Ancestors

Toot

Written by Peter Hutterer on 2024-10-04 at 00:30

HIDIOCREVOKE has been merged for 6.12. Here's an explanation of what it is:

https://who-t.blogspot.com/2024/10/hiocrevoke-merged-for-kernel-612.html

=> More informations about this toot | More toots from whot@fosstodon.org

Descendants

Written by Martin Roukala (né Peres) on 2024-10-04 at 12:42

@whot Congrats! The future looks bright!

=> More informations about this toot | More toots from mupuf@fosstodon.org

Written by ssmid on 2024-10-05 at 08:40

@whot Great article. Why can't we fix evdev though? These all seem to be workarounds. When I hear that we need eBPF to prevent applications using HID to upload firmware I get very tired.

=> More informations about this toot | More toots from ssmid@mas.to

Written by Peter Hutterer on 2024-10-06 at 08:14

@ssmid the firmware bit is a special case that evdev doesn't cater for at all so there's nothing to fix because it never did this anyway.

And with evdev any changes are bound to break things, so they need to be considered very carefully anyway.

=> More informations about this toot | More toots from whot@fosstodon.org

Written by ssmid on 2024-10-06 at 11:47

@whot If evdev is such a bad fit, why not instead wrap /dev/hidraw in a device thats safe to use from userspace? In my head, eBPF is best used for things that belong in the kernel but are too special of a use case or too dynamic (e.g. different scheduler for certain workloads) to write actual kernel code for. Former seems to be the proven and also easy way, at least to me. But I'm not a kernel dev.

=> More informations about this toot | More toots from ssmid@mas.to

Written by Peter Hutterer on 2024-10-08 at 01:05

@ssmid depends on perspective but evdev is the that wrap to make devices safe to use from userspace. It just has a few other features too (in particular also working for non-HID devices).

For the HID firewalling you have to write device-specific code anyway, the question is who needs to ship and maintain that code for every device. And who applies it. BPF is very convenient for this.

=> More informations about this toot | More toots from whot@fosstodon.org

Written by ssmid on 2024-10-08 at 05:52

@whot Makes sense, even though I'm still skeptical that depending on BPF is the right way here. I'd rather see that wrapping happening in evdev or some new device.

However, thanks for all your insights!

=> More informations about this toot | More toots from ssmid@mas.to

Written by Peter Hutterer on 2024-10-08 at 08:16

@ssmid fwiw, i think we're conflating a few orthogonal issues here. BPF is merely way to achieve something, your question is more related to whether this should be done over HID or evdev or $other. But those three don't imply or require BPF, it's just that the current easiest approach is that.

=> More informations about this toot | More toots from whot@fosstodon.org