Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1298018pxj; Fri, 18 Jun 2021 04:11:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxO+W6LWuHFotqlTzmdyP9fIpaOM7myV2Z4VX0CqaKV78kNGTZerLOeADqTbuI092RUvmj+ X-Received: by 2002:aa7:ce86:: with SMTP id y6mr4186655edv.309.1624014689194; Fri, 18 Jun 2021 04:11:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624014689; cv=none; d=google.com; s=arc-20160816; b=pLcU8Nn3atRRWXM8Du9I9so4RxhYMdgQp7oW7boeUAImiHMZG7wNYUZR+WixE5iPRH rtoOw6F0PjFTmADcang2vJZSV0TKG0jgBsEK7SRipCq2a6XdBt1un3E2EJn+0z/rm5gW xkTJBuqPHk9ZiPTQ2BfnPA43bEqQgqJGtbz1xXoUP49LA4dLn7Q16w1MNQ+cMvE1nBbO 7IdMfwYojVSx9EpAwgjZolSDJuieIjbjrOKD1lk+mHFLBEF5FVtl/ItSadcI6hGWAw+I 8kTKSX2EEJNrRetvsBTS01OQCRqiYU9TWoZiO/pQ7ITR/IoxEBOvZtTbitQl2g6sn3Rg orxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=XLwZNZ4otXkAw6BwOA+rhbVdW5LvRzIV/4Z53bTw29I=; b=ciSNPIz03jbLch3B8YXqG2z5B9aFvIv1vWWy1RDe1DBjqZPb1VGA5uPzrJo+4Y+8+T Bzuvz0h+qp3TrRlZFVLHrNvn71FSQC7QwzBlcSOmE+kVsNPWX/fDbcBrb7WU7ZpOKglM S8GnZG+RE+DY5lXq50TGLP/daCQoP/EWeCvHB49PgaKngKDxGS4zx9nLFQ3kKKpGWMkG sMEKz38FdSxAs9zVS/mTSskoWhMh5OWypTgPLAmoq7YVdfMrQ6XyzPy9TJUKTpdYXc8T 3NvhPq9WCQHEmj0rfFcQZRiqm6seKPxwXLrg1eUDyWwxutZNWuR2c7OCGhWKRss7+emm YD9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ds7si2405759ejc.670.2021.06.18.04.10.58; Fri, 18 Jun 2021 04:11:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230334AbhFRJWy (ORCPT + 99 others); Fri, 18 Jun 2021 05:22:54 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:49003 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229848AbhFRJWw (ORCPT ); Fri, 18 Jun 2021 05:22:52 -0400 Received: from mail-ed1-f69.google.com ([209.85.208.69]) by youngberry.canonical.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1luAg6-0003Rl-RG for linux-kernel@vger.kernel.org; Fri, 18 Jun 2021 09:20:42 +0000 Received: by mail-ed1-f69.google.com with SMTP id z5-20020a05640235c5b0290393974bcf7eso3225298edc.2 for ; Fri, 18 Jun 2021 02:20:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XLwZNZ4otXkAw6BwOA+rhbVdW5LvRzIV/4Z53bTw29I=; b=kTo6/I3L7yhEzeKSoraBrUM/+ornOoM/5bTQqW2oH9dcn+CzvPlehJsjMy3rnn7wA6 iaApLqrwwpi8R1iOXoCYK5bmMIdyhqQOgnn/QVTLMgRcj/KT4B6xj2jPwOMk6sC3fRko GLd+ZEgTEr/neFeFYYNnQX3uCRJ3rFWFLQzLjncnjyRilFcEZxclm2rGWgJL6XPI+aT1 rsN+HRJePF1qUWp4Ou8b3/hZmoI3OyF+/kIK0Sn4qK+m68QIbLHIdb6Nsnp7z7FAkf47 bscNy6Y5GcMyiGi/BMf7ld2VkNDsKiQFZ3KHo5sICEugZufCAkT8bAuaZaWRlUOB+qDA pcXw== X-Gm-Message-State: AOAM530JvqNRzNbBpXFF8JmwA6I3pymqsPJu3U+UFAegByERBmr08O/6 8dwKonxd8WDNOjCUWqol+mojnVQjjIAIwe/FFILc0p420StCJNzcIs7Q7dpf5d2ZzgnzHss5oVE ttUzqe3aERYPbsy1pRDl+Q6ITG8NmDoHUz8BlVQKMUQ== X-Received: by 2002:a17:906:bb0e:: with SMTP id jz14mr9962296ejb.285.1624008042605; Fri, 18 Jun 2021 02:20:42 -0700 (PDT) X-Received: by 2002:a17:906:bb0e:: with SMTP id jz14mr9962285ejb.285.1624008042476; Fri, 18 Jun 2021 02:20:42 -0700 (PDT) Received: from [192.168.1.115] (xdsl-188-155-177-222.adslplus.ch. [188.155.177.222]) by smtp.gmail.com with ESMTPSA id l7sm2966663edc.78.2021.06.18.02.20.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Jun 2021 02:20:42 -0700 (PDT) Subject: Re: [PATCH 5.4 031/184] modules: inherit TAINT_PROPRIETARY_MODULE To: Greg Kroah-Hartman , David Laight Cc: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" , Daniel Vetter , Christoph Hellwig , Jessica Yu References: <20210510101950.200777181@linuxfoundation.org> <20210510101951.249384110@linuxfoundation.org> <8edc6f45-6c42-19c7-6f40-6f1a49cc685b@canonical.com> <5ac70bdf2c5b440c83f12e75ca42a107@AcuMS.aculab.com> From: Krzysztof Kozlowski Message-ID: <6a2ea1d8-1ea0-a283-2210-360e63f2fdaf@canonical.com> Date: Fri, 18 Jun 2021 11:20:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 18/06/2021 11:19, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 09:07:53AM +0000, David Laight wrote: >> From: Krzysztof Kozlowski >>> Sent: 18 June 2021 09:57 >>> >>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>>> From: Christoph Hellwig >>>> >>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>>> >>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>>> for all modules importing these symbols, and don't allow loading >>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>>> imported gplonly symbols. Add a anti-circumvention devices so people >>>> don't accidentally get themselves into trouble this way. >>>> >>>> Comment from Greg: >>>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >>> >>> Patch got in to stable, so my comments are quite late, but can someone >>> explain me - how this is a stable material? What specific, real bug that >>> bothers people, is being fixed here? Or maybe it fixes serious issue >>> reported by a user of distribution kernel? IOW, how does this match >>> stable kernel rules at all? >>> >>> For sure it breaks some out-of-tree modules already present and used by >>> customers of downstream stable kernels. Therefore I wonder what is the >>> bug fixed here, so the breakage and annoyance of stable users is justified. >> >> It also doesn't stop non-gpl out-of-tree modules doing anything. >> They just have to be reorganized with a 'base' GPL module that >> includes wrappers for all the gplonly symbols and then all >> the rest of the modules can be non-gpl. > > Ah, the "gpl condom defense". Love it that you somehow think that is > acceptable (hint, it is not.) > > That's what this patch series is supposed to be addressing and fixing, > but someone has shown me a way around this. I'll work on fixing that > up in a future patch series next week. Greg, for real, no one argues with the patch in the mainline. But what is the justification for stable kernel backport? How does it match the rules of stable kernels? Best regards, Krzysztof