Bug 1473415 - RQR12.07_B0029 update hangs, and breaks Logitech wireless USB mouse
RQR12.07_B0029 update hangs, and breaks Logitech wireless USB mouse
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: fwupd (Show other bugs)
26
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard Hughes
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-20 14:26 EDT by Paul Eggert
Modified: 2017-08-19 08:49 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Eggert 2017-07-20 14:26:01 EDT
Description of problem:

Attempting to install the latest Fedora 26 patches caused my Logitech wireless mouse to stop working.

Version-Release number of selected component (if applicable):

The update that hanged was labeled "Logitech Unifying Receiver RQR12.01_B0019 -> RQR12.07_B0029" in the software update GUI. Presumably either one version or the other is installed, or perhaps a mixed-up mixture of the two versions. I don't know how to check.

How reproducible:

My desktop uses an ASUSTeK M4A87TD/USB3 motherboard. I have a Dell SK-8110 PS/2 keyboard (my Logitech keyboard died and this is a replacement). I have a Logitech M510 wireless USB mouse, P/N 810-001897.

Steps to Reproduce:
1. Run the Software Update GUI.
2. Click on "Updates".
3. There is a row saying "Logitech Unifying Receiver / RQR12.01_B0019 -> RQR12.07_B0029 / This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11...." In the row there is an "Update" button. Click on it.

Actual results:

Nothing happens. The mouse stops working. I waited several minutes. Eventually I rebooted by using the keyboard. The mouse still doesn't work.

Expected results:

I expected the update to work, perhaps by rebooting the system.

Additional info:

I would appreciate being given a command-line way to do the update, and to monitor its progress. I tried this:

dnf --enablerepo=updates-debuginfo update
reboot

but it does not seem to suffice; the mouse still does not work after rebooting, and the updates GUI still lists the Logitech Unifying Receiver patch as not being installed.

To work around the problem I substituted a Logitech B100 (P/N 810-001397) wired USB mouse, which works fine. At least now I know no nearby attackers are injecting mouse movements....
Comment 1 Richard Fearn 2017-07-20 14:29:39 EDT
The unifying-receiver-udev package contains udev rules for Logitech receivers. It allows Solaar to access these devices.

If updating the firmware stopped the mouse working completely, I don't think it's anything to do with this package - rather it's a problem with the firmware upgrade, which I think is handled by the fwupd package.
Comment 2 Paul Eggert 2017-07-20 14:39:56 EDT
(In reply to Richard Fearn from comment #1)

Thanks for fixing the package - this stuff is all unfamiliar ground to me.

In further news, unplugging the wireless mouse's tiny USB dongle, and plugging it back in again, makes the wireless mouse start working again. However, the software updates GUI for a while listed no updates, and now is listing the Logitech Unifying Receiver update again. For now I'm going to assume that the update hasn't entirely taken and that I'm vulnerable to the security problem, so I will revert to the wired mouse.

I can test the wireless mouse if you give me further instructions. Although I expect someone around here has a device that would let me exploit the security hole if it's still present (for testing purposes only of course), I'd rather not have to do that....
Comment 3 Richard Fearn 2017-07-21 09:13:55 EDT
> In further news, unplugging the wireless mouse's tiny USB dongle, and
> plugging it back in again, makes the wireless mouse start working again.

I read this recently:

  https://blogs.gnome.org/hughsie/2017/05/22/updating-logitech-hardware-on-linux/

  ..which talks about how fwupd controls the receiver in order to update the firmware on it. My guess is that fwupd is putting it into a different state so that it can update the firmware, but that the update is then not working. While in this state, the receiver doesn't function normally. But when you unplug/replug it, the receiver starts up normally again, and you can use the mouse.

> However, the software updates GUI for a while listed no updates, and now is
> listing the Logitech Unifying Receiver update again. For now I'm going to
> assume that the update hasn't entirely taken

Sounds exactly like the update hasn't worked.

I only saw this bug because you originally filed it against unifying-receiver-udev, but I'm no expert on fwupd. We should probably wait for Richard Hughes to respond, as he *is* the fwupd expert.
Comment 4 Richard Hughes 2017-07-21 11:08:03 EDT
Does "fwupdmgr get-updates" list anything for the device?
Comment 5 Richard Hughes 2017-07-21 11:22:08 EDT
Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155 too?
Comment 6 Paul Eggert 2017-08-01 12:01:17 EDT
(In reply to Richard Hughes from comment #4)
> Does "fwupdmgr get-updates" list anything for the device?

That shell command outputs the following:

Unifying Receiver has firmware updates:
ID:                      com.logitech.Unifying.RQR12.firmware
GUID:                    77d843f7-682c-57e8-8e29-584f5b4f52a1
GUID:                    9d131a0c-a606-580f-8eda-80587250b8d6
Update Version:          RQR12.07_B0029
Update Remote ID:        lvfs
Update Checksum:         SHA1(d0d33e760ab6eeed6f11b9f9bd7e83820b29e970)
Update Location:         https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
Update Description:      This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.
Comment 7 Paul Eggert 2017-08-01 12:05:57 EDT
(In reply to Richard Hughes from comment #5)
> Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155
> too?

That looks plausible. Is there something simple that I could run, to check? (I won't have physical access to the machine until tomorrow.)
Comment 8 Richard Hughes 2017-08-19 08:49:46 EDT
What's the number laser-printed on the USB plug? It starts with U00xxxxx -- thanks.

Note You need to log in before you can comment on or make changes to this bug.