RDMA/mlx5: Block delay drop to unprivileged users

commit ba80013fba656b9830ef45cd40a6a1e44707f47a upstream.

It has been discovered that this feature can globally block the RX port,
so it should be allowed for highly privileged users only.

Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
Link: https://lore.kernel.org/r/20200322124906.1173790-1-leon@kernel.org
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index 84c962820aa2a891d6c3c1655eddc3536f1e398c..0cb60072c82f3fbcf1cbe74f1fa64f92d93c5dc2 100644 (file)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -4896,6 +4896,10 @@ struct ib_wq *mlx5_ib_create_wq(struct ib_pd *pd,
        if (udata->outlen && udata->outlen < min_resp_len)
                return ERR_PTR(-EINVAL);
 
+       if (!capable(CAP_SYS_RAWIO) &&
+           init_attr->create_flags & IB_WQ_FLAGS_DELAY_DROP)
+               return ERR_PTR(-EPERM);
+
        dev = to_mdev(pd->device);
        switch (init_attr->wq_type) {
        case IB_WQT_RQ: