From: Jens Axboe <axboe@kernel.dk>
Date: Mon, 8 Apr 2019 16:51:01 +0000 (-0600)
Subject: io_uring: restrict IORING_SETUP_SQPOLL to root
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=3ec482d15cb986bf08b923f9193eeddb3b9ca69f;p=linux.git

io_uring: restrict IORING_SETUP_SQPOLL to root

This options spawns a kernel side thread that will poll for submissions
(and completions, if IORING_SETUP_IOPOLL is set). As this allows a user
to potentially use more cycles outside of the normal hierarchy,
restrict the use of this feature to root.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
---

diff --git a/fs/io_uring.c b/fs/io_uring.c
index 07d6ef195d05a..89aa8412b5f59 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2245,6 +2245,10 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
 		goto err;
 
 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+		ret = -EPERM;
+		if (!capable(CAP_SYS_ADMIN))
+			goto err;
+
 		if (p->flags & IORING_SETUP_SQ_AFF) {
 			int cpu;