| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Feb 2019 10:37:17 +0100
From: Philippe Ombredanne <pombredanne@...b.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Jonathan Corbet <corbet@....net>, Jessica Yu <jeyu@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Greg KH <gregkh@...uxfoundation.org>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Rusty Russell <rusty@...tcorp.com.au>,
Christoph Hellwig <hch@....de>,
Kate Stewart <kstewart@...uxfoundation.org>,
Joe Perches <joe@...ches.com>
Subject: Re: [PATCH v2] module: Cure the MODULE_LICENSE "GPL" vs. "GPL v2" bogosity
Hi Thomas:
On Fri, Feb 8, 2019 at 5:03 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> The original MODULE_LICENSE string for kernel modules licensed under the
> GPL v2 (only / or later) was simply "GPL", which was - and still is -
> completely sufficient for the purpose of module loading and checking
> whether the module is free software or proprietary.
>
> In January 2003 this was changed with commit 3344ea3ad4b7 ("[PATCH]
> MODULE_LICENSE and EXPORT_SYMBOL_GPL support"). This commit can be found in
> the history git repository which holds the 1:1 import of Linus' bitkeeper
> repository:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git/commit/?id=3344ea3ad4b7c302c846a680dbaeedf96ed45c02
>
> The main intention of the patch was to refuse linking proprietary modules
> against symbols exported with EXPORT_SYMBOL_GPL() at module load time.
>
> As a completely undocumented side effect it also introduced the distinction
> between "GPL" and "GPL v2" MODULE_LICENSE() strings:
>
> * "GPL" [GNU Public License v2 or later]
> * "GPL v2" [GNU Public License v2]
> * "GPL and additional rights" [GNU Public License v2 rights and more]
> * "Dual BSD/GPL" [GNU Public License v2
> * or BSD license choice]
> * "Dual MPL/GPL" [GNU Public License v2
> * or Mozilla license choice]
>
> This distinction was and still is wrong in several aspects:
>
> 1) It broke all modules which were using the "GPL" string in the
> MODULE_LICENSE() already and were licensed under GPL v2 only.
>
> A quick license scan over the tree at that time shows that at least 480
> out of 1484 modules have been affected by this change back then. The
> number is probably way higher as this was just a quick check for
> clearly identifiable license information.
>
> There was exactly ONE instance of a "GPL v2" module license string in
> the kernel back then - drivers/net/tulip/xircom_tulip_cb.c which
> otherwise had no license information at all. There is no indication
> that the change above is any way related to this driver. The change
> happend with the 2.4.11 release which was on Oct. 9 2001 - so quite
> some time before the above commit. Unfortunately there is no trace on
> the intertubes to any discussion of this.
>
> 2) The dual licensed strings became ill defined as well because following
> the "GPL" vs. "GPL v2" distinction all dual licensed (or additional
> rights) MODULE_LICENSE strings would either require those dual licensed
> modules to be licensed under GPL v2 or later or just be unspecified for
> the dual licensing case. Neither choice is coherent with the GPL
> distinction.
>
> Due to the lack of a proper changelog and no real discussion on the patch
> submission other than a few implementation details, it's completely unclear
> why this distinction was introduced at all. Other than the comment in the
> module header file exists no documentation for this at all.
>
> From a license compliance and license scanning POV this distinction is a
> total nightmare.
>
> As of 5.0-rc2 2873 out of 9200 instances of MODULE_LICENSE() strings are
> conflicting with the actual license in the source code (either SPDX or
> license boilerplate/reference). A comparison between the scan of the
> history tree and a scan of current Linus tree shows to the extent that the
> git rename detection over Linus tree grafted with the history tree is
> halfways complete that almost none of the files which got broken in 2003
> have been cleaned up vs. the MODULE_LICENSE string. So subtracting those
> 480 known instances from the conflicting 2800 of today more than 25% of the
> module authors got it wrong and it's a high propability that a large
> portion of the rest just got it right by chance.
>
> There is no value for the module loader to convey the detailed license
> information as the only decision to be made is whether the module is free
> software or not.
>
> The "and additional rights", "BSD" and "MPL" strings are not conclusive
> license information either. So there is no point in trying to make the GPL
> part conclusive and exact. As shown above it's already non conclusive for
> dual licensing and incoherent with a large portion of the module source.
>
> As an unintended side effect this distinction causes a major headache for
> license compliance, license scanners and the ongoing effort to clean up the
> license mess of the kernel.
>
> Therefore remove the well meant, but ill defined, distinction between "GPL"
> and "GPL v2" and document that:
>
> - "GPL" and "GPL v2" both express that the module is licensed under GPLv2
> (without a distinction of 'only' and 'or later') and is therefore kernel
> license compliant.
>
> - None of the MODULE_LICENSE strings can be used for expressing or
> determining the exact license
>
> - Their sole purpose is to decide whether the module is free software or
> not.
>
> Add a MODULE_LICENSE subsection to the license rule documentation as well.
>
> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
> Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Acked-by: Philippe Ombredanne <pombredanne@...b.com>
> Acked-by: Joe Perches <joe@...ches.com>
>
> ---
>
> V2: Fixed the "GPL v2" hickup and the typo spotted by Jessica.
>
> Documentation/process/license-rules.rst | 62 ++++++++++++++++++++++++++++++++
> include/linux/module.h | 18 ++++++++-
> 2 files changed, 79 insertions(+), 1 deletion(-)
>
> --- a/Documentation/process/license-rules.rst
> +++ b/Documentation/process/license-rules.rst
> @@ -372,3 +372,65 @@ in the LICENSE subdirectories. This is r
> verification (e.g. checkpatch.pl) and to have the licenses ready to read
> and extract right from the source, which is recommended by various FOSS
> organizations, e.g. the `FSFE REUSE initiative <https://reuse.software/>`_.
> +
> +_`MODULE_LICENSE`
> +-----------------
> +
> + Loadable kernel modules also require a MODULE_LICENSE() tag. This tag is
> + neither a replacement for proper source code license information
> + (SPDX-License-Identifier) nor in any way relevant for expressing or
> + determining the exact license under which the source code of the module
> + is provided.
> +
> + The sole purpose of this tag is to provide sufficient information
> + whether the module is free software or proprietary for the kernel
> + module loader and for user space tools.
> +
> + The valid license strings for MODULE_LICENSE() are:
> +
> + ============================= =============================================
> + "GPL" Module is licensed under GPL version 2. This
> + does not express any distinction between
> + GPL-2.0-only or GPL-2.0-or-later. The exact
> + license information can only be determined
> + via the license information in the
> + corresponding source files.
> +
> + "GPL v2" Same as "GPL". It exists for historic
> + reasons.
> +
> + "GPL and additional rights" Historical variant of expressing that the
> + module source is dual licensed under a
> + GPL v2 variant and MIT license. Please do
> + not use in new code.
> +
> + "Dual MIT/GPL" The correct way of expressing that the
> + module is dual licensed under a GPL v2
> + variant or MIT license choice.
> +
> + "Dual BSD/GPL" The module is dual licensed under a GPL v2
> + variant or BSD license choice. The exact
> + variant of the BSD license can only be
> + determined via the license information
> + in the corresponding source files.
> +
> + "Dual MPL/GPL" The module is dual licensed under a GPL v2
> + variant or Mozilla Public License (MPL)
> + choice. The exact variant of the MPL
> + license can only be determined via the
> + license information in the corresponding
> + source files.
> +
> + "Proprietary" The module is under a proprietary license.
> + This string is solely for proprietary third
> + party modules and cannot be used for modules
> + which have their source code in the kernel
> + tree. Modules tagged that way are tainting
> + the kernel with the 'P' flag when loaded and
> + the kernel module loader refuses to link such
> + modules against symbols which are exported
> + with EXPORT_SYMBOL_GPL().
> + ============================= =============================================
> +
> +
> +
> --- a/include/linux/module.h
> +++ b/include/linux/module.h
> @@ -172,7 +172,7 @@ extern void cleanup_module(void);
> * The following license idents are currently accepted as indicating free
> * software modules
> *
> - * "GPL" [GNU Public License v2 or later]
> + * "GPL" [GNU Public License v2]
> * "GPL v2" [GNU Public License v2]
> * "GPL and additional rights" [GNU Public License v2 rights and more]
> * "Dual BSD/GPL" [GNU Public License v2
> @@ -186,6 +186,22 @@ extern void cleanup_module(void);
> *
> * "Proprietary" [Non free products]
> *
> + * Both "GPL v2" and "GPL" (the latter also in dual licensed strings) are
> + * merily stating that the module is licensed under the GPL v2, but are not
Nit: did you mean merely (as mere/just) ? or merily/merrily (as in
cheerfully/happily) ? :D
> + * telling whether "GPL v2 only" or "GPL v2 or later". The reason why there
> + * are two variants is a historic and failed attempt to convey more
> + * information in the MODULE_LICENSE string. For module loading the
> + * "only/or later" distinction is completely irrelevant and does neither
> + * replace the proper license identifiers in the corresponding source file
> + * nor amends them in any way. The sole purpose is to make the
> + * 'Proprietary' flagging work and to refuse to bind symbols which are
> + * exported with EXPORT_SYMBOL_GPL when a non free module is loaded.
> + *
> + * In the same way "BSD" is not a clear license information. It merily
Nit: merily. same as above
> + * states, that the module is licensed under one of the compatible BSD
> + * license variants. The detailed and correct license information is again
> + * to be found in the corresponding source files.
> + *
> * There are dual licensed components, but when running with Linux it is the
> * GPL that is relevant so this is a non issue. Similarly LGPL linked with GPL
> * is a GPL combined work.
Just to add to your points, I have seen a few times folks create
out-of-tree modules and use a MODULE_LICENSE "Proprietary" with a
proper GPL license notice at the top just to ensure that the code
would not be able to link with and use symbols exported with
EXPORT_SYMBOL_GPL().
This further reinforces the relevance of your argument as
MODULE_LICENSE can be used also as a pure technical solution that is
not making any licensing statement. So much so that a rewrite could
instead use something akin to EXPORT_SYMBOL_PRIVATE/INTERNAL/NON_API (
as 0 or 1) and MODULE_CAN_USE_PRIVATE/INTERNAL/NON_API_SYMBOLS ( as 0
or 1) and not deal with anything license-related? After all this is
mostly a binary flag.
--
Cordially
Philippe Ombredanne
Powered by blists - more mailing lists