lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Feb 2020 12:22:42 +0100 (CET)
From:   Jiri Kosina <jikos@...nel.org>
To:     Benjamin Tissoires <benjamin.tissoires@...hat.com>
cc:     Roderick Colenbrander <thunderbird2k@...il.com>,
        Martyn Welch <martyn@...chs.me.uk>,
        linux-input <linux-input@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Conn O'Griofa <connogriofa@...il.com>,
        "Colenbrander, Roelof" <roderick.colenbrander@...y.com>
Subject: Re: [PATCH] HID: Sony: Add support for Gasia controllers

On Mon, 3 Feb 2020, Benjamin Tissoires wrote:

> I am definitely not in favour of that :(
> 
> The basic problem we have here is that some vendors are overriding your 
> VID/PIDs, and this is nasty. And I do not see any reasons why you can't 
> say: "well, we broke it, sorry, but we only support *our* devices, not 
> third party ones".

Well, it's not about "we broke it" in the first place, as far as I 
can tell.

Roderick's concern is that 3rd party devices with overriden VID/PID 
malfunction for completely unrelated reason to (correctly working) changes 
done in favor of stock Sony devices, but it'll be Sony receiving all the 
reports/blame.

> One thing that comes to my mind (probably not the best solution), is to 
> taint the kernel if you are facing a non genuine product. We do that for 
> nvidia, and basically, we can say: "well, supporting the nvidia blob is 
> done on a best effort case, and see with them directly if you have an 
> issue". Tainting the kernel is a little bit rough, but maybe adding an 
> info message in the dmesg if you detect one of those can lead to a 
> situation were we can count on you for supporting the official products, 
> and you can get community support for the clones.

Yeah; which I wouldn't like to do for upstream kernel, but Sony could 
definitely do this for the products they ship.

The same way distros are tainting their kernels when unsupported modules 
(but otherwise perfectly fine wrt. GPL and everything else) are loaded 
into distro-supported kernels.

> One last thing. Roderick, I am not sure if I mentioned that or not, but 
> I am heavily adding regression tests for HID in 
> https://gitlab.freedesktop.org/libevdev/hid-tools/

... and words can't express how thankful I am for that :)

Thanks,

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ