From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E879C48BDF for ; Fri, 18 Jun 2021 09:41:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 247E6613C2 for ; Fri, 18 Jun 2021 09:41:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232609AbhFRJnY (ORCPT ); Fri, 18 Jun 2021 05:43:24 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:49545 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231436AbhFRJnW (ORCPT ); Fri, 18 Jun 2021 05:43:22 -0400 Received: from mail-ed1-f69.google.com ([209.85.208.69]) by youngberry.canonical.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1luAzx-0005Ga-1P for linux-kernel@vger.kernel.org; Fri, 18 Jun 2021 09:41:13 +0000 Received: by mail-ed1-f69.google.com with SMTP id ay20-20020a0564022034b0290394938d698bso341628edb.10 for ; Fri, 18 Jun 2021 02:41:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wo2cA5pweSO0kqrQxgILuU1snjksEOHw0ShsHwnGQtI=; b=B73zifq3lvUQmLs63I8BMJi0FrBGbkUHhzDm0cl11hnrjvX1KhdyNnw2y6PCOauzmI 5qOha10obeZf1b4As9R8lfZ4nILghjVpiPPM3UIpW9Cvkp+s8artuG/YG0jOsqSg+NdS uMmlfZdopvUMgiiQ2OMzjQE913xKcgJPBRDyHzhJBa48tSInHxPk8MJsW73Ncoj923a4 cYZEIBUfFbQwFuKDvkRqMjCONpjbPabtpByPFSs3jYXODtSLEzR3/rsM2/cRBouPBuwY LPyQU82ktis4ZPWu3oRCszpw3oqJf6uktnpkIHNW3JDwJRulGZyuPFTir+DLs+fdmAPL IsRA== X-Gm-Message-State: AOAM530KeemFsx+mRca2gkUC3AxEfbYZvGSuDkWMrlv2pvosrA8tcNil aRuQ7SWZCtQ2r7pQpBBU1Upy0Of194cmdxgu189dDkRzXIQ433wxOcCC/syoRtt6+Wu98vxtBQ3 DYP5ddEX7fFexNhZHVg8bi9cc3iOgxNnoLiE8gIR9+Q== X-Received: by 2002:a50:a447:: with SMTP id v7mr3754053edb.183.1624009272796; Fri, 18 Jun 2021 02:41:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1WiDYFrsj6mJMQRLbXFqr/rU2eP2bom1b8TfxvYhAlycRQg2/g/+hXKY9QL0vEHNbGqcSMA== X-Received: by 2002:a50:a447:: with SMTP id v7mr3754040edb.183.1624009272677; Fri, 18 Jun 2021 02:41:12 -0700 (PDT) Received: from [192.168.1.115] (xdsl-188-155-177-222.adslplus.ch. [188.155.177.222]) by smtp.gmail.com with ESMTPSA id kj1sm839242ejc.10.2021.06.18.02.41.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Jun 2021 02:41:12 -0700 (PDT) Subject: Re: [PATCH 5.4 031/184] modules: inherit TAINT_PROPRIETARY_MODULE To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Daniel Vetter , Christoph Hellwig , Jessica Yu References: <20210510101950.200777181@linuxfoundation.org> <20210510101951.249384110@linuxfoundation.org> <8edc6f45-6c42-19c7-6f40-6f1a49cc685b@canonical.com> From: Krzysztof Kozlowski Message-ID: <0abfc041-571b-75ae-0d53-48f801aab043@canonical.com> Date: Fri, 18 Jun 2021 11:41:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 18/06/2021 11:29, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 11:22:37AM +0200, Krzysztof Kozlowski wrote: >> On 18/06/2021 11:19, Greg Kroah-Hartman wrote: >>> On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: >>>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>>>> From: Christoph Hellwig >>>>> >>>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>>>> >>>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>>>> for all modules importing these symbols, and don't allow loading >>>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>>>> imported gplonly symbols. Add a anti-circumvention devices so people >>>>> don't accidentally get themselves into trouble this way. >>>>> >>>>> Comment from Greg: >>>>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >>>> >>>> Patch got in to stable, so my comments are quite late, but can someone >>>> explain me - how this is a stable material? What specific, real bug that >>>> bothers people, is being fixed here? Or maybe it fixes serious issue >>>> reported by a user of distribution kernel? IOW, how does this match >>>> stable kernel rules at all? >>>> >>>> For sure it breaks some out-of-tree modules already present and used by >>>> customers of downstream stable kernels. Therefore I wonder what is the >>>> bug fixed here, so the breakage and annoyance of stable users is justified. >>> >>> It fixes a reported bug in that somehow symbols are being exported to >>> modules that should not have been. This has been in mainline and newer >>> stable releases for quite some time, it should not be a suprise that >>> this was backported further as well. >> >> This is vague. What exactly is the bug? How exporting symbols which >> should not be exported, causes it? Is there OOPs? Some feature does not >> work? > > The bug/issue is that symbols were being incorrectly exported in ways > that they should not have been and were available to users that should > not have been able to use them. That is what this patch series > resolves. I can go into details but they are boring and deal with > closed source monstrosities that feel they are allowed to muck around in > kernel internals at will, which causes a support burden on the kernel > community. Thanks Greg, I would prefer honest "we don't want others to do something we don't like or approve and we can change it" :) > If you object to this, that's fine, you are free to revert them in your > local distro kernel after discussing it with your lawyers to get their > approval to do so. Best regards, Krzysztof