On Fri, Jul 10, 2015 at 01:54:20PM -0600, Jason Gunthorpe wrote: > diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c > index bac3fb406a74..6ed7e0f6c162 100644 > --- a/drivers/infiniband/core/verbs.c > +++ b/drivers/infiniband/core/verbs.c > @@ -1126,6 +1126,12 @@ struct ib_mr *ib_get_dma_mr(struct ib_pd *pd, int mr_access_flags) > struct ib_mr *mr; > int err; > > + /* Granting remote access to the physical MR is a security hole, don't > + do it. */ > + WARN_ON_ONCE(mr_access_flags & > + (IB_ACCESS_REMOTE_WRITE | IB_ACCESS_REMOTE_READ | > + IB_ACCESS_REMOTE_ATOMIC)); > + How about providing a system-wide IB_ACCESS_LOCAL_READ | IB_ACCESS_LOCAL_WRITE MR that all drivers can use and get rid of ib_get_dma_mr in the long run? That would help to nicely simplify drivers? Currently various drivers are using ib_get_dma_mr with remote flags unfortunately, e.g. the SRP initiator driver uses it to optimize away memory registrtions for single SGL entry requests. That looks fixable realtively easily, but I don't understand the other consumers as good. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
