lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20debb4d623f057b77ad9d2f5909540baf750c13.camel@hadess.net>
Date:   Thu, 21 Jul 2022 11:39:06 +0200
From:   Bastien Nocera <hadess@...ess.net>
To:     José Expósito <jose.exposito89@...il.com>,
        spbnick@...il.com
Cc:     jikos@...nel.org, benjamin.tissoires@...hat.com,
        linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] UCLogic: Filtering unsupported HUION tablets

On Mon, 2022-07-18 at 19:29 +0200, José Expósito wrote:
> Hi!
> 
> No code yet, just a kind request for comments and hopefully some
> wisdom
> and experience from Nikolai dealing with HUION devices.
> 
> HUION keeps reusing the same vendor and product IDs for their
> devices.
> This makes it really difficult to differentiate between devices and
> handle them in the kernel and also in user space.
> 
> Reusing IDs could introduce a problem:
> 
> If HUION, or other vendor following the same practices, releases a
> new
> tablet with a duplicated product ID, the UCLogic driver would handle
> it.
> The device might work with the existing code or it might fail because
> of
> a new feature or a whole different firmware.
> 
> As far as I know, at the moment there is not a mechanism in place to
> avoid this situation.
> I think that it'd be better to ignore those devices in UCLogic and
> let
> the HID generic driver handle them because using HID generic would
> provide a basic user experience while using UCLogic might fail to
> probe
> the tablet.
> 
> DIGImend's web already provides a nice list of supported devices:
> http://digimend.github.io/tablets/
> 
> So, I wonder:
> 
>  - Do you think it makes sense to ignore untested devices?
>  - If the answer is yes, do we have a better option than checking the
>    device name against an allow-list? It'd be great to hear other
>    people's ideas.

I don't think it makes sense to ignore untested devices, unless you
know for a fact they won't work.

But if the name is part of detecting the device, it would certainly
make sense to use that as part of the identifier for the device, rather
than just the USB VIP:PID.

You should be able to add the product strings in the .driver_data, and
check them in probe().

Cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ