lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 22 Feb 2019 07:50:08 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Jerry Hoemann <jerry.hoemann@....com>
Cc:     Matt Hsiao <matt.hsiao@....com>, linux-kernel@...r.kernel.org,
        arnd@...db.de, david.altobelli@....com, mark.rusk@....com
Subject: Re: [PATCH 2/4] misc: hpilo: Exclude unsupported device via blacklist

On Thu, Feb 21, 2019 at 09:35:07PM -0700, Jerry Hoemann wrote:
> On Thu, Feb 21, 2019 at 09:33:55AM +0100, Greg KH wrote:
> > On Thu, Feb 21, 2019 at 04:04:40PM +0800, Matt Hsiao wrote:
> 
> > > +static const struct pci_device_id ilo_blacklist[] = {
> > > +	/* auxiliary iLO */
> > > +	{PCI_DEVICE_SUB(PCI_VENDOR_ID_HP, 0x3307, PCI_VENDOR_ID_HP, 0x1979)},
> > > +	{}
> > > +};
> > >  
> 
> ...
> 
> > 
> > And why do some devices need to be blacklisted, shouldn't there only be
> > a whitelist in the first place?  Do you need to tighten up your original
> > device ids?
> 
> Hi Greg,
> 
> I related the underlying reason for the black listing on another message
> of this thread.  I can fill you in on why we've taken this approach to
> white/black listing.
> 
> HPE hardware/firmware teams will put out minor updates to the iLO using
> the same device info except for the subsystem device id.
> 
> The approach we've taken in both the hpilo and hpwdt drivers is
> to claim based upon {Vendor, PC DevID, SubVendor}.
> 
> This allows old software to work on new hardware without patching.
> 
> As our primary way to support our customers is via distros, this patching
> when it does happen requires us to not just submit a patch upstream, but
> to then to have the patches back ported to multiple releases of multiple
> distros.  This process takes many many months.
> 
> So far, the approach we've taken has worked fairly well as this is only
> the second time in 10+ years that we've needed to blacklist an instance.

Ok, that's fine, but you should put that information in the changelog
text so that we understand what is going on here.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ