io_uring: restrict IORING_SETUP_SQPOLL to root

This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: Jens Axboe <axboe@kernel.dk>

io_uring: restrict IORING_SETUP_SQPOLL to root
This options spawns a kernel side thread that will poll for submissions (and completions, if IORING_SETUP_IOPOLL is set). As this allows a user to potentially use more cycles outside of the normal hierarchy, restrict the use of this feature to root. Signed-off-by: Jens Axboe <axboe@kernel.dk>
3ec482d1 · Jens Axboe · 70423667 · 3ec482d1
Commit 3ec482d1 authored Apr 08, 2019 by Jens Axboe
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

fs/io_uring.c fs/io_uring.c +4 -0

No files found.
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -2245,6 +2245,10 @@ static int io_sq_offload_start(struct io_ring_ctx *ctx,
 		goto err;
 	if (ctx->flags & IORING_SETUP_SQPOLL) {
+		ret = -EPERM;
+		if (!capable(CAP_SYS_ADMIN))
+			goto err;
 		if (p->flags & IORING_SETUP_SQ_AFF) {
 			int cpu;