Re: [PATCH 6.5 11/34] modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules

Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 7 Sep 2023 10:30:50 +0100

On Thu, Sep 07, 2023 at 08:41:35AM +0200, Stefan Lippers-Hollmann wrote:
> Hi
> 
> On 2023-09-04, Greg Kroah-Hartman wrote:
> > 6.5-stable review patch.  If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Christoph Hellwig <hch@xxxxxx>
> >
> > commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
> >
> > It has recently come to my attention that nvidia is circumventing the
> > protection added in 262e6ae7081d ("modules: inherit
> > TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
> > modules into an allegedly GPL licensed module and then rexporting them.
> >
> > Given that symbol_get was only ever intended for tightly cooperating
> > modules using very internal symbols it is logical to restrict it to
> > being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
> > Circumvention of Access Controls law suites.
> >
> > All symbols except for four used through symbol_get were already exported
> > as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
> > the preparation patches.
> 
> This patch, as part of v6.5.2, breaks the in-kernel ds3000 module
> (for a TeVii s480 v2 DVB-S2 card, which is a PCIe card attaching two
> onboard TeVii s660 cards via an onboard USB2 controller (MCS9990),
> https://www.linuxtv.org/wiki/index.php/TeVii_S480) from loading.

This is also broken in Linus's tree, right?

> [    2.896589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
> [    2.901085] failing symbol_get of non-GPLONLY symbol ds3000_attach.
> [    2.901089] DVB: Unable to find symbol ds3000_attach()

This is odd, where is that call coming from?  I don't see any call to
symbol_get in the dvb code, where is this happening?

Anyway, does the patch below fix this?

thanks,

greg k-h

----------------

diff --git a/drivers/media/dvb-frontends/ds3000.c b/drivers/media/dvb-frontends/ds3000.c
index 20fcf31af165..515aa7c7baf2 100644
--- a/drivers/media/dvb-frontends/ds3000.c
+++ b/drivers/media/dvb-frontends/ds3000.c
@@ -859,7 +859,7 @@ struct dvb_frontend *ds3000_attach(const struct ds3000_config *config,
 	ds3000_set_voltage(&state->frontend, SEC_VOLTAGE_OFF);
 	return &state->frontend;
 }
-EXPORT_SYMBOL(ds3000_attach);
+EXPORT_SYMBOL_GPL(ds3000_attach);
 
 static int ds3000_set_carrier_offset(struct dvb_frontend *fe,
 					s32 carrier_offset_khz)






