From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E27C37C92D
	for <linux-kernel@vger.kernel.org>; Wed, 22 Apr 2026 16:44:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776876274; cv=none; b=QL7kF5YCrt3iydzCnQI/9qIswJkI53XS3SQ31O1Bp+Vm0AyAriXts+DEC7h76nKm2Vs609UYpeewOr9A9kiJc0HmIcTCSIFtFX3e0JhypGY9pUx0xWz5twBwIPUinreJ7k6xDZru/Z/XFxEmX7aPuL0F/efGUlWKsJO9MXiRca4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776876274; c=relaxed/simple;
	bh=BgDSI4zVHjeTWCZJNObGDJ3ff3QHrWTr1HQJxLLBgTI=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=eO+6IFscRFHi6gNjJLBWlhJP9QQKOZbiRiOkEEasRfnAbnhVuKW3dFjKzzycT1u7eP9QyNJxYMU+qmMROoJKBmxYwWdpYmfpR+fDcJKJgrQWhS1Y2Q/Pl+BSQgRhNIQmgWit9MeY/5n/AKITF3POS343dR47bn3ehqYR07uQf/c=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Y2ka1xva; arc=none smtp.client-ip=209.85.128.179
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y2ka1xva"
Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-78fc4425b6bso48437907b3.1
        for <linux-kernel@vger.kernel.org>; Wed, 22 Apr 2026 09:44:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1776876272; x=1777481072; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=BgDSI4zVHjeTWCZJNObGDJ3ff3QHrWTr1HQJxLLBgTI=;
        b=Y2ka1xvaixMM2lKUvM+DIAd94fZ4dEVS28LV11KyKHlLwHYLJaHH8Oe28caX1CIN3t
         L1+bmY0U+9NIq3WkhGsP9FBx8EMzRbNAleg/vxC5Ug5+rxFFDU61MPZ2CCFdvcqDqFz4
         94hUTS8ptEIOmHpYTXaqRm5jE9rTA8buHllgDyLjP+Y+dpplC6n2rw6XxtFXkAr028HD
         XP6ug+80JxTjOqv1z+PfDPkkJB7S+nbcQGViudy7UtpsQSuKMxHtCIN2Cnnn+w8i93xZ
         UWIBrQgGwJ0vsLVxw89MYPnKBN828TA0OSwcI2uZ4OGFF/3O9wzIHvs5YELvdnxmo2P7
         3dyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1776876272; x=1777481072;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=BgDSI4zVHjeTWCZJNObGDJ3ff3QHrWTr1HQJxLLBgTI=;
        b=ZSoYt/GeD+dvEOOH/gTLA7Q2vu0Ih8KKnkvUd6E74r2joEF9lDZYnUnzXRgsa6cH2u
         pkCNSEz8ZsuONvzgHl9ZtHsPrTEJM+T0+ZZFl/bAEJYfdNBNYzAob/pCHsFBb0qhLydL
         SoLGTLDa4O13wIFcv5haNyAofpGCwCf3xN7FTjxFt4v85nBAmxez3uQIA1QAize7hXJv
         OA5R8JVBNUUv7pM6aoJB/TMkmOWCgfsr3m1U6KtqvQY1vB5GQqyYkk/bgIjReI6Yg6Za
         puXmYb/eBDTgby6OrRuX9bnwrpVzAUlmnJWF0HjubNyCx1VIbJ1LydkW5FeH91UBkVSe
         AOhg==
X-Forwarded-Encrypted: i=1; AFNElJ+ge5/I1KvACHnO7kxPQVoDzuB53jXHsFs7Nwd/95wJwinEDrAgPBE8JTPgbIyV/5xDqls10aE6WC222A0=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz4yeW0HCqYetMSgVi/hNK+QCqEgfV+Wd8+uigRCH6pcLqncFm1
	sRTVriVadcrCbDj4Cs/XIINI19OhnSsaQCv7QXU+dYRWNBoffsJOQYBVNB6E4zP8
X-Gm-Gg: AeBDiesH6C0BvHFLSoWW3yl4+UNr9k0udnTXb6+kIPmyTV+mkP95FaWCa0oCpheaP6p
	crP7OgAyn79rqh6UvFyu/h0mvxcNnUDuYrzYR1Z5cnIUZZIjPhvTIX56xm3mIMbHMlSJNLSOBLE
	DdFTuBZYLYjloyr2/HBUrhKizZZ8Nn1sm9ugvaEnPn8Tq+N+dpPzh3lWf3KF9XxyTrQ+DQZlsn9
	3xVTkxCUYAszsgYLIYRy/iu2YgA2CDAzoj0rF23BAlJ9LiQNxzExMc+Ls/eFKinqVSND8VUo131
	hlHIIZC+ykwA/uw3YkuBMilD+kVKyhu/OsIu44PayWGL53tF8F1vZy18zSQgTHx/9nhOuJohvh4
	CYawyeUh9xNXA7gxjutRk4LleDlVvmxX+yggnW0lMemqAoS03vGMNjzQhMQabj66oRlxxZYPw0C
	xOu5ZJTJxXZOUMrR371rE3SaZeQsEtk9KvVc/mq3UumYXhXWY=
X-Received: by 2002:a05:690c:4:b0:7a0:4146:6eaf with SMTP id 00721157ae682-7b9ececb2admr263566677b3.16.1776876271986;
        Wed, 22 Apr 2026 09:44:31 -0700 (PDT)
Received: from home.paul.comp (paulfertser.info. [2001:470:26:54b:226:9eff:fe70:80c2])
        by smtp.gmail.com with ESMTPSA id 00721157ae682-7b9ee9b5254sm69514347b3.41.2026.04.22.09.44.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 Apr 2026 09:44:31 -0700 (PDT)
Received: from home.paul.comp (home.paul.comp [IPv6:0:0:0:0:0:0:0:1])
	by home.paul.comp (8.15.2/8.15.2/Debian-22+deb11u3) with ESMTP id 63MGiRaZ018350;
	Wed, 22 Apr 2026 19:44:28 +0300
Received: (from paul@localhost)
	by home.paul.comp (8.15.2/8.15.2/Submit) id 63MGiPLn018349;
	Wed, 22 Apr 2026 19:44:25 +0300
Date: Wed, 22 Apr 2026 19:44:25 +0300
From: Paul Fertser <fercerpav@gmail.com>
To: Michael Bommarito <michael.bommarito@gmail.com>
Cc: Samuel Mendoza-Jonas <sam@mendozajonas.com>, netdev@vger.kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 0/6] net/ncsi: harden packet parsing against
 malformed BMC replies
Message-ID: <aej66UTWzQ74dven@home.paul.comp>
References: <20260422160342.1975093-1-michael.bommarito@gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20260422160342.1975093-1-michael.bommarito@gmail.com>

Hello Michael,

On Wed, Apr 22, 2026 at 12:03:36PM -0400, Michael Bommarito wrote:
> NC-SI treats the management controller as privileged, but the Linux
...
> The threat model here is a compromised BMC or management-channel MITM
> on the NC-SI link.

The subject of the cover letter and the quoted fragment suggest that
you have a wrong impression of where NC-SI links exist and what they
carry, let me try to clarify.

On motherboards with BMC (the management controller) there often is a
way for the BMC (dedicated SoC these days) to talk to the
host-controlled NIC via NC-SI which is basically RMII (normally used
to talk to Ethernet PHY but here it's used to talk to a whole big NIC)
on hardware level plus special kind of frames sent in-band for
(partial) control and monitoring of the NIC. And regular frames are
transmitted over the same set of signals, there's no dedicated channel
for any kind of management inside NC-SI.

The code your patches modify always runs only on the BMC itself, the
packets parsed are generated by a NIC directly.

So if anything, the threat model here is compromised NIC
firmware. MITMing sounds unlikely as that would require tricky
hardware modifications and if you can do that it's easier to put a
modified NIC instead.

The idea to not trust anything coming from a NIC too much is good in
general but please take the correct context into account when
reasoning about the patches.