lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jul 2020 16:12:32 +0200 From: Jessica Yu <jeyu@...nel.org> To: Christoph Hellwig <hch@....de> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE +++ Christoph Hellwig [30/07/20 08:10 +0200]: >If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag >for all modules importing these symbols, and don't allow loading >symbols from TAINT_PROPRIETARY_MODULE modules if the module previously >imported gplonly symbols. Add a anti-circumvention devices so people >don't accidentally get themselves into trouble this way. > >Comment from Greg: > Ah, the proven-to-be-illegal "GPL Condom" defense :) > >Signed-off-by: Christoph Hellwig <hch@....de> >Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> >--- > include/linux/module.h | 1 + > kernel/module.c | 12 ++++++++++++ > 2 files changed, 13 insertions(+) > >diff --git a/include/linux/module.h b/include/linux/module.h >index 30b0f5fcdb3c37..e30ed5fa33a738 100644 >--- a/include/linux/module.h >+++ b/include/linux/module.h >@@ -389,6 +389,7 @@ struct module { > unsigned int num_gpl_syms; > const struct kernel_symbol *gpl_syms; > const s32 *gpl_crcs; >+ bool using_gplonly_symbols; > > #ifdef CONFIG_UNUSED_SYMBOLS > /* unused exported symbols. */ >diff --git a/kernel/module.c b/kernel/module.c >index afb2bfdd5134b3..04f993863ae417 100644 >--- a/kernel/module.c >+++ b/kernel/module.c >@@ -1456,6 +1456,18 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod, > if (!sym) > goto unlock; > >+ if (license == GPL_ONLY) >+ mod->using_gplonly_symbols = true; >+ >+ if (owner && test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) { >+ if (mod->using_gplonly_symbols) { >+ sym = NULL; >+ goto getname; >+ } >+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE, >+ LOCKDEP_NOW_UNRELIABLE); >+ } Sorry that I didn't think of this yesterday, but I'm wondering if we should print a warning before add_taint_module(). Maybe something along the lines of, "%s: module uses symbols from proprietary module %s, inheriting taint.", with %s being mod->name, owner->name. We can check mod->taints for TAINT_PROPRIETARY_MODULE and print the warning once. Additionally, maybe it's a good idea to print an error before goto getname (e.g., "%s: module using GPL-only symbols uses symbols from proprietary module %s."), so one would know why the module load failed, right now this manifests itself as an unknown symbol error. Otherwise, this patchset looks good to me and I agree with it in principle. Thanks Christoph!
Powered by blists - more mailing lists