lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8eabb29b-7302-d0a2-5949-d7aa6bc59809@linux.intel.com>
Date:   Fri, 9 Sep 2022 15:34:53 +0800
From:   Jiaqing Zhao <jiaqing.zhao@...ux.intel.com>
To:     Paul Fertser <fercerpav@...il.com>
Cc:     Samuel Mendoza-Jonas <sam@...dozajonas.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
        openbmc@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command

On 2022-09-09 13:59, Paul Fertser wrote:
> Hello,
> 
> On Fri, Sep 09, 2022 at 10:57:17AM +0800, Jiaqing Zhao wrote:
>> The Intel OS2BMC OEM NCSI command is used for controlling whether
>> network traffic between host and sideband is allowed or not. By
>> default such traffic is disallowed, meaning that if the device using
>> NCS (usually BMC) does not have extra active connection, it cannot
>> reach the host.
> 
> Can you please explain the rationale behind introducing this as a
> compile-time kernel config option? I can probably imagine how this can
> make sense as a DT switch (e.g. to describe hardware where there's no
> other communication channel between the host and BMC) but even this
> feels far-fetched.

Previously I submitted a patch to make the NCSI configurable in DT[1], but
it was not accepted by kernel community. A limitation is that currently NCSI
is not a standalone device node, it is controlled by "use-ncsi" option in the
MAC device DT node (like ftgmac100).

Other features like keep phy (also intel-specific oem) also uses kernel option.
(CONFIG_NCSI_OEM_CMD_KEEP_PHY)

[1] https://lore.kernel.org/netdev/20220610165940.2326777-4-jiaqing.zhao@linux.intel.com/T/

> Can you please outline some particular use cases for this feature?
> 
It enables access between host and BMC when BMC shares the network connection
with host using NCSI, like accessing BMC via HTTP or SSH from host. 

Powered by blists - more mailing lists