lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220720173656.GA3725@elementary>
Date:   Wed, 20 Jul 2022 19:36:56 +0200
From:   José Expósito <jose.exposito89@...il.com>
To:     Nikolai Kondrashov <spbnick@...il.com>
Cc:     jikos@...nel.org, benjamin.tissoires@...hat.com,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] UCLogic: Filtering unsupported HUION tablets

Hi Nikolai,

Thanks a lot for the quick response.

On Tue, Jul 19, 2022 at 12:57:09PM +0300, Nikolai Kondrashov wrote:
> Hi José,
> 
> First of all, thanks a lot for all the work you're doing with the tablets!
> 
> Yes, this situation is unfortunate, but there's really not much we could do.
> The tablet database at http://digimend.github.io/tablets/ hasn't been
> updated in ages, and it has never been exhaustive to start with.
> 
> There are tons of tablet modifications, including of the same (marketed)
> model, and those can differ not only in the reported name, but probably even
> the VID:PID, as could've happened when Huion switched from v1 to v2
> protocol.
> 
> So, I think a "whitelist" would be a maintenance nightmare.
> 
> Moreover, I think it's better to disable the tablet completely in case we
> failed initialization (e.g. got an invalid response to configuration, or
> failed to find some interfaces and such), after producing a comprehensive
> error message. Configuring a tablet partially, and then handing it over to
> the generic driver could mess things up more.
> 
> It's less confusing for the user, and stops them from trying to fix the
> problem up the stack with various settings, often getting into a worse
> situation. It's also much easier for the maintainer, since they don't need
> to investigate all the higher layers.
> 
> A "blacklist" would work better here, if you can find the tablets to include.
> 
> Nick

That makes sense, thanks for the pointers.

It is unfortunate that we don't have the required information about the
supported tablets. Excluding the unsupported tablets (when fixing them
is not possible for reasons) seems like a reasonable approach.

I don't know about any broken device handled by the driver, so there is
no need to add new code yet :)
I'll try to keep an eye on DIGImend's issue tracker now that the code
present in the upstream kernel is being released by many distros.

Cheers,
Jose

> On 7/18/22 20:29, José Expósito wrote:
> > Hi!
> > 
> > No code yet, just a kind request for comments and hopefully some wisdom
> > and experience from Nikolai dealing with HUION devices.
> > 
> > HUION keeps reusing the same vendor and product IDs for their devices.
> > This makes it really difficult to differentiate between devices and
> > handle them in the kernel and also in user space.
> > 
> > Reusing IDs could introduce a problem:
> > 
> > If HUION, or other vendor following the same practices, releases a new
> > tablet with a duplicated product ID, the UCLogic driver would handle it.
> > The device might work with the existing code or it might fail because of
> > a new feature or a whole different firmware.
> > 
> > As far as I know, at the moment there is not a mechanism in place to
> > avoid this situation.
> > I think that it'd be better to ignore those devices in UCLogic and let
> > the HID generic driver handle them because using HID generic would
> > provide a basic user experience while using UCLogic might fail to probe
> > the tablet.
> > 
> > DIGImend's web already provides a nice list of supported devices:
> > http://digimend.github.io/tablets/
> > 
> > So, I wonder:
> > 
> >   - Do you think it makes sense to ignore untested devices?
> >   - If the answer is yes, do we have a better option than checking the
> >     device name against an allow-list? It'd be great to hear other
> >     people's ideas.
> > 
> > Best wishes,
> > José Expósito
> > 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ