Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1685628ybg; Wed, 29 Jul 2020 23:11:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw6BkWL+1mkmQQTLFVSlPXHn+9mu8sGNCnR+uipnpIBAA/qtm3jXQUO0CJeB0DF3365kiA4 X-Received: by 2002:a17:907:2662:: with SMTP id ci2mr1123593ejc.334.1596089493622; Wed, 29 Jul 2020 23:11:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596089493; cv=none; d=google.com; s=arc-20160816; b=w4ZuFaU2vw1mFFGaVFbROyrPnr6O8MY8SBLBA5lznswa4lF4ogIxw4t9ABl1ILKRqt Gz4+7HyuJDne9K7bvE9Im5jMk6smVTzdWUt/+nItE6fshteHzoWO0+w9DQLGunN5Ol/p Ancrcx2mz4MzXzdlmofH1Bk5bSemZkz/XAL5deFsLt++CT4mVy8XHe+0WTzGXYnZx+1S 4cLwXMB2GTNlGpEiDAcaXbitHxv26UpCLCNk8UtyK6EJDEhtq/HFJoeS2ExyPFFfbmuJ enSByC5CuL1Yn3FCNhFa089nEJv8ZHKiAYKPagyI0mll8WSYLgbZqYJ7cI9KCBVUnU15 owGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7i/oU01pSKahB9sA7zWqIHiRiXPfiH+9euXkSu1Iu/0=; b=cOGF/JBxrPO964F8P7CjStn+ybKblxdjb/J63bj9y1DXM2iogK5G3xkEpDS5jdf+jK LlZGxgCZs/EXrxEc/kePAZ8EmzpfeX4hrdgp/VsAncrPqYf2h3YcZ1+oSQzGqzmrHjFW flsAFlIcvCcR/sP/C3/ru/XNVv44lJ3fr+C7IwHK0WUq5u0PKwcRgg3nEp24HDX3kRBZ JzJUlKjOgaWeULw7s2XaaxA86dhr/qnyMRH75H/FqQWX7ndX+T85uJ1/M10yTTTq9VfW T4PqxJnHy3rnD8fx8tlHE7Ua6UGB3uXo5s/9CLEuvteWPJ8ju7wimdYlukhJAPKUNC2A EpQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=WrT5vijK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m19si2754802edq.355.2020.07.29.23.11.11; Wed, 29 Jul 2020 23:11:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=WrT5vijK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728772AbgG3GKy (ORCPT + 99 others); Thu, 30 Jul 2020 02:10:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728758AbgG3GKs (ORCPT ); Thu, 30 Jul 2020 02:10:48 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97A03C061794 for ; Wed, 29 Jul 2020 23:10:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=7i/oU01pSKahB9sA7zWqIHiRiXPfiH+9euXkSu1Iu/0=; b=WrT5vijKlnpkXAeEmW3JOO43tA DJqM1qnIcD4kK7DTrKwlRy5iBsuHM7lDbiaSrWV6F1sR0Ejah06SgpIk9dTNiHAgwECdfVU0czByu Tlt5fliW0u+egxZOm/DCrmvGny4hgIPHQWufkgsq1LQqp7OFjGOPE+A2B3cO+gqXu2WZi9yEIkY84 85iZhgUoXe5reLeUTNn9e6Otesbu7lNpkAA2QJypG1KlWhGH7/R+GeU4uZxHz3DZLFvQ069iS8gcp 7JJzwkNA1YgPsDxwRxky+dEHBc3LsTonnnaU9npZ5GLD/HEJDABO1aiKLq3KEwrvcDHKicJs9CyAP q1lu0AVg==; Received: from 138.57.168.109.cust.ip.kpnqwest.it ([109.168.57.138] helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1k11m8-0007WY-WF; Thu, 30 Jul 2020 06:10:46 +0000 From: Christoph Hellwig To: Jessica Yu Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org (open list) Subject: [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE Date: Thu, 30 Jul 2020 08:10:27 +0200 Message-Id: <20200730061027.29472-9-hch@lst.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200730061027.29472-1-hch@lst.de> References: <20200730061027.29472-1-hch@lst.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag for all modules importing these symbols, and don't allow loading symbols from TAINT_PROPRIETARY_MODULE modules if the module previously imported gplonly symbols. Add a anti-circumvention devices so people don't accidentally get themselves into trouble this way. Comment from Greg: Ah, the proven-to-be-illegal "GPL Condom" defense :) Signed-off-by: Christoph Hellwig Reviewed-by: Greg Kroah-Hartman --- include/linux/module.h | 1 + kernel/module.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/include/linux/module.h b/include/linux/module.h index 30b0f5fcdb3c37..e30ed5fa33a738 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -389,6 +389,7 @@ struct module { unsigned int num_gpl_syms; const struct kernel_symbol *gpl_syms; const s32 *gpl_crcs; + bool using_gplonly_symbols; #ifdef CONFIG_UNUSED_SYMBOLS /* unused exported symbols. */ diff --git a/kernel/module.c b/kernel/module.c index afb2bfdd5134b3..04f993863ae417 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1456,6 +1456,18 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod, if (!sym) goto unlock; + if (license == GPL_ONLY) + mod->using_gplonly_symbols = true; + + if (owner && test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) { + if (mod->using_gplonly_symbols) { + sym = NULL; + goto getname; + } + add_taint_module(mod, TAINT_PROPRIETARY_MODULE, + LOCKDEP_NOW_UNRELIABLE); + } + if (!check_version(info, name, mod, crc)) { sym = ERR_PTR(-EINVAL); goto getname; -- 2.27.0