Return-Path: Received: from mail-wg0-f50.google.com ([74.125.82.50]:36284 "EHLO mail-wg0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752095AbbGOHKI (ORCPT ); Wed, 15 Jul 2015 03:10:08 -0400 Received: by wgxm20 with SMTP id m20so25567120wgx.3 for ; Wed, 15 Jul 2015 00:10:07 -0700 (PDT) Subject: Re: [PATCH V3 1/5] RDMA/core: Transport-independent access flags To: Jason Gunthorpe References: <20150709225306.GA30741@obsidianresearch.com> <559FC710.1050307@talpey.com> <20150710161108.GA19042@obsidianresearch.com> <55A00754.4010009@redhat.com> <55A01225.9000000@talpey.com> <20150710195420.GA31500@obsidianresearch.com> <20150711101736.GA14741@infradead.org> <20150713165748.GE23832@obsidianresearch.com> <20150714072536.GA7630@infradead.org> <55A4D0F1.7000909@dev.mellanox.co.il> <20150714172655.GB24403@obsidianresearch.com> Cc: "'Christoph Hellwig'" , Tom Talpey , Doug Ledford , Steve Wise , sagig@mellanox.com, ogerlitz@mellanox.com, roid@mellanox.com, linux-rdma@vger.kernel.org, eli@mellanox.com, target-devel@vger.kernel.org, linux-nfs@vger.kernel.org, trond.myklebust@primarydata.com, bfields@fieldses.org, Oren Duer From: Sagi Grimberg Message-ID: <55A6074A.7080002@dev.mellanox.co.il> Date: Wed, 15 Jul 2015 10:10:02 +0300 MIME-Version: 1.0 In-Reply-To: <20150714172655.GB24403@obsidianresearch.com> Content-Type: text/plain; charset=windows-1252; format=flowed Sender: linux-nfs-owner@vger.kernel.org List-ID: On 7/14/2015 8:26 PM, Jason Gunthorpe wrote: > On Tue, Jul 14, 2015 at 12:05:53PM +0300, Sagi Grimberg wrote: > >> iser has it too. I have a similar patch with a flag for iser (its >> behind a bulk of patches that are still pending though). > > Do we all agree and understand that stuff like this in > > drivers/infiniband/ulp/iser/iser_verbs.c > > device->mr = ib_get_dma_mr(device->pd, IB_ACCESS_LOCAL_WRITE | > IB_ACCESS_REMOTE_WRITE | > IB_ACCESS_REMOTE_READ); > > Represents a significant security risk to the machine, and must be > off be default? > > Can you take care of fixing this for iser? I will. It is part of a patchset I have to support remote invalidate in iser and isert. Sagi.