| Message ID | 20210510101951.249384110@linuxfoundation.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | None | expand |
On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > From: Christoph Hellwig <hch@lst.de> > > commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > > If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > for all modules importing these symbols, and don't allow loading > symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > imported gplonly symbols. Add a anti-circumvention devices so people > don't accidentally get themselves into trouble this way. > > Comment from Greg: > "Ah, the proven-to-be-illegal "GPL Condom" defense :)" Patch got in to stable, so my comments are quite late, but can someone explain me - how this is a stable material? What specific, real bug that bothers people, is being fixed here? Or maybe it fixes serious issue reported by a user of distribution kernel? IOW, how does this match stable kernel rules at all? For sure it breaks some out-of-tree modules already present and used by customers of downstream stable kernels. Therefore I wonder what is the bug fixed here, so the breakage and annoyance of stable users is justified. > > [jeyu: pr_info -> pr_err and pr_warn as per discussion] > Link: http://lore.kernel.org/r/20200730162957.GA22469@lst.de > Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> > Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Signed-off-by: Christoph Hellwig <hch@lst.de> > Signed-off-by: Jessica Yu <jeyu@kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Best regards, Krzysztof
On 18/06/2021 10:57, Krzysztof Kozlowski wrote: > On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >> From: Christoph Hellwig <hch@lst.de> >> >> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >> >> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >> for all modules importing these symbols, and don't allow loading >> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >> imported gplonly symbols. Add a anti-circumvention devices so people >> don't accidentally get themselves into trouble this way. >> >> Comment from Greg: >> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > > Patch got in to stable, so my comments are quite late, but can someone > explain me - how this is a stable material? What specific, real bug that > bothers people, is being fixed here? Or maybe it fixes serious issue > reported by a user of distribution kernel? IOW, how does this match > stable kernel rules at all? > > For sure it breaks some out-of-tree modules already present and used by > customers of downstream stable kernels. Therefore I wonder what is the > bug fixed here, so the breakage and annoyance of stable users is justified. And for the record I am not talking about this patch only. I am asking also what serious or real bug is being fixed by: "modules: mark find_symbol static find_symbol is only used in module.c." I would be really happy to extend my knowledge about real bugs faced by people, where the fix is to un-export unused symbol. It must have been very interesting, real bug bothering people. :) Best regards, Krzysztof
From: Krzysztof Kozlowski > Sent: 18 June 2021 09:57 > > On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > > From: Christoph Hellwig <hch@lst.de> > > > > commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > > > > If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > > for all modules importing these symbols, and don't allow loading > > symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > > imported gplonly symbols. Add a anti-circumvention devices so people > > don't accidentally get themselves into trouble this way. > > > > Comment from Greg: > > "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > > Patch got in to stable, so my comments are quite late, but can someone > explain me - how this is a stable material? What specific, real bug that > bothers people, is being fixed here? Or maybe it fixes serious issue > reported by a user of distribution kernel? IOW, how does this match > stable kernel rules at all? > > For sure it breaks some out-of-tree modules already present and used by > customers of downstream stable kernels. Therefore I wonder what is the > bug fixed here, so the breakage and annoyance of stable users is justified. It also doesn't stop non-gpl out-of-tree modules doing anything. They just have to be reorganized with a 'base' GPL module that includes wrappers for all the gplonly symbols and then all the rest of the modules can be non-gpl. This means that drivers that were marked gpl no longer need to be because they now use the wrappers. So it is just an annoyance. Fortunately our main out-of-tree drivers don't use any GPL bits at all - so this change doesn't affect our customer releases. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On Fri, Jun 18, 2021 at 09:07:53AM +0000, David Laight wrote: > From: Krzysztof Kozlowski > > Sent: 18 June 2021 09:57 > > > > On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > > > From: Christoph Hellwig <hch@lst.de> > > > > > > commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > > > > > > If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > > > for all modules importing these symbols, and don't allow loading > > > symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > > > imported gplonly symbols. Add a anti-circumvention devices so people > > > don't accidentally get themselves into trouble this way. > > > > > > Comment from Greg: > > > "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > > > > Patch got in to stable, so my comments are quite late, but can someone > > explain me - how this is a stable material? What specific, real bug that > > bothers people, is being fixed here? Or maybe it fixes serious issue > > reported by a user of distribution kernel? IOW, how does this match > > stable kernel rules at all? > > > > For sure it breaks some out-of-tree modules already present and used by > > customers of downstream stable kernels. Therefore I wonder what is the > > bug fixed here, so the breakage and annoyance of stable users is justified. > > It also doesn't stop non-gpl out-of-tree modules doing anything. > They just have to be reorganized with a 'base' GPL module that > includes wrappers for all the gplonly symbols and then all > the rest of the modules can be non-gpl. Ah, the "gpl condom defense". Love it that you somehow think that is acceptable (hint, it is not.) That's what this patch series is supposed to be addressing and fixing, but someone has shown me a way around this. I'll work on fixing that up in a future patch series next week. thanks, greg k-h
On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: > On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > > From: Christoph Hellwig <hch@lst.de> > > > > commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > > > > If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > > for all modules importing these symbols, and don't allow loading > > symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > > imported gplonly symbols. Add a anti-circumvention devices so people > > don't accidentally get themselves into trouble this way. > > > > Comment from Greg: > > "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > > Patch got in to stable, so my comments are quite late, but can someone > explain me - how this is a stable material? What specific, real bug that > bothers people, is being fixed here? Or maybe it fixes serious issue > reported by a user of distribution kernel? IOW, how does this match > stable kernel rules at all? > > For sure it breaks some out-of-tree modules already present and used by > customers of downstream stable kernels. Therefore I wonder what is the > bug fixed here, so the breakage and annoyance of stable users is justified. It fixes a reported bug in that somehow symbols are being exported to modules that should not have been. This has been in mainline and newer stable releases for quite some time, it should not be a suprise that this was backported further as well. thanks, greg k-h
On 18/06/2021 11:19, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 09:07:53AM +0000, David Laight wrote: >> From: Krzysztof Kozlowski >>> Sent: 18 June 2021 09:57 >>> >>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>>> From: Christoph Hellwig <hch@lst.de> >>>> >>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>>> >>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>>> for all modules importing these symbols, and don't allow loading >>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>>> imported gplonly symbols. Add a anti-circumvention devices so people >>>> don't accidentally get themselves into trouble this way. >>>> >>>> Comment from Greg: >>>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >>> >>> Patch got in to stable, so my comments are quite late, but can someone >>> explain me - how this is a stable material? What specific, real bug that >>> bothers people, is being fixed here? Or maybe it fixes serious issue >>> reported by a user of distribution kernel? IOW, how does this match >>> stable kernel rules at all? >>> >>> For sure it breaks some out-of-tree modules already present and used by >>> customers of downstream stable kernels. Therefore I wonder what is the >>> bug fixed here, so the breakage and annoyance of stable users is justified. >> >> It also doesn't stop non-gpl out-of-tree modules doing anything. >> They just have to be reorganized with a 'base' GPL module that >> includes wrappers for all the gplonly symbols and then all >> the rest of the modules can be non-gpl. > > Ah, the "gpl condom defense". Love it that you somehow think that is > acceptable (hint, it is not.) > > That's what this patch series is supposed to be addressing and fixing, > but someone has shown me a way around this. I'll work on fixing that > up in a future patch series next week. Greg, for real, no one argues with the patch in the mainline. But what is the justification for stable kernel backport? How does it match the rules of stable kernels? Best regards, Krzysztof
On Fri, Jun 18, 2021 at 10:59:50AM +0200, Krzysztof Kozlowski wrote: > On 18/06/2021 10:57, Krzysztof Kozlowski wrote: > > On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > >> From: Christoph Hellwig <hch@lst.de> > >> > >> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > >> > >> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > >> for all modules importing these symbols, and don't allow loading > >> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > >> imported gplonly symbols. Add a anti-circumvention devices so people > >> don't accidentally get themselves into trouble this way. > >> > >> Comment from Greg: > >> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > > > > Patch got in to stable, so my comments are quite late, but can someone > > explain me - how this is a stable material? What specific, real bug that > > bothers people, is being fixed here? Or maybe it fixes serious issue > > reported by a user of distribution kernel? IOW, how does this match > > stable kernel rules at all? > > > > For sure it breaks some out-of-tree modules already present and used by > > customers of downstream stable kernels. Therefore I wonder what is the > > bug fixed here, so the breakage and annoyance of stable users is justified. > > And for the record I am not talking about this patch only. I am asking > also what serious or real bug is being fixed by: > "modules: mark find_symbol static > find_symbol is only used in module.c." That was part of the patch series, I needed pretty much the whole thing to be able to apply them cleanly. We always try to match what is in Linus's tree exactly so we can correctly track things, one-off backports are almost always broken and wrong. And no one should be ever using find_symbol(), that's just a given. thanks, greg k-h
On 18/06/2021 11:19, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: >> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>> From: Christoph Hellwig <hch@lst.de> >>> >>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>> >>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>> for all modules importing these symbols, and don't allow loading >>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>> imported gplonly symbols. Add a anti-circumvention devices so people >>> don't accidentally get themselves into trouble this way. >>> >>> Comment from Greg: >>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >> >> Patch got in to stable, so my comments are quite late, but can someone >> explain me - how this is a stable material? What specific, real bug that >> bothers people, is being fixed here? Or maybe it fixes serious issue >> reported by a user of distribution kernel? IOW, how does this match >> stable kernel rules at all? >> >> For sure it breaks some out-of-tree modules already present and used by >> customers of downstream stable kernels. Therefore I wonder what is the >> bug fixed here, so the breakage and annoyance of stable users is justified. > > It fixes a reported bug in that somehow symbols are being exported to > modules that should not have been. This has been in mainline and newer > stable releases for quite some time, it should not be a suprise that > this was backported further as well. This is vague. What exactly is the bug? How exporting symbols which should not be exported, causes it? Is there OOPs? Some feature does not work? Best regards, Krzysztof
On Fri, Jun 18, 2021 at 11:22:37AM +0200, Krzysztof Kozlowski wrote: > On 18/06/2021 11:19, Greg Kroah-Hartman wrote: > > On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: > >> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: > >>> From: Christoph Hellwig <hch@lst.de> > >>> > >>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. > >>> > >>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag > >>> for all modules importing these symbols, and don't allow loading > >>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously > >>> imported gplonly symbols. Add a anti-circumvention devices so people > >>> don't accidentally get themselves into trouble this way. > >>> > >>> Comment from Greg: > >>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" > >> > >> Patch got in to stable, so my comments are quite late, but can someone > >> explain me - how this is a stable material? What specific, real bug that > >> bothers people, is being fixed here? Or maybe it fixes serious issue > >> reported by a user of distribution kernel? IOW, how does this match > >> stable kernel rules at all? > >> > >> For sure it breaks some out-of-tree modules already present and used by > >> customers of downstream stable kernels. Therefore I wonder what is the > >> bug fixed here, so the breakage and annoyance of stable users is justified. > > > > It fixes a reported bug in that somehow symbols are being exported to > > modules that should not have been. This has been in mainline and newer > > stable releases for quite some time, it should not be a suprise that > > this was backported further as well. > > This is vague. What exactly is the bug? How exporting symbols which > should not be exported, causes it? Is there OOPs? Some feature does not > work? The bug/issue is that symbols were being incorrectly exported in ways that they should not have been and were available to users that should not have been able to use them. That is what this patch series resolves. I can go into details but they are boring and deal with closed source monstrosities that feel they are allowed to muck around in kernel internals at will, which causes a support burden on the kernel community. If you object to this, that's fine, you are free to revert them in your local distro kernel after discussing it with your lawyers to get their approval to do so. thanks, greg k-h
On 18/06/2021 11:29, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 11:22:37AM +0200, Krzysztof Kozlowski wrote: >> On 18/06/2021 11:19, Greg Kroah-Hartman wrote: >>> On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: >>>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>>>> From: Christoph Hellwig <hch@lst.de> >>>>> >>>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>>>> >>>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>>>> for all modules importing these symbols, and don't allow loading >>>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>>>> imported gplonly symbols. Add a anti-circumvention devices so people >>>>> don't accidentally get themselves into trouble this way. >>>>> >>>>> Comment from Greg: >>>>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >>>> >>>> Patch got in to stable, so my comments are quite late, but can someone >>>> explain me - how this is a stable material? What specific, real bug that >>>> bothers people, is being fixed here? Or maybe it fixes serious issue >>>> reported by a user of distribution kernel? IOW, how does this match >>>> stable kernel rules at all? >>>> >>>> For sure it breaks some out-of-tree modules already present and used by >>>> customers of downstream stable kernels. Therefore I wonder what is the >>>> bug fixed here, so the breakage and annoyance of stable users is justified. >>> >>> It fixes a reported bug in that somehow symbols are being exported to >>> modules that should not have been. This has been in mainline and newer >>> stable releases for quite some time, it should not be a suprise that >>> this was backported further as well. >> >> This is vague. What exactly is the bug? How exporting symbols which >> should not be exported, causes it? Is there OOPs? Some feature does not >> work? > > The bug/issue is that symbols were being incorrectly exported in ways > that they should not have been and were available to users that should > not have been able to use them. That is what this patch series > resolves. I can go into details but they are boring and deal with > closed source monstrosities that feel they are allowed to muck around in > kernel internals at will, which causes a support burden on the kernel > community. Thanks Greg, I would prefer honest "we don't want others to do something we don't like or approve and we can change it" :) > If you object to this, that's fine, you are free to revert them in your > local distro kernel after discussing it with your lawyers to get their > approval to do so. Best regards, Krzysztof
--- a/include/linux/module.h +++ b/include/linux/module.h @@ -376,6 +376,7 @@ struct module { unsigned int num_gpl_syms; const struct kernel_symbol *gpl_syms; const s32 *gpl_crcs; + bool using_gplonly_symbols; #ifdef CONFIG_UNUSED_SYMBOLS /* unused exported symbols. */ --- a/kernel/module.c +++ b/kernel/module.c @@ -1429,6 +1429,24 @@ static int verify_namespace_is_imported( return 0; } +static bool inherit_taint(struct module *mod, struct module *owner) +{ + if (!owner || !test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) + return true; + + if (mod->using_gplonly_symbols) { + pr_err("%s: module using GPL-only symbols uses symbols from proprietary module %s.\n", + mod->name, owner->name); + return false; + } + + if (!test_bit(TAINT_PROPRIETARY_MODULE, &mod->taints)) { + pr_warn("%s: module uses symbols from proprietary module %s, inheriting taint.\n", + mod->name, owner->name); + set_bit(TAINT_PROPRIETARY_MODULE, &mod->taints); + } + return true; +} /* Resolve a symbol for this module. I.e. if we find one, record usage. */ static const struct kernel_symbol *resolve_symbol(struct module *mod, @@ -1454,6 +1472,14 @@ static const struct kernel_symbol *resol if (!sym) goto unlock; + if (license == GPL_ONLY) + mod->using_gplonly_symbols = true; + + if (!inherit_taint(mod, owner)) { + sym = NULL; + goto getname; + } + if (!check_version(info, name, mod, crc)) { sym = ERR_PTR(-EINVAL); goto getname;