io_uring: restrict IORING_SETUP_SQPOLL to root

mainline inclusion from mainline-5.1-rc5 commit 3ec482d1 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA --------------------------- This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: N Jens Axboe <axboe@kernel.dk> Signed-off-by: N Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: N yangerkun <yangerkun@huawei.com> Reviewed-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N Cheng Jian <cj.chengjian@huawei.com>

io_uring: restrict IORING_SETUP_SQPOLL to root
mainline inclusion from mainline-5.1-rc5 commit 3ec482d1 category: feature bugzilla: https://bugzilla.openeuler.org/show_bug.cgi?id=27 CVE: NA --------------------------- This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: N Jens Axboe <axboe@kernel.dk> Signed-off-by: N Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: N yangerkun <yangerkun@huawei.com> Reviewed-by: N zhangyi (F) <yi.zhang@huawei.com> Signed-off-by: N Cheng Jian <cj.chengjian@huawei.com>
bb52d99a · Jens Axboe · Cheng Jian · 2b574952 · bb52d99a
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

fs/io_uring.c fs/io_uring.c +4 -0

未找到文件。
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2242,6 +2242,10 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
 		goto err;

 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+		ret = -EPERM;
+		if (!capable(CAP_SYS_ADMIN))
+			goto err;
+
 		if (p->flags & IORING_SETUP_SQ_AFF) {
 			int cpu;