[PATCH 4.14 105/148] RDMA/mlx5: Block delay drop to unprivileged users

From: Greg Kroah-Hartman
Date: Wed Apr 01 2020 - 12:45:36 EST


From: Maor Gottlieb <maorg@xxxxxxxxxxxx>

commit ba80013fba656b9830ef45cd40a6a1e44707f47a upstream.

It has been discovered that this feature can globally block the RX port,
so it should be allowed for highly privileged users only.

Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
Link: https://lore.kernel.org/r/20200322124906.1173790-1-leon@xxxxxxxxxx
Signed-off-by: Maor Gottlieb <maorg@xxxxxxxxxxxx>
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/infiniband/hw/mlx5/qp.c | 4 ++++
1 file changed, 4 insertions(+)

--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -4896,6 +4896,10 @@ struct ib_wq *mlx5_ib_create_wq(struct i
if (udata->outlen && udata->outlen < min_resp_len)
return ERR_PTR(-EINVAL);

+ if (!capable(CAP_SYS_RAWIO) &&
+ init_attr->create_flags & IB_WQ_FLAGS_DELAY_DROP)
+ return ERR_PTR(-EPERM);
+
dev = to_mdev(pd->device);
switch (init_attr->wq_type) {
case IB_WQT_RQ: