On Thu, Jul 16, 2020 at 04:53:24PM +0300, Ard Biesheuvel wrote: > On Thu, 16 Jul 2020 at 16:41, Marcelo Henrique Cerri > wrote: > > > > On Thu, Jul 16, 2020 at 04:09:39PM +0300, Ard Biesheuvel wrote: > > > On Thu, 16 Jul 2020 at 15:50, Marcelo Henrique Cerri > > > wrote: > > > > > > > > No. The code is really based on Gnu MP. I used the header from > > > > lib/mpi/mpi-pow.c as reference and that's source of the mention to > > > > GnuPG that went unnoticed by me. > > > > > > > > > > So where did the file lib/mpi/mpi-sub-ui.c come from? From GnuPG or > > > from GnuMP? Did you modify the license statement? Because as proposed, > > > this patch clearly is not acceptable from GPL compliance point of > > > view. > > > > Sorry for the confusion. The code is from Gnu MP (not GnuPG). > > > > Gnu MP is distributed under either LGPLv3 or later or GPLv2 or later > > (check their license statement on the aors_ui.h file below). > > > > For mpi-sub-ui.h I added a SPDX identifier for GPLv2 or later and I > > kept the FSF copyright line. > > > > I also used the header from mpi-powm.c as a reference basically to > > inform the code was changed from its original form. > > > > Here lies my mistake, I didn't notice that part was referring to GnuPG > > instead of Gnu MP. > > > > So mpi-sub-ui.h header was actually intended to be: > > > > // SPDX-License-Identifier: GPL-2.0-or-later > > /* mpi-sub-ui.c - MPI functions > > * Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015 > > * Free Software Foundation, Inc. > > * > > * This file is part of Gnu MP. > > * > > * Note: This code is heavily based on the GNU MP Library. > > * Actually it's the same code with only minor changes in the > > * way the data is stored; this is to support the abstraction > > * of an optional secure memory allocation which may be used > > * to avoid revealing of sensitive data due to paging etc. > > * The GNU MP Library itself is published under the LGPL; > > * however I decided to publish this code under the plain GPL. > > */ > > > > Or maybe instead of "This file is part of Gnu MP.", "This file is > > based on Gnu MP" might be more appropriate. > > > > Do you have any license concerns considering this updated header? > > > > Yes. How can this code be both part of GnuMP *and* be heavily based on > it, but with changes? > > Please avoid making changes to the original header, just add the SPDX > header in front, and add a clear justification in the commit log where > the file came from (preferably including git url and commit ID), and > what you based your assertion on that its license is compatible with > GPLv2. The commit message is stating the origin, but I can add a reference to the mercurial repo with its corresponding id. > > Ideally, you would import the file *exactly* as it appears in the > upstream in one patch (with the above justification), and apply any > necessary changes in a subsequent patch, so it's crystal clear that > we are complying with the original license. I'm not sure that's the ideal approach for this case. The logic is the same but since naming convention, macros, data types and etc are pretty different everything was basically re-written to fit the kernel. Adding the original file and then massively changing will just add unnecessary noise. If you agree I will update the commit message with more details about the original source and then just update the comment header in mpi-sub-ui.c following closely the original header with minor adjustments to explain its origin and to fix some checkpatch warnings. Something like that: // SPDX-License-Identifier: GPL-2.0-or-later /* mpi-sub-ui.c - Subtract an unsigned integer from an MPI. * * Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015 * Free Software Foundation, Inc. * * This file was based on the GNU MP Library source file: * https://gmplib.org/repo/gmp-6.2/file/tip/mpz/aors_ui.h * * The GNU MP Library is free software; you can redistribute it and/or modify * it under the terms of either: * * * the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at your * option) any later version. * * or * * * the GNU General Public License as published by the Free Software * Foundation; either version 2 of the License, or (at your option) any * later version. * * or both in parallel, as here. * * The GNU MP Library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * * You should have received copies of the GNU General Public License and the * GNU Lesser General Public License along with the GNU MP Library. If not, * see https://www.gnu.org/licenses/. */ > > > > > > > > > > > > > > > > > > You can find the original Gnu MP source that I used as reference in > > > > the file gmp-6.2.0/mpz/aors_ui.h from: > > > > > > > > https://gmplib.org/download/gmp/gmp-6.2.0.tar.lz > > > > > > > > I'm pasting the contents of gmp-6.2.0/mpz/aors_ui.h below for > > > > reference. Do you think we should use or adapt the original header > > > > instead? > > > > > > > > That said, assuming the patch set submitted by Tianjia is updated to > > > > ensure that mpi_sub_ui() and other functions are returning allocation > > > > errors, we could drop this patch in favor of that patch set that is > > > > more extensive and also provides an implementation to mpi_sub_ui(). > > > > > > > > > > > > --->8--- > > > > /* mpz_add_ui, mpz_sub_ui -- Add or subtract an mpz_t and an unsigned > > > > one-word integer. > > > > > > > > Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015 > > > > Free Software Foundation, Inc. > > > > > > > > > > Gnu MP license -. > > V > > > > > > > > This file is part of the GNU MP Library. > > > > > > > > The GNU MP Library is free software; you can redistribute it and/or modify > > > > it under the terms of either: > > > > > > > > * the GNU Lesser General Public License as published by the Free > > > > Software Foundation; either version 3 of the License, or (at your > > > > option) any later version. > > > > > > > > or > > > > > > > > * the GNU General Public License as published by the Free Software > > > > Foundation; either version 2 of the License, or (at your option) any > > > > later version. > > > > > > > > or both in parallel, as here. > > > > > > > > The GNU MP Library is distributed in the hope that it will be useful, but > > > > WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY > > > > or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License > > > > for more details. > > > > > > > > You should have received copies of the GNU General Public License and the > > > > GNU Lesser General Public License along with the GNU MP Library. If not, > > > > see https://www.gnu.org/licenses/. */ > > > > > > > > #include "gmp-impl.h" > > > > > > > > > > > > #ifdef OPERATION_add_ui > > > > #define FUNCTION mpz_add_ui > > > > #define FUNCTION2 mpz_add > > > > #define VARIATION_CMP >= > > > > #define VARIATION_NEG > > > > #define VARIATION_UNNEG - > > > > #endif > > > > > > > > #ifdef OPERATION_sub_ui > > > > #define FUNCTION mpz_sub_ui > > > > #define FUNCTION2 mpz_sub > > > > #define VARIATION_CMP < > > > > #define VARIATION_NEG - > > > > #define VARIATION_UNNEG > > > > #endif > > > > > > > > #ifndef FUNCTION > > > > Error, need OPERATION_add_ui or OPERATION_sub_ui > > > > #endif > > > > > > > > > > > > void > > > > FUNCTION (mpz_ptr w, mpz_srcptr u, unsigned long int vval) > > > > { > > > > mp_srcptr up; > > > > mp_ptr wp; > > > > mp_size_t usize, wsize; > > > > mp_size_t abs_usize; > > > > > > > > #if BITS_PER_ULONG > GMP_NUMB_BITS /* avoid warnings about shift amount */ > > > > if (vval > GMP_NUMB_MAX) > > > > { > > > > mpz_t v; > > > > mp_limb_t vl[2]; > > > > PTR(v) = vl; > > > > vl[0] = vval & GMP_NUMB_MASK; > > > > vl[1] = vval >> GMP_NUMB_BITS; > > > > SIZ(v) = 2; > > > > FUNCTION2 (w, u, v); > > > > return; > > > > } > > > > #endif > > > > > > > > usize = SIZ (u); > > > > if (usize == 0) > > > > { > > > > MPZ_NEWALLOC (w, 1)[0] = vval; > > > > SIZ (w) = VARIATION_NEG (vval != 0); > > > > return; > > > > } > > > > > > > > abs_usize = ABS (usize); > > > > > > > > /* If not space for W (and possible carry), increase space. */ > > > > wp = MPZ_REALLOC (w, abs_usize + 1); > > > > > > > > /* These must be after realloc (U may be the same as W). */ > > > > up = PTR (u); > > > > > > > > if (usize VARIATION_CMP 0) > > > > { > > > > mp_limb_t cy; > > > > cy = mpn_add_1 (wp, up, abs_usize, (mp_limb_t) vval); > > > > wp[abs_usize] = cy; > > > > wsize = VARIATION_NEG (abs_usize + cy); > > > > } > > > > else > > > > { > > > > /* The signs are different. Need exact comparison to determine > > > > which operand to subtract from which. */ > > > > if (abs_usize == 1 && up[0] < vval) > > > > { > > > > wp[0] = vval - up[0]; > > > > wsize = VARIATION_NEG 1; > > > > } > > > > else > > > > { > > > > mpn_sub_1 (wp, up, abs_usize, (mp_limb_t) vval); > > > > /* Size can decrease with at most one limb. */ > > > > wsize = VARIATION_UNNEG (abs_usize - (wp[abs_usize - 1] == 0)); > > > > } > > > > } > > > > > > > > SIZ (w) = wsize; > > > > } > > > > --->*--- > > > > > > > > > > > > > > > > On Thu, Jul 16, 2020 at 11:41:17AM +0300, Ard Biesheuvel wrote: > > > > > On Thu, 16 Jul 2020 at 10:30, Herbert Xu wrote: > > > > > > > > > > > > On Sun, Jul 12, 2020 at 06:39:54PM +0200, Stephan Müller wrote: > > > > > > > > > > > > > > diff --git a/lib/mpi/mpi-sub-ui.c b/lib/mpi/mpi-sub-ui.c > > > > > > > new file mode 100644 > > > > > > > index 000000000000..fa6b085bac36 > > > > > > > --- /dev/null > > > > > > > +++ b/lib/mpi/mpi-sub-ui.c > > > > > > > @@ -0,0 +1,60 @@ > > > > > > > +// SPDX-License-Identifier: GPL-2.0-or-later > > > > > > > +/* mpi-sub-ui.c - MPI functions > > > > > > > + * Copyright 1991, 1993, 1994, 1996, 1999-2002, 2004, 2012, 2013, 2015 > > > > > > > + * Free Software Foundation, Inc. > > > > > > > + * > > > > > > > + * This file is part of GnuPG. > > > > > > > + * > > > > > > > + * Note: This code is heavily based on the GNU MP Library. > > > > > > > + * Actually it's the same code with only minor changes in the > > > > > > > + * way the data is stored; this is to support the abstraction > > > > > > > + * of an optional secure memory allocation which may be used > > > > > > > + * to avoid revealing of sensitive data due to paging etc. > > > > > > > + * The GNU MP Library itself is published under the LGPL; > > > > > > > + * however I decided to publish this code under the plain GPL. > > > > > > > + */ > > > > > > > > > > > > Hmm, you said that this code is from GNU MP. But this notice clearly > > > > > > says that it's part of GnuPG and is under GPL. Though it doesn't > > > > > > clarify what version of GPL it is. Can you please clarify this with > > > > > > the author? > > > > > > > > > > > > > > > > GnuPG was relicensed under GPLv3 in ~2007, IIRC, so given the > > > > > copyright years and the explicit statements that the file is part of > > > > > GnuPG and not under the original LGPL license, there is no way we can > > > > > take this code under the kernel's GPLv2 license. > > > > > > > > -- > > > > Regards, > > > > Marcelo > > > > > > > > -- > > Regards, > > Marcelo > > -- Regards, Marcelo