lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Sep 2022 09:10:57 +0800 From: Jiaqing Zhao <jiaqing.zhao@...ux.intel.com> To: Sam Mendoza-Jonas <sam@...dozajonas.com>, Paul Fertser <fercerpav@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, openbmc@...ts.ozlabs.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command On 2022-09-13 21:35, Sam Mendoza-Jonas wrote: > On September 13, 2022 3:12:06 AM GMT+01:00, Jiaqing Zhao <jiaqing.zhao@...ux.intel.com> wrote: >> >> >> On 2022-09-09 15:43, Paul Fertser wrote: >>> Hello, >>> >>> On Fri, Sep 09, 2022 at 03:34:53PM +0800, Jiaqing Zhao wrote: >>>>> Can you please outline some particular use cases for this feature? >>>>> >>>> It enables access between host and BMC when BMC shares the network connection >>>> with host using NCSI, like accessing BMC via HTTP or SSH from host. >>> >>> Why having a compile time kernel option here more appropriate than >>> just running something like "/usr/bin/ncsi-netlink --package 0 >>> --channel 0 --index 3 --oem-payload 00000157200001" (this example uses >>> another OEM command) on BMC userspace startup? >>> >> >> Using ncsi-netlink is one way, but the package and channel id is undetermined >> as it is selected at runtime. Calling the netlink command on a nonexistent >> package/channel may lead to kernel panic. > > If so, that would be a bug :) Yes but I haven't found the root cause so far, it only panics with some specific NICs I remember. >> >> Why I prefer the kernel option is that it applies the config to all ncsi >> devices by default when setting up them. This reduces the effort and keeps >> compatibility. Lots of things in current ncsi kernel driver can be done via >> commands from userspace, but I think it is not a good idea to have a driver >> resides on both kernel and userspace. > > BMCs are of course in their own world and there's already some examples of the config option, but how would a system owner be able to disable this without reflashing the BMC? Given that ncsi driver is a driver binding to the PHY driver, it seems to be unable to make it a module and have some module options. So far build option seems to be the only way. Maybe in future sysfs entries can be added to make it configurable at runtime.
Powered by blists - more mailing lists