From: Christoph Hellwig <hch@lst.de>
To: Jessica Yu <jeyu@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE
Date: Thu, 30 Jul 2020 18:29:57 +0200 [thread overview]
Message-ID: <20200730162957.GA22469@lst.de> (raw)
In-Reply-To: <20200730141232.GA31539@linux-8ccs>
On Thu, Jul 30, 2020 at 04:12:32PM +0200, Jessica Yu wrote:
>> + if (owner && test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) {
>> + if (mod->using_gplonly_symbols) {
>> + sym = NULL;
>> + goto getname;
>> + }
>> + add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
>> + LOCKDEP_NOW_UNRELIABLE);
>> + }
>
> Sorry that I didn't think of this yesterday, but I'm wondering if we
> should print a warning before add_taint_module(). Maybe something
> along the lines of, "%s: module uses symbols from proprietary module
> %s, inheriting taint.", with %s being mod->name, owner->name. We can
> check mod->taints for TAINT_PROPRIETARY_MODULE and print the warning once.
>
> Additionally, maybe it's a good idea to print an error before goto
> getname (e.g., "%s: module using GPL-only symbols uses symbols from
> proprietary module %s."), so one would know why the module load
> failed, right now this manifests itself as an unknown symbol error.
>
> Otherwise, this patchset looks good to me and I agree with it in
> principle. Thanks Christoph!
What about this version? It also factors the code out into a new
helper, and replaces the add_taint_module with a simple set_bit,
as the system-wide tain must have been set before by definition:
---
From 25e928b6b691911717d30b3449e56fca3e13dba9 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Tue, 28 Jul 2020 23:33:33 +0200
Subject: modules: inherit TAINT_PROPRIETARY_MODULE
If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
for all modules importing these symbols, and don't allow loading
symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
imported gplonly symbols. Add a anti-circumvention devices so people
don't accidentally get themselves into trouble this way.
Comment from Greg:
"Ah, the proven-to-be-illegal "GPL Condom" defense :)"
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 1 +
kernel/module.c | 26 ++++++++++++++++++++++++++
2 files changed, 27 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
index 30b0f5fcdb3c37..e30ed5fa33a738 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -389,6 +389,7 @@ struct module {
unsigned int num_gpl_syms;
const struct kernel_symbol *gpl_syms;
const s32 *gpl_crcs;
+ bool using_gplonly_symbols;
#ifdef CONFIG_UNUSED_SYMBOLS
/* unused exported symbols. */
diff --git a/kernel/module.c b/kernel/module.c
index afb2bfdd5134b3..81d5facce28c14 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1431,6 +1431,24 @@ static int verify_namespace_is_imported(const struct load_info *info,
return 0;
}
+static bool inherit_taint(struct module *mod, struct module *owner)
+{
+ if (!owner || !test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints))
+ return true;
+
+ if (mod->using_gplonly_symbols) {
+ pr_info("%s: module using GPL-only symbols uses symbols from proprietary module %s.\n",
+ mod->name, owner->name);
+ return false;
+ }
+
+ if (!test_bit(TAINT_PROPRIETARY_MODULE, &mod->taints)) {
+ pr_info("%s: module uses symbols from proprietary module %s, inheriting taint.\n",
+ mod->name, owner->name);
+ set_bit(TAINT_PROPRIETARY_MODULE, &mod->taints);
+ }
+ return true;
+}
/* Resolve a symbol for this module. I.e. if we find one, record usage. */
static const struct kernel_symbol *resolve_symbol(struct module *mod,
@@ -1456,6 +1474,14 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
if (!sym)
goto unlock;
+ if (license == GPL_ONLY)
+ mod->using_gplonly_symbols = true;
+
+ if (!inherit_taint(mod, owner)) {
+ sym = NULL;
+ goto getname;
+ }
+
if (!check_version(info, name, mod, crc)) {
sym = ERR_PTR(-EINVAL);
goto getname;
--
2.27.0
next prev parent reply other threads:[~2020-07-30 16:30 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-30 6:10 inherit TAINT_PROPRIETARY_MODULE v2 Christoph Hellwig
2020-07-30 6:10 ` [PATCH 1/8] modules: mark ref_module static Christoph Hellwig
2020-07-30 6:10 ` [PATCH 2/8] modules: mark find_symbol static Christoph Hellwig
2020-07-30 6:10 ` [PATCH 3/8] modules: mark each_symbol_section static Christoph Hellwig
2020-07-30 6:10 ` [PATCH 4/8] modules: unexport __module_text_address Christoph Hellwig
2020-07-30 6:10 ` [PATCH 5/8] modules: unexport __module_address Christoph Hellwig
2020-07-30 6:10 ` [PATCH 6/8] modules: rename the licence field in struct symsearch to license Christoph Hellwig
2020-07-30 6:10 ` [PATCH 7/8] modules: return licensing information from find_symbol Christoph Hellwig
2020-07-30 6:10 ` [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE Christoph Hellwig
2020-07-30 14:12 ` Jessica Yu
2020-07-30 16:29 ` Christoph Hellwig [this message]
2020-07-31 8:51 ` Jessica Yu
2020-07-31 9:00 ` Christoph Hellwig
2020-07-31 9:01 ` Jessica Yu
2020-08-04 18:52 ` daniel
2020-07-31 20:11 ` inherit TAINT_PROPRIETARY_MODULE v2 josh
2020-08-01 6:53 ` Christoph Hellwig
2020-08-01 8:16 ` Josh Triplett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200730162957.GA22469@lst.de \
--to=hch@lst.de \
--cc=gregkh@linuxfoundation.org \
--cc=jeyu@kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).