Slashdot Mirror
Kernel Modules that Lie About Their Licenses
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
/0 is like a divide-by-zero error, actually.
\0 is like a period.
Slashdot Patriotism: We Support our Dupes!
You'll notice that this AC has put the following words into Linus' mouth:
"...rather than blacklist Black people..." (emphasis added)
Linus was referring to "bad" people. This should be something other than Informative.
>>the linux kernel developers need to get over their fanaticism about open-source drivers. I thought the problem here is of a non-GPL driver *claiming* to be GPL? Any other crusade developers may or may not have is mostly irrelevant in this particular case.
- To err is human; but to really screw up, you need a computer
On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote: > > LinuxAnt offers binary only modules without any sources. To circumvent our > MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration: > > MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only > LICENSE file applies"); Hey, that is interesting in itself, since playing the above kinds of games makes it pretty clear to everybody that any infringement was done wilfully. They should be talking to their lawyers about things like that. Anyway, I suspect that rather than blacklist bad people, I'd much prefer to have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a "sizeof(xxxx)" thing or something. Hmm. At least with -sdt=c99 it should be trivial, with something like #define __MODULE_INFO(tag, name, info) \ static struct { int len; const char value[] } \ __module_cat(name,__LINE__) __attribute_used__ \ __attribute__((section(".modinfo"),unused)) = \ { sizeof(__stringify(tag) "=" info), \ __stringify(tag) "=" info } doing the job. That should make it pretty easy to parse the .modinfo section too.
Linus
On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
.modinfo section too.
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");
Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.
Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.
Hmm. At least with -sdt=c99 it should be trivial, with something like
#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }
doing the job.
That should make it pretty easy to parse the
Linus
This isn't about fanaticism. This is about the overworked lkml guys not supporting binary drivers for the companies.
The kernel will happily load any modules you tell it to, binary or not, licensed or not. The reason this tag exists is so the loading of a binary driver will "taint" your kernel. That way when you submit a bug report, the kernel developers know that you had a binary only module loaded.
In that case, they'll ask you to reproduce the produce without the binary module loaded. If the problem doesn't happen, it's the vendor's problem, and not Linux's. And rightly so.
What's wrong with this?
Freedom is the freedom to say that 2 + 2 = 4
You'd have to read the list for exact details of what's irritating the people specifically, but here's a link.
Basically, Linux and friends (in frusteration at trying to troubleshoot non-open-source drivers, where they can't tell what's going on or fix anything) introduced a "tainting" system. Basically, they refuse to handle bug reports or fix anything on a system that has any "tainted" modules loaded.
This tends to increase direct customer dissatisfaction with closed-source drivers.
May we never see th
One of the issues with closed source kernel modules is that some developers don't want to waste time debugging them. Since they aren't GPL, and there is no source, they feel their time can be better utilized in other places.
One way to note this is have each module announce its license to the kernel, and a method exists for this.
I think the intent is clearly to try and fool people into supporting this module, even if that person wishes to avoid supporting non GPL code.
I think this is very underhanded, and going to create significant ill will with some developers.
The licensing constraints on modules makes you lie about the license your module is under. Consider this:
I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.
Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.
Please correct me if I got my facts wrong.
That would be true if such a declaration was required to function.
However it isn't, you can load code with any license you wish, therefore this is not required for interoperability, and such a defense wouldn't be valid.
Putting MODULE_LICENSE("GPL") is not requred to make the module load. All it does is enable access to a small amount of GPL only helpers and keep crash reports from flagging the system as "tainted".
I found this link elsewhere in the discussion, which answers my question.
1 10 .1/1048.html
http://www.uwsg.iu.edu/hypermail/linux/kernel/0
-Alan
From the license:
I mean, even RFC 1149 (TCP/IP over Carrier Pigeon) would be better :-)
This is crippleware.
no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal
For developers _YES_
How many times have you tried to debug the kernel? And how namy times have you done to without access to all the source code? (ie, with modules loaded for which you don't have the source.)
For more info, read LKML archives.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Anyway, the tainted message is not even an issue to most-end users if you have your modules auto-loaded and boot into X, you would not see the message. You would only see this if you manually load the module. The installer for this driver could just add an entry to /etc/modules.conf and be done with it. Tainted messages will just get logged, it is not like they pop up on your desktop. This was just a stupid move by this company. It is a shame since their product fills in a need for wireless users that have an unsupported card.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Wine would get to return true as well, if answering true was essential to get the software to work.
Take the case of the gameboy (I think). One of the checks the thing did when loading a game was to look for the Nintendo logo in the header of the game. If it wasn't there, it wouldn't run it. Someone else put the logo in their games to get it to run, Nintendo sued for trademark infringement. Nintendo lost, because they had made it absolutely necessary to include that logo in order for third parties to achieve interoperability with the product. Instead of preventing third parties from developing games (which was what they wanted), they lost control of their trademark to some degree. Not good.
However, this case is different. You don't need to lie to the kernel about your license to achieve interoperability. It'll load the module regardless of what you put in the license string. The only thing the license string does is to signal to the kernel developers that non-free modules are loaded into the kernel. It's been "tainted", and then they can choose to not support problems with tainted kernels.
This isn't lying to the kernel so much as it is lying to the kernel developers.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Ignoring the parent post just because it's trolling is silly -- it offers a good opportunity to clarify the points involved.
Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?
The kernel developers have a tainting system in place because they won't debug kernels that have drivers loaded that are closed-source. It's too hard for them to tell whether that driver might have been responsible, and very difficult for them to fix any problems.
Try seeing how interested Microsoft is with fixing problems in other people's proprietary drivers. It's not all that high.
This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.
WHQL is primarily a mechanism designed to give Microsoft strategic power in the software market. It has little to do with software quality, though it is billed as such (just as DRM is billed as an anti-virus/malware scheme by MS). It is intended to grant them ultimate authority over what software is released for their system -- they have the power to refuse to sign any driver release if they need to do so as a lever, which gives them tremendous power over device manufacturers. This is tremenously more powerful and intrusive than the Linux driver tainting system, which works on an honor system. WHQL ensures only basic functionality is in place -- WHQL testing does not involve audititing code, checking for corner cases, or do any of the things necessary to produce a good, bug-free driver.
May we never see th
Linux is doomed.
There, I said it. I'll say it again: Linux is doomed.
I am an incredibly good C programmer. I wrote a driver for my employer's modem software, and I submitted it to the kernel. The "administrators" rejected it because it "might not be free enough." They insisted that I pore over 37 densely-worded pseudo-legalese licences before submitting it.
Could I use the Vovida Software License? Ooh, and then there's the Motosoto License! Let me get this straight: you have a team of pretend lawyers insisting that such and such is "free enough," and you wonder why nothing's getting done.
Fuck that. I'm going with Microsoft. They know what to do with free software.
Sincerely,
Seth Finklestein
Bitter Developer
I'm not Seth Finkelstein. I still speak the truth.
LinuxAnt have responded.
Linuxant responds and explains why they did what they did. It was mostly to supress multiple messages when loading multi module drivers rather than some sort of circumvention.
On the otherhand I think everyone's eyes are open to possible malicious use of this and simular tricks.
“Common sense is not so common.” — Voltaire
A Winmodem with hardware DSP is simply a modem that uses a DSP to transfer data from modemPC instead of a serial port.
The firmware that the DSP executes cannot be free software because the holders of the patents that cover v.92 modulation are not willing to license their implementation in free software. Therefore, winmodems on Linux must use some kernel-space process to at least initialize the modem.
While Linux kernel developers most likely will not handle a bug report because of a tainted module, they will if the bug is reproduceable without that module. If the bug is in the module, why in the world would someone who is not responsible and cannot get the source code try to fix it. For example, I am a programmerm, if I write an app that causes problems under MS windows, do you think MS will fix and debug it for me when they cannot get the source code? Now, if my application triggered a bug in MS Windows, I am sure MS will fix the bug on their side, just as Linux kernel developers will fix the bug on their side if a binary only module happens to trigger a bug that is in the Linux source code. However, if some bug only ever happens with some binary only module, the problem probably is in that binary only module.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
The only reasons you should care are
A)By faking a GPL license to avoid "tainting" the kernel, the company has made your life more difficult. Problems you have with the kernel won't be supported by developers unless you can recreate the problem without any closed-source modules loaded(otherwise the bug is likely in code they can't fix). Since the module is not marked by the kernel as closed source, unless you remember it is months or years down the road, you may forget that you need to unload it.
B)It wastes time the developers could otherwise be using to improve the kernel. Given a kernel dump that claims to be untainted, they could end up spending days hunting down a bug only to discover that it ultimately lies in a module they can't find source for. If the tainting mechanism had been allowed to work properly, the developer would have asked for a resubmission of the bug without any closed-source modules loaded, to ensure the bug is fixable by them, saving themself days of wasted effort.
What you, and a lot of other people seem to not be understanding is that, if this company hadn't faked the "GPL" line, the modules would still have loaded and worked perfectly. The developers aren't trying to keep closed source drivers from running (far from it), they just want to mark a kernel so that if there's a problem with it, they can save time by having a way to immediately identify whether they are capable of debugging it or not. That benefits everyone.
Here is the answer from Linuxant. They claim it wasn't a mistake, just a way to suppress potentially confusing warning messages.
The main purposes of the Module string are twofold:
- to "taint" the kernel so that anyone posting an oops to the lkml will get ignored.
- to deny certain interfaces marked as GPL-only to the module.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
They aren't going to put code that isn't compatible with the GPL into the kernel. If they did they would have to restrict how they distribute the kernel. The licenses they have on that page are all OSI approved.
Anyways, what license did you want to release it under?
The only people who really need to worry about the GPL are distributers and developers (and their lawyers) who are modifying or using GPL code. Unless I have completely misread the GPL, users who just install software and use it do not need to worry.
Life sucks, but death doesn't put out at all....
--Thomas J. Kopp
Why do you have a problem with the GPL? It's easy to understand, the GPL boils down to just four words; not sharing is theft. GPL is for developers -- by placing software you write under the GPL, you are ensuring that everybody gets to see the source code. If anyone modifies your work, they have to release the source code too. GPL is also for users -- if you use GPL software, you know that the law will protect your right to share the software with others.
Je fume. Tu fumes. Nous fûmes!
Don't forget.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
There is no requirement for you to distribute your changes to GPL code. The requirement is that *if* you distribute it in a binary form, you must provide the source code.
I've got a mind like a steel trap - it's got an animal's foot stuck in it.
Not really.. at the moment all your prevented from doing is preforming deep magic with the system internals.
It's important to note that Linuxant's stated reason for doing this was to avoid worrying the users with a "loading tainted module" warning on startup. There was not even the attempt at a technical arguement.
Actually, the module doesn't require access to any GPL-only operations or structures. As far as anyone can tell, they just don't want the kernel to report that a non-GPL module has been loaded, because this situation makes kernel developers rightly unwilling to help people with problems (because they have no idea what the non-GPL modules are doing). If they were actually using restricted interfaces, it would be a clear case of copyright infringement, as those interfaces are identified as the ones which make using code a derived work of the kernel. As it is, it is a much less clearly defined issue.
Yes, IE adoped Netscape's convention of using "Mozilla/..." user agent, and added the "... (compatible; IE4...)" or similar tag. Note that Mozilla was the development name for the closed source Netscape browser way back in the browser war years when Netscape was the most popular browser around and the current Mozilla browser wouldn't even be an idea for another four or five years. So the current open sourced Mozilla browser allows users to copy the IE convention of decribing itself as a version of Internet Explorer, compatible with closed source Netscape, and then tacks its own information onto the end.
For example, here's one sample of a possible Netscape 2 user agent string:
Mozilla/2.02 [fr] (WinNT; I)
Then Microsoft developed Internet Explorer. IE versions shared similar user agent strings, but this is one for IE4.0:
Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
Now, most open source browsers allow you to copy Internet Explorer and have a user agent such as:
Mozilla/5.0 (compatible; MSIE 5.5; Windows XP) Gecko/whatever
So we have Mozilla/Firefox/etc. which copied Internet Explorer which copied (closed source) Netscape. Clear as mud!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Actually, it was because people had more and more binary modules with problems that resulted in kernel panics and the like, and would ask about a panic in a mailing list. Before, it would take someone's time to dig around and trace it down, and get more config info before realizing that there was a vendor's proprietary code causing the problem. They then get aggravated they wasted their time chasing a problem they aren't responsible for and can't fix.
With a tainted kernel, developers immediately know that the scope of the problem will quite likely be outside their ability to figure out, and can request a reproduction without a binary module loaded. If it can't be reproduced, contact the binary module provider for support...
XML is like violence. If it doesn't solve the problem, use more.