-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Nokia-7215-T1] Disable sysrq-trigger from platform init #18161
Conversation
@Pavan-Nokia How are you running the telnet command? As you can see below, its not working on 7215 |
@@ -30,6 +30,9 @@ nokia_7215_profile() | |||
# Install kernel drivers required for i2c bus access | |||
load_kernel_drivers | |||
|
|||
# Disable sysrq-trigger | |||
echo 0 > /proc/sys/kernel/sysrq |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Pavan-Nokia As I understand, there is still a small window of opportunity during boot which may trigger sysrq commands?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that is correct
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Pavan-Nokia How did you rule out this window of time is NOT impacted on the MSFT prod scenario?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@prgeor What we have learnt from our debug sessions is that the MSFT scripts start sending data only when they see a prompt. This change is in the platform init which runs during postinstall, before the getty service which enables the prompt.
The only way to get full protection from sysrq is to make a sonic-linux-kernel change to disable this feature completely this would remove any window / chance for failure on any platform
the way we connect to the 7215 via the console is using a telnet command and as this message here says the escape character to get to telnet prompt is "ctrl+ ]" from the error message I see in your screenshot you have not connected to any device via telnet. so it doesn't understand where to send |
@Pavan-Nokia please help update ADO number: 17610243 |
Cherry-pick PR to 202311: #18210 |
…8210) Co-authored-by: Pavan-Nokia <[email protected]>
Cherry-pick PR to 202305: #18224 |
Why I did it
Disable sysrq invocation by keyboard and terminal server to prevent accidently triggering it under console overload conditions and performing unintentional actions
Work item tracking.
How I did it
Disable sysrq by writing 0 into "/proc/sys/kernel/sysrq" register
How to verify it
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)