From: Takashi Iwai <tiwai@suse.de>
To: Richard Fitzgerald <rf@opensource.wolfsonmicro.com>
Cc: alsa-devel@alsa-project.org, James Cameron <quozl@laptop.org>,
David Henningsson <david.henningsson@canonical.com>
Subject: Re: Splitting out controls
Date: Fri, 16 Oct 2015 19:00:40 +0200 [thread overview]
Message-ID: <s5hpp0eeojr.wl-tiwai@suse.de> (raw)
In-Reply-To: <1445013114.3536.28.camel@rf-debian.wolfsonmicro.main>
On Fri, 16 Oct 2015 18:31:54 +0200,
Richard Fitzgerald wrote:
>
> On Fri, 2015-10-16 at 18:00 +0200, Takashi Iwai wrote:
> > On Fri, 16 Oct 2015 17:35:30 +0200,
> > Richard Fitzgerald wrote:
> > >
> > > On Tue, 2015-10-13 at 09:07 +0200, David Henningsson wrote:
> > > >
> > > > On 2015-10-12 22:59, James Cameron wrote:
> > > > > On Mon, Oct 12, 2015 at 02:49:46PM +0100, Liam Girdwood wrote:
> > > > >> I've written up the minutes here below
> > > > >
> > > > > Thanks!
> > > > >
> > > > >> Splitting out controls: Takashi
> > > > >> ===============================
> > > > >>
> > > > >> - Restricted access. Consensus to restrict access to some controls due
> > > > >> to possibility of breaking HW at kernel level. i.e. prevent feeding
> > > > >> digital Mic into HP amp to prevent speaker over heating.
> > > > >
> > > > > I'd like that. rt5631. Avoiding at the moment by removing the controls.
> > > >
> > > > IIRC, the debate was over "do not expose dangerous controls to userspace
> > > > at all" vs "expose dangerous controls controls only to root".
> > > >
> > > > I'm strongly voting for "do not expose to userspace at all".
> > > >
> > > > I personally believe that if the physical hardware can be set to state
> > > > where it's bricked, the hardware itself is buggy.
> > > >
> > > > If the hardware is buggy, this should be worked around in BIOS or
> > > > whatever firmware is present on the machine. Otherwise there is a bug in
> > > > BIOS.
> > > >
> > > > If BIOS is buggy and cannot protect the machine from being physically
> > > > damaged, then we need to work around that in the kernel. Otherwise there
> > > > is a bug in the kernel.
> > > >
> > > > And if the kernel is buggy, we should fix the kernel. Period. :-)
> > > >
> > > I agree with you in principle that if it can break the hardware then
> > > either it shouldn't be exposed to user-side at all, or it should be
> > > checked by the kernel/driver to prevent bad settings.
> > >
> > > However, what about this sort of scenario: some codec has a speaker
> > > volume range of 0..100, all of which are valid and safe. Manufacturer X
> > > makes a device with an inadequate speaker that can be damaged with
> > > volume settings above 80. How is that protected? There's nothing wrong
> > > with the codec driver. There's no software at all for a speaker - it's
> > > just a speaker. Where do we put a hard limit of 80 on a codec control
> > > for one specific device? If it was my codec driver I don't want to have
> > > to put a workaround for one specific device because manufacturer X chose
> > > the wrong type of speaker. Or do we not care about the "stupid
> > > manufacturer" cases and we're only interested in protecting the device
> > > the control directly applies to - in this example it's a codec control
> > > so it mustn't damage the codec but we don't care if poor hardware design
> > > means it could damage other hardware connected to the codec.
> >
> > There is snd_soc_limit_volume() function to override the volume range
> > from a machine driver for such a purpose. This was what was suggested
> > in the meeting.
> >
> >
> > Takashi
>
> OK, I didn't know that but I do now, so that wasn't a good example. But
> how about something more complex. Let's say it was a set of coefficient
> values for a filter. That's not a simple range check, it would need
> specialized code to understand whether the coefficients were safe.
>
> Really my point was that if all hardware was completely isolated from
> other hardware you can error-check controls. But when you start hooking
> up bits of hardware to other bits of hardware, it becomes more complex
> defining what is safe, and who is responsible for checking that it is
> safe, and where the knowledge about how to check it's safe should live.
>
> That said, I'm not a fan of the "unless we can fix everything we
> shouldn't fix anything" attitude. Fixing something is always better than
> fixing nothing. So the fact that combining real hardware can introduce
> new types of unsafe settings isn't an argument against error-checking
> control values.
Sure, systems will get more complex in future and more dynamic via
f/w. It's impossible to cover all statically in each driver.
As I mentioned in another mail, we should think of hardening in
multiple levels.
Takashi
next prev parent reply other threads:[~2015-10-16 17:00 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-12 13:49 [Minutes] ELCE Audio mini conf Liam Girdwood
2015-10-12 15:30 ` Jaroslav Kysela
2015-10-12 20:59 ` Splitting out controls James Cameron
2015-10-13 7:07 ` David Henningsson
2015-10-13 8:27 ` Keyon
2015-10-13 14:55 ` Pierre-Louis Bossart
2015-10-13 15:56 ` David Henningsson
2015-10-13 16:08 ` Pierre-Louis Bossart
2015-10-16 6:41 ` David Henningsson
2015-10-16 14:49 ` Pierre-Louis Bossart
2015-10-16 15:24 ` Richard Fitzgerald
2015-10-30 2:48 ` Mark Brown
2015-10-16 15:28 ` Takashi Iwai
2015-10-14 18:20 ` Liam Girdwood
2015-10-16 15:35 ` Richard Fitzgerald
2015-10-16 16:00 ` Takashi Iwai
2015-10-16 16:31 ` Richard Fitzgerald
2015-10-16 17:00 ` Takashi Iwai [this message]
2015-10-17 15:54 ` Pierre-Louis Bossart
2015-10-17 16:02 ` Takashi Iwai
2015-10-18 6:41 ` Ricard Wanderlof
2015-10-30 2:57 ` Mark Brown
2015-10-17 16:25 ` Alexander E. Patrakov
2015-10-30 2:50 ` Mark Brown
2015-10-30 2:36 ` Mark Brown
2015-10-30 8:36 ` David Henningsson
2015-10-30 8:53 ` James Cameron
2015-10-30 9:04 ` David Henningsson
2015-11-01 2:45 ` Mark Brown
2015-10-13 14:09 ` 'BATCH flag for USB' and 'ALSA Core Challenges' Takashi Sakamoto
2015-10-13 14:44 ` Alexander E. Patrakov
2015-10-18 3:22 ` Takashi Sakamoto
2015-10-13 16:01 ` Pierre-Louis Bossart
2015-10-14 12:27 ` Liam Girdwood
2015-10-22 17:10 ` [Minutes] ELCE Audio mini conf Mark Brown
2015-10-22 17:14 ` DP hotplug on USB C Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s5hpp0eeojr.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=david.henningsson@canonical.com \
--cc=quozl@laptop.org \
--cc=rf@opensource.wolfsonmicro.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox