net/smc: Add warning about remote memory exposure

[ Upstream commit 19a0f7e37c0761a0a1cbf550705a6063c9675223 ]

The driver explicitly bypasses APIs to register all memory once a
connection is made, and thus allows remote access to memory.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Acked-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/smc/Kconfig b/net/smc/Kconfig
index c717ef0896aa2accaee05e3cf4c10d066c61eeb3..33954852f3f89b3bd05595a159e5c2ed56d074ad 100644 (file)
--- a/net/smc/Kconfig
+++ b/net/smc/Kconfig
@@ -8,6 +8,10 @@ config SMC
          The Linux implementation of the SMC-R solution is designed as
          a separate socket family SMC.
 
+         Warning: SMC will expose all memory for remote reads and writes
+         once a connection is established.  Don't enable this option except
+         for tightly controlled lab environment.
+
          Select this option if you want to run SMC socket applications
 
 config SMC_DIAG