On Fri, Jul 17, 2026 at 11:21:34AM +0100, David Hildenbrand (Arm) wrote: > On 7/17/26 12:15, Greg Kroah-Hartman wrote: > > On Fri, Jul 17, 2026 at 06:10:41AM -0400, Michael S. Tsirkin wrote: > >> On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote: > >>> > >>> Why not do what USB does? Don't trust the device until AFTER probe() > >>> succeeds? All of the needed checking should happen before then, as that > >>> is a "slow path" so lots of validation and the like can happen at that > >>> point. > >>> > >>> After that, during the normal data paths, after the driver is bound, > >>> trust it all you want as attempting to validate every single packet is > >>> just going to be impossible. > >>> > >>> thanks, > >>> > >>> greg k-h > >> > >> People do expect that data path validation at this point. > > > > Ok, so you want this patch :) > > I fail to see the value of this patch given that there are plenty of other > cases > the device can mess with us. > > But sure, let's check for some conditions if it makes us feel warm and fluffy > as > we audited a driver and it's now super safe, fine with me. > > -- > Cheers, > > David
I merely made some generic comments since I was asked to clarify how virtio interacts with coco. As for the specific patch, it does not make me feel fluffy. It lacks motivation. A broken device confuses the kernel with no way to exploit that. Shrug. So? Nothing to do with coco, apparently. It's maybe reasonable as a debugging aid but if this is intended as such let's make it clear in the commit log. -- MST

