From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: stable@vger.kernel.org, patches@lists.linux.dev,
Christoph Hellwig <hch@lst.de>,
Luis Chamberlain <mcgrof@kernel.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
Date: Fri, 8 Sep 2023 07:46:56 +0100 [thread overview]
Message-ID: <2023090848-chastise-paycheck-6d4d@gregkh> (raw)
In-Reply-To: <20230907221737.07f12f38@mir>
On Thu, Sep 07, 2023 at 10:17:37PM +0200, Stefan Lippers-Hollmann wrote:
> Hi
>
> On 2023-09-07, Greg Kroah-Hartman wrote:
> > On Thu, Sep 07, 2023 at 08:41:35AM +0200, Stefan Lippers-Hollmann wrote:
> > > On 2023-09-04, Greg Kroah-Hartman wrote:
> > > > 6.5-stable review patch. If anyone has any objections, please let me know.
> > > >
> > > > ------------------
> > > >
> > > > From: Christoph Hellwig <hch@lst.de>
> > > >
> > > > commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
> > > >
> > > > It has recently come to my attention that nvidia is circumventing the
> > > > protection added in 262e6ae7081d ("modules: inherit
> > > > TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
> > > > modules into an allegedly GPL licensed module and then rexporting them.
> > > >
> > > > Given that symbol_get was only ever intended for tightly cooperating
> > > > modules using very internal symbols it is logical to restrict it to
> > > > being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
> > > > Circumvention of Access Controls law suites.
> > > >
> > > > All symbols except for four used through symbol_get were already exported
> > > > as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
> > > > the preparation patches.
> > >
> > > This patch, as part of v6.5.2, breaks the in-kernel ds3000 module
> > > (for a TeVii s480 v2 DVB-S2 card, which is a PCIe card attaching two
> > > onboard TeVii s660 cards via an onboard USB2 controller (MCS9990),
> > > https://www.linuxtv.org/wiki/index.php/TeVii_S480) from loading.
> >
> > This is also broken in Linus's tree, right?
>
> Yes, HEAD as of 6.5.0-12145-g4a0fc73da97e is affected just as well.
Ok, good, thanks for confirming.
> > > [ 2.896589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> > > [ 2.901085] failing symbol_get of non-GPLONLY symbol ds3000_attach.
> > > [ 2.901089] DVB: Unable to find symbol ds3000_attach()
> >
> > This is odd, where is that call coming from? I don't see any call to
> > symbol_get in the dvb code, where is this happening?
> >
> > Anyway, does the patch below fix this?
>
> That change alone only moves the issue down to ts2020_attach().
>
> $ dmesg | grep -i -e dvb -e gpl -e symbol
> [ 1.464876] usb 3-1: Product: DVBS2BOX
> [ 1.482143] usb 5-1: Product: DVBS2BOX
> [ 3.692647] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
> [ 3.692951] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
> [ 3.860571] dvb-usb: found a 'TeVii S660 USB' in warm state.
> [ 3.860615] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
> [ 3.860944] dvbdev: DVB: registering new adapter (TeVii S660 USB)
> [ 4.097144] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
> [ 4.097272] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> [ 4.111792] failing symbol_get of non-GPLONLY symbol ts2020_attach.
> [ 4.111795] DVB: Unable to find symbol ts2020_attach()
> [ 4.112759] usb 3-1: DVB: registering adapter 0 frontend 0 (Montage Technology DS3000)...
> [ 4.112764] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
> [ 4.138938] dvb-usb: schedule remote query interval to 150 msecs.
> [ 4.138942] dvb-usb: TeVii S660 USB successfully initialized and connected.
> [ 4.138988] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
> [ 4.139016] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
> [ 4.292614] dvb-usb: found a 'TeVii S660 USB' in warm state.
> [ 4.292679] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
> [ 4.293075] dvbdev: DVB: registering new adapter (TeVii S660 USB)
> [ 4.538876] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
> [ 4.539113] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> [ 4.543738] failing symbol_get of non-GPLONLY symbol ts2020_attach.
> [ 4.546349] failing symbol_get of non-GPLONLY symbol ts2020_attach.
> [ 4.546354] DVB: Unable to find symbol ts2020_attach()
> [ 4.548643] usb 5-1: DVB: registering adapter 1 frontend 0 (Montage Technology DS3000)...
> [ 4.548650] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
> [ 4.549970] dvb-usb: schedule remote query interval to 150 msecs.
> [ 4.549973] dvb-usb: TeVii S660 USB successfully initialized and connected.
> [ 7.830408] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
> [ 8.367600] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
>
> Extending this to approach to ts2020_attach() does fix the problem
> for me. Searching the web for "failing symbol_get of non-GPLONLY
> symbol" suggests that there might be further instances within the
> DVB subsystem https://syzkaller.appspot.com/x/log.txt?x=11faa1eda80000
> (this was merely gathered by a passive web search, I have no contact
> to the poster or any further information about it).
Ugh, it looks like everyone that calls dvb_attach() is going to be
affected. I can make up a patch for this later today, unless Christoph
beats me to it :)
Also, in commit 8f569c0b4e6b ("media: dvb-core: add helper functions for
I2C binding"), way back in 2018, it says no one should be using this
function anymore, but given I see over 700 uses of it, that's obviously
not changing any time soon :(
> [ now fully functional with EXPORT_SYMBOL_GPL(ds3000_attach) and
> EXPORT_SYMBOL_GPL(ts2020_attach) ]
Thanks for testing this.
greg k-h
next prev parent reply other threads:[~2023-09-08 6:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 18:29 [PATCH 6.5 00/34] 6.5.2-rc1 review Greg Kroah-Hartman
2023-09-05 0:09 ` Joel Fernandes
2023-09-05 4:43 ` Bagas Sanjaya
2023-09-05 8:15 ` Naresh Kamboju
2023-09-05 9:44 ` Sudip Mukherjee (Codethink)
2023-09-05 11:08 ` Jon Hunter
2023-09-05 17:11 ` Justin Forbes
2023-09-05 20:52 ` Shuah Khan
2023-09-05 22:52 ` Ron Economos
2023-09-06 5:31 ` SeongJae Park
2023-09-06 10:52 ` Rudi Heitbaum
2023-09-06 17:25 ` Guenter Roeck
[not found] ` <20230904182949.104100132@linuxfoundation.org>
2023-09-07 6:41 ` [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Stefan Lippers-Hollmann
2023-09-07 9:30 ` Greg Kroah-Hartman
2023-09-07 20:17 ` Stefan Lippers-Hollmann
2023-09-08 6:46 ` Greg Kroah-Hartman [this message]
2023-09-08 7:07 ` Greg Kroah-Hartman
2023-09-08 8:31 ` Christoph Hellwig
2023-09-08 8:35 ` Christoph Hellwig
2023-09-08 8:47 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2023090848-chastise-paycheck-6d4d@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=patches@lists.linux.dev \
--cc=s.l-h@gmx.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).