On Mon, Dec 24, 2018 at 11:05:16AM +0200, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
>
> Unsafe global rkey is considered extremely dangerous because it
> exposes memory registered for all memory in the system. Being
> unsafe, accompanied by warning in dmesg, the unsafe_global_rkey
> value should be presented to users with CAP_NET_ADMIN only.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.16
> Fixes: 29cf1351d450 ("RDMA/nldev: provide detailed PD information")
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
> ---
> It is targeted for -rc to ensure that it will be included in first pull
> request to Linus in this merge window.
> ---
> drivers/infiniband/core/nldev.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c
> index 573399e3ccc1..ff6468e7fe79 100644
> --- a/drivers/infiniband/core/nldev.c
> +++ b/drivers/infiniband/core/nldev.c
> @@ -580,10 +580,6 @@ static int fill_res_pd_entry(struct sk_buff *msg, struct netlink_callback *cb,
> if (nla_put_u64_64bit(msg, RDMA_NLDEV_ATTR_RES_USECNT,
> atomic_read(&pd->usecnt), RDMA_NLDEV_ATTR_PAD))
> goto err;
> - if ((pd->flags & IB_PD_UNSAFE_GLOBAL_RKEY) &&
> - nla_put_u32(msg, RDMA_NLDEV_ATTR_RES_UNSAFE_GLOBAL_RKEY,
> - pd->unsafe_global_rkey))
> - goto err;
What is the harm? the rkey is only usable within the PD it is
enabled on, and all the protos using this scheme go ahead and send it
to the remote side anyhow..
Jason
