Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules

From: Greg Kroah-Hartman
Date: Thu Sep 07 2023 - 12:27:12 EST

Next message: Conor Dooley: "Re: [PATCH v6 03/20] dt-bindings: gpu: Add Imagination Technologies PowerVR/IMG GPU"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.10 1/3] autofs: fix memory leak of waitqueues in autofs_catatonic_mode"
In reply to: Stefan Lippers-Hollmann: "Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules"
Next in thread: Stefan Lippers-Hollmann: "Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 07, 2023 at 08:41:35AM +0200, Stefan Lippers-Hollmann wrote:
> Hi
>
> On 2023-09-04, Greg Kroah-Hartman wrote:
> > 6.5-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Christoph Hellwig <hch@xxxxxx>
> >
> > commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
> >
> > It has recently come to my attention that nvidia is circumventing the
> > protection added in 262e6ae7081d ("modules: inherit
> > TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
> > modules into an allegedly GPL licensed module and then rexporting them.
> >
> > Given that symbol_get was only ever intended for tightly cooperating
> > modules using very internal symbols it is logical to restrict it to
> > being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
> > Circumvention of Access Controls law suites.
> >
> > All symbols except for four used through symbol_get were already exported
> > as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
> > the preparation patches.
>
> This patch, as part of v6.5.2, breaks the in-kernel ds3000 module
> (for a TeVii s480 v2 DVB-S2 card, which is a PCIe card attaching two
> onboard TeVii s660 cards via an onboard USB2 controller (MCS9990),
> https://www.linuxtv.org/wiki/index.php/TeVii_S480) from loading.

This is also broken in Linus's tree, right?

> [ 2.896589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> [ 2.901085] failing symbol_get of non-GPLONLY symbol ds3000_attach.
> [ 2.901089] DVB: Unable to find symbol ds3000_attach()

This is odd, where is that call coming from? I don't see any call to
symbol_get in the dvb code, where is this happening?

Anyway, does the patch below fix this?

thanks,

greg k-h

----------------

diff --git a/drivers/media/dvb-frontends/ds3000.c b/drivers/media/dvb-frontends/ds3000.c
index 20fcf31af165..515aa7c7baf2 100644
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
@@ -859,7 +859,7 @@ struct dvb_frontend *ds3000_attach(const struct ds3000_config *config,
ds3000_set_voltage(&state->frontend, SEC_VOLTAGE_OFF);
return &state->frontend;
}
-EXPORT_SYMBOL(ds3000_attach);
+EXPORT_SYMBOL_GPL(ds3000_attach);

static int ds3000_set_carrier_offset(struct dvb_frontend *fe,
s32 carrier_offset_khz)

Next message: Conor Dooley: "Re: [PATCH v6 03/20] dt-bindings: gpu: Add Imagination Technologies PowerVR/IMG GPU"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.10 1/3] autofs: fix memory leak of waitqueues in autofs_catatonic_mode"
In reply to: Stefan Lippers-Hollmann: "Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules"
Next in thread: Stefan Lippers-Hollmann: "Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]