| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Mar 2020 23:43:44 -0800 From: Shannon Nelson <snelson@...sando.io> To: Jakub Kicinski <kuba@...nel.org> Cc: netdev@...r.kernel.org, davem@...emloft.net Subject: Re: [PATCH v3 net-next 7/8] ionic: add support for device id 0x1004 On 3/5/20 5:18 PM, Jakub Kicinski wrote: > On Thu, 5 Mar 2020 16:41:48 -0800 Shannon Nelson wrote: >> On 3/5/20 2:03 PM, Jakub Kicinski wrote: >>> On Wed, 4 Mar 2020 21:23:18 -0800 Shannon Nelson wrote: >>>> Add support for an additional device id. >>>> >>>> Signed-off-by: Shannon Nelson <snelson@...sando.io> >>> I have thought about this for a while and I wanted to ask you to say >>> a bit more about the use of the management device. >>> >>> Obviously this is not just "additional device id" in the traditional >>> sense where device IDs differentiate HW SKUs or revisions. This is the >>> same exact hardware, just a different local feature (as proven by the >>> fact that you make 0 functional changes). >>> >>> In the past we (I?) rejected such extensions upstream from Netronome and >>> Cavium, because there were no clear use cases which can't be solved by >>> extending standard kernel APIs. Do you have any? >> Do you by chance have any references handy to such past discussions? >> I'd be interested in reading them to see what similarities and >> differences we have. > Here you go: > > https://lore.kernel.org/netdev/20170718115827.7bd737f2@cakuba.netronome.com/ Interesting - thanks. > >> The network device we present is only a portion of the DSC's functions. >> The device configuration and management for the various services is >> handled in userspace programs on the OS running inside the device. >> These are accessed through a secured REST API, typically through the >> external management ethernet port. In addition to our centralized >> management user interface, we have a command line tool for managing the >> device configuration using that same REST interface. > We try to encourage vendors to create common interfaces, as you'd > understand that command line tool is raising red flags. > > Admittedly most vendors have some form of command line tool which can > poke directly into registers, anyway, but IMHO we should avoid any > precedents of merging driver patches with explicit goal of enabling > such tools. Yes, and if we were just writing registers, that would make sense. When I can get to it I do intend to try expand our use of the devlink interfaces where it will work for us. However, this device id does exist on some of the DSC configurations, and I'd prefer to explicitly acknowledge its existence in the driver and perhaps keep better control over it, whether or not it gets used by our 3rd party tool, rather than leave it as some obscure port for someone to "discover". sln > >> In some configurations we make it possible to open a network connection >> into the device through the host PCI, just as if you were to connect >> through the external mgmt port. This is the PCI deviceid that >> corresponds to that port, and allows use of the command line tool on the >> host. >> >> The host network driver doesn't have access to the device management >> commands, it only can configure the NIC portion for what it needs for >> passing network packets.
Powered by blists - more mailing lists