lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ea9ab148c4bb45b9ae7369020300b74b@ausx13mpc124.AMER.DELL.COM>
Date:   Sun, 11 Mar 2018 14:03:13 +0000
From:   <Mario.Limonciello@...l.com>
To:     <pali.rohar@...il.com>
CC:     <kai.heng.feng@...onical.com>, <mjg59@...f.ucam.org>,
        <dvhart@...radead.org>, <andy@...radead.org>, <tiwai@...e.com>,
        <platform-driver-x86@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <alsa-devel@...a-project.org>
Subject: RE: [PATCH v2 3/3] ALSA: hda: Disabled unused audio controller for
 Dell platforms with Switchable Graphics

> -----Original Message-----
> From: platform-driver-x86-owner@...r.kernel.org [mailto:platform-driver-x86-
> owner@...r.kernel.org] On Behalf Of Pali Rohár
> Sent: Saturday, March 10, 2018 6:38 PM
> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> Cc: kai.heng.feng@...onical.com; mjg59@...f.ucam.org; dvhart@...radead.org;
> andy@...radead.org; tiwai@...e.com; platform-driver-x86@...r.kernel.org; linux-
> kernel@...r.kernel.org; alsa-devel@...a-project.org
> Subject: Re: [PATCH v2 3/3] ALSA: hda: Disabled unused audio controller for Dell
> platforms with Switchable Graphics
> 
> On Friday 09 March 2018 09:59:39 Mario.Limonciello@...l.com wrote:
> > > > Pali is your concern that this code for matching vendor/subsystem is running
> > > > on non-Dell too?  The only other recommendation I think that can be to restrict
> > > > to matching Dell OEM strings in SMBIOS table, but I don't think that's any better
> > > > than the matching for VID/SSVID.
> > >
> > > My concern is about adding a new machine specific code into generic
> > > driver, which check is done just by PCI vendor and subvendor.
> > >
> > > In future there can be new models or other PCI devices which matches
> > > above condition even they would not have any switchable graphics, nor
> > > they would manufactured by Dell.
> >
> > Uh Dell subsystem ID means it's Dell no?
> 
> What would prevent you to take PCI device marked with Dell ID and put it
> into non-Dell computer? I do not believe that Dell PCI devices are
> configured to work only in Dell branded devices and refuse to power up
> in others.

I think the missing aspect is that this is only used in AIO and laptop form
factors where the discrete graphics is in a non-removable form factor.

Running with your hypothetical though, what would happen is if it's
on a non-Dell machine the PCI check would pass and then the code
would not be executed by dell-laptop (since dell-smbios didn't load).

If it was on a Dell machine it would load but the BIOS would return
either Switchable graphics turned off, or invalid token.

Even though these aren't real for switchable graphics on Dell I don't
see a problem with either of these situations if it ever came up.
 
> 
> If there is Dell ID then it just means that PCI device itself is Dell's.
> And not that machine in which that device is plugged is also Dell.
> 
> > > Also I can imagine that in future (or maybe already now?) it is possible
> > > to find PCI device which pass above checks and connect this PCI device
> > > into desktop /server / any non-laptop device.
> > >
> > > If this switchable graphics solution is specific to dell laptops, then
> > > rather checking for PCI vendor/subvevendor main check, there should be
> > > main check via DMI strings.
> >
> > Right now this is affected to both AIO desktop and laptops.
> >
> > IIRC you won't end up with switchable graphics in traditional desktop that you
> > can remove PCI card.  If this code was run on a traditional desktop with a
> > AMD PCI card that BIOS query result should be invalid token (which will infer
> > switchable off to this routine).
> >
> > >
> > > Hardware is changing relatively quickly and there is absolutely no
> > > guarantee that e.g. NVIDIA would not start providing audio controller in
> > > similar like AMD and it would be put in those Dell machines.
> >
> > Kai Heng can explain exactly why NVIDIA isn't affected.
> > This is probably good information to include in the commit message too.
> 
> Yes, extending commit message is a good idea.
> 
> But here I'm talking about future, NVIDIA cards could be in future.
> 
> I still think that whitelisting devices based on vendor ID by some
> measurements at one time is a bad idea. It is fragile which can stop
> working in the future.

Compiling a whitelist is a wasted effort because it will have to change
Every year for every new platform that has AMD switchable graphics.

This heuristic that is selected covers switchable graphics back for the
past generations that Canonical has tested and fixed, not just this
current one.

If that situation you refer to happens, it will be on new hardware that's
not yet enabled by the Linux kernel.  We can cross that bridge when we
come to it with either a newly proposed heuristic or some adjustments
for whitelist/blacklist.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ