From: Jessica Yu <jeyu@kernel.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg KH <gregkh@linuxfoundation.org>,
Jonathan Corbet <corbet@lwn.net>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Rusty Russell <rusty@rustcorp.com.au>,
Christoph Hellwig <hch@lst.de>,
Kate Stewart <kstewart@linuxfoundation.org>,
Philippe Ombredanne <pombredanne@nexb.com>
Subject: Re: [PATCH][RFC] module: Cure the MODULE_LICENSE "GPL" vs. "GPL v2" bogosity
Date: Tue, 29 Jan 2019 14:06:58 +0100 [thread overview]
Message-ID: <20190129130658.GA19205@linux-8ccs> (raw)
In-Reply-To: <alpine.DEB.2.21.1901282105450.1669@nanos.tec.linutronix.de>
+++ Thomas Gleixner [28/01/19 23:38 +0100]:
>The original MODULE_LICENSE string for kernel modules licensed under the
>GPL v2 (only / or later) was simply "GPL", which was - and still is -
>completely sufficient for the purpose of module loading and checking
>whether the module is free software or proprietary.
>
>In January 2003 this was changed with commit 3344ea3ad4b7 ("[PATCH]
>MODULE_LICENSE and EXPORT_SYMBOL_GPL support"). This commit can be found in
>the history git repository which holds the 1:1 import of Linus' bitkeeper
>repository:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git/commit/?id=3344ea3ad4b7c302c846a680dbaeedf96ed45c02
>
>The main intention of the patch was to refuse linking proprietary modules
>against symbols exported with EXPORT_SYMBOL_GPL() at module load time.
>
>As a completely undocumented side effect it also introduced the distinction
>between "GPL" and "GPL v2" MODULE_LICENSE() strings:
>
> * "GPL" [GNU Public License v2 or later]
> * "GPL v2" [GNU Public License v2]
> * "GPL and additional rights" [GNU Public License v2 rights and more]
> * "Dual BSD/GPL" [GNU Public License v2
> * or BSD license choice]
> * "Dual MPL/GPL" [GNU Public License v2
> * or Mozilla license choice]
>
>This distinction was and still is wrong in several aspects:
>
> 1) It broke all modules which were using the "GPL" string in the
> MODULE_LICENSE() already and were licensed under GPL v2 only.
>
> A quick license scan over the tree at that time shows that at least 480
> out of 1484 modules have been affected by this change back then. The
> number is probably way higher as this was just a quick check for
> clearly identifiable license information.
>
> There was exactly ONE instance of a "GPL v2" module license string in
> the kernel back then - drivers/net/tulip/xircom_tulip_cb.c which
> otherwise had no license information at all. There is no indication
> that the change above is any way related to this driver. The change
> happend with the 2.4.11 release which was on Oct. 9 2001 - so quite
> some time before the above commit. Unfortunately there is no trace on
> the intertubes to any discussion of this.
>
> 2) The dual licensed strings became ill defined as well because following
> the "GPL" vs. "GPL v2" distinction all dual licensed (or additional
> rights) MODULE_LICENSE strings would either require those dual licensed
> modules to be licensed under GPL v2 or later or just be unspecified for
> the dual licensing case. Neither choice is coherent with the GPL
> distinction.
>
>Due to the lack of a proper changelog and no real discussion on the patch
>submission other than a few implementation details, it's completely unclear
>why this distinction was introduced at all. Other than the comment in the
>module header file exists no documentation for this at all.
>
>From a license compliance and license scanning POV this distinction is a
>total nightmare.
>
>As of 5.0-rc2 2873 out of 9200 instances of MODULE_LICENSE() strings are
>conflicting with the actual license in the source code (either SPDX or
>license boilerplate/reference). A comparison between the scan of the
>history tree and a scan of current Linus tree shows to the extent that the
>git rename detection over Linus tree grafted with the history tree is
>halfways complete that almost none of the files which got broken in 2003
>have been cleaned up vs. the MODULE_LICENSE string. So subtracting those
>480 known instances from the conflicting 2800 of today more than 25% of the
>module authors got it wrong and it's a high propability that a large
>portion of the rest just got it right by chance.
>
>There is no value for the module loader to convey the detailed license
>information as the only decision to be made is whether the module is free
>software or not.
>
>The "and additional rights", "BSD" and "MPL" strings are not conclusive
>license information either. So there is no point in trying to make the GPL
>part conclusive and exact. As shown above it's already non conclusive for
>dual licensing and incoherent with a large portion of the module source.
>
>As an unintended side effect this distinction causes a major headache for
>license compliance, license scanners and the ongoing effort to clean up the
>license mess of the kernel.
>
>Therefore remove the well meant, but ill defined, distinction between "GPL"
>and "GPL v2" and document that:
>
> - "GPL" and "GPL v2" both express that the module is licensed under GPLv2
> (without a distinction of 'only' and 'or later') and is therefore kernel
> license compliant.
>
> - None of the MODULE_LICENSE strings can be used for expressing or
> determining the exact license
>
> - Their sole purpose is to decide whether the module is free software or
> not.
>
>Add a MODULE_LICENSE subsection to the license rule documentation as well.
>
>Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
>---
> Documentation/process/license-rules.rst | 62 ++++++++++++++++++++++++++++++++
> include/linux/module.h | 18 ++++++++-
> 2 files changed, 79 insertions(+), 1 deletion(-)
>--- a/Documentation/process/license-rules.rst
>+++ b/Documentation/process/license-rules.rst
>@@ -372,3 +372,65 @@ in the LICENSE subdirectories. This is r
> verification (e.g. checkpatch.pl) and to have the licenses ready to read
> and extract right from the source, which is recommended by various FOSS
> organizations, e.g. the `FSFE REUSE initiative <https://reuse.software/>`_.
>+
>+_`MODULE_LICENSE`
>+-----------------
>+
>+ Loadable kernel modules also require a MODULE_LICENSE() tag. This tag is
>+ neither a replacement for proper source code license information
>+ (SPDX-License-Identifier) nor in any way relevant for expressing or
>+ determining the exact license under which the source code of the module
>+ is provided.
>+
>+ The sole purpose of this tag is to provide sufficient information
>+ whether the module is free software or proprietary for the kernel
>+ module loader and for user space tools.
>+
>+ The valid license strings for MODULE_LICENSE() are:
>+
>+ ============================= =============================================
>+ "GPL" Module is licensed under GPL version 2. This
>+ does not express any distinction between
>+ GPL-2.0-only or GPL-2.0-or-later. The exact
>+ license information can only be determined
>+ via the license information in the
>+ corresponding source files.
>+
>+ "GPL v2" Same as "GPL v2". It exists for historic
>+ reasons.
Did you mean to say 'Same as "GPL"' here? (as in, "GPL v2" conveys the same
information as the "GPL" module license string)
>+
>+ "GPL and additional rights" Historical variant of expressing that the
>+ module source is dual licensed under a
>+ GPL v2 variant and MIT license. Please do
>+ not use in new code.
>+
>+ "Dual MIT/GPL" The correct way of expressing that the
>+ module is dual licensed under a GPL v2
>+ variant or MIT license choice.
>+
>+ "Dual BSD/GPL" The module is dual licensed under a GPL v2
>+ variant or BSD license choice. The exact
>+ variant of the BSD license can only be
>+ determined via the license information
>+ in the corresponding source files.
>+
>+ "Dual MPL/GPL" The module is dual licensed under a GPL v2
>+ variant or Mozilla Public License (MPL)
>+ choice. The exact variant of the MPL
>+ license can only be determined via the
>+ license information in the corresponding
>+ source files.
>+
>+ "Proprietary" The module is under a proprietary license.
>+ This string is soleley for proprietary third
s/soleley/solely/
Otherwise looks good. Thanks for clearing this all up.
Jessica
>+ party modules and cannot be used for modules
>+ which have their source code in the kernel
>+ tree. Modules tagged that way are tainting
>+ the kernel with the 'P' flag when loaded and
>+ the kernel module loader refuses to link such
>+ modules against symbols which are exported
>+ with EXPORT_SYMBOL_GPL().
>+ ============================= =============================================
>+
>+
>+
>--- a/include/linux/module.h
>+++ b/include/linux/module.h
>@@ -172,7 +172,7 @@ extern void cleanup_module(void);
> * The following license idents are currently accepted as indicating free
> * software modules
> *
>- * "GPL" [GNU Public License v2 or later]
>+ * "GPL" [GNU Public License v2]
> * "GPL v2" [GNU Public License v2]
> * "GPL and additional rights" [GNU Public License v2 rights and more]
> * "Dual BSD/GPL" [GNU Public License v2
>@@ -186,6 +186,22 @@ extern void cleanup_module(void);
> *
> * "Proprietary" [Non free products]
> *
>+ * Both "GPL v2" and "GPL" (the latter also in dual licensed strings) are
>+ * merily stating that the module is licensed under the GPL v2, but are not
>+ * telling whether "GPL v2 only" or "GPL v2 or later". The reason why there
>+ * are two variants is a historic and failed attempt to convey more
>+ * information in the MODULE_LICENSE string. For module loading the
>+ * "only/or later" distinction is completely irrelevant and does neither
>+ * replace the proper license identifiers in the corresponding source file
>+ * nor amends them in any way. The sole purpose is to make the
>+ * 'Proprietary' flagging work and to refuse to bind symbols which are
>+ * exported with EXPORT_SYMBOL_GPL when a non free module is loaded.
>+ *
>+ * In te same way "BSD" is not a clear license information. It merily
>+ * states, that the module is licensed under one of the compatible BSD
>+ * license variants. The detailed and correct license information is again
>+ * to be found in the corresponding source files.
>+ *
> * There are dual licensed components, but when running with Linux it is the
> * GPL that is relevant so this is a non issue. Similarly LGPL linked with GPL
> * is a GPL combined work.
next prev parent reply other threads:[~2019-01-29 13:07 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-28 22:38 [PATCH][RFC] module: Cure the MODULE_LICENSE "GPL" vs. "GPL v2" bogosity Thomas Gleixner
2019-01-29 1:32 ` Joe Perches
2019-01-29 5:27 ` Greg KH
2019-01-29 13:06 ` Jessica Yu [this message]
2019-01-29 14:11 ` Thomas Gleixner
2019-01-30 20:48 ` Alan Cox
2019-01-30 21:47 ` Thomas Gleixner
2019-02-07 0:21 ` Jonathan Corbet
2019-02-08 16:02 ` [PATCH v2] " Thomas Gleixner
2019-02-09 9:37 ` Philippe Ombredanne
2019-02-09 12:11 ` Greg KH
2019-02-10 18:58 ` Thomas Gleixner
2019-02-11 15:19 ` Jonathan Corbet
2019-02-11 8:44 ` Jessica Yu
2019-01-30 5:01 ` [PATCH][RFC] " Rusty Russell
2019-01-30 18:21 ` Thomas Gleixner
2019-01-30 20:45 ` Alan Cox
2019-01-30 22:00 ` Thomas Gleixner
2019-01-31 15:18 ` Philippe Ombredanne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190129130658.GA19205@linux-8ccs \
--to=jeyu@kernel.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=kstewart@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pombredanne@nexb.com \
--cc=rusty@rustcorp.com.au \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).