Kernel Modules that Lie About Their Licenses
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
Since /0 is the string-termination character, would it be possible to convince a court to see the decloration the way the kernel does, and therefore hold them to the GPL since they're the ones who declared it?
You make it sound like he's just a figurehead now. I would expect him to say something, and I would expect slashdot to not trivialize it.
Anyway, I suspect that rather than blacklist bad people, I'd much preferto have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a sizeof(xxxx)" thing or something.
Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.
If the Kernel asks you if you think its gained wait or if its ass looks big in those drivers.
Modules should not lie about their licenses. Fine.
BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.
Interesting story, considering the gray area many consider binary modules to be. Linus has said that he considers binary modules to not be far enough removed from GPL code and thus infringing, but since binary modules have been around since very early on in the kernels development history without any enforcement of the GPL with regards to them, wouldnt that potentially count against the GPL applying to binary modules if someone did decide to take action? Doesnt the whole idea of kernel license strings interfere with this view as well? If modules are infringing if they arent GPL, then why would they need to tell the kernel that they arent under the GPL? Also, where in the Kernel license does it require you to be truthful to the kernel about your modules license? Nowhere, because it cant. The GPL will not allow you to put that limitation on use of the kernel. Again, it comes back to wondering about the legality of binary modules.
Personally, I dont use linux and as such, this doesnt directly affect me. But still, it raises interesting questions about how far removed code has to be to be able to be licensed differently. The kernel module API is a publically available API, and Linus does not consider this to be far enough removed. So what is? Does the kernel have to adhere to the CPUs or Motherboards firmware license, because its using a publically available API just like kernel modules are?
Interesting. Very interesting!
I don't believe that. Companies that make hardware shouldn't be so dogged about protecting their software. I buy a router/etc for the hardware, not for the companies excellent firmware. I don't see why companies should protect their firmware at all, if it's open source, more people will buy their hardware.
Why did they even bother with this silly (if not cunning) trick in the first place? I mean, OK, no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal that it needs to be circumvented?
I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
...lying to the kernel about their license
Insubordination at its worst! Lying to the kernel!
Private Function, get Corporal Punishement on the phone and have them admonished immediatley!
If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.
I'm sure this hans't been done before.
In a similar case, the maker of a game console had copyprotection code which had to be invoked before a game played. Someone who wrote a game, but didn't want to pay licensing fees, invoked the same code becuase it was the only way to get their game to run. They were sued under the Lanham Act. The plaintiffs claimed that their display of their trademark could make someone think that the console manufacturer was the source of the game causing consumer confusion.
The court rightly ruled that the console designer caused the code to display the trademark and that they were responsible for any confusion that resulted.
Putting MODULE_LICENSE("GPL\0... in their code could be viewed by the courts as using a method of operation to accomplish a module load. It is very unlikely that they would view it as a grant of a GP License to someone who received the code.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
It is a problem with the company lying to the kernel
Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.
Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.
Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"
Are you bound to the ELL?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Here's why:
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
The licensing constraints on modules makes you lie about the license your module is under. Consider this:
I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.
Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.
Please correct me if I got my facts wrong.
That would be true if such a declaration was required to function.
However it isn't, you can load code with any license you wish, therefore this is not required for interoperability, and such a defense wouldn't be valid.
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Wine would get to return true as well, if answering true was essential to get the software to work.
Take the case of the gameboy (I think). One of the checks the thing did when loading a game was to look for the Nintendo logo in the header of the game. If it wasn't there, it wouldn't run it. Someone else put the logo in their games to get it to run, Nintendo sued for trademark infringement. Nintendo lost, because they had made it absolutely necessary to include that logo in order for third parties to achieve interoperability with the product. Instead of preventing third parties from developing games (which was what they wanted), they lost control of their trademark to some degree. Not good.
However, this case is different. You don't need to lie to the kernel about your license to achieve interoperability. It'll load the module regardless of what you put in the license string. The only thing the license string does is to signal to the kernel developers that non-free modules are loaded into the kernel. It's been "tainted", and then they can choose to not support problems with tainted kernels.
This isn't lying to the kernel so much as it is lying to the kernel developers.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Ignoring the parent post just because it's trolling is silly -- it offers a good opportunity to clarify the points involved.
Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?
The kernel developers have a tainting system in place because they won't debug kernels that have drivers loaded that are closed-source. It's too hard for them to tell whether that driver might have been responsible, and very difficult for them to fix any problems.
Try seeing how interested Microsoft is with fixing problems in other people's proprietary drivers. It's not all that high.
This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.
WHQL is primarily a mechanism designed to give Microsoft strategic power in the software market. It has little to do with software quality, though it is billed as such (just as DRM is billed as an anti-virus/malware scheme by MS). It is intended to grant them ultimate authority over what software is released for their system -- they have the power to refuse to sign any driver release if they need to do so as a lever, which gives them tremendous power over device manufacturers. This is tremenously more powerful and intrusive than the Linux driver tainting system, which works on an honor system. WHQL ensures only basic functionality is in place -- WHQL testing does not involve audititing code, checking for corner cases, or do any of the things necessary to produce a good, bug-free driver.
May we never see th
Linuxant responds and explains why they did what they did. It was mostly to supress multiple messages when loading multi module drivers rather than some sort of circumvention.
On the otherhand I think everyone's eyes are open to possible malicious use of this and simular tricks.
“Common sense is not so common.” — Voltaire
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
The only reasons you should care are
A)By faking a GPL license to avoid "tainting" the kernel, the company has made your life more difficult. Problems you have with the kernel won't be supported by developers unless you can recreate the problem without any closed-source modules loaded(otherwise the bug is likely in code they can't fix). Since the module is not marked by the kernel as closed source, unless you remember it is months or years down the road, you may forget that you need to unload it.
B)It wastes time the developers could otherwise be using to improve the kernel. Given a kernel dump that claims to be untainted, they could end up spending days hunting down a bug only to discover that it ultimately lies in a module they can't find source for. If the tainting mechanism had been allowed to work properly, the developer would have asked for a resubmission of the bug without any closed-source modules loaded, to ensure the bug is fixable by them, saving themself days of wasted effort.
What you, and a lot of other people seem to not be understanding is that, if this company hadn't faked the "GPL" line, the modules would still have loaded and worked perfectly. The developers aren't trying to keep closed source drivers from running (far from it), they just want to mark a kernel so that if there's a problem with it, they can save time by having a way to immediately identify whether they are capable of debugging it or not. That benefits everyone.
Here is the answer from Linuxant. They claim it wasn't a mistake, just a way to suppress potentially confusing warning messages.
Why do you have a problem with the GPL? It's easy to understand, the GPL boils down to just four words; not sharing is theft. GPL is for developers -- by placing software you write under the GPL, you are ensuring that everybody gets to see the source code. If anyone modifies your work, they have to release the source code too. GPL is also for users -- if you use GPL software, you know that the law will protect your right to share the software with others.
Je fume. Tu fumes. Nous fûmes!
So witholding the data from closed drivers is just lessening the experience/reliability/etc of people who use Linux but who aren't Open Source zealots. That's the aim of the driver interface but it's a stupid one, and as I pointed out it's easy enough to circumvent.
If a kernel oops or panic occurs in a driver, it's important for the kernel developers to quickly know if it's a GPL driver (or a 3rd party binary only driver that they shouldn't even waste their time looking at). Too much noise is generated on LKML for broken binary drivers that just can't be fixed or troubleshooted.
Zealotry has it's hand in that Open Source people really only want to fix Open Source drivers.
Your clever circumvention idea is well known, it will not save you in getting kernel developer support, however.
No.