xref: /linux/Documentation/process/license-rules.rst (revision d003d772e64df08af04ee63609d47169ee82ae0e)
1.. SPDX-License-Identifier: GPL-2.0
2
3.. _kernel_licensing:
4
5Linux kernel licensing rules
6============================
7
8The Linux Kernel is provided under the terms of the GNU General Public
9License version 2 only (GPL-2.0), as provided in LICENSES/preferred/GPL-2.0,
10with an explicit syscall exception described in
11LICENSES/exceptions/Linux-syscall-note, as described in the COPYING file.
12
13This documentation file provides a description of how each source file
14should be annotated to make its license clear and unambiguous.
15It doesn't replace the Kernel's license.
16
17The license described in the COPYING file applies to the kernel source
18as a whole, though individual source files can have a different license
19which is required to be compatible with the GPL-2.0::
20
21    GPL-1.0+  :  GNU General Public License v1.0 or later
22    GPL-2.0+  :  GNU General Public License v2.0 or later
23    LGPL-2.0  :  GNU Library General Public License v2 only
24    LGPL-2.0+ :  GNU Library General Public License v2 or later
25    LGPL-2.1  :  GNU Lesser General Public License v2.1 only
26    LGPL-2.1+ :  GNU Lesser General Public License v2.1 or later
27
28Aside from that, individual files can be provided under a dual license,
29e.g. one of the compatible GPL variants and alternatively under a
30permissive license like BSD, MIT etc.
31
32The User-space API (UAPI) header files, which describe the interface of
33user-space programs to the kernel are a special case.  According to the
34note in the kernel COPYING file, the syscall interface is a clear boundary,
35which does not extend the GPL requirements to any software which uses it to
36communicate with the kernel.  Because the UAPI headers must be includable
37into any source files which create an executable running on the Linux
38kernel, the exception must be documented by a special license expression.
39
40The common way of expressing the license of a source file is to add the
41matching boilerplate text into the top comment of the file.  Due to
42formatting, typos etc. these "boilerplates" are hard to validate for
43tools which are used in the context of license compliance.
44
45An alternative to boilerplate text is the use of Software Package Data
46Exchange (SPDX) license identifiers in each source file.  SPDX license
47identifiers are machine parsable and precise shorthands for the license
48under which the content of the file is contributed.  SPDX license
49identifiers are managed by the SPDX Workgroup at the Linux Foundation and
50have been agreed on by partners throughout the industry, tool vendors, and
51legal teams.  For further information see https://spdx.org/
52
53The Linux kernel requires the precise SPDX identifier in all source files.
54The valid identifiers used in the kernel are explained in the section
55`License identifiers`_ and have been retrieved from the official SPDX
56license list at https://spdx.org/licenses/ along with the license texts.
57
58License identifier syntax
59-------------------------
60
611. Placement:
62
63   The SPDX license identifier in kernel files shall be added at the first
64   possible line in a file which can contain a comment.  For the majority
65   of files this is the first line, except for scripts which require the
66   '#!PATH_TO_INTERPRETER' in the first line.  For those scripts the SPDX
67   identifier goes into the second line.
68
69|
70
712. Style:
72
73   The SPDX license identifier is added in form of a comment.  The comment
74   style depends on the file type::
75
76      C source:	// SPDX-License-Identifier: <SPDX License Expression>
77      C header:	/* SPDX-License-Identifier: <SPDX License Expression> */
78      ASM:	/* SPDX-License-Identifier: <SPDX License Expression> */
79      scripts:	# SPDX-License-Identifier: <SPDX License Expression>
80      .rst:	.. SPDX-License-Identifier: <SPDX License Expression>
81      .dts{i}:	// SPDX-License-Identifier: <SPDX License Expression>
82
83   If a specific tool cannot handle the standard comment style, then the
84   appropriate comment mechanism which the tool accepts shall be used. This
85   is the reason for having the "/\* \*/" style comment in C header
86   files. There was build breakage observed with generated .lds files where
87   'ld' failed to parse the C++ comment. This has been fixed by now, but
88   there are still older assembler tools which cannot handle C++ style
89   comments.
90
91|
92
933. Syntax:
94
95   A <SPDX License Expression> is either an SPDX short form license
96   identifier found on the SPDX License List, or the combination of two
97   SPDX short form license identifiers separated by "WITH" when a license
98   exception applies. When multiple licenses apply, an expression consists
99   of keywords "AND", "OR" separating sub-expressions and surrounded by
100   "(", ")" .
101
102   License identifiers for licenses like [L]GPL with the 'or later' option
103   are constructed by using a "+" for indicating the 'or later' option.::
104
105      // SPDX-License-Identifier: GPL-2.0+
106      // SPDX-License-Identifier: LGPL-2.1+
107
108   WITH should be used when there is a modifier to a license needed.
109   For example, the linux kernel UAPI files use the expression::
110
111      // SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note
112      // SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note
113
114   Other examples using WITH exceptions found in the kernel are::
115
116      // SPDX-License-Identifier: GPL-2.0 WITH mif-exception
117      // SPDX-License-Identifier: GPL-2.0+ WITH GCC-exception-2.0
118
119   Exceptions can only be used with particular License identifiers. The
120   valid License identifiers are listed in the tags of the exception text
121   file. For details see the point `Exceptions`_ in the chapter `License
122   identifiers`_.
123
124   OR should be used if the file is dual licensed and only one license is
125   to be selected.  For example, some dtsi files are available under dual
126   licenses::
127
128      // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
129
130   Examples from the kernel for license expressions in dual licensed files::
131
132      // SPDX-License-Identifier: GPL-2.0 OR MIT
133      // SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
134      // SPDX-License-Identifier: GPL-2.0 OR Apache-2.0
135      // SPDX-License-Identifier: GPL-2.0 OR MPL-1.1
136      // SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT
137      // SPDX-License-Identifier: GPL-1.0+ OR BSD-3-Clause OR OpenSSL
138
139   AND should be used if the file has multiple licenses whose terms all
140   apply to use the file. For example, if code is inherited from another
141   project and permission has been given to put it in the kernel, but the
142   original license terms need to remain in effect::
143
144      // SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) AND MIT
145
146   Another other example where both sets of license terms need to be
147   adhered to is::
148
149      // SPDX-License-Identifier: GPL-1.0+ AND LGPL-2.1+
150
151License identifiers
152-------------------
153
154The licenses currently used, as well as the licenses for code added to the
155kernel, can be broken down into:
156
1571. _`Preferred licenses`:
158
159   Whenever possible these licenses should be used as they are known to be
160   fully compatible and widely used.  These licenses are available from the
161   directory::
162
163      LICENSES/preferred/
164
165   in the kernel source tree.
166
167   The files in this directory contain the full license text and
168   `Metatags`_.  The file names are identical to the SPDX license
169   identifier which shall be used for the license in source files.
170
171   Examples::
172
173      LICENSES/preferred/GPL-2.0
174
175   Contains the GPL version 2 license text and the required metatags::
176
177      LICENSES/preferred/MIT
178
179   Contains the MIT license text and the required metatags
180
181   _`Metatags`:
182
183   The following meta tags must be available in a license file:
184
185   - Valid-License-Identifier:
186
187     One or more lines which declare which License Identifiers are valid
188     inside the project to reference this particular license text.  Usually
189     this is a single valid identifier, but e.g. for licenses with the 'or
190     later' options two identifiers are valid.
191
192   - SPDX-URL:
193
194     The URL of the SPDX page which contains additional information related
195     to the license.
196
197   - Usage-Guidance:
198
199     Freeform text for usage advice. The text must include correct examples
200     for the SPDX license identifiers as they should be put into source
201     files according to the `License identifier syntax`_ guidelines.
202
203   - License-Text:
204
205     All text after this tag is treated as the original license text
206
207   File format examples::
208
209      Valid-License-Identifier: GPL-2.0
210      Valid-License-Identifier: GPL-2.0+
211      SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
212      Usage-Guide:
213        To use this license in source code, put one of the following SPDX
214	tag/value pairs into a comment according to the placement
215	guidelines in the licensing rules documentation.
216	For 'GNU General Public License (GPL) version 2 only' use:
217	  SPDX-License-Identifier: GPL-2.0
218	For 'GNU General Public License (GPL) version 2 or any later version' use:
219	  SPDX-License-Identifier: GPL-2.0+
220      License-Text:
221        Full license text
222
223   ::
224
225      SPDX-License-Identifier: MIT
226      SPDX-URL: https://spdx.org/licenses/MIT.html
227      Usage-Guide:
228	To use this license in source code, put the following SPDX
229	tag/value pair into a comment according to the placement
230	guidelines in the licensing rules documentation.
231	  SPDX-License-Identifier: MIT
232      License-Text:
233        Full license text
234
235|
236
2372. Not recommended licenses:
238
239   These licenses should only be used for existing code or for importing
240   code from a different project.  These licenses are available from the
241   directory::
242
243      LICENSES/other/
244
245   in the kernel source tree.
246
247   The files in this directory contain the full license text and
248   `Metatags`_.  The file names are identical to the SPDX license
249   identifier which shall be used for the license in source files.
250
251   Examples::
252
253      LICENSES/other/ISC
254
255   Contains the Internet Systems Consortium license text and the required
256   metatags::
257
258      LICENSES/other/ZLib
259
260   Contains the ZLIB license text and the required metatags.
261
262   Metatags:
263
264   The metatag requirements for 'other' licenses are identical to the
265   requirements of the `Preferred licenses`_.
266
267   File format example::
268
269      Valid-License-Identifier: ISC
270      SPDX-URL: https://spdx.org/licenses/ISC.html
271      Usage-Guide:
272        Usage of this license in the kernel for new code is discouraged
273	and it should solely be used for importing code from an already
274	existing project.
275        To use this license in source code, put the following SPDX
276	tag/value pair into a comment according to the placement
277	guidelines in the licensing rules documentation.
278	  SPDX-License-Identifier: ISC
279      License-Text:
280        Full license text
281
282|
283
2843. _`Exceptions`:
285
286   Some licenses can be amended with exceptions which grant certain rights
287   which the original license does not.  These exceptions are available
288   from the directory::
289
290      LICENSES/exceptions/
291
292   in the kernel source tree.  The files in this directory contain the full
293   exception text and the required `Exception Metatags`_.
294
295   Examples::
296
297      LICENSES/exceptions/Linux-syscall-note
298
299   Contains the Linux syscall exception as documented in the COPYING
300   file of the Linux kernel, which is used for UAPI header files.
301   e.g. /\* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note \*/::
302
303      LICENSES/exceptions/GCC-exception-2.0
304
305   Contains the GCC 'linking exception' which allows to link any binary
306   independent of its license against the compiled version of a file marked
307   with this exception. This is required for creating runnable executables
308   from source code which is not compatible with the GPL.
309
310   _`Exception Metatags`:
311
312   The following meta tags must be available in an exception file:
313
314   - SPDX-Exception-Identifier:
315
316     One exception identifier which can be used with SPDX license
317     identifiers.
318
319   - SPDX-URL:
320
321     The URL of the SPDX page which contains additional information related
322     to the exception.
323
324   - SPDX-Licenses:
325
326     A comma separated list of SPDX license identifiers for which the
327     exception can be used.
328
329   - Usage-Guidance:
330
331     Freeform text for usage advice. The text must be followed by correct
332     examples for the SPDX license identifiers as they should be put into
333     source files according to the `License identifier syntax`_ guidelines.
334
335   - Exception-Text:
336
337     All text after this tag is treated as the original exception text
338
339   File format examples::
340
341      SPDX-Exception-Identifier: Linux-syscall-note
342      SPDX-URL: https://spdx.org/licenses/Linux-syscall-note.html
343      SPDX-Licenses: GPL-2.0, GPL-2.0+, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+
344      Usage-Guidance:
345        This exception is used together with one of the above SPDX-Licenses
346	to mark user-space API (uapi) header files so they can be included
347	into non GPL compliant user-space application code.
348        To use this exception add it with the keyword WITH to one of the
349	identifiers in the SPDX-Licenses tag:
350	  SPDX-License-Identifier: <SPDX-License> WITH Linux-syscall-note
351      Exception-Text:
352        Full exception text
353
354   ::
355
356      SPDX-Exception-Identifier: GCC-exception-2.0
357      SPDX-URL: https://spdx.org/licenses/GCC-exception-2.0.html
358      SPDX-Licenses: GPL-2.0, GPL-2.0+
359      Usage-Guidance:
360        The "GCC Runtime Library exception 2.0" is used together with one
361	of the above SPDX-Licenses for code imported from the GCC runtime
362	library.
363        To use this exception add it with the keyword WITH to one of the
364	identifiers in the SPDX-Licenses tag:
365	  SPDX-License-Identifier: <SPDX-License> WITH GCC-exception-2.0
366      Exception-Text:
367        Full exception text
368
369
370All SPDX license identifiers and exceptions must have a corresponding file
371in the LICENSES subdirectories. This is required to allow tool
372verification (e.g. checkpatch.pl) and to have the licenses ready to read
373and extract right from the source, which is recommended by various FOSS
374organizations, e.g. the `FSFE REUSE initiative <https://reuse.software/>`_.
375
376_`MODULE_LICENSE`
377-----------------
378
379   Loadable kernel modules also require a MODULE_LICENSE() tag. This tag is
380   neither a replacement for proper source code license information
381   (SPDX-License-Identifier) nor in any way relevant for expressing or
382   determining the exact license under which the source code of the module
383   is provided.
384
385   The sole purpose of this tag is to provide sufficient information
386   whether the module is free software or proprietary for the kernel
387   module loader and for user space tools.
388
389   The valid license strings for MODULE_LICENSE() are:
390
391    ============================= =============================================
392    "GPL"			  Module is licensed under GPL version 2. This
393				  does not express any distinction between
394				  GPL-2.0-only or GPL-2.0-or-later. The exact
395				  license information can only be determined
396				  via the license information in the
397				  corresponding source files.
398
399    "GPL v2"			  Same as "GPL". It exists for historic
400				  reasons.
401
402    "GPL and additional rights"   Historical variant of expressing that the
403				  module source is dual licensed under a
404				  GPL v2 variant and MIT license. Please do
405				  not use in new code.
406
407    "Dual MIT/GPL"		  The correct way of expressing that the
408				  module is dual licensed under a GPL v2
409				  variant or MIT license choice.
410
411    "Dual BSD/GPL"		  The module is dual licensed under a GPL v2
412				  variant or BSD license choice. The exact
413				  variant of the BSD license can only be
414				  determined via the license information
415				  in the corresponding source files.
416
417    "Dual MPL/GPL"		  The module is dual licensed under a GPL v2
418				  variant or Mozilla Public License (MPL)
419				  choice. The exact variant of the MPL
420				  license can only be determined via the
421				  license information in the corresponding
422				  source files.
423
424    "Proprietary"		  The module is under a proprietary license.
425				  This string is solely for proprietary third
426				  party modules and cannot be used for modules
427				  which have their source code in the kernel
428				  tree. Modules tagged that way are tainting
429				  the kernel with the 'P' flag when loaded and
430				  the kernel module loader refuses to link such
431				  modules against symbols which are exported
432				  with EXPORT_SYMBOL_GPL().
433    ============================= =============================================
434
435
436
437