Hi, On 03/22/2013 10:58 AM, Ludovic Rousseau wrote: > 2013/3/22 Hans de Goede <hdego...@redhat.com>: >> Although automatic detaching may seem like a smart and user (programmer) >> friendly thing to do, I'm very much against it! Let me explain >> why: >> >> a) libusb_detach_kernel_driver on Linux will *always* work if the >> user has the necessary rights on the usbfs device node >> >> b) When libusb_detach_kernel_driver is done, the driver sees a >> device unplug, iow it is to the driver as if the user janked out >> the device. >> >> Combine these 2 and now try to run some generic libusb using tool, >> on a system with liberally set up usbfs permissions, then the following >> could happen: >> i) user is using a usb-stick, copies a large file to it >> ii) user runs the libusb tool >> iii) the tool detaches the usb-mass-storage driver before all cached >> writes are flushed -> data and/or filesystem damage >> >> Not good. Now this can already happen, but making the driver detach >> automatic (by default) makes it that much easier to happen, so strong >> NACK to that idea. > > Another example: > Your application uses libusb with automatic detach. > You start the application and let it run. You forget about it but it > is still running. > Then you start the same application again. > > Instead of failing at the claim, the second execution will call detach > and break the first execution of the application that was still > running and using the device.
Actually that was a libusb bug and has been fixed libusb_detach_kernel_driver, now checks if the driver being detached is not usbfs itself, and if it is returns LIBUSB_ERROR_BUSY. So this example will do the right thing now (the app will get a LIBUSB_ERROR_BUSY both on its libusb_detach_kernel_driver and any subsequent libusb_claim_interface calls). > This is BAD. > Yes, it already happened to me. > > On Linux, I think it is much more safe to use a udev rule to detach > the HID kernel driver, and set the correct access rights, when the > device is plugged. Like what I did at [1]. > > On a developpement system you can play with > libusb_detach_kernel_driver(). That is fine. > But on a production system I think it is too dangerous. > > So I propose to NOT add an automatic detach. Why not? As said I believe it should be opt in, but when we have it as opt-in it is really useful. It will also allow the Linux code to use the new race-free (atomic) detach-and-claim ioctl I added to the upstream kernel recently, ensuring that after a detach no other libusb app can sneak in and do the claim. Yes we had another plan to export that functionality, but auto-detach seems a much better way to export it. Regards, Hans ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ libusbx-devel mailing list libusbx-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libusbx-devel
