Kernel Modules that Lie About Their Licenses 587
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
Re:/0 is like a period, it ends the statement. (Score:2, Interesting)
Are they really 'lying'? (Score:5, Interesting)
Personally, I dont use linux and as such, this doesnt directly affect me. But still, it raises interesting questions about how far removed code has to be to be able to be licensed differently. The kernel module API is a publically available API, and Linus does not consider this to be far enough removed. So what is? Does the kernel have to adhere to the CPUs or Motherboards firmware license, because its using a publically available API just like kernel modules are?
Interesting. Very interesting!
Re:Get over it (Score:3, Interesting)
Can't get over it (Score:5, Interesting)
Why are they doing this? (Score:1, Interesting)
I assume it's to allow them to access some 'GPL only' functionality.
This reminds me of the court case where a console game maker was allowed by the court to insert some copyrighted text because it was the only way to make a game that would work.
Is there any similarity, lawyers of
Now I'm waiting until the
I don't see what the big deal is (Score:1, Interesting)
Could someone explain to me why this is an issue? The web page where you download the drivers reads:
Most files in this package are released under terms described in the LICENSE file. Some distinct components, located in the modules/GPL directory however are covered by the GNU General Public License. See the files LICENSE and modules/GPL/COPYING for details.
It doesn't sound like they're trying to hide anything ("LICENSE" above is linked to their license) yet everyone is running around claiming evil intent. What would they gain by this ruse, if it was intentional? Has anyone contacted the company directly to get their take on it?
Re:Can't get over it (Score:4, Interesting)
Give more credit than that.
I realize they won't work, but firmware should not be a core component of a hardware company, they should work on their hardware first, and not consider firmware a company-breaking secret technology.
For instance, open firmware makes this possible [techtv.com].
Re:Poor processes (Score:3, Interesting)
It's true when it comes to closed products (like DVD players). But not when it comes to drivers that the kernel can actively choose to load or reject.
All it takes is a community-moderated database of drivers and their GPL-conformancy status. A non-conformant driver would be rejected by the kernel. Its authors would have to release the source code and have this vetted.
Something like the GPL equivalent of trusted computing.
Good Luck (Score:5, Interesting)
The court rightly ruled that the console designer caused the code to display the trademark and that they were responsible for any confusion that resulted.
Putting MODULE_LICENSE("GPL\0... in their code could be viewed by the courts as using a method of operation to accomplish a module load. It is very unlikely that they would view it as a grant of a GP License to someone who received the code.
Trusting the data???? (Score:2, Interesting)
Re:Get over it (Score:5, Interesting)
To be clear, this is just as much a choice of the manufacturer who decides to put sufficient amount of the driver into software such that the device has to be certified as a "hardware and software" combination, not just "hardware" itself.
I have participated in ETSI conformance testing: when you test the product against a known hardware and software combination, you are _held_ to that known hardware and software combination. If you alter the software (e.g. a new build), you need to recertify.
This is entirely fair IMHO, otherwise a dodgy bug in the new version of the software causes RF splatter and destroys the spectrum.
The issue here for the open source community is to either (a) convince the manufactures to put it all into hardware/firmware so that software is not part of the certification, or (b) separately certify the linux driver with the hardware.
Re:Good Luck (Score:5, Interesting)
Now I kind of like that justice, but that's because I happen to fucking hate winmodems even more than I hate closed drivers. It's still a pretty good reason, though, to have your driver lie to the kernel. Maybe, just maybe, you're sure your driver is ok, and don't want its closed-ness to get in the way of people getting bug reports for completely different parts of the kernel.
Re:I don't see what the big deal is (Score:3, Interesting)
They are releasing a non-GPL module with a small GPL wrapper and there is nothing wrong with that. That is what NVIDIA does. However, in the source code for the GPLed wrapper, they are marking their binary only driver as GPLed software. They include \0 in their license string and pass that to the Linux kernel. The \0 in C terminates a string, so the Linux kernel only sees the part of the string that comes before the \0, which in this case is only "GPL". So basically the Linux kernel loads up the module thinking it is GPLed which is not good for the types of users I explained above and I would think it could have some legal issues. How do you think MS would react if I wrote software that played around with their license or lied to their subsystems? I bet they would have a flock of lawyers on me in a heart beat.
Again, it is no big deal that the module is not GPLed. There are a bunch of binary only drivers/modules for the Linux kernel. I use some of them like the NVIDIA drivers. The issue is that this company is lying about their software license.
Re:Lying should be OK... (Score:2, Interesting)
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
I'm not convinced...
Wine could reply false, and if $MS_PRODUCT failed to work for that reason then there would be some nice material for anti-trust litigation.
You could argue that the failure to work could be more subtle, like performing some operations more slowly, but as we have the ability to change the value returned to areYouReallyMicrosoftWindows(), we could figure out if it was affecting the programs operation.
Re:Binary modules, licensing, and module strings (Score:4, Interesting)
It's a moot point; a proprietary module that uses GPL symbols is an unauthorized derivative.
But how can some symbols be GPL and some not, considering that, as it stands, the entirety of the core kernel code is licensed under the GPL, and the GPL does not allow exceptions to that licensing? Im not trying to flame, its just not that clear to me! :)
Re:hypocrites (Score:2, Interesting)
Re:Why do i care? (Score:1, Interesting)
You know why windows 98 was buggy as hell? Crappy proprietary drivers. NVidia's drivers always crash with a kernel panic on my machine, so I can't use any advanced capabilities of the card under Linux.
Let's face it, proprietary drivers are crap. Companies are lazy and don't care if their code is bugy as long as it works for 80% of the people. That's why Microsoft now wants to sign drivers.
But all this is somewhat off topic
Re:Why do i care? (Score:3, Interesting)
Seriously, why do I care about this at all?
The alternative seems to be no driver, and the kernel becomes a useless lump of code. We cant demand that companies that produce hardware support anything they don't want too, be happy they at least give us closed drivers... 5 years ago they didnt even do that, unless it was for a Microsoft kernel.
Some of us would rather support open drivers than closed drivers. When I buy hardware, I try to buy hardware with open drivers. Why? Because it directly affects me.
Case in point: Lets say I buy a Promise SX4000 RAID5 card. It has "linux drivers". However, by linux drivers, it means that it has precompiled drivers that only work for certain kernels. Congratulations, my upgrade path is restricted.
Now lets say I buy a RAID5 card with open drivers. My upgrade path is no longer restricted.
It's UNLAWFUL to make open-source drivers (Score:2, Interesting)
It's unlawful to make a Free driver for some devices. For instance, v.92 modulation used in POTS modems is covered by patents whose holders are not willing to license their implementation in free software. Not all modems store their firmware in a flash chip on the device itself, instead relying on the driver to upload firmware after every cold boot. A Free driver distributed in developed countries would have to restrict itself to 20-year-old modulations, none of which are sufficient to connect to any popular dial-up Internet service provider.
Linuxant's Response to this matter! (Score:2, Interesting)
Re:/0 is like a period, it ends the statement. (Score:5, Interesting)
Re:Linuxant Responds and explains themselves. (Score:3, Interesting)
Frankly, I still don't see why they should have bothered. Anyone who's gotten over the bar enough to know how to load and use their drivers should have read in their documentation that the many repetitive warnings were benign. They say:
Who are these "average persons" they talk about here I wonder, who have the know-how to manually load binary kernel modules and at the same time do so without reading the instructions that came along with it carefully? A newbie would be intimidated by the whole process and try to read the docs as carefully as possible before trying it, so it can't be them... They should have written a FAQ and clean documentation about this issue, instead of lying to Linus and his merry band of kernel hackers.
Re:Thought experiment (Score:2, Interesting)
In regards to being a hypocrite; changing the ID of a browser to IE and surfing the web does not make one a hypocrite in this case. However, if someone complained to a humble Web Admin about a bug/feature while their bowser ID was set to something other than the original ID is a hypocrite.
Re:/0 is like a period, it ends the statement. (Score:2, Interesting)
If all we're talking about is API calls, what makes some API calls okay, while others are "dirivitive works?" If any API call can be considered a dirivitive work, than couldn't you say that all API calls could be considered "dirivitive works?"
Re:/0 is like a period, it ends the statement. (Score:3, Interesting)
Since they're accessing "GPL data structures" solely for the purpose of interoperability between their driver and the kernel, wouldn't that be allowed under the DMCA interoperability clause, and thus, by Congressional intent, not be a violation of copyright (as Congress presumably by including the interoperability clause in the DMCA assumed it and intended it, either not to contravene or to override, any other statute, e.g., Title 17)?
If the driver isn't violating the linux kernel copyright, then no license is required, and so no strictures of that license, e.g. release of code under the GPL, are in force.
But IANAL, so if I'm missing something, enlighten me.
Original purpose wasn't to deny, but to allow (Score:3, Interesting)
In fact, the reverse is true. Many device vendors were hesitant to release drivers for Linux because of the binary linkage created when the driver gets loaded. Under a strict interpretation of the GPL, that would consitute enough of a linkage to make the drivers a derivative work.
Some vendors did not want their drivers to automatically fall under the GPL just because of dynamic loading.
The GPL flag was created to let non-GPL drivers clearly indicate that they were not derivatives and would not be GPL-licensed.
This is an example of a vendor that wants to eat its cake and have it too.
WRONG: It's about support.... (Score:5, Interesting)
If a kernel oops or panic occurs in a driver, it's important for the kernel developers to quickly know if it's a GPL driver (or a 3rd party binary only driver that they shouldn't even waste their time looking at). Too much noise is generated on LKML for broken binary drivers that just can't be fixed or troubleshooted.
Zealotry has it's hand in that Open Source people really only want to fix Open Source drivers.
Your clever circumvention idea is well known, it will not save you in getting kernel developer support, however.
A (Sort-of) User Perspective (Score:2, Interesting)
You see, these drivers are almost worthless. They make the kernel unstable when loaded. They create an OOM error with pci hotplugging. I've had to reboot 5+ times in one day.
The only way I was able to track it to the drivers was by blacklisting the mods with hotplug and reading log messages.
Now, they may or may not crash on all systems, but I personally was close to filing bug reports complete with dumps. If it's true that this change doesn't show up in the dumps, the kernel developers would be busy tracking down bugs that weren't a result of their code.
How much time do you think would have been wasted on these reports (assuming that I am not alone in having kernel panics from these drivers?)
As for the whole "the tainted messages were confusing the customer" schtick: There are about 6 different modules that get loaded, so there would be 6 different tainted messages (which can be spooky...) but I can't even remember the last time I saw a "tainted kernel" message. Nowadays, most modules are being loaded in the background with any messages going to a log somewhere on the system. Besides, a one line explanation would be enough to not bother the user ("It's for kernel developers. You don't need to worry about it." or "It's to help people fix your computer if something goes horribly wrong."
Blacklisting is extreme (Score:4, Interesting)
FWIW IMHO the string ends at the \0 I don't care what garbage in memory exists after this, this is not a subtle issue or grey area, \0 ends the string, subsequent information is irrelevant.
But back to my subject, blacklisting is a bit heavy handed. Hmm... we have a company that provides drivers for Linux, yup they're proprietary winmodem drivers but they're there. To *suppress warnings* they have unfortunately chosen to prematurely end their string with a \0, that's really nasty and foolish but blacklisting them as a company from installing kernel modules is way frikin OTT.
How does this help joe public get his winmodem working?
How does this encourage any corporation from releasing proprietary drivers for in Linux? (Which are better than no drivers IMHO)
There are other drivers (particularly audio and graphics) that use proprietary code implemented by private companies and these are used every day by many thousands of Linux users.