[BRLTTY] [PATCH] don't steal abused USB ids

Stanislav Brabec sbrabec at suse.cz
Mon May 14 15:26:32 EDT 2018 

Dave Mielke wrote:
> [quoted lines by Stanislav Brabec on 2018/05/14 at 19:23 +0200]

>> Can you detect these devices by the serial communication somehow?
> 
> In general, yes, but I don't like the idea because that can confuse, if not 
> entirely brick, a device.

Blindly assuming that all generic USB UART devices are Braille devices
can brick poorly made devices as well.

> And, as you might guess, braille devices are not only 
> very important but also very expensive.

Then it is a double shame that manufacturer refuses to pay anything for
a dedicated USB id. There are even projects providing unique USB ids for
free.

>> Installer can relatively safely suppose that any USB UART bridge is a
>> Braille device. (With the above mentioned exception.)
> 
> Mightn't it be possible, if not fairly probable, that a system with a lot of 
> those devices already connected to it is being reinstalled? I suppose, though, 
> that what you mean is that it'd be okay to assume a braille device since those 
> other devices, even if connected, wouldn't be useful when installing.

System is installed: We can assume Braille device. We can live with
non-Braille UART devices being not responding, at least for initial
stage of installation. (The risk still exists, but it is pretty low, for
example those serial UPSes with one character commands that can shut
down the system immediately.)

System is upgraded: Braille device is already configured, and no
additional detection is needed (with exception of the introduction of
new rules).

>> 2. Installer will suppose Braille device.
> 
> I assume you mean that the installer would use the rules that include all of 
> the devices (not just the non-generic ones).

Yes. But in case of well made Braille devices, you know that for sure.
No need for guesses, no need for detection nor questions.

>> 3. In the beginning of the installation something like
>> brltty-uart-detect will be called. If any UART device is detected as
>> Braille device, it will generate e. g. /etc/udev/rules.d/68-brltty.rules
>> with proper rules.
> 
> Would it be sufficient if the number is high enough to be after the rules for 
> the other devices? We currently recommend 90. I don't know if distributions are 
> using it or picking their own number. I also don't know if 90 is high enough.

As long as there is no conflicting rule, numbers don't really matter.
Most hardware devices use 65 to 90.

>> If we reach the worst case (no way to detect Braille device at all),
>> then brltty-uart-detect has to be interactive: ask user to reply,
>> whether it is a Braille device. In case of no response, it will be
>> considered as not Braille device.
> 
> This would be a problem because a braille user wouldn't be able to read the 
> prompt until his braille device is working.

Well, it would be no problem:

If a generic serial USB device that can be Braille device appears, send
the prompt to the visual console and all generic USB serial devices, and
read a response from visual console and all generic USB serial devices.

If you send it to GPS, serial modem, Arduino etc., probably nothing
happens (prompt will not start by "AT"). If you send it to Braille
terminal, user should answer "yes".

Identically, if you read "yes" from any of connected generic USB serial
devices, then you can assume that the reply comes from a Braille keyboard.

GPS, serial modem, Arduino etc. normally don't reply "yes", so the
detection with human help could be accurate.

Here is an example:

Prompt:
Generic UART Bridge Controller was found on USB port 2, device 3.
Is it a Braille device? (yes/no)

... no response ... => do not install brltty rule
"yes" => install the rule

This could work for uncertain devices. Risk is low.

>> Serial communication with an unknown serial device is a bit unsafe.
>> Example: Serial UPS connected to USB UART Bridge. Some old UPS devices
>> have a single letter commands, including Power Off. If you send the
>> letter, computer will immediately turn off.
> 
> Yes. As mentioned above, I don't like serial probing.

Me too. But serial probing is still better than random sending of serial
data.

Actually, the problem is much wider and unwanted communication for the
generic USB UART devices easily happens.

grep -ir '\(6001\|ea60\|ea80\)' /usr/lib/udev/rules.d /etc/udev/rules.d

Especially gpsd blindly expect that 10c4:ea60 and 0403:6001 is a GPS device.
/usr/lib/udev/rules.d/51-gpsd.rules:
# SiRF Star III 20ch Gmouse GPS (a.k.a Cygnal Integrated Products, Inc.)
KERNEL=="ttyUSB*", ATTR{idVendor}=="10c4", ATTR{idProduct}=="ea60",
RUN="gpsd.sh"
KERNEL=="ttyUSB*", ATTR{idVendor}=="0403", ATTR{idProduct}=="6001",
RUN="gpsd.sh"

ModemManager is a bit smarter and uses greylist.

>> The above mentioned solution will still make impossible to use Arduino,
>> some GPS devices and generic USB to serial converters by blind people.
>> To solve this problem, it would be needed to limit the driver to a
>> particular USB port.
> 
> How would a user specify the port, and how would we find out which port the 
> device is on?

Kernel has some support, see "lsusb -t". But it seems that udev
currently cannot create rules "USB device with id A:B connected to
leftmost rear port.

>> The (rejected) patch is not sufficient. Kernel still hooks to this
>> device. Here is an example of my GPS Qstarz BT-1000P with openSUSE
>> Leap 15.0:
> 
> So the kernel isn't using enough information for the other devices to be sure
> either?

> This is a device that brltty creates with uinput. How can we create it 
> differently so that it won't cause a problem?

Confirming. After commenting out udev rules AND killing of brltty
daemon, GPS can be used again.

Some daemons use udev helpers to notify new matching devices, so the
detection is implemented only once, by udev.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                         e-mail: sbrabec at suse.com
Křižíkova 148/34 (Corso IIa)                  tel: +49 911 7405384547
186 00 Praha 8-Karlín                          fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

More information about the BRLTTY mailing list