lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 13 Sep 2022 14:35:59 +0100
From:   Sam Mendoza-Jonas <sam@...dozajonas.com>
To:     Jiaqing Zhao <jiaqing.zhao@...ux.intel.com>,
        Paul Fertser <fercerpav@...il.com>
CC:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
        openbmc@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command

On September 13, 2022 3:12:06 AM GMT+01:00, Jiaqing Zhao <jiaqing.zhao@...ux.intel.com> wrote:
>
>
>On 2022-09-09 15:43, Paul Fertser wrote:
>> Hello,
>> 
>> On Fri, Sep 09, 2022 at 03:34:53PM +0800, Jiaqing Zhao wrote:
>>>> Can you please outline some particular use cases for this feature?
>>>>
>>> It enables access between host and BMC when BMC shares the network connection
>>> with host using NCSI, like accessing BMC via HTTP or SSH from host. 
>> 
>> Why having a compile time kernel option here more appropriate than
>> just running something like "/usr/bin/ncsi-netlink --package 0
>> --channel 0 --index 3 --oem-payload 00000157200001" (this example uses
>> another OEM command) on BMC userspace startup?
>> 
>
>Using ncsi-netlink is one way, but the package and channel id is undetermined
>as it is selected at runtime. Calling the netlink command on a nonexistent
>package/channel may lead to kernel panic.

If so, that would be a bug :)

>
>Why I prefer the kernel option is that it applies the config to all ncsi
>devices by default when setting up them. This reduces the effort and keeps
>compatibility. Lots of things in current ncsi kernel driver can be done via
>commands from userspace, but I think it is not a good idea to have a driver
>resides on both kernel and userspace.

BMCs are of course in their own world and there's already some examples of the config option, but how would a system owner be able to disable this without reflashing the BMC?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ