On 11/7/2017 10:55 AM, Jason Gunthorpe wrote: > On Tue, Nov 07, 2017 at 10:52:11AM -0600, Daniel Jurgens wrote: >> On 11/7/2017 10:46 AM, Jason Gunthorpe wrote: >>> On Tue, Nov 07, 2017 at 06:33:26PM +0200, Leon Romanovsky wrote: >>> >>>> - bool special_qp = (qp->qp_type == IB_QPT_SMI || >>>> - qp->qp_type == IB_QPT_GSI || >>>> - qp->qp_type >= IB_QPT_RESERVED1); >>>> + struct ib_qp *real_qp = qp->real_qp; >>>> + bool special_qp = (real_qp->qp_type == IB_QPT_SMI || >>>> + real_qp->qp_type == IB_QPT_GSI || >>>> + real_qp->qp_type >= IB_QPT_RESERVED1); >>> This QPT_RESERVED stuff was not supposed to be visible to the core >>> layer, so why are we adding checks in security???? >> The checks exclude those QPs from security enforcement. They've >> been there the whole time, you reviewed this previously right? > Nope > > .. and they shouldn't be there, those reserved QPTs are totally banned > from user space so it shouldn't matter for security > > Jason > This flow is through ib_modify_qp, it's not user space specific. If it really pains you that much it can be changed an inclusive compare instead of exclusive. This discussion isn't relevant to the content of the patch in question though.