lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20201125130855.7eb08d0f@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Wed, 25 Nov 2020 13:08:55 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Dany Madden <drt@...ux.ibm.com>
Cc:     netdev@...r.kernel.org, sukadev@...ux.ibm.com, ljp@...ux.ibm.com
Subject: Re: [PATCH net-next v2] ibmvnic: process HMC disable command

On Mon, 23 Nov 2020 18:58:41 -0500 Dany Madden wrote:
> Currently ibmvnic does not support the "Disable vNIC" command from
> the Hardware Management Console. The HMC uses this command to disconnect
> the adapter from the network if the adapter is misbehaving or sending
> malicious traffic. The effect of this command is equivalent to setting
> the link to the "down" state on the linux client.
> 
> Enable support in ibmvnic driver for the Disable vNIC command.
> 
> Signed-off-by: Dany Madden <drt@...ux.ibm.com>

It seems that (a) user looking at the system where NIC was disabled has
no idea why netdev is not working even tho it's UP, and (b) AFAICT
nothing prevents the user from bringing the device down and back up
again.

You said this is to disable misbehaving and/or sending malicious vnic,
obviously the guest can ignore the command so it's not very dependable,
anyway.

Would it not be sufficient to mark the carrier state as down to cut the
vnic off?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ