From 3161ebbcc427eda04465042bb7e75ce7df09dfb3 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 11 May 2021 14:46:17 +0200 Subject: [PATCH] 4.19-stable patches added patches: modules-inherit-taint_proprietary_module.patch modules-mark-each_symbol_section-static.patch modules-mark-find_symbol-static.patch modules-mark-ref_module-static.patch modules-rename-the-licence-field-in-struct-symsearch-to-license.patch modules-return-licensing-information-from-find_symbol.patch modules-unexport-__module_address.patch modules-unexport-__module_text_address.patch --- ...les-inherit-taint_proprietary_module.patch | 83 ++++++++++++ ...ules-mark-each_symbol_section-static.patch | 56 +++++++++ .../modules-mark-find_symbol-static.patch | 58 +++++++++ .../modules-mark-ref_module-static.patch | 61 +++++++++ ...field-in-struct-symsearch-to-license.patch | 44 +++++++ ...censing-information-from-find_symbol.patch | 118 ++++++++++++++++++ .../modules-unexport-__module_address.patch | 28 +++++ ...dules-unexport-__module_text_address.patch | 28 +++++ queue-4.19/series | 8 ++ 9 files changed, 484 insertions(+) create mode 100644 queue-4.19/modules-inherit-taint_proprietary_module.patch create mode 100644 queue-4.19/modules-mark-each_symbol_section-static.patch create mode 100644 queue-4.19/modules-mark-find_symbol-static.patch create mode 100644 queue-4.19/modules-mark-ref_module-static.patch create mode 100644 queue-4.19/modules-rename-the-licence-field-in-struct-symsearch-to-license.patch create mode 100644 queue-4.19/modules-return-licensing-information-from-find_symbol.patch create mode 100644 queue-4.19/modules-unexport-__module_address.patch create mode 100644 queue-4.19/modules-unexport-__module_text_address.patch diff --git a/queue-4.19/modules-inherit-taint_proprietary_module.patch b/queue-4.19/modules-inherit-taint_proprietary_module.patch new file mode 100644 index 00000000000..a6e778abf95 --- /dev/null +++ b/queue-4.19/modules-inherit-taint_proprietary_module.patch @@ -0,0 +1,83 @@ +From 262e6ae7081df304fc625cf368d5c2cbba2bb991 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Tue, 28 Jul 2020 23:33:33 +0200 +Subject: modules: inherit TAINT_PROPRIETARY_MODULE + +From: Christoph Hellwig + +commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream. + +If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag +for all modules importing these symbols, and don't allow loading +symbols from TAINT_PROPRIETARY_MODULE modules if the module previously +imported gplonly symbols. Add a anti-circumvention devices so people +don't accidentally get themselves into trouble this way. + +Comment from Greg: + "Ah, the proven-to-be-illegal "GPL Condom" defense :)" + +[jeyu: pr_info -> pr_err and pr_warn as per discussion] +Link: http://lore.kernel.org/r/20200730162957.GA22469@lst.de +Acked-by: Daniel Vetter +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 1 + + kernel/module.c | 27 +++++++++++++++++++++++++++ + 2 files changed, 28 insertions(+) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -359,6 +359,7 @@ struct module { + unsigned int num_gpl_syms; + const struct kernel_symbol *gpl_syms; + const s32 *gpl_crcs; ++ bool using_gplonly_symbols; + + #ifdef CONFIG_UNUSED_SYMBOLS + /* unused exported symbols. */ +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1379,6 +1379,25 @@ static inline int same_magic(const char + } + #endif /* CONFIG_MODVERSIONS */ + ++static bool inherit_taint(struct module *mod, struct module *owner) ++{ ++ if (!owner || !test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) ++ return true; ++ ++ if (mod->using_gplonly_symbols) { ++ pr_err("%s: module using GPL-only symbols uses symbols from proprietary module %s.\n", ++ mod->name, owner->name); ++ return false; ++ } ++ ++ if (!test_bit(TAINT_PROPRIETARY_MODULE, &mod->taints)) { ++ pr_warn("%s: module uses symbols from proprietary module %s, inheriting taint.\n", ++ mod->name, owner->name); ++ set_bit(TAINT_PROPRIETARY_MODULE, &mod->taints); ++ } ++ return true; ++} ++ + /* Resolve a symbol for this module. I.e. if we find one, record usage. */ + static const struct kernel_symbol *resolve_symbol(struct module *mod, + const struct load_info *info, +@@ -1403,6 +1422,14 @@ static const struct kernel_symbol *resol + if (!sym) + goto unlock; + ++ if (license == GPL_ONLY) ++ mod->using_gplonly_symbols = true; ++ ++ if (!inherit_taint(mod, owner)) { ++ sym = NULL; ++ goto getname; ++ } ++ + if (!check_version(info, name, mod, crc)) { + sym = ERR_PTR(-EINVAL); + goto getname; diff --git a/queue-4.19/modules-mark-each_symbol_section-static.patch b/queue-4.19/modules-mark-each_symbol_section-static.patch new file mode 100644 index 00000000000..3bb98fe9326 --- /dev/null +++ b/queue-4.19/modules-mark-each_symbol_section-static.patch @@ -0,0 +1,56 @@ +From a54e04914c211b5678602a46b3ede5d82ec1327d Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:22 +0200 +Subject: modules: mark each_symbol_section static + +From: Christoph Hellwig + +commit a54e04914c211b5678602a46b3ede5d82ec1327d upstream. + +each_symbol_section is only used inside of module.c. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 9 --------- + kernel/module.c | 3 +-- + 2 files changed, 1 insertion(+), 11 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -537,15 +537,6 @@ struct symsearch { + bool unused; + }; + +-/* +- * Walk the exported symbol table +- * +- * Must be called with module_mutex held or preemption disabled. +- */ +-bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +- struct module *owner, +- void *data), void *data); +- + /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if + symnum out of range. */ + int module_get_kallsym(unsigned int symnum, unsigned long *value, char *type, +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -415,7 +415,7 @@ static bool each_symbol_in_section(const + } + + /* Returns true as soon as fn returns true, otherwise false. */ +-bool each_symbol_section(bool (*fn)(const struct symsearch *arr, ++static bool each_symbol_section(bool (*fn)(const struct symsearch *arr, + struct module *owner, + void *data), + void *data) +@@ -476,7 +476,6 @@ bool each_symbol_section(bool (*fn)(cons + } + return false; + } +-EXPORT_SYMBOL_GPL(each_symbol_section); + + struct find_symbol_arg { + /* Input */ diff --git a/queue-4.19/modules-mark-find_symbol-static.patch b/queue-4.19/modules-mark-find_symbol-static.patch new file mode 100644 index 00000000000..8ac8df9322c --- /dev/null +++ b/queue-4.19/modules-mark-find_symbol-static.patch @@ -0,0 +1,58 @@ +From 773110470e2fa3839523384ae014f8a723c4d178 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:21 +0200 +Subject: modules: mark find_symbol static + +From: Christoph Hellwig + +commit 773110470e2fa3839523384ae014f8a723c4d178 upstream. + +find_symbol is only used in module.c. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 11 ----------- + kernel/module.c | 3 +-- + 2 files changed, 1 insertion(+), 13 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -538,17 +538,6 @@ struct symsearch { + }; + + /* +- * Search for an exported symbol by name. +- * +- * Must be called with module_mutex held or preemption disabled. +- */ +-const struct kernel_symbol *find_symbol(const char *name, +- struct module **owner, +- const s32 **crc, +- bool gplok, +- bool warn); +- +-/* + * Walk the exported symbol table + * + * Must be called with module_mutex held or preemption disabled. +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -568,7 +568,7 @@ static bool find_symbol_in_section(const + + /* Find a symbol and return it, along with, (optional) crc and + * (optional) module which owns it. Needs preempt disabled or module_mutex. */ +-const struct kernel_symbol *find_symbol(const char *name, ++static const struct kernel_symbol *find_symbol(const char *name, + struct module **owner, + const s32 **crc, + bool gplok, +@@ -591,7 +591,6 @@ const struct kernel_symbol *find_symbol( + pr_debug("Failed to find symbol %s\n", name); + return NULL; + } +-EXPORT_SYMBOL_GPL(find_symbol); + + /* + * Search for module by name: must hold module_mutex (or preempt disabled diff --git a/queue-4.19/modules-mark-ref_module-static.patch b/queue-4.19/modules-mark-ref_module-static.patch new file mode 100644 index 00000000000..c7ff63c77a8 --- /dev/null +++ b/queue-4.19/modules-mark-ref_module-static.patch @@ -0,0 +1,61 @@ +From 7ef5264de773279b9f23b6cc8afb5addb30e970b Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:20 +0200 +Subject: modules: mark ref_module static + +From: Christoph Hellwig + +commit 7ef5264de773279b9f23b6cc8afb5addb30e970b upstream. + +ref_module isn't used anywhere outside of module.c. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 1 - + kernel/module.c | 6 ++---- + 2 files changed, 2 insertions(+), 5 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -604,7 +604,6 @@ static inline void __module_get(struct m + #define symbol_put_addr(p) do { } while (0) + + #endif /* CONFIG_MODULE_UNLOAD */ +-int ref_module(struct module *a, struct module *b); + + /* This is a #define so the string doesn't get put in every .o file */ + #define module_name(mod) \ +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -851,7 +851,7 @@ static int add_module_usage(struct modul + } + + /* Module a uses b: caller needs module_mutex() */ +-int ref_module(struct module *a, struct module *b) ++static int ref_module(struct module *a, struct module *b) + { + int err; + +@@ -870,7 +870,6 @@ int ref_module(struct module *a, struct + } + return 0; + } +-EXPORT_SYMBOL_GPL(ref_module); + + /* Clear the unload stuff of the module. */ + static void module_unload_free(struct module *mod) +@@ -1151,11 +1150,10 @@ static inline void module_unload_free(st + { + } + +-int ref_module(struct module *a, struct module *b) ++static int ref_module(struct module *a, struct module *b) + { + return strong_try_module_get(b); + } +-EXPORT_SYMBOL_GPL(ref_module); + + static inline int module_unload_init(struct module *mod) + { diff --git a/queue-4.19/modules-rename-the-licence-field-in-struct-symsearch-to-license.patch b/queue-4.19/modules-rename-the-licence-field-in-struct-symsearch-to-license.patch new file mode 100644 index 00000000000..822bc5df202 --- /dev/null +++ b/queue-4.19/modules-rename-the-licence-field-in-struct-symsearch-to-license.patch @@ -0,0 +1,44 @@ +From cd8732cdcc37d7077c4fa2c966b748c0662b607e Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:25 +0200 +Subject: modules: rename the licence field in struct symsearch to license + +From: Christoph Hellwig + +commit cd8732cdcc37d7077c4fa2c966b748c0662b607e upstream. + +Use the same spelling variant as the rest of the file. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 2 +- + kernel/module.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -533,7 +533,7 @@ struct symsearch { + NOT_GPL_ONLY, + GPL_ONLY, + WILL_BE_GPL_ONLY, +- } licence; ++ } license; + bool unused; + }; + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -496,9 +496,9 @@ static bool check_symbol(const struct sy + struct find_symbol_arg *fsa = data; + + if (!fsa->gplok) { +- if (syms->licence == GPL_ONLY) ++ if (syms->license == GPL_ONLY) + return false; +- if (syms->licence == WILL_BE_GPL_ONLY && fsa->warn) { ++ if (syms->license == WILL_BE_GPL_ONLY && fsa->warn) { + pr_warn("Symbol %s is being used by a non-GPL module, " + "which will not be allowed in the future\n", + fsa->name); diff --git a/queue-4.19/modules-return-licensing-information-from-find_symbol.patch b/queue-4.19/modules-return-licensing-information-from-find_symbol.patch new file mode 100644 index 00000000000..00da64193b9 --- /dev/null +++ b/queue-4.19/modules-return-licensing-information-from-find_symbol.patch @@ -0,0 +1,118 @@ +From ef1dac6021cc8ec5de02ce31722bf26ac4ed5523 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:26 +0200 +Subject: modules: return licensing information from find_symbol + +From: Christoph Hellwig + +commit ef1dac6021cc8ec5de02ce31722bf26ac4ed5523 upstream. + +Report the GPLONLY status through a new argument. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/module.h | 2 +- + kernel/module.c | 16 +++++++++++----- + 2 files changed, 12 insertions(+), 6 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -529,7 +529,7 @@ struct module *find_module(const char *n + struct symsearch { + const struct kernel_symbol *start, *stop; + const s32 *crcs; +- enum { ++ enum mod_license { + NOT_GPL_ONLY, + GPL_ONLY, + WILL_BE_GPL_ONLY, +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -487,6 +487,7 @@ struct find_symbol_arg { + struct module *owner; + const s32 *crc; + const struct kernel_symbol *sym; ++ enum mod_license license; + }; + + static bool check_symbol(const struct symsearch *syms, +@@ -520,6 +521,7 @@ static bool check_symbol(const struct sy + fsa->owner = owner; + fsa->crc = symversion(syms->crcs, symnum); + fsa->sym = &syms->start[symnum]; ++ fsa->license = syms->license; + return true; + } + +@@ -570,6 +572,7 @@ static bool find_symbol_in_section(const + static const struct kernel_symbol *find_symbol(const char *name, + struct module **owner, + const s32 **crc, ++ enum mod_license *license, + bool gplok, + bool warn) + { +@@ -584,6 +587,8 @@ static const struct kernel_symbol *find_ + *owner = fsa.owner; + if (crc) + *crc = fsa.crc; ++ if (license) ++ *license = fsa.license; + return fsa.sym; + } + +@@ -1056,7 +1061,7 @@ void __symbol_put(const char *symbol) + struct module *owner; + + preempt_disable(); +- if (!find_symbol(symbol, &owner, NULL, true, false)) ++ if (!find_symbol(symbol, &owner, NULL, NULL, true, false)) + BUG(); + module_put(owner); + preempt_enable(); +@@ -1334,7 +1339,7 @@ static inline int check_modstruct_versio + * locking is necessary -- use preempt_disable() to placate lockdep. + */ + preempt_disable(); +- if (!find_symbol("module_layout", NULL, &crc, true, false)) { ++ if (!find_symbol("module_layout", NULL, &crc, NULL, true, false)) { + preempt_enable(); + BUG(); + } +@@ -1383,6 +1388,7 @@ static const struct kernel_symbol *resol + struct module *owner; + const struct kernel_symbol *sym; + const s32 *crc; ++ enum mod_license license; + int err; + + /* +@@ -1392,7 +1398,7 @@ static const struct kernel_symbol *resol + */ + sched_annotate_sleep(); + mutex_lock(&module_mutex); +- sym = find_symbol(name, &owner, &crc, ++ sym = find_symbol(name, &owner, &crc, &license, + !(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true); + if (!sym) + goto unlock; +@@ -2222,7 +2228,7 @@ void *__symbol_get(const char *symbol) + const struct kernel_symbol *sym; + + preempt_disable(); +- sym = find_symbol(symbol, &owner, NULL, true, true); ++ sym = find_symbol(symbol, &owner, NULL, NULL, true, true); + if (sym && strong_try_module_get(owner)) + sym = NULL; + preempt_enable(); +@@ -2258,7 +2264,7 @@ static int verify_export_symbols(struct + for (i = 0; i < ARRAY_SIZE(arr); i++) { + for (s = arr[i].sym; s < arr[i].sym + arr[i].num; s++) { + if (find_symbol(kernel_symbol_name(s), &owner, NULL, +- true, false)) { ++ NULL, true, false)) { + pr_err("%s: exports duplicate symbol %s" + " (owned by %s)\n", + mod->name, kernel_symbol_name(s), diff --git a/queue-4.19/modules-unexport-__module_address.patch b/queue-4.19/modules-unexport-__module_address.patch new file mode 100644 index 00000000000..51af04cac5f --- /dev/null +++ b/queue-4.19/modules-unexport-__module_address.patch @@ -0,0 +1,28 @@ +From 34e64705ad415ed7a816e60ef62b42fe6d1729d9 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:24 +0200 +Subject: modules: unexport __module_address + +From: Christoph Hellwig + +commit 34e64705ad415ed7a816e60ef62b42fe6d1729d9 upstream. + +__module_address is only used by built-in code. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + kernel/module.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -4381,7 +4381,6 @@ struct module *__module_address(unsigned + } + return mod; + } +-EXPORT_SYMBOL_GPL(__module_address); + + /* + * is_module_text_address - is this address inside module code? diff --git a/queue-4.19/modules-unexport-__module_text_address.patch b/queue-4.19/modules-unexport-__module_text_address.patch new file mode 100644 index 00000000000..1e5b480d6b2 --- /dev/null +++ b/queue-4.19/modules-unexport-__module_text_address.patch @@ -0,0 +1,28 @@ +From 3fe1e56d0e68b623dd62d8d38265d2a052e7e185 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Thu, 30 Jul 2020 08:10:23 +0200 +Subject: modules: unexport __module_text_address + +From: Christoph Hellwig + +commit 3fe1e56d0e68b623dd62d8d38265d2a052e7e185 upstream. + +__module_text_address is only used by built-in code. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Jessica Yu +Signed-off-by: Greg Kroah-Hartman +--- + kernel/module.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -4420,7 +4420,6 @@ struct module *__module_text_address(uns + } + return mod; + } +-EXPORT_SYMBOL_GPL(__module_text_address); + + /* Don't grab lock, we're oopsing. */ + void print_modules(void) diff --git a/queue-4.19/series b/queue-4.19/series index 59929d1813e..2d6d9f6042a 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -117,3 +117,11 @@ tracing-restructure-trace_clock_global-to-never-block.patch dm-persistent-data-packed-struct-should-have-an-aligned-attribute-too.patch dm-space-map-common-fix-division-bug-in-sm_ll_find_free_block.patch dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remove-after-table-load-fails.patch +modules-mark-ref_module-static.patch +modules-mark-find_symbol-static.patch +modules-mark-each_symbol_section-static.patch +modules-unexport-__module_text_address.patch +modules-unexport-__module_address.patch +modules-rename-the-licence-field-in-struct-symsearch-to-license.patch +modules-return-licensing-information-from-find_symbol.patch +modules-inherit-taint_proprietary_module.patch -- 2.47.3