Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Programming Software Linux Hardware IT Technology

Kernel Modules that Lie About Their Licenses 587

Posted by CmdrTaco
from the why-can't-we-just-get-along dept.
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
This discussion has been archived. No new comments can be posted.

Kernel Modules that Lie About Their Licenses

Comments Filter:
  • by Rhys (96510) on Tuesday April 27, 2004 @11:08AM (#8985053) Homepage
    /0 is like a divide-by-zero error, actually.

    \0 is like a period.
  • by Ratcrow (181400) on Tuesday April 27, 2004 @11:10AM (#8985073) Homepage
    You'll notice that this AC has put the following words into Linus' mouth:

    "...rather than blacklist Black people..." (emphasis added)

    Linus was referring to "bad" people. This should be something other than Informative.
  • Re:Get over it (Score:2, Informative)

    by Zweistein_42 (753978) * on Tuesday April 27, 2004 @11:11AM (#8985101) Homepage
    >>the linux kernel developers need to get over their fanaticism about open-source drivers. I thought the problem here is of a non-GPL driver *claiming* to be GPL? Any other crusade developers may or may not have is mostly irrelevant in this particular case.
  • by Anonymous Coward on Tuesday April 27, 2004 @11:16AM (#8985163)
    On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote: > > LinuxAnt offers binary only modules without any sources. To circumvent our > MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration: > > MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only > LICENSE file applies"); Hey, that is interesting in itself, since playing the above kinds of games makes it pretty clear to everybody that any infringement was done wilfully. They should be talking to their lawyers about things like that. Anyway, I suspect that rather than blacklist bad people, I'd much prefer to have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a "sizeof(xxxx)" thing or something. Hmm. At least with -sdt=c99 it should be trivial, with something like #define __MODULE_INFO(tag, name, info) \ static struct { int len; const char value[] } \ __module_cat(name,__LINE__) __attribute_used__ \ __attribute__((section(".modinfo"),unused)) = \ { sizeof(__stringify(tag) "=" info), \ __stringify(tag) "=" info } doing the job. That should make it pretty easy to parse the .modinfo section too. Linus
  • by Anonymous Coward on Tuesday April 27, 2004 @11:24AM (#8985272)
    On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
    >
    > LinuxAnt offers binary only modules without any sources. To circumvent our
    > MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
    >
    > MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
    > LICENSE file applies");

    Hey, that is interesting in itself, since playing the above kinds of games
    makes it pretty clear to everybody that any infringement was done
    wilfully. They should be talking to their lawyers about things like that.

    Anyway, I suspect that rather than blacklist bad people, I'd much prefer
    to have the module tags be done as counted strings instead. It should be
    easy enough to do by just having the macro prepend a "sizeof(xxxx)"
    thing or something.

    Hmm. At least with -sdt=c99 it should be trivial, with something like

    #define __MODULE_INFO(tag, name, info) \
    static struct { int len; const char value[] } \
    __module_cat(name,__LINE__) __attribute_used__ \
    __attribute__((section(".modinfo"),unused)) = \
    { sizeof(__stringify(tag) "=" info), \
    __stringify(tag) "=" info }

    doing the job.

    That should make it pretty easy to parse the .modinfo section too.

    Linus
  • Re:Get over it (Score:5, Informative)

    by srwalter (39999) * on Tuesday April 27, 2004 @11:28AM (#8985309) Homepage Journal
    This isn't about fanaticism. This is about the overworked lkml guys not supporting binary drivers for the companies.

    The kernel will happily load any modules you tell it to, binary or not, licensed or not. The reason this tag exists is so the loading of a binary driver will "taint" your kernel. That way when you submit a bug report, the kernel developers know that you had a binary only module loaded.

    In that case, they'll ask you to reproduce the produce without the binary module loaded. If the problem doesn't happen, it's the vendor's problem, and not Linux's. And rightly so.

    What's wrong with this?
  • by 0x0d0a (568518) on Tuesday April 27, 2004 @11:28AM (#8985316) Journal
    You'd have to read the list for exact details of what's irritating the people specifically, but here's a link [iu.edu].

    Basically, Linux and friends (in frusteration at trying to troubleshoot non-open-source drivers, where they can't tell what's going on or fix anything) introduced a "tainting" system. Basically, they refuse to handle bug reports or fix anything on a system that has any "tainted" modules loaded.

    This tends to increase direct customer dissatisfaction with closed-source drivers.
  • nonGPL modules (Score:4, Informative)

    by nuggz (69912) on Tuesday April 27, 2004 @11:29AM (#8985321) Homepage
    One of the issues with closed source kernel modules is that some developers don't want to waste time debugging them. Since they aren't GPL, and there is no source, they feel their time can be better utilized in other places.

    One way to note this is have each module announce its license to the kernel, and a method exists for this.

    I think the intent is clearly to try and fool people into supporting this module, even if that person wishes to avoid supporting non GPL code.

    I think this is very underhanded, and going to create significant ill will with some developers.
  • by RAMMS+EIN (578166) on Tuesday April 27, 2004 @11:30AM (#8985337) Homepage Journal
    The licensing constraints on modules makes you lie about the license your module is under. Consider this:

    I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.

    Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.
  • by nuggz (69912) on Tuesday April 27, 2004 @11:34AM (#8985392) Homepage
    That would be true if such a declaration was required to function.
    However it isn't, you can load code with any license you wish, therefore this is not required for interoperability, and such a defense wouldn't be valid.
  • Re:Good Luck (Score:5, Informative)

    by gmack (197796) <gmack&innerfire,net> on Tuesday April 27, 2004 @11:35AM (#8985404) Homepage Journal
    Putting MODULE_LICENSE("GPL") is not requred to make the module load. All it does is enable access to a small amount of GPL only helpers and keep crash reports from flagging the system as "tainted".

  • by alanwj (242317) on Tuesday April 27, 2004 @11:35AM (#8985411)
    I found this link elsewhere in the discussion, which answers my question.

    http://www.uwsg.iu.edu/hypermail/linux/kernel/01 10 .1/1048.html

    -Alan
  • by tomhudson (43916) < ... <nosduh.arabrab>> on Tuesday April 27, 2004 @11:39AM (#8985458) Journal
    The free version of the driver is limited to 14k, even with a 56k modem, so why would you bother?

    From the license [linuxant.com]:

    7. Performance. V.92 modems are designed to be capable of receiving data at up to 56Kbps with compatible phone line and server equipment, and transmitting data at up to 31.2Kbps. V.90 modems are designed to be capable of receiving data at up to 56 Kbps from a compatible service provider and transmitting data at up to about 28.8 Kbps. Public networks currently limit download speeds to about 53Kbps.
    The free version of the drivers is limited to 14.4Kbps. Actual speeds vary and are often less than the maximum possible.

    I mean, even RFC 1149 (TCP/IP over Carrier Pigeon) would be better :-)

    This is crippleware.

  • Re:But why? (Score:5, Informative)

    by MartinG (52587) on Tuesday April 27, 2004 @11:41AM (#8985488) Homepage Journal
    no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal

    For developers _YES_

    How many times have you tried to debug the kernel? And how namy times have you done to without access to all the source code? (ie, with modules loaded for which you don't have the source.)

    For more info, read LKML archives.
  • Re:But why? (Score:2, Informative)

    by AstroDrabb (534369) * on Tuesday April 27, 2004 @11:45AM (#8985550)
    And why did no moderators mod this parent up? You guys/girl(s?) mod up unreleated, completley false posts and let this one sit unmoderated?

    Anyway, the tainted message is not even an issue to most-end users if you have your modules auto-loaded and boot into X, you would not see the message. You would only see this if you manually load the module. The installer for this driver could just add an entry to /etc/modules.conf and be done with it. Tainted messages will just get logged, it is not like they pop up on your desktop. This was just a stupid move by this company. It is a shame since their product fills in a need for wireless users that have an unsupported card.

  • by Otto (17870) on Tuesday April 27, 2004 @11:54AM (#8985669) Homepage Journal
    If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...

    What would Wine get to return?


    Wine would get to return true as well, if answering true was essential to get the software to work.

    Take the case of the gameboy (I think). One of the checks the thing did when loading a game was to look for the Nintendo logo in the header of the game. If it wasn't there, it wouldn't run it. Someone else put the logo in their games to get it to run, Nintendo sued for trademark infringement. Nintendo lost, because they had made it absolutely necessary to include that logo in order for third parties to achieve interoperability with the product. Instead of preventing third parties from developing games (which was what they wanted), they lost control of their trademark to some degree. Not good.

    However, this case is different. You don't need to lie to the kernel about your license to achieve interoperability. It'll load the module regardless of what you put in the license string. The only thing the license string does is to signal to the kernel developers that non-free modules are loaded into the kernel. It's been "tainted", and then they can choose to not support problems with tainted kernels.

    This isn't lying to the kernel so much as it is lying to the kernel developers.
  • by 0x0d0a (568518) on Tuesday April 27, 2004 @11:59AM (#8985739) Journal
    Ignoring the parent post just because it's trolling is silly -- it offers a good opportunity to clarify the points involved.

    Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?

    The kernel developers have a tainting system in place because they won't debug kernels that have drivers loaded that are closed-source. It's too hard for them to tell whether that driver might have been responsible, and very difficult for them to fix any problems.

    Try seeing how interested Microsoft is with fixing problems in other people's proprietary drivers. It's not all that high.

    This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.

    WHQL is primarily a mechanism designed to give Microsoft strategic power in the software market. It has little to do with software quality, though it is billed as such (just as DRM is billed as an anti-virus/malware scheme by MS). It is intended to grant them ultimate authority over what software is released for their system -- they have the power to refuse to sign any driver release if they need to do so as a lever, which gives them tremendous power over device manufacturers. This is tremenously more powerful and intrusive than the Linux driver tainting system, which works on an honor system. WHQL ensures only basic functionality is in place -- WHQL testing does not involve audititing code, checking for corner cases, or do any of the things necessary to produce a good, bug-free driver.
  • by Seth Finklestein (582901) on Tuesday April 27, 2004 @12:02PM (#8985777) Journal
    Linux is doomed.

    There, I said it. I'll say it again: Linux is doomed.

    I am an incredibly good C programmer. I wrote a driver for my employer's modem software, and I submitted it to the kernel. The "administrators" rejected it because it "might not be free enough." They insisted that I pore over 37 densely-worded pseudo-legalese licences [opensource.org] before submitting it.

    Could I use the Vovida Software License? Ooh, and then there's the Motosoto License! Let me get this straight: you have a team of pretend lawyers insisting that such and such is "free enough," and you wonder why nothing's getting done.

    Fuck that. I'm going with Microsoft. They know what to do with free software.

    Sincerely,
    Seth Finklestein
    Bitter Developer
  • Re:But why? (Score:5, Informative)

    by blackcat++ (168398) on Tuesday April 27, 2004 @12:15PM (#8985977)
    LinuxAnt have responded [theaimsgroup.com].
  • by OrangeTide (124937) on Tuesday April 27, 2004 @12:19PM (#8986038) Homepage Journal
    Linuxant responds [theaimsgroup.com] and explains why they did what they did. It was mostly to supress multiple messages when loading multi module drivers rather than some sort of circumvention.

    On the otherhand I think everyone's eyes are open to possible malicious use of this and simular tricks.
  • Patents (Score:2, Informative)

    by tepples (727027) * <tepples@[ ]il.com ['gma' in gap]> on Tuesday April 27, 2004 @12:25PM (#8986124) Homepage Journal

    A Winmodem with hardware DSP is simply a modem that uses a DSP to transfer data from modemPC instead of a serial port.

    The firmware that the DSP executes cannot be free software because the holders of the patents that cover v.92 modulation are not willing to license their implementation in free software. Therefore, winmodems on Linux must use some kernel-space process to at least initialize the modem.

  • Re:Good Luck (Score:3, Informative)

    by AstroDrabb (534369) * on Tuesday April 27, 2004 @12:25PM (#8986125)
    While Linux kernel developers most likely will not handle a bug report because of a tainted module, they will if the bug is reproduceable without that module. If the bug is in the module, why in the world would someone who is not responsible and cannot get the source code try to fix it. For example, I am a programmerm, if I write an app that causes problems under MS windows, do you think MS will fix and debug it for me when they cannot get the source code? Now, if my application triggered a bug in MS Windows, I am sure MS will fix the bug on their side, just as Linux kernel developers will fix the bug on their side if a binary only module happens to trigger a bug that is in the Linux source code. However, if some bug only ever happens with some binary only module, the problem probably is in that binary only module.
  • by AstroDrabb (534369) * on Tuesday April 27, 2004 @12:45PM (#8986377)
    Yes, the command is modinfo. For example, here is what I get from the command: modinfo ext3
    $ modinfo ext3
    filename: /lib/modules/2.4.9-e.38smp/kernel/fs/ext3/ext3.o
    description: "Second Extended Filesystem with journaling extensions"
    author: "Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others"
    license: "GPL"
    parm: do_sync_supers int, description "Write superblocks synchronously"
    If you want to just see the license, you can pass the -l (that is a lower case L) option such as: modinfo -l ext3
    $ modinfo -l ext3
    "GPL"
    While I do not have the dirver from Linuxant, their module would in fact show up to an end user as "GPL". I would think this could be a legal issue for Linuxant, since they are lying to end users of their product about the license.
  • Re:Why do i care? (Score:5, Informative)

    by Senjutsu (614542) on Tuesday April 27, 2004 @12:58PM (#8986544)
    The only reasons you should care are

    A)By faking a GPL license to avoid "tainting" the kernel, the company has made your life more difficult. Problems you have with the kernel won't be supported by developers unless you can recreate the problem without any closed-source modules loaded(otherwise the bug is likely in code they can't fix). Since the module is not marked by the kernel as closed source, unless you remember it is months or years down the road, you may forget that you need to unload it.

    B)It wastes time the developers could otherwise be using to improve the kernel. Given a kernel dump that claims to be untainted, they could end up spending days hunting down a bug only to discover that it ultimately lies in a module they can't find source for. If the tainting mechanism had been allowed to work properly, the developer would have asked for a resubmission of the bug without any closed-source modules loaded, to ensure the bug is fixable by them, saving themself days of wasted effort.

    What you, and a lot of other people seem to not be understanding is that, if this company hadn't faked the "GPL" line, the modules would still have loaded and worked perfectly. The developers aren't trying to keep closed source drivers from running (far from it), they just want to mark a kernel so that if there's a problem with it, they can save time by having a way to immediately identify whether they are capable of debugging it or not. That benefits everyone.
  • by zarr (724629) on Tuesday April 27, 2004 @01:09PM (#8986677)
    Here [theaimsgroup.com] is the answer from Linuxant. They claim it wasn't a mistake, just a way to suppress potentially confusing warning messages.
  • Re:Good Luck (Score:5, Informative)

    by Royster (16042) on Tuesday April 27, 2004 @01:10PM (#8986691) Homepage
    The main purposes of the Module string are twofold:

    - to "taint" the kernel so that anyone posting an oops to the lkml will get ignored.

    - to deny certain interfaces marked as GPL-only to the module.
  • by Anonymous Coward on Tuesday April 27, 2004 @01:30PM (#8986892)
    They aren't going to put code that isn't compatible with the GPL into the kernel. If they did they would have to restrict how they distribute the kernel. The licenses they have on that page are all OSI approved.

    Anyways, what license did you want to release it under?
  • by OneEyedApe (610059) <Simianthing@yahoo.com> on Tuesday April 27, 2004 @02:02PM (#8987368)
    The only people who really need to worry about the GPL are distributers and developers (and their lawyers) who are modifying or using GPL code. Unless I have completely misread the GPL, users who just install software and use it do not need to worry.
  • by ajs318 (655362) <sd_resp2@eaRASPrthshod.co.uk minus berry> on Tuesday April 27, 2004 @02:02PM (#8987371)
    Why do you have a problem with the GPL? It's easy to understand, the GPL boils down to just four words; not sharing is theft. GPL is for developers -- by placing software you write under the GPL, you are ensuring that everybody gets to see the source code. If anyone modifies your work, they have to release the source code too. GPL is also for users -- if you use GPL software, you know that the law will protect your right to share the software with others.
  • by hummassa (157160) on Tuesday April 27, 2004 @02:09PM (#8987535) Homepage Journal
    Don't forget.
  • by shadow303 (446306) on Tuesday April 27, 2004 @02:18PM (#8987696)
    There is no requirement for you to distribute your changes to GPL code. The requirement is that *if* you distribute it in a binary form, you must provide the source code.
  • Re:Good Luck (Score:3, Informative)

    by gmack (197796) <gmack&innerfire,net> on Tuesday April 27, 2004 @02:19PM (#8987708) Homepage Journal
    Not really.. at the moment all your prevented from doing is preforming deep magic with the system internals.

    It's important to note that Linuxant's stated reason for doing this was to avoid worrying the users with a "loading tainted module" warning on startup. There was not even the attempt at a technical arguement.
  • by iabervon (1971) on Tuesday April 27, 2004 @02:57PM (#8988376) Homepage Journal
    Actually, the module doesn't require access to any GPL-only operations or structures. As far as anyone can tell, they just don't want the kernel to report that a non-GPL module has been loaded, because this situation makes kernel developers rightly unwilling to help people with problems (because they have no idea what the non-GPL modules are doing). If they were actually using restricted interfaces, it would be a clear case of copyright infringement, as those interfaces are identified as the ones which make using code a derived work of the kernel. As it is, it is a much less clearly defined issue.
  • by nacturation (646836) <`moc.liamg' `ta' `noitarutcan'> on Tuesday April 27, 2004 @03:08PM (#8988580) Journal
    Yes, IE adoped Netscape's convention of using "Mozilla/..." user agent, and added the "... (compatible; IE4...)" or similar tag. Note that Mozilla was the development name for the closed source Netscape browser way back in the browser war years when Netscape was the most popular browser around and the current Mozilla browser wouldn't even be an idea for another four or five years. So the current open sourced Mozilla browser allows users to copy the IE convention of decribing itself as a version of Internet Explorer, compatible with closed source Netscape, and then tacks its own information onto the end.

    For example, here's one sample of a possible Netscape 2 user agent string:

    Mozilla/2.02 [fr] (WinNT; I)

    Then Microsoft developed Internet Explorer. IE versions shared similar user agent strings, but this is one for IE4.0:

    Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)

    Now, most open source browsers allow you to copy Internet Explorer and have a user agent such as:

    Mozilla/5.0 (compatible; MSIE 5.5; Windows XP) Gecko/whatever

    So we have Mozilla/Firefox/etc. which copied Internet Explorer which copied (closed source) Netscape. Clear as mud!
  • by Junta (36770) on Tuesday April 27, 2004 @03:34PM (#8989010)
    Actually, it was because people had more and more binary modules with problems that resulted in kernel panics and the like, and would ask about a panic in a mailing list. Before, it would take someone's time to dig around and trace it down, and get more config info before realizing that there was a vendor's proprietary code causing the problem. They then get aggravated they wasted their time chasing a problem they aren't responsible for and can't fix.

    With a tainted kernel, developers immediately know that the scope of the problem will quite likely be outside their ability to figure out, and can request a reproduction without a binary module loaded. If it can't be reproduced, contact the binary module provider for support...

"No job too big; no fee too big!" -- Dr. Peter Venkman, "Ghost-busters"

Working...