lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <8eabb29b-7302-d0a2-5949-d7aa6bc59809@linux.intel.com> Date: Fri, 9 Sep 2022 15:34:53 +0800 From: Jiaqing Zhao <jiaqing.zhao@...ux.intel.com> To: Paul Fertser <fercerpav@...il.com> Cc: Samuel Mendoza-Jonas <sam@...dozajonas.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, openbmc@...ts.ozlabs.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command On 2022-09-09 13:59, Paul Fertser wrote: > Hello, > > On Fri, Sep 09, 2022 at 10:57:17AM +0800, Jiaqing Zhao wrote: >> The Intel OS2BMC OEM NCSI command is used for controlling whether >> network traffic between host and sideband is allowed or not. By >> default such traffic is disallowed, meaning that if the device using >> NCS (usually BMC) does not have extra active connection, it cannot >> reach the host. > > Can you please explain the rationale behind introducing this as a > compile-time kernel config option? I can probably imagine how this can > make sense as a DT switch (e.g. to describe hardware where there's no > other communication channel between the host and BMC) but even this > feels far-fetched. Previously I submitted a patch to make the NCSI configurable in DT[1], but it was not accepted by kernel community. A limitation is that currently NCSI is not a standalone device node, it is controlled by "use-ncsi" option in the MAC device DT node (like ftgmac100). Other features like keep phy (also intel-specific oem) also uses kernel option. (CONFIG_NCSI_OEM_CMD_KEEP_PHY) [1] https://lore.kernel.org/netdev/20220610165940.2326777-4-jiaqing.zhao@linux.intel.com/T/ > Can you please outline some particular use cases for this feature? > It enables access between host and BMC when BMC shares the network connection with host using NCSI, like accessing BMC via HTTP or SSH from host.
Powered by blists - more mailing lists