lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <86cd68e0-0a6c-f15c-a4fa-c2befc3e7226@infradead.org>
Date:   Thu, 9 Nov 2017 11:10:43 -0800
From:   Randy Dunlap <rdunlap@...radead.org>
To:     LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Sam Ravnborg <sam@...nborg.org>,
        Mark Brown <broonie@...nel.org>,
        Paul Burton <paul.burton@...s.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: modules with no license taint kernel, but build does not catch them

Hi,

We have a few modules in the kernel which do not have a MODULE_LICENSE() tag,
so that when they are loaded they taint the kernel.  I reported one yesterday:

snd_soc_pcm512x_spi: module license 'unspecified' taints kernel.

and now I see that drivers/auxdisplay/img-ascii-lcd.c is the same way.

I have a patch to add MODULE_LICENSE() to img-ascii-lcd.c, but is that all
that we want to do?

The build system once detected these missing licenses, but in 2008, Sam made
a patch:

commit 2fa365682943866baf85305ef701741fe41b27e0
Author: Sam Ravnborg <sam@...nus.ravnborg.org>
Date:   Sat Apr 26 21:07:26 2008 +0200

    kbuild: soften MODULE_LICENSE check

    Only modules that has other MODULE_* content
    shall have the MODULE_LICENSE() tag.

    This fixes allmodconfig build on my box.

so that these modules pass an allmodconfig build. I don't think that this is
the right thing to do [just to pass allmodconfig, then taint the kernel when the
module load is attempted], so I would revert that patch.


Loading img_ascii_lcd.ko gives these errors:

[ 4776.990790] img_ascii_lcd: Unknown symbol regmap_write (err 0)
[ 4776.990808] img_ascii_lcd: Unknown symbol devm_kmalloc (err 0)
[ 4776.990823] img_ascii_lcd: Unknown symbol of_property_read_variable_u32_array (err 0)
[ 4776.990836] img_ascii_lcd: Unknown symbol platform_driver_unregister (err 0)
[ 4776.990852] img_ascii_lcd: Unknown symbol device_create_file (err 0)
[ 4776.990865] img_ascii_lcd: Unknown symbol devm_kfree (err 0)
[ 4776.990879] img_ascii_lcd: Unknown symbol platform_get_resource (err 0)
[ 4776.990893] img_ascii_lcd: Unknown symbol syscon_node_to_regmap (err 0)
[ 4776.990911] img_ascii_lcd: Unknown symbol __platform_driver_register (err 0)
[ 4776.990925] img_ascii_lcd: Unknown symbol regmap_read (err 0)
[ 4776.990940] img_ascii_lcd: Unknown symbol device_remove_file (err 0)

"err 0" isn't very meaningful unless you realize that these are all EXPORT_SYMBOL_GPL()
symbols, so kernel/module.c is preventing this module (and snd_soc_pcm512x_spi)
from using GPL symbols since they do not have a GPL-compatible license (which is good,
just easily confusing).

-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ