RDMA/nldev: Don't expose unsafe global rkey to regular user
authorLeon Romanovsky <leonro@mellanox.com>
Mon, 24 Dec 2018 09:05:16 +0000 (11:05 +0200)
committerJason Gunthorpe <jgg@mellanox.com>
Mon, 7 Jan 2019 20:35:57 +0000 (13:35 -0700)
commita9666c1cae8dbcd1a9aacd08a778bf2a28eea300
treeb79068020a4df3cc0d8139e020bd2e92c40a0c1e
parentf687ccea10d23a9b0faed67ceac535b76604669a
RDMA/nldev: Don't expose unsafe global rkey to regular user

Unsafe global rkey is considered dangerous because it exposes memory
registered for all memory in the system. Only users with a QP on the same
PD can use the rkey, and generally those QPs will already know the
value. However, out of caution, do not expose the value to unprivleged
users on the local system. Require CAP_NET_ADMIN instead.

Cc: <stable@vger.kernel.org> # 4.16
Fixes: 29cf1351d450 ("RDMA/nldev: provide detailed PD information")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
drivers/infiniband/core/nldev.c