[v3,6/7] Documentation/security-bugs: clarify hardware vs. software vulnerabilities
Message ID | 20230305220010.20895-7-vegard.nossum@oracle.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1549830wrd; Sun, 5 Mar 2023 14:08:55 -0800 (PST) X-Google-Smtp-Source: AK7set9da3i3XbWH33mI4wsGIFHk3dP7ctxjgZ/IegCv9hNWEYrClgEN0jsX2lFqR4Afyxf/TLGU X-Received: by 2002:a17:90a:1946:b0:233:c9e7:c885 with SMTP id 6-20020a17090a194600b00233c9e7c885mr9111039pjh.36.1678054134977; Sun, 05 Mar 2023 14:08:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678054134; cv=none; d=google.com; s=arc-20160816; b=TyxsjCXeYR0Xkw4kITFAkYtg33I3lp+QIccw0bjF+XkJTAtizGmjDxtLLCnN8DmV17 Ux66r7lrPAyub3yEW0P33Ww+lCtKmN7hKPOEceS9m7K8pjRI/AP7WmRmtm0XSnQiZcR6 dLFHFgZIl3+lrV/iPzH/nF06GCci+72b9MlT3nIduC6kjWu4ob4zGx97c/GUnrfRTcaq WzyewzbYzlE4tkQqLmycDJewPekOgTzqWxVN4/6Wae8Fyxk3/D6EVYNWdUjn1CUOKYE6 JWRjNBypf7LLk5T2lxxC+KGdZeCMqdMsH3xi38TQYRBB0AS2V+U3GimBuHhRkFbNJ/TA 26sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=K4J/PSEjpfD1bARxkY3stp5xTVHHyV6U8fEH33L8wKY=; b=A4zoBcSiFJZUbre23Tr+mljCTGSghfPliPuBkIQbIYUM4F0UWB05zPkeUAeJPxwZ8w fRCU3qdwITHBU6auREmlSTHGh40370PDGqedXtWC0JrdNAfh5qT4wPqCJAIcnYiQ5AqM ftDdxsfulWNmCUVmQjYuY58qdqEZFP2fR0Pz2mv3J3LWIERhq0hfokZIuDYd0Jjo+2cA hqERfIka4vgfCkQ12BbaA0VrSUAnAZgsT0ZzPDSdFS0HwzguMziZs7vbqhLh/A0htfTv 8UYL/nPPfrriGG+4SdkCaI29KKgq+nJHRu4gF9m8dCvSG61p8JsceFYPT7Ka/GZ52eY2 7Etg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=LwKkKp8Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x11-20020a17090a294b00b00234e6cd59absi10736482pjf.117.2023.03.05.14.08.41; Sun, 05 Mar 2023 14:08:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=LwKkKp8Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229934AbjCEWCU (ORCPT <rfc822;carlos.wei.hk@gmail.com> + 99 others); Sun, 5 Mar 2023 17:02:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbjCEWCH (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Sun, 5 Mar 2023 17:02:07 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D223C1969F; Sun, 5 Mar 2023 14:01:57 -0800 (PST) Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 325LU3P0022560; Sun, 5 Mar 2023 22:01:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=K4J/PSEjpfD1bARxkY3stp5xTVHHyV6U8fEH33L8wKY=; b=LwKkKp8YcJMTi58DlbwGfKmn5JRhDCFCsEes3ju2Hbs/AH6kvI3gJ7Q8ynoV/nsEqVzI 1A1n3BRFoXqsug8qJF3pa0y1a38S7StDfswvCV0Sov+DYSgoLbQw3sgssTZZdvIuX7Bs 3IuVuWpYiKpFMmBIGbxMn/cLq7jsqviodszzc9YdCihx6gH+nD2LCzwb4CmoR8ZoCKGk miXRUOVJGHJjCwQm5zW6XwOr6gbx94m3kmCYjpCh2+92z2MsldgQMAVmRjN/N7W+wfeP +ax9jkwf9yadE+ArvOJFQlpW5GmWdwBe0YzFWs2NrM7FnZMMHt05zbHHqPAp9l5dE8HZ 6g== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p41561rre-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 05 Mar 2023 22:01:04 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 325I2GKT023367; Sun, 5 Mar 2023 22:01:03 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p4u040mmc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 05 Mar 2023 22:01:03 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 325M0NrB013622; Sun, 5 Mar 2023 22:01:03 GMT Received: from t460.home (dhcp-10-175-35-7.vpn.oracle.com [10.175.35.7]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p4u040ktj-7; Sun, 05 Mar 2023 22:01:02 +0000 From: Vegard Nossum <vegard.nossum@oracle.com> To: Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>, Solar Designer <solar@openwall.com>, Will Deacon <will@kernel.org>, Willy Tarreau <w@1wt.eu> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-kernel@vger.kernel.org, Amit Shah <aams@amazon.com>, Dave Hansen <dave.hansen@linux.intel.com>, David Woodhouse <dwmw@amazon.co.uk>, "Gustavo A. R. Silva" <gustavoars@kernel.org>, Kees Cook <keescook@chromium.org>, Laura Abbott <labbott@kernel.org>, Linus Torvalds <torvalds@linux-foundation.org>, Mauro Carvalho Chehab <mchehab@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Gleixner <tglx@linutronix.de>, Thorsten Leemhuis <linux@leemhuis.info>, Tyler Hicks <tyhicks@linux.microsoft.com>, Vegard Nossum <vegard.nossum@oracle.com>, Jiri Kosina <jikos@kernel.org> Subject: [PATCH v3 6/7] Documentation/security-bugs: clarify hardware vs. software vulnerabilities Date: Sun, 5 Mar 2023 23:00:09 +0100 Message-Id: <20230305220010.20895-7-vegard.nossum@oracle.com> X-Mailer: git-send-email 2.23.0.718.g5ad94255a8 In-Reply-To: <20230305220010.20895-1-vegard.nossum@oracle.com> References: <20230305220010.20895-1-vegard.nossum@oracle.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-05_12,2023-03-03_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=999 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303050192 X-Proofpoint-GUID: pZOQdTeOzVF_YsAwqYS63qIc2SWXfctH X-Proofpoint-ORIG-GUID: pZOQdTeOzVF_YsAwqYS63qIc2SWXfctH X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759567292751197470?= X-GMAIL-MSGID: =?utf-8?q?1759567292751197470?= |
Series |
Documentation/security-bugs: overhaul
|
|
Commit Message
Vegard Nossum
March 5, 2023, 10 p.m. UTC
We should emphasize the fact that we have a separate document for
reporting hardware vulnerabilities.
Link: https://lore.kernel.org/all/nycvar.YFH.7.76.2206062326230.10851@cbobk.fhfr.pm/
Suggested-by: Jiri Kosina <jikos@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
Documentation/process/security-bugs.rst | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst index 61742dcfea50..7bd59587332a 100644 --- a/Documentation/process/security-bugs.rst +++ b/Documentation/process/security-bugs.rst @@ -15,6 +15,10 @@ While the security list is closed, the security team may bring in extra help from the relevant maintainers to understand and fix the security vulnerability. +The security list is mainly for software vulnerabilities. For hardware +security vulnerabilities, see +Documentation/process/embargoed-hardware-issues.rst instead. + Note that the main interest of the kernel security list is in getting bugs fixed and getting patches reviewed, tested, and merged; CVE assignment, disclosure to distributions, and public disclosure happen on