[PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Werner Sembach]

The situation was less severe then I feared. I'm awaiting replys regarding this: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/17 and this: https://github.com/tuxedocomputers/tuxedo-keyboard/pull/155 (via mail as the GitHub repo is archived).

This is to let upstream know the results of me going through the commits and I hope that this does not get merge without giving us reasonable time to resolve the last module, which would obsolete patch 2/2.

[PATCH v5 1/2] module: Put known GPL offenders in an array

[Werner Sembach]

From: Uwe Kleine-König <ukleinek@kernel.org>

Instead of repeating the add_taint_module() call for each offender, create
an array and loop over that one. This simplifies adding new entries
considerably.

Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
---
 kernel/module/main.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/kernel/module/main.c b/kernel/module/main.c
index 49b9bca9de12f..905d7b60dd709 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2023,11 +2023,20 @@ static int rewrite_section_headers(struct load_info *info, int flags)
 	return 0;
 }
 
+static const char *module_license_offenders[] = {
+	/* driverloader was caught wrongly pretending to be under GPL */
+	"driverloader",
+
+	/* lve claims to be GPL but upstream won't provide source */
+	"lve",
+};
+
 /*
  * These calls taint the kernel depending certain module circumstances */
 static void module_augment_kernel_taints(struct module *mod, struct load_info *info)
 {
 	int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE);
+	size_t i;
 
 	if (!get_modinfo(info, "intree")) {
 		if (!test_taint(TAINT_OOT_MODULE))
@@ -2076,15 +2085,11 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
 	if (strcmp(mod->name, "ndiswrapper") == 0)
 		add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);
 
-	/* driverloader was caught wrongly pretending to be under GPL */
-	if (strcmp(mod->name, "driverloader") == 0)
-		add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
-				 LOCKDEP_NOW_UNRELIABLE);
-
-	/* lve claims to be GPL but upstream won't provide source */
-	if (strcmp(mod->name, "lve") == 0)
-		add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
-				 LOCKDEP_NOW_UNRELIABLE);
+	for (i = 0; i < ARRAY_SIZE(module_license_offenders); ++i) {
+		if (strcmp(mod->name, module_license_offenders[i]) == 0)
+			add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
+					 LOCKDEP_NOW_UNRELIABLE);
+	}
 
 	if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE))
 		pr_warn("%s: module license taints kernel.\n", mod->name);
-- 
2.43.0

[PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Werner Sembach]

From: Uwe Kleine-König <ukleinek@kernel.org>

TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
contributers the committed code under GPLv3+ is awaited.

Teach the module loader that this module is not GPLv2 compatible despite
the declaration to be GPLv2 compatible until the relicensing is complete.

Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
[Remove relicensed modules and accusatory language]
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
---
 kernel/module/main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kernel/module/main.c b/kernel/module/main.c
index 905d7b60dd709..df2549352ca8a 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2029,6 +2029,14 @@ static const char *module_license_offenders[] = {
 
 	/* lve claims to be GPL but upstream won't provide source */
 	"lve",
+
+	/*
+	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
+	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
+	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
+	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
+	 */
+	"clevo_acpi",
 };
 
 /*
-- 
2.43.0

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Daniel Gomez]

On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
> From: Uwe Kleine-König <ukleinek@kernel.org>
>
> TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> contributers the committed code under GPLv3+ is awaited.

FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
you don't need to include the full text boilerplate in the source of every file
as long as you include a LICENSE file or COPYRIGHT file with a copy of the
license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
GPLv2 boilerplate/reference with SPDX - rule 156").

[1] https://spdx.org/licenses/GPL-2.0+.html
[2] https://spdx.org/licenses/GPL-2.0-or-later.html
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea


Daniel
>
> Teach the module loader that this module is not GPLv2 compatible despite
> the declaration to be GPLv2 compatible until the relicensing is complete.
>
> Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
> [Remove relicensed modules and accusatory language]
> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
> ---
>  kernel/module/main.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 905d7b60dd709..df2549352ca8a 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2029,6 +2029,14 @@ static const char *module_license_offenders[] = {
>  
>  	/* lve claims to be GPL but upstream won't provide source */
>  	"lve",
> +
> +	/*
> +	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
> +	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
> +	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
> +	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
> +	 */
> +	"clevo_acpi",
>  };
>  
>  /*

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Uwe Kleine-König]

[-- Attachment #1: Type: text/plain, Size: 1750 bytes --]

On Sat, Nov 16, 2024 at 09:15:55AM +0100, Daniel Gomez wrote:
> On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
> > From: Uwe Kleine-König <ukleinek@kernel.org>
> >
> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> > contributers the committed code under GPLv3+ is awaited.
> 
> FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
> need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
> you don't need to include the full text boilerplate in the source of every file
> as long as you include a LICENSE file or COPYRIGHT file with a copy of the
> license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
> GPLv2 boilerplate/reference with SPDX - rule 156").
> 
> [1] https://spdx.org/licenses/GPL-2.0+.html
> [2] https://spdx.org/licenses/GPL-2.0-or-later.html
> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea

If you're convinced that "GPL-2.0-or-later" is the right string to use
(and the following somewhat agrees with you:

	linux$ git rev-parse next/master
	744cf71b8bdfcdd77aaf58395e068b7457634b2c

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0+' next/master | wc -l
	3640

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0-or-later' next/master | wc -l
	9005
)

you can consider patching Documentation/process/license-rules.rst which
currently reads:

   License identifiers for licenses like [L]GPL with the 'or later' option
   are constructed by using a "+" for indicating the 'or later' option.::

      // SPDX-License-Identifier: GPL-2.0+
      // SPDX-License-Identifier: LGPL-2.1+

Best regards
Uwe

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Daniel Gomez]

On Sat Nov 16, 2024 at 6:20 PM CET, Uwe Kleine-König wrote:
> On Sat, Nov 16, 2024 at 09:15:55AM +0100, Daniel Gomez wrote:
>> On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
>> > From: Uwe Kleine-König <ukleinek@kernel.org>
>> >
>> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
>> > contributers the committed code under GPLv3+ is awaited.
>> 
>> FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
>> need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
>> you don't need to include the full text boilerplate in the source of every file
>> as long as you include a LICENSE file or COPYRIGHT file with a copy of the
>> license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
>> GPLv2 boilerplate/reference with SPDX - rule 156").
>> 
>> [1] https://protect2.fireeye.com/v1/url?k=86f7819c-e78c2b15-86f60ad3-74fe48600034-4f48619e45d5b211&q=1&e=7cb2448b-7ab2-415e-b77d-ad14970bc0a0&u=https%3A%2F%2Fspdx.org%2Flicenses%2FGPL-2.0%2B.html
>> [2] https://protect2.fireeye.com/v1/url?k=939eb0bf-f2e51a36-939f3bf0-74fe48600034-b542784fecbfce13&q=1&e=7cb2448b-7ab2-415e-b77d-ad14970bc0a0&u=https%3A%2F%2Fspdx.org%2Flicenses%2FGPL-2.0-or-later.html
>> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea
>
> If you're convinced that "GPL-2.0-or-later" is the right string to use
> (and the following somewhat agrees with you:

Thomas and Greg may have decided not deprecating the old identifiers [1]
to avoid modifying thousands of files. I think it was expected the SPDX
to mark them as equivalent? But I'm not entirely sure if this is the
correct approach though as SPDX marks them as deprecated as I mentioned
earlier.

Thomas, Greg, are we using any specific SPDX version for kernel license
identifiers? Why the new identifiers where amended as valid and not
replacing [2] the old ones? Was it to avoid replacing all files with the
old id?

[1] https://lore.kernel.org/all/alpine.DEB.2.21.1804240953460.5261@nanos.tec.linutronix.de/
[2] 9376ff9ba298c983062a12cbbafde506a4eaea71 ("LICENSES/GPL2.0: Add
GPL-2.0-only/or-later as valid identifiers")

Daniel

>
> 	linux$ git rev-parse next/master
> 	744cf71b8bdfcdd77aaf58395e068b7457634b2c
>
> 	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0+' next/master | wc -l
> 	3640
>
> 	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0-or-later' next/master | wc -l
> 	9005
> )
>
> you can consider patching Documentation/process/license-rules.rst which
> currently reads:
>
>    License identifiers for licenses like [L]GPL with the 'or later' option
>    are constructed by using a "+" for indicating the 'or later' option.::
>
>       // SPDX-License-Identifier: GPL-2.0+
>       // SPDX-License-Identifier: LGPL-2.1+
>
> Best regards
> Uwe

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Greg Kroah-Hartman]

On Mon, Nov 18, 2024 at 10:05:27AM +0100, Daniel Gomez wrote:
> Thomas, Greg, are we using any specific SPDX version for kernel license
> identifiers? Why the new identifiers where amended as valid and not
> replacing [2] the old ones? Was it to avoid replacing all files with the
> old id?

Yes it was.  Let's worry about getting all files in the kernel properly
tagged before even considering moving to newer versions of the SPDX
specification.  When we started this, we used the most up to date tags,
but then they changed, and we didn't want to change all of the kernel
while half-way in the middle of the conversion.

Just leave it as-is please.

thanks,

greg k-h

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Werner Sembach]

Hi,

Am 15.11.24 um 19:50 schrieb Werner Sembach:
> From: Uwe Kleine-König <ukleinek@kernel.org>
>
> TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> contributers the committed code under GPLv3+ is awaited.
>
> Teach the module loader that this module is not GPLv2 compatible despite
> the declaration to be GPLv2 compatible until the relicensing is complete.

The relicensing is complete so this patch can be dropped entierly

Regards,

Werner Sembach

>
> Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
> [Remove relicensed modules and accusatory language]
> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
> ---
>   kernel/module/main.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 905d7b60dd709..df2549352ca8a 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2029,6 +2029,14 @@ static const char *module_license_offenders[] = {
>   
>   	/* lve claims to be GPL but upstream won't provide source */
>   	"lve",
> +
> +	/*
> +	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
> +	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
> +	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
> +	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
> +	 */
> +	"clevo_acpi",
>   };
>   
>   /*

Re: [PATCH v5 2/2] module: Block a module by TUXEDO from accessing GPL symbols

[Luis Chamberlain]

On Mon, Nov 18, 2024 at 11:10:28AM +0100, Werner Sembach wrote:
> Hi,
> 
> Am 15.11.24 um 19:50 schrieb Werner Sembach:
> > From: Uwe Kleine-König <ukleinek@kernel.org>
> > 
> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> > contributers the committed code under GPLv3+ is awaited.
> > 
> > Teach the module loader that this module is not GPLv2 compatible despite
> > the declaration to be GPLv2 compatible until the relicensing is complete.
> 
> The relicensing is complete so this patch can be dropped entierly

Good to hear this has been resolved, the first patch is still a nice
cleanup so I'll take that in after the merge window, there's no need
to rush that in.

 Lis