Re: [PATCH v2] scsi: 3w-sas: validate request_id reported by controller

Next message: yuanjiey: "Re: [PATCH v3 04/11] dt-bindings: display/msm: qcom,kaanapali-mdss: Add Kaanapali"
Previous message: Andrew Lunn: "Re: [PATCH RFC net-next 6/6] net: phy: motorcomm: fix duplex setting error for phy leds"
In reply to: Shipei Qu: "Re: [PATCH v2] scsi: 3w-sas: validate request_id reported by controller"
Next in thread: kernel test robot: "Re: [PATCH v2] scsi: 3w-sas: validate request_id reported by controller"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: James Bottomley

Date: Tue Dec 16 2025 - 02:21:59 EST

On Tue, 2025-12-16 at 14:43 +0800, Shipei Qu wrote:
[...]
> For context: some confidential-computing / virtualized deployments
> include a hostile or compromised VMM or passthrough device in the
> threat model, so bounds checks can reduce crash surface when the
> device isn't fully trusted. But if that's outside upstream scope
> here, we're fine either way. Thanks for the clarification.

We already had a massive fight over hardening device drivers for
confidential computing:

https://lore.kernel.org/all/20230327141816.2648615-1-carlos.bilbao@xxxxxxx/

The summary is that if you can't trust the hardware or its emulation,
policing it is too huge a burden to place on ordinary drivers. So
while there's no objection to specifically hardened drivers for
confidential computing, generally we don't add hardening to real
hardware drivers because it tanks performance.

Regards,

James