| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024111507-parting-step-e5d3@gregkh>
Date: Fri, 15 Nov 2024 05:40:09 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Daniel Gomez <da.gomez@...sung.com>
Cc: Uwe Kleine-König <ukleinek@...nel.org>,
Luis Chamberlain <mcgrof@...nel.org>,
Werner Sembach <wse@...edocomputers.com>, tux@...edocomputers.com,
Petr Pavlu <petr.pavlu@...e.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org,
Thorsten Leemhuis <linux@...mhuis.info>
Subject: Re: [PATCH 2/2] module: Block modules by Tuxedo from accessing GPL
symbols
On Thu, Nov 14, 2024 at 12:56:20PM +0100, Daniel Gomez wrote:
> On Thu Nov 14, 2024 at 11:31 AM CET, Uwe Kleine-König wrote:
> > Tuxedo licenses the modules used on their hardware under GPLv3+, to
> > "keep control of the upstream pacing" – and want to re-license the code
> > while upstreaming.
> >
> > They were asked to then at least not use MODULE_LICENSE("GPL") which
> > declares compatibility to the kernel's GPLv2. They accepted the pull
> > request and shortly after reverted the change and so continue to lie
> > about the license.
> >
> > So teach the module loader that these modules are proprietary despite
> > their declaration to be GPLv2 compatible "until the legal stuff is
> > sorted out".
> >
> > Link: https://protect2.fireeye.com/v1/url?k=02b4686b-633f7d5d-02b5e324-74fe485cbff1-8cd9af635fd1f7c7&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427
> > Signed-off-by: Uwe Kleine-König <ukleinek@...nel.org>
> > ---
> > kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++
> > 1 file changed, 33 insertions(+)
> >
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index 878191c65efc..46badbb09d5e 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = {
> >
> > /* lve claims to be GPL but upstream won't provide source */
> > "lve",
> > +
> > + /*
> > + * Tuxedo distributes their kernel modules under GPLv3, but intentially
> Typo here.
> > + * lies in their MODULE_LICENSE() calls.
> > + * See https://protect2.fireeye.com/v1/url?k=60e8a9e4-0163bcd2-60e922ab-74fe485cbff1-eff87fdcdb83953a&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427
> > + */
> > + "gxtp7380",
> > + "ite_8291",
> > + "ite_8291_lb",
> > + "ite_8297",
> > + "ite_829x",
> > + "stk8321",
> > + "tuxedo_compatibility_check",
> > + "tuxedo_io",
> > + "tuxedo_nb02_nvidia_power_ctrl",
> > + "tuxedo_nb04_keyboard",
> > + "tuxedo_nb04_wmi_ab",
> > + "tuxedo_nb04_wmi_bs",
> > + "tuxedo_nb04_sensors",
> > + "tuxedo_nb04_power_profiles",
> > + "tuxedo_nb04_kbd_backlight",
> > + "tuxedo_nb05_keyboard",
> > + "tuxedo_nb05_kbd_backlight",
> > + "tuxedo_nb05_power_profiles",
> > + "tuxedo_nb05_ec",
> > + "tuxedo_nb05_sensors",
> > + "tuxedo_nb05_fan_control",
> > + "tuxi_acpi",
> > + "tuxedo_tuxi_fan_control",
> > + "clevo_wmi",
> > + "tuxedo_keyboard",
> > + "clevo_acpi",
> > + "uniwill_wmi",
> > };
>
> This does not prevent module rename on their side and still bypass the
> module license taint check right?
Intent matters. If people rename their modules just to try to work
around a check like this, and do not actually properly change the
license of the code, it's obvious what they are doing is against the
wishes of the project.
thanks,
greg k-h
Powered by blists - more mailing lists