Slashdot Mirror
Kernel Modules that Lie About Their Licenses
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
Since /0 is the string-termination character, would it be possible to convince a court to see the decloration the way the kernel does, and therefore hold them to the GPL since they're the ones who declared it?
You make it sound like he's just a figurehead now. I would expect him to say something, and I would expect slashdot to not trivialize it.
The site's not loading.
Anyway, I suspect that rather than blacklist bad people, I'd much preferto have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a sizeof(xxxx)" thing or something.
Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.
If the Kernel asks you if you think its gained wait or if its ass looks big in those drivers.
Modules should not lie about their licenses. Fine.
BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.
Part of every attempt to legislate (which the kernel's interrogation of drivers is) should include the question "how will people cheat, and how can we stop this". Otherwise this kind of game is inevitable.
(And if the answer to the question is: "people will cheat and we can't stop them", then there is little point in playing legislator.)
Ceci n'est pas une signature
Interesting story, considering the gray area many consider binary modules to be. Linus has said that he considers binary modules to not be far enough removed from GPL code and thus infringing, but since binary modules have been around since very early on in the kernels development history without any enforcement of the GPL with regards to them, wouldnt that potentially count against the GPL applying to binary modules if someone did decide to take action? Doesnt the whole idea of kernel license strings interfere with this view as well? If modules are infringing if they arent GPL, then why would they need to tell the kernel that they arent under the GPL? Also, where in the Kernel license does it require you to be truthful to the kernel about your modules license? Nowhere, because it cant. The GPL will not allow you to put that limitation on use of the kernel. Again, it comes back to wondering about the legality of binary modules.
Personally, I dont use linux and as such, this doesnt directly affect me. But still, it raises interesting questions about how far removed code has to be to be able to be licensed differently. The kernel module API is a publically available API, and Linus does not consider this to be far enough removed. So what is? Does the kernel have to adhere to the CPUs or Motherboards firmware license, because its using a publically available API just like kernel modules are?
Interesting. Very interesting!
If we wait in this pumpkin patch long enough, the Great Pumpkin will rise up and give out toys. It will then float to the offices of the evil developers and smite them.
The original Linus e-mail was changed in that "helpful" reposting. Words like "Circumsise" and "vomit" were not present in the original (haven't bothered to check for other transgressions).
- To err is human; but to really screw up, you need a computer
I don't believe that. Companies that make hardware shouldn't be so dogged about protecting their software. I buy a router/etc for the hardware, not for the companies excellent firmware. I don't see why companies should protect their firmware at all, if it's open source, more people will buy their hardware.
You'll notice that this AC has put the following words into Linus' mouth:
"...rather than blacklist Black people..." (emphasis added)
Linus was referring to "bad" people. This should be something other than Informative.
All those C string functions are todays source of plague. Even though I'm not Miguel de Icaza it's obvious that we should move to something new.
Why did they even bother with this silly (if not cunning) trick in the first place? I mean, OK, no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal that it needs to be circumvented?
I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
Has anyone ever gotten the modem in the TiBook to work with that driver? I've struggled with it a number of times (using YDL) and everyone on the lists or IRC just said, "Yeah, didn't work for me, either."
What I'm listening to now on Pandora...
...lying to the kernel about their license
Insubordination at its worst! Lying to the kernel!
Private Function, get Corporal Punishement on the phone and have them admonished immediatley!
If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.
As for your assertion, drivers can be non-OSS and still work perfectly, and OEM's aren't forced to make their stuff OSS - just ask NVIDIA if you don't believe me. Therefore, you're posting a strawman there...
The linuxant cheat isn't a problem because of the source code being closed, it is a problem because it pretends to be open-source when it is not, failing to warn whoever installs it.
Quo usque tandem abutere, Nimbus, patientia nostra?
I'm sure this hans't been done before.
In a similar case, the maker of a game console had copyprotection code which had to be invoked before a game played. Someone who wrote a game, but didn't want to pay licensing fees, invoked the same code becuase it was the only way to get their game to run. They were sued under the Lanham Act. The plaintiffs claimed that their display of their trademark could make someone think that the console manufacturer was the source of the game causing consumer confusion.
The court rightly ruled that the console designer caused the code to display the trademark and that they were responsible for any confusion that resulted.
Putting MODULE_LICENSE("GPL\0... in their code could be viewed by the courts as using a method of operation to accomplish a module load. It is very unlikely that they would view it as a grant of a GP License to someone who received the code.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
It is a problem with the company lying to the kernel
Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.
Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.
Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"
Are you bound to the ELL?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Linus' 2 cents undoubtedly cost the hoster of his message more than that in /.ed bandwidth.
Have you Meta Moderated t
Here's why:
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
You'd have to read the list for exact details of what's irritating the people specifically, but here's a link.
Basically, Linux and friends (in frusteration at trying to troubleshoot non-open-source drivers, where they can't tell what's going on or fix anything) introduced a "tainting" system. Basically, they refuse to handle bug reports or fix anything on a system that has any "tainted" modules loaded.
This tends to increase direct customer dissatisfaction with closed-source drivers.
May we never see th
One of the issues with closed source kernel modules is that some developers don't want to waste time debugging them. Since they aren't GPL, and there is no source, they feel their time can be better utilized in other places.
One way to note this is have each module announce its license to the kernel, and a method exists for this.
I think the intent is clearly to try and fool people into supporting this module, even if that person wishes to avoid supporting non GPL code.
I think this is very underhanded, and going to create significant ill will with some developers.
The licensing constraints on modules makes you lie about the license your module is under. Consider this:
I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.
Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.
Please correct me if I got my facts wrong.
...but I sit here wondering how many of the people with their panties in a bunch over this (excepting Linus, of course) have a hard drive full of MP3's of dubious origin?
This ain't flamebait, but a rather trenchant commentary on the hypocrisy that I see.
That would be true if such a declaration was required to function.
However it isn't, you can load code with any license you wish, therefore this is not required for interoperability, and such a defense wouldn't be valid.
I found this link elsewhere in the discussion, which answers my question.
1 10 .1/1048.html
http://www.uwsg.iu.edu/hypermail/linux/kernel/0
-Alan
And with the DMCA firmly in place, it will be illegal to hack YOUR hardware.
Jeez, I used to think I might be a little paranoid, but not any more...
My beliefs do not require that you agree with them.
From the license:
I mean, even RFC 1149 (TCP/IP over Carrier Pigeon) would be better :-)
This is crippleware.
Since the module reports that it is GPL, why doesn't every one start asking for the source code. Maybe they will be annoyed enough to fix the software (assuming they claim typo or some such) maybe they actually want to GPL the whole thing? :)
Anyone who's heard of buffer overflows knows you should NEVER trust the string you're working with, and always check its size. Why on earth is the code written such that a \0 will break it?
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Wine would get to return true as well, if answering true was essential to get the software to work.
Take the case of the gameboy (I think). One of the checks the thing did when loading a game was to look for the Nintendo logo in the header of the game. If it wasn't there, it wouldn't run it. Someone else put the logo in their games to get it to run, Nintendo sued for trademark infringement. Nintendo lost, because they had made it absolutely necessary to include that logo in order for third parties to achieve interoperability with the product. Instead of preventing third parties from developing games (which was what they wanted), they lost control of their trademark to some degree. Not good.
However, this case is different. You don't need to lie to the kernel about your license to achieve interoperability. It'll load the module regardless of what you put in the license string. The only thing the license string does is to signal to the kernel developers that non-free modules are loaded into the kernel. It's been "tainted", and then they can choose to not support problems with tainted kernels.
This isn't lying to the kernel so much as it is lying to the kernel developers.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
They are releasing a non-GPL module with a small GPL wrapper and there is nothing wrong with that. That is what NVIDIA does. However, in the source code for the GPLed wrapper, they are marking their binary only driver as GPLed software. They include \0 in their license string and pass that to the Linux kernel. The \0 in C terminates a string, so the Linux kernel only sees the part of the string that comes before the \0, which in this case is only "GPL". So basically the Linux kernel loads up the module thinking it is GPLed which is not good for the types of users I explained above and I would think it could have some legal issues. How do you think MS would react if I wrote software that played around with their license or lied to their subsystems? I bet they would have a flock of lawyers on me in a heart beat.
Again, it is no big deal that the module is not GPLed. There are a bunch of binary only drivers/modules for the Linux kernel. I use some of them like the NVIDIA drivers. The issue is that this company is lying about their software license.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Ignoring the parent post just because it's trolling is silly -- it offers a good opportunity to clarify the points involved.
Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?
The kernel developers have a tainting system in place because they won't debug kernels that have drivers loaded that are closed-source. It's too hard for them to tell whether that driver might have been responsible, and very difficult for them to fix any problems.
Try seeing how interested Microsoft is with fixing problems in other people's proprietary drivers. It's not all that high.
This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.
WHQL is primarily a mechanism designed to give Microsoft strategic power in the software market. It has little to do with software quality, though it is billed as such (just as DRM is billed as an anti-virus/malware scheme by MS). It is intended to grant them ultimate authority over what software is released for their system -- they have the power to refuse to sign any driver release if they need to do so as a lever, which gives them tremendous power over device manufacturers. This is tremenously more powerful and intrusive than the Linux driver tainting system, which works on an honor system. WHQL ensures only basic functionality is in place -- WHQL testing does not involve audititing code, checking for corner cases, or do any of the things necessary to produce a good, bug-free driver.
May we never see th
Seriously, why do I care about this at all?
I have a kernel. I have a device. With out said driver the kernel is useless to me.
So the driver is closed and propitiatory, as long as it works with my kernel why should I care. ( all religious OSS arguments aside.. I'm taking for a *real* reason )
The alternative seems to be no driver, and the kernel becomes a useless lump of code. We cant demand that companies that produce hardware support anything they don't want too, be happy they at least give us closed drivers... 5 years ago they didnt even do that, unless it was for a Microsoft kernel.
---- Booth was a patriot ----
It's a moot point; a proprietary module that uses GPL symbols is an unauthorized derivative.
But how can some symbols be GPL and some not, considering that, as it stands, the entirety of the core kernel code is licensed under the GPL, and the GPL does not allow exceptions to that licensing? Im not trying to flame, its just not that clear to me! :)
These people wanted $15 for a Linux driver, with no guarantees of free upgrades in the event of a kernel update.
I just went and bought a serial port external modem for $13 (shipped). Works like a charm.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Linuxant responds and explains why they did what they did. It was mostly to supress multiple messages when loading multi module drivers rather than some sort of circumvention.
On the otherhand I think everyone's eyes are open to possible malicious use of this and simular tricks.
“Common sense is not so common.” — Voltaire
Yeah, it's a bit hypocritical. On the upside, however, it's still GPL'd so you can change the DRM to your hearts content or remove it altogether. Try that with the DRM coming out of the recording industry.
A Winmodem with hardware DSP is simply a modem that uses a DSP to transfer data from modemPC instead of a serial port.
The firmware that the DSP executes cannot be free software because the holders of the patents that cover v.92 modulation are not willing to license their implementation in free software. Therefore, winmodems on Linux must use some kernel-space process to at least initialize the modem.
EXPORT_SYMBOL_GPL() means: "if you use this symbol, then your driver is inequivocably a derivative work of the kernel".
Why? Because there are some ways of writing device drivers that make the drivers *not* be a derivative work of the kernel. P.ex., the NTFS driver distributed by Microsoft, NTFS.DLL, is not a derivative work of the kernel, but might, by way of (GPL'd) glue code, be load in the addressing space of the kernel and linked to it.
MODULE_LICENSE("Other license") means: "this module is constructed in a way that makes it a non-derivative of the kernel; you can modprobe it, and as it's not derivative, the GPL does not apply to it; don't allow it to see those symbols that would make it derivative";
MODULE_LICENSE("GPL") means: "the license of this module is GPL, please do the linking for me to the symbols that will make me a derivative work of the kernel", while
MODULE_LICENSE("GPL\0but not really") means: "I'm a fucking liar, and I want to roll the dice without paying the price (I want to be a non-GPL-licensed derivative of the kernel)."
Got it?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
It's unlawful to make a Free driver for some devices. For instance, v.92 modulation used in POTS modems is covered by patents whose holders are not willing to license their implementation in free software. Not all modems store their firmware in a flash chip on the device itself, instead relying on the driver to upload firmware after every cold boot. A Free driver distributed in developed countries would have to restrict itself to 20-year-old modulations, none of which are sufficient to connect to any popular dial-up Internet service provider.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
Your box will also run faster, as you won't be mimicking hardware functionality in software.
It will also be easier to combine 2 or more modem connections in a low-end box for faster speed.
Linuxant has added a note about this issue to their site, with a link to their response on the Linux kernel mailing list.
Here is the answer from Linuxant. They claim it wasn't a mistake, just a way to suppress potentially confusing warning messages.
The only people who really need to worry about the GPL are distributers and developers (and their lawyers) who are modifying or using GPL code. Unless I have completely misread the GPL, users who just install software and use it do not need to worry.
Life sucks, but death doesn't put out at all....
--Thomas J. Kopp
Why do you have a problem with the GPL? It's easy to understand, the GPL boils down to just four words; not sharing is theft. GPL is for developers -- by placing software you write under the GPL, you are ensuring that everybody gets to see the source code. If anyone modifies your work, they have to release the source code too. GPL is also for users -- if you use GPL software, you know that the law will protect your right to share the software with others.
Je fume. Tu fumes. Nous fûmes!
Don't forget.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
There is no requirement for you to distribute your changes to GPL code. The requirement is that *if* you distribute it in a binary form, you must provide the source code.
I've got a mind like a steel trap - it's got an animal's foot stuck in it.
If the GPL were for users or developers, everyone would be thanking this company for providing drivers that did not exist.
Nonsense... The GPL is for everyone who values their freedom.
The GPL is used by many developers who distribute the fruits of their effort for nothing beyond the expectation that anyone who finds their work useful enough to build their own products upon will provide said products under the same license. Even if those products are sold for profit, the derivative work should be as Free to those who purchase it as was the original work. From that perspective, the GPL is absolutely for developers.
Similarly, many users choose to purchase and use GPL products because they know that this license protects their rights to use and customize their software for their own purposes, in perpetuity. The GPL is absolutely for users.
A lot of the posters here seem to think the GPL-only module string and the "Tainted" message were created to make it harder to allow binary-only or non-GPL drivers.
In fact, the reverse is true. Many device vendors were hesitant to release drivers for Linux because of the binary linkage created when the driver gets loaded. Under a strict interpretation of the GPL, that would consitute enough of a linkage to make the drivers a derivative work.
Some vendors did not want their drivers to automatically fall under the GPL just because of dynamic loading.
The GPL flag was created to let non-GPL drivers clearly indicate that they were not derivatives and would not be GPL-licensed.
This is an example of a vendor that wants to eat its cake and have it too.
"Genius may have its limitations, but stupidity is not thus handicapped." --Elbert Hubbard (1856-1915)
So witholding the data from closed drivers is just lessening the experience/reliability/etc of people who use Linux but who aren't Open Source zealots. That's the aim of the driver interface but it's a stupid one, and as I pointed out it's easy enough to circumvent.
If a kernel oops or panic occurs in a driver, it's important for the kernel developers to quickly know if it's a GPL driver (or a 3rd party binary only driver that they shouldn't even waste their time looking at). Too much noise is generated on LKML for broken binary drivers that just can't be fixed or troubleshooted.
Zealotry has it's hand in that Open Source people really only want to fix Open Source drivers.
Your clever circumvention idea is well known, it will not save you in getting kernel developer support, however.
No.
I've been using a few different versions of this driver for awhile, and I have to say I disapprove of this because it circumvents a process that was put in to avoid a wild goose chase (not worrying about a kernel problem when a binary driver has been loaded.)
You see, these drivers are almost worthless. They make the kernel unstable when loaded. They create an OOM error with pci hotplugging. I've had to reboot 5+ times in one day.
The only way I was able to track it to the drivers was by blacklisting the mods with hotplug and reading log messages.
Now, they may or may not crash on all systems, but I personally was close to filing bug reports complete with dumps. If it's true that this change doesn't show up in the dumps, the kernel developers would be busy tracking down bugs that weren't a result of their code.
How much time do you think would have been wasted on these reports (assuming that I am not alone in having kernel panics from these drivers?)
As for the whole "the tainted messages were confusing the customer" schtick: There are about 6 different modules that get loaded, so there would be 6 different tainted messages (which can be spooky...) but I can't even remember the last time I saw a "tainted kernel" message. Nowadays, most modules are being loaded in the background with any messages going to a log somewhere on the system. Besides, a one line explanation would be enough to not bother the user ("It's for kernel developers. You don't need to worry about it." or "It's to help people fix your computer if something goes horribly wrong."
FWIW IMHO the string ends at the \0 I don't care what garbage in memory exists after this, this is not a subtle issue or grey area, \0 ends the string, subsequent information is irrelevant.
But back to my subject, blacklisting is a bit heavy handed. Hmm... we have a company that provides drivers for Linux, yup they're proprietary winmodem drivers but they're there. To *suppress warnings* they have unfortunately chosen to prematurely end their string with a \0, that's really nasty and foolish but blacklisting them as a company from installing kernel modules is way frikin OTT.
How does this help joe public get his winmodem working?
How does this encourage any corporation from releasing proprietary drivers for in Linux? (Which are better than no drivers IMHO)
There are other drivers (particularly audio and graphics) that use proprietary code implemented by private companies and these are used every day by many thousands of Linux users.
... YOUR MONEY
Doing these things honestly and functionally isn't all that difficult.
For instance, my company makes a sweet little device that, among other things, has a bunch of FPGAs (Field Programmable Gate Arrays). There is some language (I have never seen) that creates, via a source file (I will never possess) and a compiler (we license for a nut), to create a byte-stream (I have sitting around in a file) that gives the FPGAs their personality.
When my boss came in and started whining about the GPL I pointed out that the three modules were GPL-able and that distributing them under the GPL was about as "wanton with our intellectual property" as sunday school.
The drivers are just not that interesting. From one (the one that loads the FPGA images) you could learn how to copy a byte string into a single register. e.g. "for (int counter = 0; counter image_size; ++counter) { *FPGA_Personality_Register = image_buffer[counter]; }"
Oh yea, there is a lot of boiler-plate around this, and I actually do that inside a fpgaflash_write() etc. But this is *not* rocket science.
In point of fact, virtually all of the "Intellectual Property Issues" people have with respect to software are, frankly, crap.
A bunch of people doing a lot of truely marginal work have created a mythology of value. Somehow the way _*THEY*_ increment an integer is so much more fascinating than the way the rest of us do it. "But Boss," they say, "if everybody out there figures out that we put *our* serial uart at 0x2df instead of 0x2f0 then nobody will need us any more."
Bull.
If you provide a good product at a reasonable rate then people will pay you for it.
Every year I spend $20 to $50 to pay my taxes with one or another tax prepration software product. I do this *despite* the fact that all the forms and things are there and (obfuscated 8-) open source. (And I actually buy the software instead of pirate it, since to steal software when that is how I make my living would be hypocritical.)
The only people who have to worry about Open Source are the people who make crappy software.
Trust me, nobody wants your job. Nobody wants sneak in and rewrite comercial drivers *IF* *THEY* *WORK*. Nobody cares about your "proprietary register mapping" *IF* *IT* *WORKS*. The people who are going to make a nockoff of your board are just going to trace out your hardware if they want to clone it, and its is going to take them how long to disassemble your Windows driver to make their compatable device?
Gee, if they want to compete, they could just make their clone to one of the already-existing drivers they have source too anyway.
There is *NOTHING* *OF* *VALUE* in your drivers. Really. Get over yourselves and start harvesting all that free money by making a product and having the OS community improve your products' drivers for free.
It boggles the mind that people like nVidia and ATI want to keep their drivers closed when their real value is in the chipsets themselves. Everybody knows how Direct-X and OpenGL is going to present the data at that level. Why do they even *care* if someone knows that the data buffers are reformatted and their addresses are crammed into a doorbell register at a particular address. Do they think we can't possibly fathom the concept of laying out data and putting addresses into doorbell registers? Do they expect us to be supprised when it turns out that the eight hardware rendering pipelines they brag about on the box are backed up by eight separate linked lists (or whatever) in the driver?
And you just know that on the flip side, there is someone at each of these companies trying to outsource the driver development even as the first team of idiots are jealously garding their source code.
Back to the example, all the "value" in our product is in the complex and subtle control of state *below* the driver in the hardware, and in the complex and robust interractions of the applications and protocols
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press