Message ID | 20241114103133.547032-6-ukleinek@kernel.org (mailing list archive) |
---|---|
State | Handled Elsewhere |
Headers | show |
Series | module: Block modules by Tuxedo from accessing GPL symbols | expand |
Context | Check | Description |
---|---|---|
mcgrof/vmtest-modules-next-PR | success | PR summary |
mcgrof/vmtest-modules-next-VM_Test-1 | success | Logs for Run CI tests |
mcgrof/vmtest-modules-next-VM_Test-0 | success | Logs for Run CI tests |
mcgrof/vmtest-modules-next-VM_Test-5 | success | Logs for setup / Setup kdevops environment |
mcgrof/vmtest-modules-next-VM_Test-4 | success | Logs for setup / Setup kdevops environment |
mcgrof/vmtest-modules-next-VM_Test-2 | success | Logs for cleanup / Archive results and cleanup |
mcgrof/vmtest-modules-next-VM_Test-3 | success | Logs for cleanup / Archive results and cleanup |
On Thu Nov 14, 2024 at 11:31 AM CET, Uwe Kleine-König wrote: > Tuxedo licenses the modules used on their hardware under GPLv3+, to > "keep control of the upstream pacing" – and want to re-license the code > while upstreaming. > > They were asked to then at least not use MODULE_LICENSE("GPL") which > declares compatibility to the kernel's GPLv2. They accepted the pull > request and shortly after reverted the change and so continue to lie > about the license. > > So teach the module loader that these modules are proprietary despite > their declaration to be GPLv2 compatible "until the legal stuff is > sorted out". > > Link: https://protect2.fireeye.com/v1/url?k=02b4686b-633f7d5d-02b5e324-74fe485cbff1-8cd9af635fd1f7c7&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427 > Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> > --- > kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/kernel/module/main.c b/kernel/module/main.c > index 878191c65efc..46badbb09d5e 100644 > --- a/kernel/module/main.c > +++ b/kernel/module/main.c > @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = { > > /* lve claims to be GPL but upstream won't provide source */ > "lve", > + > + /* > + * Tuxedo distributes their kernel modules under GPLv3, but intentially Typo here. > + * lies in their MODULE_LICENSE() calls. > + * See https://protect2.fireeye.com/v1/url?k=60e8a9e4-0163bcd2-60e922ab-74fe485cbff1-eff87fdcdb83953a&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427 > + */ > + "gxtp7380", > + "ite_8291", > + "ite_8291_lb", > + "ite_8297", > + "ite_829x", > + "stk8321", > + "tuxedo_compatibility_check", > + "tuxedo_io", > + "tuxedo_nb02_nvidia_power_ctrl", > + "tuxedo_nb04_keyboard", > + "tuxedo_nb04_wmi_ab", > + "tuxedo_nb04_wmi_bs", > + "tuxedo_nb04_sensors", > + "tuxedo_nb04_power_profiles", > + "tuxedo_nb04_kbd_backlight", > + "tuxedo_nb05_keyboard", > + "tuxedo_nb05_kbd_backlight", > + "tuxedo_nb05_power_profiles", > + "tuxedo_nb05_ec", > + "tuxedo_nb05_sensors", > + "tuxedo_nb05_fan_control", > + "tuxi_acpi", > + "tuxedo_tuxi_fan_control", > + "clevo_wmi", > + "tuxedo_keyboard", > + "clevo_acpi", > + "uniwill_wmi", > }; This does not prevent module rename on their side and still bypass the module license taint check right? > > /*
Thanks for doing this!
Reviewed-by: Christoph Hellwig <hch@lst.de>
On Thu, 14 Nov 2024 08:09:17 -0800 Christoph Hellwig <hch@infradead.org> wrote: > Thanks for doing this! > > Reviewed-by: Christoph Hellwig <hch@lst.de> (Just as a heads-up, I have no affiliation with Tuxedo. Also, I've tried to tone down my email a bit, but I am pretty upset after looking at this, and really, *really* do not want to use a kernel that has this patch set merged. Also, I'm speaking strictly in my own capacity here.) I might be misunderstanding things here, but does this patch set prevent end-users from compiling and using Tuxedo's modules themselves if they want to? AIUI, it's fine to distribute GPLv3 code that is intended to link against GPLv2 code as long as you don't distribute the binary you get after compiling and linking. It looks to me like this patch will prevent users from compiling Tuxedo's modules for personal use on their own systems though. I personally dislike that for ethical reasons - I should be able to use whatever code I legally obtain on my system, and I don't like my use of Linux being wielded against another open-source project by requiring them to relicense their code or no one will be able to use their modules. -- Aaron Ubuntu Developer Launchpad: https://launchpad.net/~arraybolt3 Matrix: @arraybolt3:ubuntu.com Github: https://github.com/ArrayBolt3 Mastodon: @arraybolt3@theres.life
On Thu, Nov 14, 2024 at 01:21:41PM -0600, Aaron Rainbolt wrote: > binary you get after compiling and linking. It looks to me like this > patch will prevent users from compiling Tuxedo's modules for personal > use on their own systems though. I personally dislike that for ethical > reasons - I should be able to use whatever code I legally obtain on my > system, and I don't like my use of Linux being wielded against another > open-source project by requiring them to relicense their code or no one > will be able to use their modules. I would question the "open-source" part here, TBH... I'm no fan of GPLv3 (to put it mildly), but I really wonder if that use of said license is in keeping with its, er, spirit. Ironic, that... Seriously, WTF had these folks had been thinking when they chose GPLv3 for a kernel module? I'm yet to see any coherent explanation - and the ones I have seen would be _really_ incompatible with the stated goals of GPLv3. To such a degree that I can't take them as anything plausible. Could somebody who'd been there at least explain the rationale for the license choice made back then?
On Thu, Nov 14, 2024 at 12:56:20PM +0100, Daniel Gomez wrote: > On Thu Nov 14, 2024 at 11:31 AM CET, Uwe Kleine-König wrote: > > Tuxedo licenses the modules used on their hardware under GPLv3+, to > > "keep control of the upstream pacing" – and want to re-license the code > > while upstreaming. > > > > They were asked to then at least not use MODULE_LICENSE("GPL") which > > declares compatibility to the kernel's GPLv2. They accepted the pull > > request and shortly after reverted the change and so continue to lie > > about the license. > > > > So teach the module loader that these modules are proprietary despite > > their declaration to be GPLv2 compatible "until the legal stuff is > > sorted out". > > > > Link: https://protect2.fireeye.com/v1/url?k=02b4686b-633f7d5d-02b5e324-74fe485cbff1-8cd9af635fd1f7c7&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427 > > Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> > > --- > > kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++ > > 1 file changed, 33 insertions(+) > > > > diff --git a/kernel/module/main.c b/kernel/module/main.c > > index 878191c65efc..46badbb09d5e 100644 > > --- a/kernel/module/main.c > > +++ b/kernel/module/main.c > > @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = { > > > > /* lve claims to be GPL but upstream won't provide source */ > > "lve", > > + > > + /* > > + * Tuxedo distributes their kernel modules under GPLv3, but intentially > Typo here. > > + * lies in their MODULE_LICENSE() calls. > > + * See https://protect2.fireeye.com/v1/url?k=60e8a9e4-0163bcd2-60e922ab-74fe485cbff1-eff87fdcdb83953a&q=1&e=5f0a08bc-f529-4e41-a7a1-5aa45c54b8d9&u=https%3A%2F%2Fgitlab.com%2Ftuxedocomputers%2Fdevelopment%2Fpackages%2Ftuxedo-drivers%2F-%2Fcommit%2Fa8c09b6c2ce6393fe39d8652d133af9f06cfb427 > > + */ > > + "gxtp7380", > > + "ite_8291", > > + "ite_8291_lb", > > + "ite_8297", > > + "ite_829x", > > + "stk8321", > > + "tuxedo_compatibility_check", > > + "tuxedo_io", > > + "tuxedo_nb02_nvidia_power_ctrl", > > + "tuxedo_nb04_keyboard", > > + "tuxedo_nb04_wmi_ab", > > + "tuxedo_nb04_wmi_bs", > > + "tuxedo_nb04_sensors", > > + "tuxedo_nb04_power_profiles", > > + "tuxedo_nb04_kbd_backlight", > > + "tuxedo_nb05_keyboard", > > + "tuxedo_nb05_kbd_backlight", > > + "tuxedo_nb05_power_profiles", > > + "tuxedo_nb05_ec", > > + "tuxedo_nb05_sensors", > > + "tuxedo_nb05_fan_control", > > + "tuxi_acpi", > > + "tuxedo_tuxi_fan_control", > > + "clevo_wmi", > > + "tuxedo_keyboard", > > + "clevo_acpi", > > + "uniwill_wmi", > > }; > > This does not prevent module rename on their side and still bypass the > module license taint check right? Intent matters. If people rename their modules just to try to work around a check like this, and do not actually properly change the license of the code, it's obvious what they are doing is against the wishes of the project. thanks, greg k-h
On Thu, Nov 14, 2024 at 11:31:34AM +0100, Uwe Kleine-König wrote: > Tuxedo licenses the modules used on their hardware under GPLv3+, to > "keep control of the upstream pacing" – and want to re-license the code > while upstreaming. > > They were asked to then at least not use MODULE_LICENSE("GPL") which > declares compatibility to the kernel's GPLv2. They accepted the pull > request and shortly after reverted the change and so continue to lie > about the license. > > So teach the module loader that these modules are proprietary despite > their declaration to be GPLv2 compatible "until the legal stuff is > sorted out". > > Link: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427 > Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hi, Am 14.11.24 um 11:31 schrieb Uwe Kleine-König: > Tuxedo licenses the modules used on their hardware under GPLv3+, to > "keep control of the upstream pacing" – and want to re-license the code > while upstreaming. > > They were asked to then at least not use MODULE_LICENSE("GPL") which > declares compatibility to the kernel's GPLv2. They accepted the pull > request and shortly after reverted the change and so continue to lie > about the license. > > So teach the module loader that these modules are proprietary despite > their declaration to be GPLv2 compatible "until the legal stuff is > sorted out". The relicensing is complete so this patch can be dropped entirely (everything is now GPLv2+) Regards, Werner Sembach > > Link: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427 > Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> > --- > kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++ > 1 file changed, 33 insertions(+) > > diff --git a/kernel/module/main.c b/kernel/module/main.c > index 878191c65efc..46badbb09d5e 100644 > --- a/kernel/module/main.c > +++ b/kernel/module/main.c > @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = { > > /* lve claims to be GPL but upstream won't provide source */ > "lve", > + > + /* > + * Tuxedo distributes their kernel modules under GPLv3, but intentially > + * lies in their MODULE_LICENSE() calls. > + * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427 > + */ > + "gxtp7380", > + "ite_8291", > + "ite_8291_lb", > + "ite_8297", > + "ite_829x", > + "stk8321", > + "tuxedo_compatibility_check", > + "tuxedo_io", > + "tuxedo_nb02_nvidia_power_ctrl", > + "tuxedo_nb04_keyboard", > + "tuxedo_nb04_wmi_ab", > + "tuxedo_nb04_wmi_bs", > + "tuxedo_nb04_sensors", > + "tuxedo_nb04_power_profiles", > + "tuxedo_nb04_kbd_backlight", > + "tuxedo_nb05_keyboard", > + "tuxedo_nb05_kbd_backlight", > + "tuxedo_nb05_power_profiles", > + "tuxedo_nb05_ec", > + "tuxedo_nb05_sensors", > + "tuxedo_nb05_fan_control", > + "tuxi_acpi", > + "tuxedo_tuxi_fan_control", > + "clevo_wmi", > + "tuxedo_keyboard", > + "clevo_acpi", > + "uniwill_wmi", > }; > > /*
diff --git a/kernel/module/main.c b/kernel/module/main.c index 878191c65efc..46badbb09d5e 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2338,6 +2338,39 @@ static const char *module_license_offenders[] = { /* lve claims to be GPL but upstream won't provide source */ "lve", + + /* + * Tuxedo distributes their kernel modules under GPLv3, but intentially + * lies in their MODULE_LICENSE() calls. + * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427 + */ + "gxtp7380", + "ite_8291", + "ite_8291_lb", + "ite_8297", + "ite_829x", + "stk8321", + "tuxedo_compatibility_check", + "tuxedo_io", + "tuxedo_nb02_nvidia_power_ctrl", + "tuxedo_nb04_keyboard", + "tuxedo_nb04_wmi_ab", + "tuxedo_nb04_wmi_bs", + "tuxedo_nb04_sensors", + "tuxedo_nb04_power_profiles", + "tuxedo_nb04_kbd_backlight", + "tuxedo_nb05_keyboard", + "tuxedo_nb05_kbd_backlight", + "tuxedo_nb05_power_profiles", + "tuxedo_nb05_ec", + "tuxedo_nb05_sensors", + "tuxedo_nb05_fan_control", + "tuxi_acpi", + "tuxedo_tuxi_fan_control", + "clevo_wmi", + "tuxedo_keyboard", + "clevo_acpi", + "uniwill_wmi", }; /*
Tuxedo licenses the modules used on their hardware under GPLv3+, to "keep control of the upstream pacing" – and want to re-license the code while upstreaming. They were asked to then at least not use MODULE_LICENSE("GPL") which declares compatibility to the kernel's GPLv2. They accepted the pull request and shortly after reverted the change and so continue to lie about the license. So teach the module loader that these modules are proprietary despite their declaration to be GPLv2 compatible "until the legal stuff is sorted out". Link: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427 Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org> --- kernel/module/main.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)