On Fri, Jul 17, 2026 at 11:21:34AM +0100, David Hildenbrand (Arm) wrote:
> On 7/17/26 12:15, Greg Kroah-Hartman wrote:
> > On Fri, Jul 17, 2026 at 06:10:41AM -0400, Michael S. Tsirkin wrote:
> >> On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote:
> >>>
> >>> Why not do what USB does?  Don't trust the device until AFTER probe()
> >>> succeeds?  All of the needed checking should happen before then, as that
> >>> is a "slow path" so lots of validation and the like can happen at that
> >>> point.
> >>>
> >>> After that, during the normal data paths, after the driver is bound,
> >>> trust it all you want as attempting to validate every single packet is
> >>> just going to be impossible.
> >>>
> >>> thanks,
> >>>
> >>> greg k-h
> >>
> >> People do expect that data path validation at this point.
> > 
> > Ok, so you want this patch :)
> 
> I fail to see the value of this patch given that there are plenty of other 
> cases
> the device can mess with us.
> 
> But sure, let's check for some conditions if it makes us feel warm and fluffy 
> as
> we audited a driver and it's now super safe, fine with me.
> 
> -- 
> Cheers,
> 
> David

I merely made some generic comments since I was asked to clarify how
virtio interacts with coco.  As for the specific patch, it does not make
me feel fluffy. It lacks motivation.

A broken device confuses the kernel with no way to exploit that. Shrug. So?
Nothing to do with coco, apparently.

It's maybe reasonable as a debugging aid but if this is intended as such
let's make it clear in the commit log.

-- 
MST


Reply via email to