Kernel Modules that Lie About Their Licenses 587
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
Re:/0 is like a period, it ends the statement. (Score:5, Informative)
\0 is like a period.
Mods, read the whole thing please... (Score:3, Informative)
"...rather than blacklist Black people..." (emphasis added)
Linus was referring to "bad" people. This should be something other than Informative.
Re:Get over it (Score:2, Informative)
Re:Linus' E-mail in case of slashdotting (Score:1, Informative)
Real copy, without troll-ness (Score:1, Informative)
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");
Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.
Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.
Hmm. At least with -sdt=c99 it should be trivial, with something like
#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }
doing the job.
That should make it pretty easy to parse the
Linus
Re:Get over it (Score:5, Informative)
The kernel will happily load any modules you tell it to, binary or not, licensed or not. The reason this tag exists is so the loading of a binary driver will "taint" your kernel. That way when you submit a bug report, the kernel developers know that you had a binary only module loaded.
In that case, they'll ask you to reproduce the produce without the binary module loaded. If the problem doesn't happen, it's the vendor's problem, and not Linux's. And rightly so.
What's wrong with this?
Re:I don't see what the big deal is (Score:3, Informative)
Basically, Linux and friends (in frusteration at trying to troubleshoot non-open-source drivers, where they can't tell what's going on or fix anything) introduced a "tainting" system. Basically, they refuse to handle bug reports or fix anything on a system that has any "tainted" modules loaded.
This tends to increase direct customer dissatisfaction with closed-source drivers.
nonGPL modules (Score:4, Informative)
One way to note this is have each module announce its license to the kernel, and a method exists for this.
I think the intent is clearly to try and fool people into supporting this module, even if that person wishes to avoid supporting non GPL code.
I think this is very underhanded, and going to create significant ill will with some developers.
The system makes you lie (Score:4, Informative)
I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.
Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.
Modules don't need to be GPL (Score:5, Informative)
However it isn't, you can load code with any license you wish, therefore this is not required for interoperability, and such a defense wouldn't be valid.
Re:Good Luck (Score:5, Informative)
Re:What is MODULE_LICENSE? (Score:3, Informative)
http://www.uwsg.iu.edu/hypermail/linux/kernel/0
-Alan
Why bother - driver limited to 14kbps (Score:4, Informative)
From the license [linuxant.com]:
I mean, even RFC 1149 (TCP/IP over Carrier Pigeon) would be better :-)
This is crippleware.
Re:But why? (Score:5, Informative)
For developers _YES_
How many times have you tried to debug the kernel? And how namy times have you done to without access to all the source code? (ie, with modules loaded for which you don't have the source.)
For more info, read LKML archives.
Re:But why? (Score:2, Informative)
Anyway, the tainted message is not even an issue to most-end users if you have your modules auto-loaded and boot into X, you would not see the message. You would only see this if you manually load the module. The installer for this driver could just add an entry to /etc/modules.conf and be done with it. Tainted messages will just get logged, it is not like they pop up on your desktop. This was just a stupid move by this company. It is a shame since their product fills in a need for wireless users that have an unsupported card.
This is a settled question... (Score:5, Informative)
What would Wine get to return?
Wine would get to return true as well, if answering true was essential to get the software to work.
Take the case of the gameboy (I think). One of the checks the thing did when loading a game was to look for the Nintendo logo in the header of the game. If it wasn't there, it wouldn't run it. Someone else put the logo in their games to get it to run, Nintendo sued for trademark infringement. Nintendo lost, because they had made it absolutely necessary to include that logo in order for third parties to achieve interoperability with the product. Instead of preventing third parties from developing games (which was what they wanted), they lost control of their trademark to some degree. Not good.
However, this case is different. You don't need to lie to the kernel about your license to achieve interoperability. It'll load the module regardless of what you put in the license string. The only thing the license string does is to signal to the kernel developers that non-free modules are loaded into the kernel. It's been "tainted", and then they can choose to not support problems with tainted kernels.
This isn't lying to the kernel so much as it is lying to the kernel developers.
Re:Real world vs. fanboy fantasies (Score:5, Informative)
Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?
The kernel developers have a tainting system in place because they won't debug kernels that have drivers loaded that are closed-source. It's too hard for them to tell whether that driver might have been responsible, and very difficult for them to fix any problems.
Try seeing how interested Microsoft is with fixing problems in other people's proprietary drivers. It's not all that high.
This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.
WHQL is primarily a mechanism designed to give Microsoft strategic power in the software market. It has little to do with software quality, though it is billed as such (just as DRM is billed as an anti-virus/malware scheme by MS). It is intended to grant them ultimate authority over what software is released for their system -- they have the power to refuse to sign any driver release if they need to do so as a lever, which gives them tremendous power over device manufacturers. This is tremenously more powerful and intrusive than the Linux driver tainting system, which works on an honor system. WHQL ensures only basic functionality is in place -- WHQL testing does not involve audititing code, checking for corner cases, or do any of the things necessary to produce a good, bug-free driver.
Re:Of course Linus has something to say. (Score:1, Informative)
There, I said it. I'll say it again: Linux is doomed.
I am an incredibly good C programmer. I wrote a driver for my employer's modem software, and I submitted it to the kernel. The "administrators" rejected it because it "might not be free enough." They insisted that I pore over 37 densely-worded pseudo-legalese licences [opensource.org] before submitting it.
Could I use the Vovida Software License? Ooh, and then there's the Motosoto License! Let me get this straight: you have a team of pretend lawyers insisting that such and such is "free enough," and you wonder why nothing's getting done.
Fuck that. I'm going with Microsoft. They know what to do with free software.
Sincerely,
Seth Finklestein
Bitter Developer
Re:But why? (Score:5, Informative)
Linuxant Responds and explains themselves. (Score:5, Informative)
On the otherhand I think everyone's eyes are open to possible malicious use of this and simular tricks.
Patents (Score:2, Informative)
A Winmodem with hardware DSP is simply a modem that uses a DSP to transfer data from modemPC instead of a serial port.
The firmware that the DSP executes cannot be free software because the holders of the patents that cover v.92 modulation are not willing to license their implementation in free software. Therefore, winmodems on Linux must use some kernel-space process to at least initialize the modem.
Re:Good Luck (Score:3, Informative)
Re:Is there a command that lists the licenses? (Score:5, Informative)
Re:Why do i care? (Score:5, Informative)
A)By faking a GPL license to avoid "tainting" the kernel, the company has made your life more difficult. Problems you have with the kernel won't be supported by developers unless you can recreate the problem without any closed-source modules loaded(otherwise the bug is likely in code they can't fix). Since the module is not marked by the kernel as closed source, unless you remember it is months or years down the road, you may forget that you need to unload it.
B)It wastes time the developers could otherwise be using to improve the kernel. Given a kernel dump that claims to be untainted, they could end up spending days hunting down a bug only to discover that it ultimately lies in a module they can't find source for. If the tainting mechanism had been allowed to work properly, the developer would have asked for a resubmission of the bug without any closed-source modules loaded, to ensure the bug is fixable by them, saving themself days of wasted effort.
What you, and a lot of other people seem to not be understanding is that, if this company hadn't faked the "GPL" line, the modules would still have loaded and worked perfectly. The developers aren't trying to keep closed source drivers from running (far from it), they just want to mark a kernel so that if there's a problem with it, they can save time by having a way to immediately identify whether they are capable of debugging it or not. That benefits everyone.
Linuxant's explanation (Score:5, Informative)
Re:Good Luck (Score:5, Informative)
- to "taint" the kernel so that anyone posting an oops to the lkml will get ignored.
- to deny certain interfaces marked as GPL-only to the module.
Re:Of course Linus has something to say. (Score:1, Informative)
Anyways, what license did you want to release it under?
Re:LinuxAnt is really screwed? (Score:3, Informative)
Re:LinuxAnt is really screwed? (Score:5, Informative)
s/modifies/modifies and distributes modified/g (Score:3, Informative)
Re:LinuxAnt is really screwed? (Score:4, Informative)
Re:Good Luck (Score:3, Informative)
It's important to note that Linuxant's stated reason for doing this was to avoid worrying the users with a "loading tainted module" warning on startup. There was not even the attempt at a technical arguement.
Re:/0 is like a period, it ends the statement. (Score:3, Informative)
Re:Thought experiment (Score:5, Informative)
For example, here's one sample of a possible Netscape 2 user agent string:
Mozilla/2.02 [fr] (WinNT; I)
Then Microsoft developed Internet Explorer. IE versions shared similar user agent strings, but this is one for IE4.0:
Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
Now, most open source browsers allow you to copy Internet Explorer and have a user agent such as:
Mozilla/5.0 (compatible; MSIE 5.5; Windows XP) Gecko/whatever
So we have Mozilla/Firefox/etc. which copied Internet Explorer which copied (closed source) Netscape. Clear as mud!
Re:Original purpose wasn't to deny, but to allow (Score:3, Informative)
With a tainted kernel, developers immediately know that the scope of the problem will quite likely be outside their ability to figure out, and can request a reproduction without a binary module loaded. If it can't be reproduced, contact the binary module provider for support...