On Fri, Jul 17, 2026 at 11:21:34AM +0100, David Hildenbrand (Arm) wrote:
> On 7/17/26 12:15, Greg Kroah-Hartman wrote:
> > On Fri, Jul 17, 2026 at 06:10:41AM -0400, Michael S. Tsirkin wrote:
> >> On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote:
> >>>
> >>> Why not do what USB does?  Don't trust the device until AFTER probe()
> >>> succeeds?  All of the needed checking should happen before then, as that
> >>> is a "slow path" so lots of validation and the like can happen at that
> >>> point.
> >>>
> >>> After that, during the normal data paths, after the driver is bound,
> >>> trust it all you want as attempting to validate every single packet is
> >>> just going to be impossible.
> >>>
> >>> thanks,
> >>>
> >>> greg k-h
> >>
> >> People do expect that data path validation at this point.
> > 
> > Ok, so you want this patch :)
> 
> I fail to see the value of this patch given that there are plenty of other 
> cases
> the device can mess with us.

How can the device mess with us?

> But sure, let's check for some conditions if it makes us feel warm and fluffy 
> as
> we audited a driver and it's now super safe, fine with me.

I'm all for the folly of "it's an audited driver!" claims, but you all
need to decide either you do or you do not trust the device.  Either way
is fine with me.

If you don't trust it, great, take patches that fix that.  If you do
trust it, great, reject those types of patches.

But pick one please.

thanks,

greg k-h

Reply via email to