lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Nov 2017 11:10:43 -0800 From: Randy Dunlap <rdunlap@...radead.org> To: LKML <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Sam Ravnborg <sam@...nborg.org>, Mark Brown <broonie@...nel.org>, Paul Burton <paul.burton@...s.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: modules with no license taint kernel, but build does not catch them Hi, We have a few modules in the kernel which do not have a MODULE_LICENSE() tag, so that when they are loaded they taint the kernel. I reported one yesterday: snd_soc_pcm512x_spi: module license 'unspecified' taints kernel. and now I see that drivers/auxdisplay/img-ascii-lcd.c is the same way. I have a patch to add MODULE_LICENSE() to img-ascii-lcd.c, but is that all that we want to do? The build system once detected these missing licenses, but in 2008, Sam made a patch: commit 2fa365682943866baf85305ef701741fe41b27e0 Author: Sam Ravnborg <sam@...nus.ravnborg.org> Date: Sat Apr 26 21:07:26 2008 +0200 kbuild: soften MODULE_LICENSE check Only modules that has other MODULE_* content shall have the MODULE_LICENSE() tag. This fixes allmodconfig build on my box. so that these modules pass an allmodconfig build. I don't think that this is the right thing to do [just to pass allmodconfig, then taint the kernel when the module load is attempted], so I would revert that patch. Loading img_ascii_lcd.ko gives these errors: [ 4776.990790] img_ascii_lcd: Unknown symbol regmap_write (err 0) [ 4776.990808] img_ascii_lcd: Unknown symbol devm_kmalloc (err 0) [ 4776.990823] img_ascii_lcd: Unknown symbol of_property_read_variable_u32_array (err 0) [ 4776.990836] img_ascii_lcd: Unknown symbol platform_driver_unregister (err 0) [ 4776.990852] img_ascii_lcd: Unknown symbol device_create_file (err 0) [ 4776.990865] img_ascii_lcd: Unknown symbol devm_kfree (err 0) [ 4776.990879] img_ascii_lcd: Unknown symbol platform_get_resource (err 0) [ 4776.990893] img_ascii_lcd: Unknown symbol syscon_node_to_regmap (err 0) [ 4776.990911] img_ascii_lcd: Unknown symbol __platform_driver_register (err 0) [ 4776.990925] img_ascii_lcd: Unknown symbol regmap_read (err 0) [ 4776.990940] img_ascii_lcd: Unknown symbol device_remove_file (err 0) "err 0" isn't very meaningful unless you realize that these are all EXPORT_SYMBOL_GPL() symbols, so kernel/module.c is preventing this module (and snd_soc_pcm512x_spi) from using GPL symbols since they do not have a GPL-compatible license (which is good, just easily confusing). -- ~Randy
Powered by blists - more mailing lists