lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5346c9f6-1b7e-3c65-80a7-b06408bd95f3@linux.intel.com>
Date:   Wed, 14 Sep 2022 09:10:57 +0800
From:   Jiaqing Zhao <jiaqing.zhao@...ux.intel.com>
To:     Sam Mendoza-Jonas <sam@...dozajonas.com>,
        Paul Fertser <fercerpav@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
        openbmc@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command



On 2022-09-13 21:35, Sam Mendoza-Jonas wrote:
> On September 13, 2022 3:12:06 AM GMT+01:00, Jiaqing Zhao <jiaqing.zhao@...ux.intel.com> wrote:
>>
>>
>> On 2022-09-09 15:43, Paul Fertser wrote:
>>> Hello,
>>>
>>> On Fri, Sep 09, 2022 at 03:34:53PM +0800, Jiaqing Zhao wrote:
>>>>> Can you please outline some particular use cases for this feature?
>>>>>
>>>> It enables access between host and BMC when BMC shares the network connection
>>>> with host using NCSI, like accessing BMC via HTTP or SSH from host. 
>>>
>>> Why having a compile time kernel option here more appropriate than
>>> just running something like "/usr/bin/ncsi-netlink --package 0
>>> --channel 0 --index 3 --oem-payload 00000157200001" (this example uses
>>> another OEM command) on BMC userspace startup?
>>>
>>
>> Using ncsi-netlink is one way, but the package and channel id is undetermined
>> as it is selected at runtime. Calling the netlink command on a nonexistent
>> package/channel may lead to kernel panic.
> 
> If so, that would be a bug :)

Yes but I haven't found the root cause so far, it only panics with some specific
NICs I remember.

>>
>> Why I prefer the kernel option is that it applies the config to all ncsi
>> devices by default when setting up them. This reduces the effort and keeps
>> compatibility. Lots of things in current ncsi kernel driver can be done via
>> commands from userspace, but I think it is not a good idea to have a driver
>> resides on both kernel and userspace.
> 
> BMCs are of course in their own world and there's already some examples of the config option, but how would a system owner be able to disable this without reflashing the BMC?

Given that ncsi driver is a driver binding to the PHY driver, it seems to be unable
to make it a module and have some module options. So far build option seems to be
the only way. Maybe in future sysfs entries can be added to make it configurable at
runtime.

Powered by blists - more mailing lists