From: Stefan Lippers-Hollmann <s.l-h@gmx.de>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org, patches@lists.linux.dev,
Christoph Hellwig <hch@lst.de>,
Luis Chamberlain <mcgrof@kernel.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
Date: Thu, 7 Sep 2023 22:17:37 +0200 [thread overview]
Message-ID: <20230907221737.07f12f38@mir> (raw)
In-Reply-To: <2023090719-virtuous-snowflake-d015@gregkh>
Hi
On 2023-09-07, Greg Kroah-Hartman wrote:
> On Thu, Sep 07, 2023 at 08:41:35AM +0200, Stefan Lippers-Hollmann wrote:
> > On 2023-09-04, Greg Kroah-Hartman wrote:
> > > 6.5-stable review patch. If anyone has any objections, please let me know.
> > >
> > > ------------------
> > >
> > > From: Christoph Hellwig <hch@lst.de>
> > >
> > > commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
> > >
> > > It has recently come to my attention that nvidia is circumventing the
> > > protection added in 262e6ae7081d ("modules: inherit
> > > TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
> > > modules into an allegedly GPL licensed module and then rexporting them.
> > >
> > > Given that symbol_get was only ever intended for tightly cooperating
> > > modules using very internal symbols it is logical to restrict it to
> > > being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
> > > Circumvention of Access Controls law suites.
> > >
> > > All symbols except for four used through symbol_get were already exported
> > > as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
> > > the preparation patches.
> >
> > This patch, as part of v6.5.2, breaks the in-kernel ds3000 module
> > (for a TeVii s480 v2 DVB-S2 card, which is a PCIe card attaching two
> > onboard TeVii s660 cards via an onboard USB2 controller (MCS9990),
> > https://www.linuxtv.org/wiki/index.php/TeVii_S480) from loading.
>
> This is also broken in Linus's tree, right?
Yes, HEAD as of 6.5.0-12145-g4a0fc73da97e is affected just as well.
> > [ 2.896589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> > [ 2.901085] failing symbol_get of non-GPLONLY symbol ds3000_attach.
> > [ 2.901089] DVB: Unable to find symbol ds3000_attach()
>
> This is odd, where is that call coming from? I don't see any call to
> symbol_get in the dvb code, where is this happening?
>
> Anyway, does the patch below fix this?
That change alone only moves the issue down to ts2020_attach().
$ dmesg | grep -i -e dvb -e gpl -e symbol
[ 1.464876] usb 3-1: Product: DVBS2BOX
[ 1.482143] usb 5-1: Product: DVBS2BOX
[ 3.692647] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
[ 3.692951] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
[ 3.860571] dvb-usb: found a 'TeVii S660 USB' in warm state.
[ 3.860615] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 3.860944] dvbdev: DVB: registering new adapter (TeVii S660 USB)
[ 4.097144] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
[ 4.097272] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 4.111792] failing symbol_get of non-GPLONLY symbol ts2020_attach.
[ 4.111795] DVB: Unable to find symbol ts2020_attach()
[ 4.112759] usb 3-1: DVB: registering adapter 0 frontend 0 (Montage Technology DS3000)...
[ 4.112764] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
[ 4.138938] dvb-usb: schedule remote query interval to 150 msecs.
[ 4.138942] dvb-usb: TeVii S660 USB successfully initialized and connected.
[ 4.138988] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
[ 4.139016] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
[ 4.292614] dvb-usb: found a 'TeVii S660 USB' in warm state.
[ 4.292679] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 4.293075] dvbdev: DVB: registering new adapter (TeVii S660 USB)
[ 4.538876] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
[ 4.539113] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 4.543738] failing symbol_get of non-GPLONLY symbol ts2020_attach.
[ 4.546349] failing symbol_get of non-GPLONLY symbol ts2020_attach.
[ 4.546354] DVB: Unable to find symbol ts2020_attach()
[ 4.548643] usb 5-1: DVB: registering adapter 1 frontend 0 (Montage Technology DS3000)...
[ 4.548650] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
[ 4.549970] dvb-usb: schedule remote query interval to 150 msecs.
[ 4.549973] dvb-usb: TeVii S660 USB successfully initialized and connected.
[ 7.830408] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
[ 8.367600] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
Extending this to approach to ts2020_attach() does fix the problem
for me. Searching the web for "failing symbol_get of non-GPLONLY
symbol" suggests that there might be further instances within the
DVB subsystem https://syzkaller.appspot.com/x/log.txt?x=11faa1eda80000
(this was merely gathered by a passive web search, I have no contact
to the poster or any further information about it).
[ now fully functional with EXPORT_SYMBOL_GPL(ds3000_attach) and
EXPORT_SYMBOL_GPL(ts2020_attach) ]
$ dmesg | grep -i -e dvb -e gpl -e symbol -e taint
[ 1.499064] usb 3-1: Product: DVBS2BOX
[ 1.505760] usb 4-1: Product: DVBS2BOX
[ 3.915802] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
[ 3.917134] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
[ 4.084566] dvb-usb: found a 'TeVii S660 USB' in warm state.
[ 4.084602] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 4.084984] dvbdev: DVB: registering new adapter (TeVii S660 USB)
[ 4.320740] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
[ 4.320871] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 4.390349] usb 3-1: DVB: registering adapter 0 frontend 0 (Montage Technology DS3000)...
[ 4.390356] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
[ 4.416869] dvb-usb: schedule remote query interval to 150 msecs.
[ 4.416872] dvb-usb: TeVii S660 USB successfully initialized and connected.
[ 4.416905] dvb-usb: found a 'TeVii S660 USB' in cold state, will try to load a firmware
[ 4.416927] dvb-usb: downloading firmware from file 'dvb-usb-s660.fw'
[ 4.572611] dvb-usb: found a 'TeVii S660 USB' in warm state.
[ 4.572679] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 4.573066] dvbdev: DVB: registering new adapter (TeVii S660 USB)
[ 4.821631] dvb-usb: MAC address: 00:18:XX:XX:XX:XX
[ 4.821757] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 4.884845] usb 4-1: DVB: registering adapter 1 frontend 0 (Montage Technology DS3000)...
[ 4.884856] dvbdev: dvb_create_media_entity: media entity 'Montage Technology DS3000' registered.
[ 4.886511] dvb-usb: schedule remote query interval to 150 msecs.
[ 4.886514] dvb-usb: TeVii S660 USB successfully initialized and connected.
[ 7.312401] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
[ 7.918355] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
[ 7.919675] ds3000_firmware_ondemand: Waiting for firmware upload (dvb-fe-ds3000.fw)...
With these changes, my DVB-S2 and DVB-T2 cards are working:
- https://www.linuxtv.org/wiki/index.php/TeVii_S480
- https://www.linuxtv.org/wiki/index.php/Xbox_One_Digital_TV_Tuner
Thanks a lot
Stefan Lippers-Hollmann
---
--- a/drivers/media/dvb-frontends/ts2020.c
+++ b/drivers/media/dvb-frontends/ts2020.c
@@ -525,7 +525,7 @@ struct dvb_frontend *ts2020_attach(struc
return fe;
}
-EXPORT_SYMBOL(ts2020_attach);
+EXPORT_SYMBOL_GPL(ts2020_attach);
/*
* We implement own regmap locking due to legacy DVB attach which uses frontend
next prev parent reply other threads:[~2023-09-07 20:17 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 18:29 [PATCH 6.5 00/34] 6.5.2-rc1 review Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 01/34] drm/amdgpu: correct vmhub index in GMC v10/11 Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 02/34] erofs: ensure that the post-EOF tails are all zeroed Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 03/34] ksmbd: fix wrong DataOffset validation of create context Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 04/34] ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 05/34] ksmbd: replace one-element array with flex-array member in struct smb2_ea_info Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 06/34] ksmbd: reduce descriptor size if remaining bytes is less than request size Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 07/34] ARM: pxa: remove use of symbol_get() Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 08/34] mmc: au1xmmc: force non-modular build and remove symbol_get usage Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 09/34] net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 10/34] rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Greg Kroah-Hartman
2023-09-07 6:41 ` Stefan Lippers-Hollmann
2023-09-07 9:30 ` Greg Kroah-Hartman
2023-09-07 20:17 ` Stefan Lippers-Hollmann [this message]
2023-09-08 6:46 ` Greg Kroah-Hartman
2023-09-08 7:07 ` Greg Kroah-Hartman
2023-09-08 8:31 ` Christoph Hellwig
2023-09-08 8:35 ` Christoph Hellwig
2023-09-08 8:47 ` Greg Kroah-Hartman
2023-09-04 18:29 ` [PATCH 6.5 12/34] USB: serial: option: add Quectel EM05G variant (0x030e) Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 13/34] USB: serial: option: add FOXCONN T99W368/T99W373 product Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 14/34] ALSA: usb-audio: Fix init call orders for UAC1 Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 15/34] usb: dwc3: meson-g12a: do post init to fix broken usb after resumption Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 16/34] usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 17/34] HID: wacom: remove the battery when the EKR is off Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 18/34] staging: rtl8712: fix race condition Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 19/34] wifi: mt76: mt7921: do not support one stream on secondary antenna only Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 20/34] wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 21/34] wifi: rtw88: usb: kill and free rx urbs on probe failure Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 22/34] wifi: ath11k: Dont drop tx_status when peer cannot be found Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 23/34] wifi: ath11k: Cleanup mac80211 references on failure during tx_complete Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 24/34] serial: qcom-geni: fix opp vote on shutdown Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 25/34] serial: sc16is7xx: fix broken port 0 uart init Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 26/34] serial: sc16is7xx: fix bug when first setting GPIO direction Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 27/34] firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 28/34] fsi: master-ast-cf: Add MODULE_FIRMWARE macro Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 29/34] tcpm: Avoid soft reset when partner does not support get_status Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 30/34] dt-bindings: sc16is7xx: Add property to change GPIO function Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 31/34] tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 32/34] nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 33/34] usb: typec: tcpci: clear the fault status bit Greg Kroah-Hartman
2023-09-04 18:30 ` [PATCH 6.5 34/34] pinctrl: amd: Dont show `Invalid config param` errors Greg Kroah-Hartman
2023-09-05 0:09 ` [PATCH 6.5 00/34] 6.5.2-rc1 review Joel Fernandes
2023-09-05 4:43 ` Bagas Sanjaya
2023-09-05 8:15 ` Naresh Kamboju
2023-09-05 9:44 ` Sudip Mukherjee (Codethink)
2023-09-05 11:08 ` Jon Hunter
2023-09-05 17:11 ` Justin Forbes
2023-09-05 20:52 ` Shuah Khan
2023-09-05 22:52 ` Ron Economos
2023-09-06 5:31 ` SeongJae Park
2023-09-06 10:52 ` Rudi Heitbaum
2023-09-06 17:25 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230907221737.07f12f38@mir \
--to=s.l-h@gmx.de \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).