 	dev = to_mdev(pd->device);
 	switch (init_attr->wq_type) {
 	case IB_WQT_RQ:
--
2.24.1







