lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 20 Mar 2017 18:35:14 +0100
From:   Takashi Iwai <>
To:     Hans de Goede <>
Cc:     Jean Delvare <>,
        Adrian Hunter <>,
        Ulf Hansson <>,,,
Subject: Re: [PATCH 1/3] firmware: dmi_scan: Add dmi_product_name kernel cmdline option

On Thu, 09 Mar 2017 11:43:52 +0100,
Hans de Goede wrote:
> Hi,
> On 09-03-17 10:59, Jean Delvare wrote:
> > Hi Hans,
> >
> > On ven., 2017-03-03 at 15:27 +0100, Hans de Goede wrote:
> >> On 03-03-17 10:24, Jean Delvare wrote:
> >>> On Sat, 25 Feb 2017 18:23:55 +0100, Hans de Goede wrote:
> >>>> 1) Rather then add cmdline options for all things which can be DMI quirked
> >>>> and thus may need to be specified, this only requires adding code for
> >>>> a single extra cmdline option
> >>>
> >>> This cuts both ways. It also means that, if you get a new machine which
> >>> needs some of the quirks needed by an older machine, but not all of
> >>> them, you can't get it to work without modifying your kernel first. If
> >>> quirk options are addressed directly to the relevant subsystem, then
> >>> there is a chance that they can be reused directly for other machines
> >>> later.
> >>
> >> Quirks being applied for issues which may be fixed by e.g. a BIOS update
> >> already always being applied even if the new BIOS is there already is the
> >> case for any DMI based quirks.
> >
> > I'm afraid you did not get my point. By "new machine", I did not mean a
> > new hardware or BIOS iteration of the same machine. I meant a
> > completely different machine.
> I see.
> > Say you implemented 4 quirks for machine Foo from vendor A, and mapped
> > them to dmi_product_name=A-Foo. Then vendor B releases machine Bar,
> > which needs 2 of the quirks that machine Foo needed, but not the other
> > 2. You can't pass dmi_product_name=A-Foo for machine Bar, you have to
> > add kernel code to handle dmi_product_name=B-Bar.
> Right, just as we would if the new machine had proper dmi strings in
> the first place and chances are really good (luckily) that machine-B
> will have a proper dmi string, so we would add the new quirks even
> without the A machine having them via the dmi_product_name hack, since
> we will want things to work ootb where-ever possible.
> > If instead you had implemented 4 individually-enabled quirks for
> > machine Foo, you could reuse them directly for machine Bar, without
> > requiring kernel changes.
> True, but as said many many drivers now have quirks which can only
> be enabled through dmi since that is always the end game, so that
> things will work ootb. This seems orthogonal to out discussion.
> > And as a side note, your claim that we keep applying quirks on newer
> > BIOS iterations isn't entirely true. Grep the kernel tree for
> > "dmi_get_system_info(DMI_BIOS_VERSION)" or
> > "DMI_MATCH(DMI_BIOS_VERSION". Sometimes applying a quirk which is not
> > needed is harmless, but most of the time it must be avoided.
> True.
> >>>> 2) Some devices can be quite quirky, e.g. the GPD win mini laptop /
> >>>> clamshell x86 machine, needing several quirks in both kernel and userspace
> >>>> (udev hwdb) in this case being able to fake a unique dmi product name
> >>>> allows making these devices usable with a single kernel cmdline option
> >>>> rather then requiring multiple kernel cmdline options + manual userspace
> >>>> tweaking
> >>>>
> >>>> 3) In some case we may be able to successfully get the manufacturer to
> >>>> fix the DMI strings with a firmware update, but not all users may want
> >>>> to update, this will allow users to use DMI based quirks without forcing
> >>>> them to update their firmware
> >>>
> >>> But that's the only right thing to do. The easier we make it for
> >>> manufacturers shipping crappy BIOSes, the lesser motivated they will be
> >>> to fix them. Writing a decent DMI table is a one hour job, there's no
> >>> excuse for not doing it. So I am very reluctant to accept this patch,
> >>> sorry.
> >>
> >> This whole we are going to make users live miserable to pressure manufacturers
> >> into doing the right thing does not work. We (the kernel community) have
> >> tried that for 10 years and not a whole lot has changed and in the cases
> >> where things have changed it was not because of this it was because
> >> there was a business case for FOSS drivers. Unfortunately there is not
> >> a whole lot of business case for correct DMI strings (for consumer hw).
> >
> > Actually, as the maintainer of dmidecode, my feeling is that the
> > quality of DMI tables has increased significantly over time. That a
> > vendor dared to ship a system in 2016 with not even a valid product
> > name in the DMI table stunned me, I have to admit. Thankfully it is an
> > exception. What you have in your system is the lowest possible degree
> > of DMI table quality :-(
> Yeah.
> > I really believe that Linux is where it is now because we said no when
> > we had to say no. Quality and maintainability comes at this price.
> >
> >> So lets not make users live harder then it needs to be.
> >
> > Users who buy crappy hardware have made their decision. I am not going
> > to make their life harder on purpose, but I am also not going to let
> > them influence the direction of Linux kernel development.
> This specific machine is not crappy (although the DMI tables are)
> and fills a niche where there is almost 0 choice.
> > You also have to consider what kind of user is going to install Linux
> > on such machines. If it requires any kind of manual tweaking (as even
> > your proposal does) then you can exclude the majority of owners. The
> > remaining few percents will find their way through instructions, even
> > if they require several steps.
> Still I would like to make things as easy as possible and unfortunately
> adding kernel cmdline tweaks is something which quite a few users
> eventually end up doing, so this is well documented.
> >> We're talking about either giving the users this set of instructions:
> >>
> >> a)  Add dmi_product_name=GPD-WINI55 to your kernel commandline, then
> >> reboot
> >>
> >> or:
> >>
> >> b)
> >> 1) Add "quirk1=foo quirk2=bar quirk3=argh quirk4=uhoh" to your kernel cmdline.
> >> 2) Edit /lib/udev/hwdb/99-local.hwdb, Add:
> >>
> >> sensor:modalias:acpi:KIOX000A*:dmi*:
> >>   ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
> >>
> >> 3) As root run: "udevadm hwdb --update"
> >> 4) reboot
> >>
> >> Which one is more userfriendly?
> >
> > The answer is obvious, but it would be more honest to present the two
> > options with a neutral point of view. You made "reboot" a separate step
> > in b), not in a). Also steps 2 and 3 of b) are the same thing, really.
> > With more neutrality, a) would still be shorter than b), but the
> > difference would be smaller.
> >
> >> Esp. the ability to have a single kernel cmdline option influence both
> >> kernel and userspace behavior (by allowing a pre-existing rule for the
> >> hw to exist in hwdb) is important since now a days quirks are
> >> more or less split 50/50 between the 2.
> This to me is the most important reason for wanting this, without
> the dmi_product_name= hack (I admit it is a hack) we cannot have userspace
> quirks unless we get the user to unconditionally add them.
> Another big advantage of the dmi_product_name= hack (I admit it is
> a hack) is that we can add new quirks as we discover the need for
> them, e.g as we do hardware enablement for more bits and pieces
> (such as battery monitoring) on the machine and users will then get
> these automatically applied when they install a new kernel.
> >> So I would really like to see support for this kernel cmdline option merged.
> >> Takashi Iwai has been working on some quirks for headphone detection for
> >> the GPDwin machine, which also rely on being able to use a fake dmi_id to
> >> identify the machine.
> >
> > I'll discuss that with Takashi when he returns from vacation.
> Ok, lets wait for that then.

Sorry to be late for joining to the game.

About the sound issue: it's for the jack detection logic implemented
in the audio codec driver, and the setup is specific to the hardware
implementation.  On ARM systems, this could be well informed via DT as
we like.  But on Intel, it's not listed in ACPI, either.  So currently
the quirk is provided only via DMI matching.  There is no module
option, so far.

As Hans already explained, the problem is that GPD Win device gives
literally no information as identification.  There is no specific PCI
SSID, no proper DMI set.

So, from that POV, manually tweaking the DMI is the simplest
solution.  If we don't use this, it will need a lot of harder
efforts -- implement the module option or such tunable knobs per codec
driver, which isn't always things the developers want to have.

> >> And we will likely hit the same problem with intel based tables using
> >> silead touchscreens which also require extra platform info not available
> >> in the ACPI tables, which currently also gets automatically added based
> >> on dmi data, see:
> >>
> >>
> >
> > And what makes you think that systems with crappy DMI data using such
> > touchscreen devices will exist?
> Because these touchscreens are used in the cheapest tablets available,
> so I'm afraid we will eventually hit one with DMI data as bad as the
> GPD-win

Right.  Because things on Intel Cherrytrail or Baytrail systems have
no other information but ACPI, and ACPI implmentations on such devices
are really crappy, mostly just copying from the reference code, we're
facing lots of problems day-by-day.  The pragmatic solutions we've
taken in many fields are quirks based on DMI matching in the end.

Will this be still maintainable in future even if the number of
devices continue to grow?  I don't know.  But to make the things
working for now, the DMI override hack looks like the simplest way to

> >> If you look at the amount of info we need per tablet here doing this
> >> through the kernel cmdline is going to be quite painful. Also the needed
> >> extra code to be able to specify this and many other quirks which are
> >> currently only settable through dmi on the kernel cmdline will be many
> >> times more then the code for the dmi_product_name kernel cmdline
> >> option.
> >
> > I'm not disputing the potential usefulness of the feature. But I see
> > that you are implementing the minimal solution that addresses your
> > immediate problem, with little consideration for where it will lead us
> > in the long term.
> That is a bit of a vague statement if you foresee specific problems
> with this patch in the future please state them.

Indeed.  An override of DMI strings is hacky, but I see no big
problems in it.  You can break the running system by that, but this
isn't the only way to do so :)

> > One thing that strikes me is that "GPD-WINI55" isn't a "DMI product
> > name".
> AFAICT there really is no clear definition (in practice) of what goes
> into the product-name people in general identify this machine as the
> GPDwin or GPD win so to me that is the product name, also I did not
> want to also add a dmi_sys_vendor kernel cmdline argument since just
> having a unique product name string is enough and that would double
> the code added for this hack.

Maybe we can set both fields with some separator (e.g. ":") in a shot?
Also some sanitization of strings would be safer, too.

> > For one thing, you insist on mapping it to DMI for convenience,
> > but it means you are excluding all architectures which do not support
> >  DMI.
> True, but other architectures have e.g. devicetree where we can fix
> this with an updated .dtb file.

Right, it's specific to Intel SoC devices, so far.

> > Also GPD is the manufacturer name, not the product name.
> See my answer to why GPD is included in the product name above, in
> practice everyone calls the product the "GPD win" just doing a web-
> search for "win" is not going to find you anything useful.
> > I'm not sure
> > what the "I55" part comes from, I couldn't find any reference to it on
> > the vendor site. Did you craft it from the fact that this model comes
> > with a 5.5 inches screen?
> I wanted something more specific then GPD win in case GPD releases
> a new significantly different version. The PCB is marked WINI55
> so that is where that comes from.
> > You bundle the whole thing to a single
> > arbitrary string, it looks like a hack, it's not clean. And it's not
> > safe either, as the product name space is per-vendor, so checking for
> > the DMI product name without first checking for the system vendor could
> > lead to unexpected matches (imagine another vendor releases a machine
> > where the full product name is "GPD-WINI55".)
> There are many examples where dmi matches are done only on the
> product_name, or any other dmi string as long as it seems unique,
> I don't see this bit as a problem, but if you want to also add a
> dmi_sys_vendor kernel cmdline argument, sure we can do that.
> > Where are you with the vendor, when do they plan to ship that BIOS
> > update that would solve the problem so nicely?
> They are not answering on either their forum or their contact email
> address from there webpage :|
> Anyways lets wait for Takashi to get back from vacation and you've
> had a discussion with him about this and then we will see from
> there.

So I'm back, and let the discussion fly :)



Powered by blists - more mailing lists