lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 4 Aug 2020 20:52:05 +0200
From:   daniel@...ll.ch
To:     DRI Development <dri-devel@...ts.freedesktop.org>
Cc:     Jessica Yu <jeyu@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org (open list)
Subject: Re: [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE

On Thu, Jul 30, 2020 at 08:10:27AM +0200, Christoph Hellwig wrote:
> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
> for all modules importing these symbols, and don't allow loading
> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
> imported gplonly symbols.  Add a anti-circumvention devices so people
> don't accidentally get themselves into trouble this way.
> 
> Comment from Greg:
>  Ah, the proven-to-be-illegal "GPL Condom" defense :)
> 
> Signed-off-by: Christoph Hellwig <hch@....de>
> Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

If this helps to get the next gpu related entertainment at least cc'ed to
dri-devel, maybe even using an upstream driver, I'm all for it.

Acked-by: Daniel Vetter <daniel.vetter@...ll.ch>

> ---
>  include/linux/module.h |  1 +
>  kernel/module.c        | 12 ++++++++++++
>  2 files changed, 13 insertions(+)
> 
> diff --git a/include/linux/module.h b/include/linux/module.h
> index 30b0f5fcdb3c37..e30ed5fa33a738 100644
> --- a/include/linux/module.h
> +++ b/include/linux/module.h
> @@ -389,6 +389,7 @@ struct module {
>  	unsigned int num_gpl_syms;
>  	const struct kernel_symbol *gpl_syms;
>  	const s32 *gpl_crcs;
> +	bool using_gplonly_symbols;
>  
>  #ifdef CONFIG_UNUSED_SYMBOLS
>  	/* unused exported symbols. */
> diff --git a/kernel/module.c b/kernel/module.c
> index afb2bfdd5134b3..04f993863ae417 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1456,6 +1456,18 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
>  	if (!sym)
>  		goto unlock;
>  
> +	if (license == GPL_ONLY)
> +		mod->using_gplonly_symbols = true;
> +
> +	if (owner && test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) {
> +		if (mod->using_gplonly_symbols) {
> +			sym = NULL;
> +			goto getname;
> +		}
> +		add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
> +				 LOCKDEP_NOW_UNRELIABLE);
> +	}
> +
>  	if (!check_version(info, name, mod, crc)) {
>  		sym = ERR_PTR(-EINVAL);
>  		goto getname;
> -- 
> 2.27.0
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ