[rdma-rc] RDMA/mlx5: Block delay drop to unprivileged users

Commit Message

Leon Romanovsky March 18, 2020, 10:02 a.m. UTC

From: Maor Gottlieb <maorg@mellanox.com>

Since this feature can globally block the RX port, it should
be allowed to privileged users only.

Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
---
We didn't put this check in IB/core because it is unclear if it can be
applicable to all vendors, but for the mlx5 it is clear, due to how wq
is created.
---
 drivers/infiniband/hw/mlx5/qp.c | 4 ++++
 1 file changed, 4 insertions(+)

--
2.24.1

Comments

Leon Romanovsky March 19, 2020, 2:03 p.m. UTC | #1

On Wed, Mar 18, 2020 at 12:02:23PM +0200, Leon Romanovsky wrote:
> From: Maor Gottlieb <maorg@mellanox.com>
>
> Since this feature can globally block the RX port, it should
> be allowed to privileged users only.
>
> Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
> Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
> Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
> ---
> We didn't put this check in IB/core because it is unclear if it can be
> applicable to all vendors, but for the mlx5 it is clear, due to how wq
> is created.
> ---
>  drivers/infiniband/hw/mlx5/qp.c | 4 ++++
>  1 file changed, 4 insertions(+)
>

Please drop this patch, it needs to be resent.

Thanks

Patch

diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index d3055f3eb0b6..88db580f7272 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -6247,6 +6247,10 @@  struct ib_wq *mlx5_ib_create_wq(struct ib_pd *pd,
 	if (udata->outlen && udata->outlen < min_resp_len)
 		return ERR_PTR(-EINVAL);

+	if (!capable(CAP_NET_RAW) &&
+	    init_attr->create_flags & IB_WQ_FLAGS_DELAY_DROP)
+		return ERR_PTR(-EPERM);
+
 	dev = to_mdev(pd->device);
 	switch (init_attr->wq_type) {
 	case IB_WQT_RQ: