[v3,6/7] Documentation/security-bugs: clarify hardware vs. software vulnerabilities
| Message ID | 20230305220010.20895-7-vegard.nossum@oracle.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1549830wrd;
Sun, 5 Mar 2023 14:08:55 -0800 (PST)
X-Google-Smtp-Source:
AK7set9da3i3XbWH33mI4wsGIFHk3dP7ctxjgZ/IegCv9hNWEYrClgEN0jsX2lFqR4Afyxf/TLGU
X-Received: by 2002:a17:90a:1946:b0:233:c9e7:c885 with SMTP id
6-20020a17090a194600b00233c9e7c885mr9111039pjh.36.1678054134977;
Sun, 05 Mar 2023 14:08:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678054134; cv=none;
d=google.com; s=arc-20160816;
b=TyxsjCXeYR0Xkw4kITFAkYtg33I3lp+QIccw0bjF+XkJTAtizGmjDxtLLCnN8DmV17
Ux66r7lrPAyub3yEW0P33Ww+lCtKmN7hKPOEceS9m7K8pjRI/AP7WmRmtm0XSnQiZcR6
dLFHFgZIl3+lrV/iPzH/nF06GCci+72b9MlT3nIduC6kjWu4ob4zGx97c/GUnrfRTcaq
WzyewzbYzlE4tkQqLmycDJewPekOgTzqWxVN4/6Wae8Fyxk3/D6EVYNWdUjn1CUOKYE6
JWRjNBypf7LLk5T2lxxC+KGdZeCMqdMsH3xi38TQYRBB0AS2V+U3GimBuHhRkFbNJ/TA
26sw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=K4J/PSEjpfD1bARxkY3stp5xTVHHyV6U8fEH33L8wKY=;
b=A4zoBcSiFJZUbre23Tr+mljCTGSghfPliPuBkIQbIYUM4F0UWB05zPkeUAeJPxwZ8w
fRCU3qdwITHBU6auREmlSTHGh40370PDGqedXtWC0JrdNAfh5qT4wPqCJAIcnYiQ5AqM
ftDdxsfulWNmCUVmQjYuY58qdqEZFP2fR0Pz2mv3J3LWIERhq0hfokZIuDYd0Jjo+2cA
hqERfIka4vgfCkQ12BbaA0VrSUAnAZgsT0ZzPDSdFS0HwzguMziZs7vbqhLh/A0htfTv
8UYL/nPPfrriGG+4SdkCaI29KKgq+nJHRu4gF9m8dCvSG61p8JsceFYPT7Ka/GZ52eY2
7Etg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2022-7-12
header.b=LwKkKp8Y;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
x11-20020a17090a294b00b00234e6cd59absi10736482pjf.117.2023.03.05.14.08.41;
Sun, 05 Mar 2023 14:08:54 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2022-7-12
header.b=LwKkKp8Y;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229934AbjCEWCU (ORCPT <rfc822;carlos.wei.hk@gmail.com>
+ 99 others); Sun, 5 Mar 2023 17:02:20 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58636 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229927AbjCEWCH (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 5 Mar 2023 17:02:07 -0500
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
[205.220.165.32])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D223C1969F;
Sun, 5 Mar 2023 14:01:57 -0800 (PST)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
325LU3P0022560;
Sun, 5 Mar 2023 22:01:04 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : mime-version :
content-transfer-encoding; s=corp-2022-7-12;
bh=K4J/PSEjpfD1bARxkY3stp5xTVHHyV6U8fEH33L8wKY=;
b=LwKkKp8YcJMTi58DlbwGfKmn5JRhDCFCsEes3ju2Hbs/AH6kvI3gJ7Q8ynoV/nsEqVzI
1A1n3BRFoXqsug8qJF3pa0y1a38S7StDfswvCV0Sov+DYSgoLbQw3sgssTZZdvIuX7Bs
3IuVuWpYiKpFMmBIGbxMn/cLq7jsqviodszzc9YdCihx6gH+nD2LCzwb4CmoR8ZoCKGk
miXRUOVJGHJjCwQm5zW6XwOr6gbx94m3kmCYjpCh2+92z2MsldgQMAVmRjN/N7W+wfeP
+ax9jkwf9yadE+ArvOJFQlpW5GmWdwBe0YzFWs2NrM7FnZMMHt05zbHHqPAp9l5dE8HZ 6g==
Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
(phxpaimrmta01.appoci.oracle.com [138.1.114.2])
by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p41561rre-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Sun, 05 Mar 2023 22:01:04 +0000
Received: from pps.filterd
(phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
(8.17.1.5/8.17.1.5) with ESMTP id 325I2GKT023367;
Sun, 5 Mar 2023 22:01:03 GMT
Received: from pps.reinject (localhost [127.0.0.1])
by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with
ESMTPS id 3p4u040mmc-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Sun, 05 Mar 2023 22:01:03 +0000
Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
(phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 325M0NrB013622;
Sun, 5 Mar 2023 22:01:03 GMT
Received: from t460.home (dhcp-10-175-35-7.vpn.oracle.com [10.175.35.7])
by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with
ESMTP id 3p4u040ktj-7;
Sun, 05 Mar 2023 22:01:02 +0000
From: Vegard Nossum <vegard.nossum@oracle.com>
To: Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
Jiri Kosina <jkosina@suse.cz>,
Solar Designer <solar@openwall.com>,
Will Deacon <will@kernel.org>, Willy Tarreau <w@1wt.eu>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, Amit Shah <aams@amazon.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Kees Cook <keescook@chromium.org>,
Laura Abbott <labbott@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Thorsten Leemhuis <linux@leemhuis.info>,
Tyler Hicks <tyhicks@linux.microsoft.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Jiri Kosina <jikos@kernel.org>
Subject: [PATCH v3 6/7] Documentation/security-bugs: clarify hardware vs.
software vulnerabilities
Date: Sun, 5 Mar 2023 23:00:09 +0100
Message-Id: <20230305220010.20895-7-vegard.nossum@oracle.com>
X-Mailer: git-send-email 2.23.0.718.g5ad94255a8
In-Reply-To: <20230305220010.20895-1-vegard.nossum@oracle.com>
References: <20230305220010.20895-1-vegard.nossum@oracle.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
definitions=2023-03-05_12,2023-03-03_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0
mlxlogscore=999
suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 malwarescore=0
mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2212070000 definitions=main-2303050192
X-Proofpoint-GUID: pZOQdTeOzVF_YsAwqYS63qIc2SWXfctH
X-Proofpoint-ORIG-GUID: pZOQdTeOzVF_YsAwqYS63qIc2SWXfctH
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1759567292751197470?=
X-GMAIL-MSGID: =?utf-8?q?1759567292751197470?=
|
| Series |
Documentation/security-bugs: overhaul
|
|
Commit Message
Vegard Nossum
March 5, 2023, 10 p.m. UTC
We should emphasize the fact that we have a separate document for
reporting hardware vulnerabilities.
Link: https://lore.kernel.org/all/nycvar.YFH.7.76.2206062326230.10851@cbobk.fhfr.pm/
Suggested-by: Jiri Kosina <jikos@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
---
Documentation/process/security-bugs.rst | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst index 61742dcfea50..7bd59587332a 100644 --- a/Documentation/process/security-bugs.rst +++ b/Documentation/process/security-bugs.rst @@ -15,6 +15,10 @@ While the security list is closed, the security team may bring in extra help from the relevant maintainers to understand and fix the security vulnerability. +The security list is mainly for software vulnerabilities. For hardware +security vulnerabilities, see +Documentation/process/embargoed-hardware-issues.rst instead. + Note that the main interest of the kernel security list is in getting bugs fixed and getting patches reviewed, tested, and merged; CVE assignment, disclosure to distributions, and public disclosure happen on