lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190222043506.GC31132@anatevka>
Date:   Thu, 21 Feb 2019 21:35:07 -0700
From:   Jerry Hoemann <jerry.hoemann@....com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Matt Hsiao <matt.hsiao@....com>, linux-kernel@...r.kernel.org,
        arnd@...db.de, david.altobelli@....com, mark.rusk@....com
Subject: Re: [PATCH 2/4] misc: hpilo: Exclude unsupported device via blacklist

On Thu, Feb 21, 2019 at 09:33:55AM +0100, Greg KH wrote:
> On Thu, Feb 21, 2019 at 04:04:40PM +0800, Matt Hsiao wrote:

> > +static const struct pci_device_id ilo_blacklist[] = {
> > +	/* auxiliary iLO */
> > +	{PCI_DEVICE_SUB(PCI_VENDOR_ID_HP, 0x3307, PCI_VENDOR_ID_HP, 0x1979)},
> > +	{}
> > +};
> >  

...

> 
> And why do some devices need to be blacklisted, shouldn't there only be
> a whitelist in the first place?  Do you need to tighten up your original
> device ids?

Hi Greg,

I related the underlying reason for the black listing on another message
of this thread.  I can fill you in on why we've taken this approach to
white/black listing.

HPE hardware/firmware teams will put out minor updates to the iLO using
the same device info except for the subsystem device id.

The approach we've taken in both the hpilo and hpwdt drivers is
to claim based upon {Vendor, PC DevID, SubVendor}.

This allows old software to work on new hardware without patching.

As our primary way to support our customers is via distros, this patching
when it does happen requires us to not just submit a patch upstream, but
to then to have the patches back ported to multiple releases of multiple
distros.  This process takes many many months.

So far, the approach we've taken has worked fairly well as this is only
the second time in 10+ years that we've needed to blacklist an instance.

Hope this helps.

Jerry

-- 

-----------------------------------------------------------------------------
Jerry Hoemann                  Software Engineer   Hewlett Packard Enterprise
-----------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ