Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: stable@vger.kernel.org, patches@lists.linux.dev,
	Christoph Hellwig <hch@lst.de>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Mauro Carvalho Chehab <mchehab@kernel.org>,
	linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
Date: Thu, 7 Sep 2023 10:30:50 +0100	[thread overview]
Message-ID: <2023090719-virtuous-snowflake-d015@gregkh> (raw)
In-Reply-To: <20230907084135.02d97441@mir>

On Thu, Sep 07, 2023 at 08:41:35AM +0200, Stefan Lippers-Hollmann wrote:
> Hi
> 
> On 2023-09-04, Greg Kroah-Hartman wrote:
> > 6.5-stable review patch.  If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Christoph Hellwig <hch@lst.de>
> >
> > commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
> >
> > It has recently come to my attention that nvidia is circumventing the
> > protection added in 262e6ae7081d ("modules: inherit
> > TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
> > modules into an allegedly GPL licensed module and then rexporting them.
> >
> > Given that symbol_get was only ever intended for tightly cooperating
> > modules using very internal symbols it is logical to restrict it to
> > being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
> > Circumvention of Access Controls law suites.
> >
> > All symbols except for four used through symbol_get were already exported
> > as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
> > the preparation patches.
> 
> This patch, as part of v6.5.2, breaks the in-kernel ds3000 module
> (for a TeVii s480 v2 DVB-S2 card, which is a PCIe card attaching two
> onboard TeVii s660 cards via an onboard USB2 controller (MCS9990),
> https://www.linuxtv.org/wiki/index.php/TeVii_S480) from loading.

This is also broken in Linus's tree, right?

> [    2.896589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> [    2.901085] failing symbol_get of non-GPLONLY symbol ds3000_attach.
> [    2.901089] DVB: Unable to find symbol ds3000_attach()

This is odd, where is that call coming from?  I don't see any call to
symbol_get in the dvb code, where is this happening?

Anyway, does the patch below fix this?

thanks,

greg k-h

----------------

diff --git a/drivers/media/dvb-frontends/ds3000.c b/drivers/media/dvb-frontends/ds3000.c
index 20fcf31af165..515aa7c7baf2 100644
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
@@ -859,7 +859,7 @@ struct dvb_frontend *ds3000_attach(const struct ds3000_config *config,
 	ds3000_set_voltage(&state->frontend, SEC_VOLTAGE_OFF);
 	return &state->frontend;
 }
-EXPORT_SYMBOL(ds3000_attach);
+EXPORT_SYMBOL_GPL(ds3000_attach);
 
 static int ds3000_set_carrier_offset(struct dvb_frontend *fe,
 					s32 carrier_offset_khz)

next prev parent reply	other threads:[~2023-09-07 16:27 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20230904182948.594404081@linuxfoundation.org>
     [not found] ` <20230904182949.104100132@linuxfoundation.org>
2023-09-07  6:41   ` [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Stefan Lippers-Hollmann
2023-09-07  9:30     ` Greg Kroah-Hartman [this message]
2023-09-07 20:17       ` Stefan Lippers-Hollmann
2023-09-08  6:46         ` Greg Kroah-Hartman
2023-09-08  7:07           ` Greg Kroah-Hartman
2023-09-08  8:31             ` Christoph Hellwig
2023-09-08  8:35               ` Christoph Hellwig
2023-09-08  8:47                 ` Greg Kroah-Hartman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:20fcf31af16 dfblob:515aa7c7baf )
 OR (
bs:"Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2023090719-virtuous-snowflake-d015@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=hch@lst.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=mchehab@kernel.org \
    --cc=patches@lists.linux.dev \
    --cc=s.l-h@gmx.de \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox