Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3250031lqo;
        Tue, 21 May 2024 10:57:03 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWX9w32uz+cZ+Jwh28SkLm2zONlZET8/6buAYDFTtxgKMexvzUiIHwAGl1kVqv3nmxy1bsiZ5PiAuJr9IL0WfYx6Y9AxAufbohVry5SnQ==
X-Google-Smtp-Source: AGHT+IGsRPLkWmp1dntd6fwFurpkTGYwJVq3YnA+J1N9KDAWJiTjKRCN+q/qNPqjjuMeZNAB1cX1
X-Received: by 2002:a17:906:56c2:b0:a59:9fc8:38be with SMTP id a640c23a62f3a-a5a2d55ae7dmr2164896666b.26.1716314223721;
        Tue, 21 May 2024 10:57:03 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716314223; cv=pass;
        d=google.com; s=arc-20160816;
        b=oUEM/8yzOjlJKh5rAuwCOLOppWkCaxZaEtKSW3rRLqfd7s7FtF3JvasVccOrKntxZ6
         kWJYUNgSmau179sVfoha2c+b5pkoOtHXmullyFW37AZCIplA28DEG1P6g7sJMnbQEZIA
         L04krGN+0bbTg6JAiKv5TOGQIqi5IO5EVYRIc3wi2uMruM6xkWR2Lhstox8xpDyKmMqB
         eUWmgy8vU8DDHc3h5BT64fBgKzLwXDTretT3AXRUShQfPrSi/rO2gBbtZUvkvXiskvuo
         stG3cFuoXstybpABa+WLy+Grc2CB6ieJH7+DZKrh3WWjxH/SMGj5jNKEeYI72h5zpnuF
         9HMw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature:dkim-signature;
        bh=ehWe83GKebpIGUMrOmfiP68kD8jXH869Oz31MmSJNq8=;
        fh=sh/QegKRbfoKuWEAMwvoGKEagV8AW7dmtiCuhlzOJO8=;
        b=IJWt48KESdeYt8V28yds9xKSw4tXfk4Ji4In/GstlEpqJS6PbQmKDNaevD4j/GAnkp
         71VUl/qp00xTltOB1CIj5rI11bu61isn9ajUjXzWWlFZPmN2TfsWICJEj6l+HI5sRngZ
         fCXTWU+lMAbk3ioE6RJTWPKrdG/cnuDx7UhgdaO5+n4BWPfufXuM9OHVqMIpGEsrzsOt
         Jx+X0AbrWuLFtepnML8UsW47eDeVvrZ6mInf7ecvr6+z9PKc8/hi3GhseivwoiFLOGfk
         9k0P4pWFeV7rmEirA8JNwa77Y2zisVVrANG456nqxq1eFPG7lDcaMkJ/S3LjUUqCOzu2
         8UAQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Q1nqOSwV;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Q1nqOSwV;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id a640c23a62f3a-a5cfe1e2e03si579797866b.468.2024.05.21.10.57.03
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 10:57:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Q1nqOSwV;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=Q1nqOSwV;
       arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com);
       spf=pass (google.com: domain of linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185292-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 70FB01F22622
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 17:57:03 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id E611E1487C0;
	Tue, 21 May 2024 17:56:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Q1nqOSwV";
	dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="Q1nqOSwV"
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 233077710F;
	Tue, 21 May 2024 17:56:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716314219; cv=none; b=PBRNb6xE4cLj15rGUNuOkHROg847slBiyEwN55FPLrpHS+x73PutC+L1IXTkxo/YPemF3zB8Hxo0150vq04zHz4q5pqT4GmRKpCoyO3DVhmoYQf58Rb/e7/+zgil1NKtwf6a7d6JBIm0aCJWjIoXoXiA1XtBjeiXXB8RKE9eprE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716314219; c=relaxed/simple;
	bh=xfDQO188zHzWOmlwzOQJS8rjKs/2HgeiIclILtQHEFY=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=GXt9qSWQmopHpn4cc7h94olKtUXHvZpd1hWiq6IOSaGOySRk0e4WqXYq+2NeozkK4GaLsaert7tSA9uVwJ/1RHQB5mQ05friorVGHx3sby0Gq2rxYVCNGU27nccIdJCXJOcpCjpLbkHRz1M0yT1AfqD2di4oDCGbrxqeOLB2Tw0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=Q1nqOSwV; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=Q1nqOSwV; arc=none smtp.client-ip=195.135.223.130
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 047A5348C4;
	Tue, 21 May 2024 17:56:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1716314215; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ehWe83GKebpIGUMrOmfiP68kD8jXH869Oz31MmSJNq8=;
	b=Q1nqOSwVkp/1hlbwwZ7uUSFwaDZQyXQF+W7f+xK3jnzfyhanYplIL2sOtwsSgNNtBOzjdZ
	N+qEnw7JyRHGHVdjW7midmfJ3ALKk+LAZZvKeYB93J/QaRWYH9HGgXo8k81A1LwNufQ0qV
	pvynGRDv4VqkADtwQu2xFufVoPJ4ISM=
Authentication-Results: smtp-out1.suse.de;
	dkim=pass header.d=suse.com header.s=susede1 header.b=Q1nqOSwV
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1716314215; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=ehWe83GKebpIGUMrOmfiP68kD8jXH869Oz31MmSJNq8=;
	b=Q1nqOSwVkp/1hlbwwZ7uUSFwaDZQyXQF+W7f+xK3jnzfyhanYplIL2sOtwsSgNNtBOzjdZ
	N+qEnw7JyRHGHVdjW7midmfJ3ALKk+LAZZvKeYB93J/QaRWYH9HGgXo8k81A1LwNufQ0qV
	pvynGRDv4VqkADtwQu2xFufVoPJ4ISM=
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id D938613A1E;
	Tue, 21 May 2024 17:56:54 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id jnt1MmbgTGaAcQAAD6G6ig
	(envelope-from <mhocko@suse.com>); Tue, 21 May 2024 17:56:54 +0000
Date: Tue, 21 May 2024 19:56:54 +0200
From: Michal Hocko <mhocko@suse.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
	linux-cve-announce@vger.kernel.org
Subject: Re: CVE-2024-35906: drm/amd/display: Send DTBCLK disable message on
 first commit
Message-ID: <ZkzgZoxF_RD50PdW@tiehlicka>
References: <2024051954-CVE-2024-35906-1c6f@gregkh>
 <ZkxbObACcnUMZ3LA@tiehlicka>
 <2024052136-cubbyhole-ecologist-5b68@gregkh>
 <ZkzREEA5_N_xfqED@tiehlicka>
 <2024052110-grasp-liking-22c0@gregkh>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2024052110-grasp-liking-22c0@gregkh>
X-Spam-Flag: NO
X-Spam-Score: -6.01
X-Rspamd-Action: no action
X-Rspamd-Queue-Id: 047A5348C4
X-Spam-Level: 
X-Rspamd-Server: rspamd2.dmz-prg2.suse.org
X-Spamd-Result: default: False [-6.01 / 50.00];
	BAYES_HAM(-3.00)[100.00%];
	DWL_DNSWL_MED(-2.00)[suse.com:dkim];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[suse.com:s=susede1];
	NEURAL_HAM_SHORT(-0.20)[-1.000];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	TO_DN_SOME(0.00)[];
	DKIM_SIGNED(0.00)[suse.com:s=susede1];
	ARC_NA(0.00)[];
	RBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	FUZZY_BLOCKED(0.00)[rspamd.com];
	MIME_TRACE(0.00)[0:+];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCPT_COUNT_THREE(0.00)[4];
	MISSING_XM_UA(0.00)[];
	DKIM_TRACE(0.00)[suse.com:+];
	DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:dkim]

On Tue 21-05-24 19:03:58, Greg KH wrote:
> On Tue, May 21, 2024 at 06:51:28PM +0200, Michal Hocko wrote:
[...]
> And really, in the end, if you have a "CVE and fix for CVE" in the same
> release, applying both doesn't hurt anyone, so this is a "fail secure"
> mode for everyone, right?

Look Greg, we have been through this discussion at several occasions and
I do not want to repeat that again. Stable tree users probably do not
care because they are getting all these patches, including regressions
and patches they do not need or even want, anyway. They are getting what
they are _paying_ for. Marking them CVE doesn't make any difference. But
stable tree backporting model is simply not a good fit for _many_ users.

Now, for $reasons, people _do_ care about CVEs and that is why there is
an engineering cost on downstreams to review them. Exactly because
applying all of them blindly is a _risk_. Exactly because the stable
backporting model/policy and CVE assigning policy is simply incompatible
with the stability/correctness/performance/$other requirements. 

I completely do get why you do not care about that downstream
engineering cost but generating bogus CVEs on top of a huge pile of
dubious ones is less than useful, don't you think?

Seriously, we can disagree whether something is a security threat that
is worth marking by a CVE. But making the CVE generation process mostly
unattended script driven process without any _serious_ review in place
is burning a lot of man power that could be used in a much more
productive way. This is not the way how to convince people to use stable
kernels.

Bye
-- 
Michal Hocko
SUSE Labs