Re: [PATCH] net/ncsi: Add Intel OS2BMC OEM command

From: Jiaqing Zhao
Date: Mon Sep 19 2022 - 04:06:23 EST


On 2022-09-15 23:43, Paul Fertser wrote:
> Hello,
>
> On Tue, Sep 13, 2022 at 10:12:06AM +0800, Jiaqing Zhao wrote:
>> On 2022-09-09 15:43, Paul Fertser wrote:
>>> On Fri, Sep 09, 2022 at 03:34:53PM +0800, Jiaqing Zhao wrote:
>>>>> Can you please outline some particular use cases for this feature?
>>>>>
>>>> It enables access between host and BMC when BMC shares the network connection
>>>> with host using NCSI, like accessing BMC via HTTP or SSH from host.
>>>
>>> Why having a compile time kernel option here more appropriate than
>>> just running something like "/usr/bin/ncsi-netlink --package 0
>>> --channel 0 --index 3 --oem-payload 00000157200001" (this example uses
>>> another OEM command) on BMC userspace startup?
>>>
>>
>> Using ncsi-netlink is one way, but the package and channel id is undetermined
>> as it is selected at runtime. Calling the netlink command on a nonexistent
>> package/channel may lead to kernel panic.
>
> That sounds like a bug all right. If you can reproduce, it's likely
> the fix is reasonably easy, please consider doing it.

It cannot be reproduced stably and varies on NICs, I'm still investigating it,
it might be some NIC firmware issue.

>> Why I prefer the kernel option is that it applies the config to all ncsi
>> devices by default when setting up them. This reduces the effort and keeps
>> compatibility. Lots of things in current ncsi kernel driver can be done via
>> commands from userspace, but I think it is not a good idea to have a driver
>> resides on both kernel and userspace.
>
> How should the developer decide whether to enable this compile-time
> option for a platform or not? If it's always nice to have why not
> add the code unconditionally? And if not, are you sure kernel compile
> time is the right decision point? So far I get an impression a sysfs
> runtime knob would be more useful.

Disabling Host-BMC traffic ensures the isolation between Host network and BMC's
management network, some developers/vendors may prefer disable it for security
concerns. Though having a runtime knob in sysfs would be useful, setting the
default behavior in kernel config is also useful from my point.