On Wed, Jan 25, 2023 at 03:29:07PM +0000, Reshetova, Elena wrote: > Replying only to the not-so-far addressed points. > > > On Wed, Jan 25, 2023 at 12:28:13PM +0000, Reshetova, Elena wrote: > > > Hi Greg, <...> > > > 3) All the tools are open-source and everyone can start using them right away > > even > > > without any special HW (readme has description of what is needed). > > > Tools and documentation is here: > > > https://github.com/intel/ccc-linux-guest-hardening > > > > Again, as our documentation states, when you submit patches based on > > these tools, you HAVE TO document that. Otherwise we think you all are > > crazy and will get your patches rejected. You all know this, why ignore > > it? > > Sorry, I didn’t know that for every bug that is found in linux kernel when > we are submitting a fix that we have to list the way how it has been found. > We will fix this in the future submissions, but some bugs we have are found by > plain code audit, so 'human' is the tool. My problem with that statement is that by applying different threat model you "invent" bugs which didn't exist in a first place. For example, in this [1] latest submission, authors labeled correct behaviour as "bug". [1] https://lore.kernel.org/all/20230119170633.40944-1-alexander.shishkin@xxxxxxxxxxxxxxx/ Thanks
