io_uring: restrict IORING_SETUP_SQPOLL to root

commit 3ec482d15cb986bf08b923f9193eeddb3b9ca69f upstream. This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: N Jens Axboe <axboe@kernel.dk> Signed-off-by: N Joseph Qi <joseph.qi@linux.alibaba.com> Reviewed-by: N Jeffle Xu <jefflexu@linux.alibaba.com> Acked-by: N Caspar Zhang <caspar@linux.alibaba.com>

io_uring: restrict IORING_SETUP_SQPOLL to root
commit 3ec482d15cb986bf08b923f9193eeddb3b9ca69f upstream. This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: N Jens Axboe <axboe@kernel.dk> Signed-off-by: N Joseph Qi <joseph.qi@linux.alibaba.com> Reviewed-by: N Jeffle Xu <jefflexu@linux.alibaba.com> Acked-by: N Caspar Zhang <caspar@linux.alibaba.com>
29745a0d · Jens Axboe · Caspar Zhang · 204fcca3 · 29745a0d
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

fs/io_uring.c fs/io_uring.c +4 -0

未找到文件。
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2245,6 +2245,10 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
 		goto err;

 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+		ret = -EPERM;
+		if (!capable(CAP_SYS_ADMIN))
+			goto err;
+
 		if (p->flags & IORING_SETUP_SQ_AFF) {
 			int cpu;