Re: [PATCH 5.4 031/184] modules: inherit TAINT_PROPRIETARY_MODULE
From: Greg Kroah-Hartman
Date: Fri Jun 18 2021 - 05:21:10 EST
On Fri, Jun 18, 2021 at 10:59:50AM +0200, Krzysztof Kozlowski wrote:
> On 18/06/2021 10:57, Krzysztof Kozlowski wrote:
> > On 10/05/2021 12:18, Greg Kroah-Hartman wrote:
> >> From: Christoph Hellwig <hch@xxxxxx>
> >> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream.
> >> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
> >> for all modules importing these symbols, and don't allow loading
> >> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
> >> imported gplonly symbols. Add a anti-circumvention devices so people
> >> don't accidentally get themselves into trouble this way.
> >> Comment from Greg:
> >> "Ah, the proven-to-be-illegal "GPL Condom" defense :)"
> > Patch got in to stable, so my comments are quite late, but can someone
> > explain me - how this is a stable material? What specific, real bug that
> > bothers people, is being fixed here? Or maybe it fixes serious issue
> > reported by a user of distribution kernel? IOW, how does this match
> > stable kernel rules at all?
> > For sure it breaks some out-of-tree modules already present and used by
> > customers of downstream stable kernels. Therefore I wonder what is the
> > bug fixed here, so the breakage and annoyance of stable users is justified.
> And for the record I am not talking about this patch only. I am asking
> also what serious or real bug is being fixed by:
> "modules: mark find_symbol static
> find_symbol is only used in module.c."
That was part of the patch series, I needed pretty much the whole thing
to be able to apply them cleanly. We always try to match what is in
Linus's tree exactly so we can correctly track things, one-off backports
are almost always broken and wrong.
And no one should be ever using find_symbol(), that's just a given.