Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1354953pxj; Fri, 18 Jun 2021 05:30:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxZDZDC8jKjD8u6kaallEw+vXmSUqGNw6TDRLzZGLjcFkEx3oy3JqLT3SZOWXQTAEk1nE7S X-Received: by 2002:a17:906:240b:: with SMTP id z11mr10724801eja.545.1624019411574; Fri, 18 Jun 2021 05:30:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624019411; cv=none; d=google.com; s=arc-20160816; b=QvJJDurdSjitLcQEv0dP/8l9fdXW6H9OkBhDFYOhrxEul0Nrg5R4wF4IOi51ADNGms zmeRKXFuJfbxrmCwjNvkSBU/CCbWlvquZ3jd0ugo0JmxSHqCcRpXrqA1nyXy7njfUYaT TyZDJXMmCSqO7cv6lU3U7aLGOeleLyeGBJina/FCUCC1dVhF2F7XxmP8Mk4NYYsO/yO5 rOsdia1NHGzQzT2SFgYUrrGFuO0BHGqjDD/TbeYS9ZCFhXV9flFjEmIfExCWK+T8Zz+h AC/qVOxeeeaBfaH8zA9RGvQ4UcKgela64OXcYtobRaQrqsyGYfkijnZigQy0ckhJismz 0oQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=wo2cA5pweSO0kqrQxgILuU1snjksEOHw0ShsHwnGQtI=; b=q8tYBQd7dllqOvf5R6joF+Aq+EsETp8EGCl57RydKR+xKJOa6U5qZHK44OID/aC1Y6 8aMz2MxLhdQkuoAztI6KCal/Mzg3ePrRLgJZHgYhv46eoPlsLYcQAIMSL2CdFHfs0YHA F17cuKE5kDpvL23UTiFBpnebSbEraLi7a4bNEwZ4wgw8P8dvOPgPjV64fchhMXmcIu8v 5XKa5AkAnunEqr15knX+9npbcBb+SWVc49rsR0QTRq8b6wn7asPz9t9Hn+P4ctm5XB8t EjltfRVPcyHTOKms5THWzJnlpI0mRHkBwp8R5pywoZBw+Bcb+EK3NIhIMJo1PBnxuAff H0lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h14si6945251edb.137.2021.06.18.05.29.48; Fri, 18 Jun 2021 05:30:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232389AbhFRJnX (ORCPT + 99 others); Fri, 18 Jun 2021 05:43:23 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:49545 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231436AbhFRJnW (ORCPT ); Fri, 18 Jun 2021 05:43:22 -0400 Received: from mail-ed1-f69.google.com ([209.85.208.69]) by youngberry.canonical.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1luAzx-0005Ga-1P for linux-kernel@vger.kernel.org; Fri, 18 Jun 2021 09:41:13 +0000 Received: by mail-ed1-f69.google.com with SMTP id ay20-20020a0564022034b0290394938d698bso341628edb.10 for ; Fri, 18 Jun 2021 02:41:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wo2cA5pweSO0kqrQxgILuU1snjksEOHw0ShsHwnGQtI=; b=B73zifq3lvUQmLs63I8BMJi0FrBGbkUHhzDm0cl11hnrjvX1KhdyNnw2y6PCOauzmI 5qOha10obeZf1b4As9R8lfZ4nILghjVpiPPM3UIpW9Cvkp+s8artuG/YG0jOsqSg+NdS uMmlfZdopvUMgiiQ2OMzjQE913xKcgJPBRDyHzhJBa48tSInHxPk8MJsW73Ncoj923a4 cYZEIBUfFbQwFuKDvkRqMjCONpjbPabtpByPFSs3jYXODtSLEzR3/rsM2/cRBouPBuwY LPyQU82ktis4ZPWu3oRCszpw3oqJf6uktnpkIHNW3JDwJRulGZyuPFTir+DLs+fdmAPL IsRA== X-Gm-Message-State: AOAM530KeemFsx+mRca2gkUC3AxEfbYZvGSuDkWMrlv2pvosrA8tcNil aRuQ7SWZCtQ2r7pQpBBU1Upy0Of194cmdxgu189dDkRzXIQ433wxOcCC/syoRtt6+Wu98vxtBQ3 DYP5ddEX7fFexNhZHVg8bi9cc3iOgxNnoLiE8gIR9+Q== X-Received: by 2002:a50:a447:: with SMTP id v7mr3754053edb.183.1624009272796; Fri, 18 Jun 2021 02:41:12 -0700 (PDT) X-Received: by 2002:a50:a447:: with SMTP id v7mr3754040edb.183.1624009272677; Fri, 18 Jun 2021 02:41:12 -0700 (PDT) Received: from [192.168.1.115] (xdsl-188-155-177-222.adslplus.ch. [188.155.177.222]) by smtp.gmail.com with ESMTPSA id kj1sm839242ejc.10.2021.06.18.02.41.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Jun 2021 02:41:12 -0700 (PDT) Subject: Re: [PATCH 5.4 031/184] modules: inherit TAINT_PROPRIETARY_MODULE To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Daniel Vetter , Christoph Hellwig , Jessica Yu References: <20210510101950.200777181@linuxfoundation.org> <20210510101951.249384110@linuxfoundation.org> <8edc6f45-6c42-19c7-6f40-6f1a49cc685b@canonical.com> From: Krzysztof Kozlowski Message-ID: <0abfc041-571b-75ae-0d53-48f801aab043@canonical.com> Date: Fri, 18 Jun 2021 11:41:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 18/06/2021 11:29, Greg Kroah-Hartman wrote: > On Fri, Jun 18, 2021 at 11:22:37AM +0200, Krzysztof Kozlowski wrote: >> On 18/06/2021 11:19, Greg Kroah-Hartman wrote: >>> On Fri, Jun 18, 2021 at 10:57:23AM +0200, Krzysztof Kozlowski wrote: >>>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote: >>>>> From: Christoph Hellwig >>>>> >>>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. >>>>> >>>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >>>>> for all modules importing these symbols, and don't allow loading >>>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >>>>> imported gplonly symbols. Add a anti-circumvention devices so people >>>>> don't accidentally get themselves into trouble this way. >>>>> >>>>> Comment from Greg: >>>>> "Ah, the proven-to-be-illegal "GPL Condom" defense :)" >>>> >>>> Patch got in to stable, so my comments are quite late, but can someone >>>> explain me - how this is a stable material? What specific, real bug that >>>> bothers people, is being fixed here? Or maybe it fixes serious issue >>>> reported by a user of distribution kernel? IOW, how does this match >>>> stable kernel rules at all? >>>> >>>> For sure it breaks some out-of-tree modules already present and used by >>>> customers of downstream stable kernels. Therefore I wonder what is the >>>> bug fixed here, so the breakage and annoyance of stable users is justified. >>> >>> It fixes a reported bug in that somehow symbols are being exported to >>> modules that should not have been. This has been in mainline and newer >>> stable releases for quite some time, it should not be a suprise that >>> this was backported further as well. >> >> This is vague. What exactly is the bug? How exporting symbols which >> should not be exported, causes it? Is there OOPs? Some feature does not >> work? > > The bug/issue is that symbols were being incorrectly exported in ways > that they should not have been and were available to users that should > not have been able to use them. That is what this patch series > resolves. I can go into details but they are boring and deal with > closed source monstrosities that feel they are allowed to muck around in > kernel internals at will, which causes a support burden on the kernel > community. Thanks Greg, I would prefer honest "we don't want others to do something we don't like or approve and we can change it" :) > If you object to this, that's fine, you are free to revert them in your > local distro kernel after discussing it with your lawyers to get their > approval to do so. Best regards, Krzysztof