On Sat, May 09, 2026 at 11:47:54AM +0200, Willy Tarreau wrote: > The use of automated tools to find bugs in random locations of the kernel > induces a raise of security reports even if most of them should just be > reported as regular bugs. This patch is an attempt at drawing a line > between what qualifies as a security bug and what does not, hoping to > improve the situation and ease decision on the reporter's side. > > It defers the enumeration to a new file, threat-model.rst, that tries > to enumerate various classes of issues that are and are not security > bugs. This should permit to more easily update this file for various > subsystem-specific rules without having to revisit the security bug > reporting guide. > > Cc: Greg KH <[email protected]> > Cc: Leon Romanovsky <[email protected]> > Suggested-by: Leon Romanovsky <[email protected]> > Suggested-by: Greg KH <[email protected]> > Reviewed-by: Leon Romanovsky <[email protected]> > Reviewed-by: Shuah Khan <[email protected]> > Signed-off-by: Willy Tarreau <[email protected]> > --- > Documentation/process/index.rst | 1 + > Documentation/process/security-bugs.rst | 38 +++- > Documentation/process/threat-model.rst | 236 ++++++++++++++++++++++++ > 3 files changed, 274 insertions(+), 1 deletion(-) > create mode 100644 Documentation/process/threat-model.rst
Looks great, thank you! Reviewed-by: Greg Kroah-Hartman <[email protected]> Want me to take it through one of my trees now to get it to Linus this week, or should it go through the documentation tree? Either is fine with me. thanks, greg k-h
