Bug 853998 - Udev rule in upower-wup matches FTDI based BusPirate
Summary: Udev rule in upower-wup matches FTDI based BusPirate
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: upower
Version: 38
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Richard Hughes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-09-03 14:20 UTC by Martin Sivák
Modified: 2024-05-21 14:09 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-05-21 14:09:51 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Martin Sivák 2012-09-03 14:20:08 UTC
Description of problem:

The following rule from 95-upower-wup matches my BusPirate and disrupts it's operation which is painfull especially during flashing AVR microcontrollers (causes freezes and flash verification failures).
 
SUBSYSTEM=="tty", SUBSYSTEMS=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A80?????", ENV{UPOWER_VENDOR}="Watts Up, Inc.", ENV{UPOWER_PRODUCT}="Watts Up? Pro", ENV{UP_MONITOR_TYPE}="wup"

Vendor id 0403 belongs to "FTDI" and product id 6001 belongs to generic "FT232 USB-Serial (UART) IC". FTDI is major producer of USB to serial chips and it is not safe to base the device detection rule only on this usb identification.

My BusPirate has serial number A800Ngf8 so the mentioned rule matches and causes upower to start using it's serial device (e.g. /dev/ttyUSB0).


Version-Release number of selected component (if applicable):

upower-0.9.17-1.fc17.x86_64

How reproducible:

Well, you can change serial no of 0403:6001 FTDI devices to something arbitrary. So just get one and change it to A800something.
  
Actual results:

upower starts using the serial line, disrupting the proper traffic

Expected results:

upower ignores the device

Comment 1 Richard Hughes 2012-09-03 15:46:30 UTC
(In reply to comment #0)
> Vendor id 0403 belongs to "FTDI" and product id 6001 belongs to generic
> "FT232 USB-Serial (UART) IC". FTDI is major producer of USB to serial chips
> and it is not safe to base the device detection rule only on this usb
> identification.

I know, but we try to open the serial device and ask if the device is a Watts Up Pro energy monitor. If it isn't we close the device again.

I think it's equally "Watts Up Pro" and BusPirate that neither could be bothered to change the default VID/PID.

In the meantime, try editing /etc/UPower/UPower.conf and changing EnableWattsUpPro=true

Richard.

Comment 2 Eric Preston 2012-10-23 08:12:58 UTC
This is really ridiculous behaviour and I'm experiencing exactly the same problem right now with gpsd and modem manager fighting over the port while I'm attempting to use a bus pirate via cu.

It's not a question of watts up or buspirate or whatever changing the VID/PID (for which getting assignment costs money I might add, which plenty of people doing open hardware ARE NOT going to pay).

This VID/PID is specifically and only specifically a FTDI usb-serial chip, anything beyond that is guessing.

You should absolutely not be pushing random binary garbage down the serial line of devices hoping to match some known probing conditions. 

If you want to make this work right, you need to ask the user explicitly to probe for devices that you might want to match for, and once you match, add appropriate udev rules matching that device's specific serial number only.

I'd love to just yank modem-manager from my system but of course network-manager dependency hell means I'm wasting my time sorting out why this magic bad behaviour is stopping me from actually using the devices as I want, due to stupid detection rules.

Comment 3 Fedora End Of Life 2013-07-04 05:51:10 UTC
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 4 Fedora End Of Life 2013-08-01 17:06:51 UTC
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 5 Martin Sivák 2014-01-07 09:58:56 UTC
Still broken in F19 and F20. And very serious for me I might add. It can cause bricking of a microcontroller during programming if the conditions get exactly "right"..

Comment 6 Fedora End Of Life 2015-05-29 08:46:40 UTC
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 7 Fedora End Of Life 2015-06-29 11:40:15 UTC
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 8 Martin Sivák 2016-03-22 10:34:16 UTC
This is still broken in the latest Fedora 23.

Moreover.. I really do not see how this rule can work even for Watts Up now.. They must surely have depleted the stash of chips with A80??? serial numbers by now.

Comment 9 Fedora End Of Life 2016-11-24 10:47:29 UTC
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 10 Fedora End Of Life 2016-12-20 12:25:14 UTC
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 11 Martin Sivák 2018-11-01 16:22:53 UTC
The offending rule is still part of Fedora 28 and 29.

Comment 12 Ben Cotton 2019-10-31 20:35:42 UTC
This message is a reminder that Fedora 29 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '29'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 29 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 13 Ben Cotton 2019-11-27 19:42:11 UTC
Fedora 29 changed to end-of-life (EOL) status on 2019-11-26. Fedora 29 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 14 Martin Sivák 2023-05-18 06:50:37 UTC
Just because I am in the mood today...

This is still broken in Fedora 38. The offending rule still exists and the behavior of sending random data down a matching serial line is still present. And it again disrupted communication with my devices, because I forgot to reconfigure upower after a reinstall/upgrade.

Just to make the severity clear: This has the potential to cause harm, physical damage or unrecoverable situation in certain scenarios. My specific example is flashing microcontrolers. Random data sent during this delicate operation can change Write-once bits (or hard to update bits) like fuses. 

And to make the explanation of why the udev rule is wrong clear. The VID/PID pair will match ALL devices using this chip: https://www.digikey.cz/cs/products/detail/ftdi-future-technology-devices-international-ltd/FT232RL-REEL/1836385 and there are thousands (probably more) devices and modules using it: https://www.sparkfun.com/products/12731

This rule then triggers something that sends random data to a matching serial device. Which could be connected to anything - including a CNC machine with a high speed milling bit (I do have one like that too you know and crashing a 20 000 rpm bit into something is outright dangerous).

To use the scientific terminology (https://en.wikipedia.org/wiki/Sensitivity_and_specificity)

The sensitivity of the udev rule is probably OK - it matches Watts Up Pro the author had (but the A800* serial numbers are probably out of market and new devices have a higher number assigned).
The selectivity is abysmal, because it matches almost everything else too if it comes from the same batch of serial numbers.

Comment 15 Aoife Moloney 2024-05-07 15:40:37 UTC
This message is a reminder that Fedora Linux 38 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '38'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 38 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 16 Aoife Moloney 2024-05-21 14:09:51 UTC
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21.

Fedora Linux 38 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.