| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Dec 2022 16:47:54 -0800
From: Peter Delevoryas <peter@....dev>
To: unlisted-recipients:; (no To-header on input)
Cc: peter@....dev, sam@...dozajonas.com, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] net/ncsi: Always use unicast source MAC address
I use QEMU for development, and I noticed that NC-SI packets get dropped by
the Linux software bridge[1] because we use a broadcast source MAC address
for the first few NC-SI packets.
The spec requires that the destination MAC address is FF:FF:FF:FF:FF:FF,
but it doesn't require anything about the source MAC address as far as I
know. From testing on a few different NC-SI NIC's (Broadcom 57502, Nvidia
CX4, CX6) I don't think it matters to the network card. I mean, Meta has
been using this in mass production with millions of BMC's [2].
In general, I think it's probably just a good idea to use a unicast MAC.
This might have the effect of causing the NIC to learn 2 MAC addresses from
an NC-SI link if the BMC uses OEM Get MAC Address commands to change its
initial MAC address, but it shouldn't really matter. Who knows if NIC's
even have MAC learning enabled from the out-of-band BMC link, lol.
[1]: https://tinyurl.com/4933mhaj
[2]: https://tinyurl.com/mr3tyadb
Signed-off-by: Peter Delevoryas <peter@....dev>
---
net/ncsi/ncsi-cmd.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/net/ncsi/ncsi-cmd.c b/net/ncsi/ncsi-cmd.c
index dda8b76b7798..fd090156cf0d 100644
--- a/net/ncsi/ncsi-cmd.c
+++ b/net/ncsi/ncsi-cmd.c
@@ -377,15 +377,7 @@ int ncsi_xmit_cmd(struct ncsi_cmd_arg *nca)
eh = skb_push(nr->cmd, sizeof(*eh));
eh->h_proto = htons(ETH_P_NCSI);
eth_broadcast_addr(eh->h_dest);
-
- /* If mac address received from device then use it for
- * source address as unicast address else use broadcast
- * address as source address
- */
- if (nca->ndp->gma_flag == 1)
- memcpy(eh->h_source, nca->ndp->ndev.dev->dev_addr, ETH_ALEN);
- else
- eth_broadcast_addr(eh->h_source);
+ memcpy(eh->h_source, nca->ndp->ndev.dev->dev_addr, ETH_ALEN);
/* Start the timer for the request that might not have
* corresponding response. Given NCSI is an internal
--
2.30.2
Powered by blists - more mailing lists