lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180310103809.5nnwoulua2u64rku@pali>
Date:   Sat, 10 Mar 2018 11:38:09 +0100
From:   Pali Rohár <pali.rohar@...il.com>
To:     Mario.Limonciello@...l.com
Cc:     kai.heng.feng@...onical.com, mjg59@...f.ucam.org,
        dvhart@...radead.org, andy@...radead.org, tiwai@...e.com,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
        alsa-devel@...a-project.org
Subject: Re: [PATCH v2 3/3] ALSA: hda: Disabled unused audio controller for
 Dell platforms with Switchable Graphics

On Friday 09 March 2018 09:59:39 Mario.Limonciello@...l.com wrote:
> > > Pali is your concern that this code for matching vendor/subsystem is running
> > > on non-Dell too?  The only other recommendation I think that can be to restrict
> > > to matching Dell OEM strings in SMBIOS table, but I don't think that's any better
> > > than the matching for VID/SSVID.
> > 
> > My concern is about adding a new machine specific code into generic
> > driver, which check is done just by PCI vendor and subvendor.
> > 
> > In future there can be new models or other PCI devices which matches
> > above condition even they would not have any switchable graphics, nor
> > they would manufactured by Dell.
> 
> Uh Dell subsystem ID means it's Dell no?

What would prevent you to take PCI device marked with Dell ID and put it
into non-Dell computer? I do not believe that Dell PCI devices are
configured to work only in Dell branded devices and refuse to power up
in others.

If there is Dell ID then it just means that PCI device itself is Dell's.
And not that machine in which that device is plugged is also Dell.

> > Also I can imagine that in future (or maybe already now?) it is possible
> > to find PCI device which pass above checks and connect this PCI device
> > into desktop /server / any non-laptop device.
> > 
> > If this switchable graphics solution is specific to dell laptops, then
> > rather checking for PCI vendor/subvevendor main check, there should be
> > main check via DMI strings.
> 
> Right now this is affected to both AIO desktop and laptops.
> 
> IIRC you won't end up with switchable graphics in traditional desktop that you
> can remove PCI card.  If this code was run on a traditional desktop with a 
> AMD PCI card that BIOS query result should be invalid token (which will infer
> switchable off to this routine).
> 
> > 
> > Hardware is changing relatively quickly and there is absolutely no
> > guarantee that e.g. NVIDIA would not start providing audio controller in
> > similar like AMD and it would be put in those Dell machines.
> 
> Kai Heng can explain exactly why NVIDIA isn't affected.
> This is probably good information to include in the commit message too.

Yes, extending commit message is a good idea.

But here I'm talking about future, NVIDIA cards could be in future.

I still think that whitelisting devices based on vendor ID by some
measurements at one time is a bad idea. It is fragile which can stop
working in the future.

> > 
> > > > >
> > > > > Interesting question would be, how handle this situation Windows?
> > > >
> > > > I don't know how this platform handles this on Windows, I guess we need
> > > > Mario to shed some lights here.
> > >
> > > Sorry I don't have this information to share.   I don't think it's too useful here
> > > anyway though because Windows driver architecture is much different in this
> > > area.
> > >
> > >
> > 
> > --
> > Pali Rohár
> > pali.rohar@...il.com

-- 
Pali Rohár
pali.rohar@...il.com

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ