lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <D5LVSE2UF1MA.1TZUC95PN6Y1Q@samsung.com>
Date: Thu, 14 Nov 2024 12:56:20 +0100
From: Daniel Gomez <da.gomez@...sung.com>
To: Uwe Kleine-König <ukleinek@...nel.org>, "Luis
 Chamberlain" <mcgrof@...nel.org>
CC: Werner Sembach <wse@...edocomputers.com>, <tux@...edocomputers.com>,
	Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>,
	<linux-modules@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Thorsten
	Leemhuis <linux@...mhuis.info>
Subject: Re: [PATCH 2/2] module: Block modules by Tuxedo from accessing GPL
 symbols

On Thu Nov 14, 2024 at 11:31 AM CET, Uwe Kleine-König wrote:
> Tuxedo licenses the modules used on their hardware under GPLv3+, to
> "keep control of the upstream pacing" – and want to re-license the code
> while upstreaming.
>
> They were asked to then at least not use MODULE_LICENSE("GPL") which
> declares compatibility to the kernel's GPLv2. They accepted the pull
> request and shortly after reverted the change and so continue to lie
> about the license.
>
> So teach the module loader that these modules are proprietary despite
> their declaration to be GPLv2 compatible "until the legal stuff is
> sorted out".
>
> Link: https://protect2.fireeye.com/v1/url?k=02b4686b-633f7d5d-02b5e324-74fe485cbff1-8cd9af635fd1f7c7&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427
> Signed-off-by: Uwe Kleine-König <ukleinek@...nel.org>
> ---
>  kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++
>  1 file changed, 33 insertions(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 878191c65efc..46badbb09d5e 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = {
>  
>  	/* lve claims to be GPL but upstream won't provide source */
>  	"lve",
> +
> +	/*
> +	 * Tuxedo distributes their kernel modules under GPLv3, but intentially
Typo here.
> +	 * lies in their MODULE_LICENSE() calls.
> +	 * See https://protect2.fireeye.com/v1/url?k=60e8a9e4-0163bcd2-60e922ab-74fe485cbff1-eff87fdcdb83953a&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427
> +	 */
> +	"gxtp7380",
> +	"ite_8291",
> +	"ite_8291_lb",
> +	"ite_8297",
> +	"ite_829x",
> +	"stk8321",
> +	"tuxedo_compatibility_check",
> +	"tuxedo_io",
> +	"tuxedo_nb02_nvidia_power_ctrl",
> +	"tuxedo_nb04_keyboard",
> +	"tuxedo_nb04_wmi_ab",
> +	"tuxedo_nb04_wmi_bs",
> +	"tuxedo_nb04_sensors",
> +	"tuxedo_nb04_power_profiles",
> +	"tuxedo_nb04_kbd_backlight",
> +	"tuxedo_nb05_keyboard",
> +	"tuxedo_nb05_kbd_backlight",
> +	"tuxedo_nb05_power_profiles",
> +	"tuxedo_nb05_ec",
> +	"tuxedo_nb05_sensors",
> +	"tuxedo_nb05_fan_control",
> +	"tuxi_acpi",
> +	"tuxedo_tuxi_fan_control",
> +	"clevo_wmi",
> +	"tuxedo_keyboard",
> +	"clevo_acpi",
> +	"uniwill_wmi",
>  };

This does not prevent module rename on their side and still bypass the
module license taint check right?

>  
>  /*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ