On Mon, Oct 30, 2017 at 05:07:53PM -0600, Jason Gunthorpe wrote:
> On Mon, Oct 30, 2017 at 09:09:52PM +0200, Leon Romanovsky wrote:
>
> > However, I don't think that kernel to libibverbs API should follow the
> > same path. The centralized entry points to the kernel provides better
> > enforcement and minimizes system call bloat.
>
> How so? I didn't think selinux intersected with the CQs at all..
> I've never worried about the # of verbs entries, we have so many
> already.

Not SELinux enforcement, but various copy_{to|from}_user checks, unified
return values, easy folding in case of errors, e.t.c.

It is a matter of personal view and less technical thing. You prefer bazillion
entry points to the kernel and I think that such design good for user-space only,
and mostly not applicable for kernel<->user interfaces.

>
> I also don't like the modify semantic, because IMHO, modify should
> mirror create, and we don't specify the moderation parameters during
> create.

It is completely different thing, no one needed it, so no one added it.

>
> Jason