Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp4571067ybc;
        Fri, 15 Nov 2019 06:48:15 -0800 (PST)
X-Google-Smtp-Source: APXvYqwofh1Q6/PeZep6pqVRnPFrO4e5TUG7DJLdaqTK7n8qO7K5mMQ5DeLuzybPEBqCfW/XRhDb
X-Received: by 2002:a1c:7f54:: with SMTP id a81mr15446763wmd.48.1573829295629;
        Fri, 15 Nov 2019 06:48:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573829295; cv=none;
        d=google.com; s=arc-20160816;
        b=N0mEGoEz2PxKXaDyS5r499sWWshJfDw3xdopmHe+gsFJdQY5xBGmt9sYx6i0PWIOy6
         hP6yXZ2uCNKD3OiyVvNXhyGkREUd+9iYZbrIbHpvhfcYyQEGMb7UHhyVpDkDGnWjMTji
         DBCgxEMo/C6Ovul73hXdmLtzyML6zSJup4mOS0me2S1/RgGLD7YOgqhp4UJFJIGDBVqh
         o5MYRU0B81rlCcHvFDtX0sBAiaK73N+f0M4TMXXE7AMr9JtBj2ej87sDMTDx6ieSLVnV
         ibzTVIjlAV1c7UaWWe6I6/MHl5zOdoM43qdcJbfyr2fxtEBn+KRK+i092+zKXLD5sCN6
         4elA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=A5DbVcBWyWNT0Bf+TBIj4rpDMpIX275oycgq4m/LPKE=;
        b=maSRYzRC6ExCfSXaG0PCuLZkxanmkmOdWHyt6CrjKoN7s/5by4lFn+tr29rJpqyUNP
         r0iTp6LrPuOwDR0MsD0M2mInitCndkg3zW08dAJ4BsysYEBTrdi6fbtBtV+aZvn1SEhI
         3dh4i5QZrPOK2hqhk3UG/2lLykwuVIhI9MrlFbBN/IshIuZMXQ+EvhXCdrxVl5HqbqYb
         L81C0CiJ/OvJNCYolyOonKwc4TqNeP5L3ZRnWBZIfJgtP0QGe10g5DXmzeOFhtxRACM8
         HKh2+/a4TBGo9xQ2AETHVvBismGPmvMD3aXYHqwiKqC54Qc2/SRdm8cY9KE9G6XPoU9m
         Lz/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=NWY22g1b;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v26si6678991edd.364.2019.11.15.06.47.51;
        Fri, 15 Nov 2019 06:48:15 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=NWY22g1b;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727753AbfKOOqY (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Fri, 15 Nov 2019 09:46:24 -0500
Received: from mail-pl1-f195.google.com ([209.85.214.195]:42799 "EHLO
        mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727427AbfKOOqY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Nov 2019 09:46:24 -0500
Received: by mail-pl1-f195.google.com with SMTP id j12so4802885plt.9;
        Fri, 15 Nov 2019 06:46:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=A5DbVcBWyWNT0Bf+TBIj4rpDMpIX275oycgq4m/LPKE=;
        b=NWY22g1b9U1t3GuzHDFJY7ddGjKEIAPOGLr4be7jbF+/vAqjVu5HkklrQyA3YfU6wG
         /QMZG+lgH1gpIk2s2UB4p8mzV2FNkXKMvN398xcIC+D340JXLHxMinhmnVBsKj3EJEY7
         BPSzTCzC5ms2FqcwCTSZDJKDMv4tWSQr81UkNQdy4inyrtkh/JqZX5to5Y9gV6UmQ1N9
         hhNaQ/b/b0/nvMxhE5TsaVlX4NnGi5hQZp6BXiRvSZLj+/OCIERR0Hf7VXphzBhVccwu
         pWlyCsmGqFBRyQ2kLZ/tPnW5lQ3zbzZAvTifZyNIGIhZxRk09Xw5ctb2Z4WAa2g8WHlm
         +6Kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:subject:to:cc:references:from:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=A5DbVcBWyWNT0Bf+TBIj4rpDMpIX275oycgq4m/LPKE=;
        b=foDa/fWcQHe253wOtRPSIFYBneFBEkR8vnfgJSVo0q8eSe0IY4+kbO8a5rsMRSVOlo
         s9ANmcGRwiLBOgHgKGWKk79c6yEFx9HT9ffzs4lkFYTGFw4VPHr3Ua6Mz6Z6kz23Htvt
         c7f/VLUoZlY81iDu87rTcIOWT0z0iJecH+aWnLgCnQEDDcLWdEcnFNEO+WbDK+2T1nIS
         /ZtGqYbUGukxsushDcioVSeqmby5ezQob/cOMfxACZ7T2ow7QKBYF9TlhtSMSxAWINU4
         bk6AJFeZpHZYhZ/gDIwyznoXDbileGUwhNI+uiaQQcOFEXX/rhwtr05U2n3VWyCNJb+n
         fVqw==
X-Gm-Message-State: APjAAAVlFLGrYfIPzdyRyePeXGrqqlcrtEj0/ECARmlD+DjmbyU+/aPQ
        EF/j7IHn3ohbSXrWFHxH0VNq4d4G
X-Received: by 2002:a17:90a:a4e:: with SMTP id o72mr19982526pjo.66.1573829183239;
        Fri, 15 Nov 2019 06:46:23 -0800 (PST)
Received: from server.roeck-us.net ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c])
        by smtp.gmail.com with ESMTPSA id w5sm11742001pfd.31.2019.11.15.06.46.21
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 15 Nov 2019 06:46:21 -0800 (PST)
Subject: Re: [PATCH] hwmon: (dell-smm-hwmon) Disable BIOS fan control on
 SET_FAN
To:     =?UTF-8?Q?Pali_Roh=c3=a1r?= <pali.rohar@gmail.com>,
        Giovanni Mascellani <gio@debian.org>
Cc:     Jean Delvare <jdelvare@suse.com>, linux-hwmon@vger.kernel.org,
        linux-kernel@vger.kernel.org
References: <20191114211408.22123-1-gio@debian.org>
 <20191114213901.GA28532@roeck-us.net> <20191114215154.hze2avicv7pwiksp@pali>
 <7ea74678-59e4-2c23-6744-6d0b2eff0a67@debian.org>
 <20191115112902.yfaoqttsafmilijh@pali>
 <97d17b37-0267-ae32-803c-ce8f7a871ab4@debian.org>
 <20191115143654.xxpxd4xrrapvv5xu@pali>
From:   Guenter Roeck <linux@roeck-us.net>
Message-ID: <afdf3d85-1950-2eec-a826-718a1c28f460@roeck-us.net>
Date:   Fri, 15 Nov 2019 06:46:20 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191115143654.xxpxd4xrrapvv5xu@pali>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/15/19 6:36 AM, Pali Rohár wrote:
> On Friday 15 November 2019 14:44:59 Giovanni Mascellani wrote:
>> Hi,
>>
>> Il 15/11/19 12:29, Pali Rohár ha scritto:
>>> No. I have not tested that my patch on other models. You can look at
>>> that my patch link, some people already reported that on some models it
>>> does not work...
>>
>> Yes, I saw that. But they are also using other laptops, which could be
>> excluded by the whitelist until we have a working command for them.
>>
>>> What is incompatible with Secure Boot? sys_iopl nor sys_ioperm has
>>> nothing to do with UEFI Secure Boot. They are just ordinary syscalls
>>> like any other and are executed on kernel side. And IIRC it is up to the
>>> kernel how it set privileges for I/O ports. Maybe bootloaders under
>>> Secure Boot can set some other default values, but kernel can overwrite
>>> them. I really do not see reason why it could be incompatible with UEFI
>>> Secure Boot nor why it should not work. It just looks like improper
>>> setup from userspace.
>>
>> Ah, my fault here: there is a patch to lock down the kernel when it is
>> started with Secure Boot[1], and I believed that was already in
>> mainline, but apparently it is not.
> 
> Ok, so, this is not a problem.
> 
> I hope that such patch is not going to be part of mainline kernel as it
> would break lot of things. UEFI Secure Boot and kernel lock down are two
> different things. It would be really suspicious that for "workarounding"
> broken functionality would be needed to turn of totally unrelated option
> in firmware SETUP.
> 
>>   [1]
>> https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=160a99536afc317b337212dd40eaba341702343e
>>
>>> It makes sense to have implemented in kernel switching between automatic
>>> and manual mode as kernel has API for it. But it depends on the fact
>>> that we know which SMM API to call. And currently it is just some random
>>> call which we somehow observed that is working on 2 machines and on some
>>> more other does not. Until we have fully working implementation we
>>> cannot put it into kernel.
>>
>> Mmh, but then what is a plausible way forward to have this? Can't we
>> start populating a whitelist for the machines we already have a solution
>> for, and add more entries when they are discovered? This would already
>> give a benefit to the users of supported laptops, without impacting
>> users of unsupported laptops. My feeling is that if we pretend to have
>> information for all possible models supported by dell-smm-hwmon, we will
>> never benefit any user. Or can you suggest a plan?
> 
> The following question is up to the hwmon maintainers. Guenter, should
> we start creating whilelist of machines which support those SMM calls
> for enabling / disabling BIOS auto mode? And maintaining this whilelist
> in kernel dell-smm-hwmon driver?
> 
Ok with me.

>>> What does not make sense for me is to have that "protection" in kernel.
>>
>> I am not really sure which "protection" you mean. I didn't mean to
>> introduce any protection from userspace in my patch, I just wanted to
>> make SET_FAN working. I think that the kernel module cannot (and should
>> not) reliably protect itself from userspace sending random IO port
>> reads/writes.
> 
> I mean protection to disallow calling SET_FAN operation when auto mode
> is enabled.
> 
I don't have a problem with that, as long as it only applies in conjunction
with the whitelist. The whitelist would determine if the pwmX_enable attribute
is supported. If it is, pwmX can only be written if pwm1_enable is set to 1
(manual fan speed control). This is pretty common for other drivers.

Guenter