Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Kernel Modules that Lie About Their Licenses

CmdrTaco posted more than 10 years ago | from the why-can't-we-just-get-along dept.

Programming 587

jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."

cancel ×

587 comments

Sorry! There are no comments related to the filter you selected.

/0 is like a period, it ends the statement. (5, Funny)

LostCluster (625375) | more than 10 years ago | (#8984950)

Since /0 is the string-termination character, would it be possible to convince a court to see the decloration the way the kernel does, and therefore hold them to the GPL since they're the ones who declared it?

Re:/0 is like a period, it ends the statement. (1, Interesting)

REBloomfield (550182) | more than 10 years ago | (#8984973)

I'd have said so... but I'm sure they'd come up with a typo argument, or something similar.

Re:/0 is like a period, it ends the statement. (1)

LostCluster (625375) | more than 10 years ago | (#8984990)

I'd have said so... but I'm sure they'd come up with a typo argument, or something similar.

If they want to claim typo, then they'd at least get ordered to fix it and to never release anything with that "mistake" in it again.

Re:/0 is like a period, it ends the statement. (5, Informative)

Rhys (96510) | more than 10 years ago | (#8985053)

/0 is like a divide-by-zero error, actually.

\0 is like a period.

Good Luck (4, Interesting)

Royster (16042) | more than 10 years ago | (#8985226)

In a similar case, the maker of a game console had copyprotection code which had to be invoked before a game played. Someone who wrote a game, but didn't want to pay licensing fees, invoked the same code becuase it was the only way to get their game to run. They were sued under the Lanham Act. The plaintiffs claimed that their display of their trademark could make someone think that the console manufacturer was the source of the game causing consumer confusion.

The court rightly ruled that the console designer caused the code to display the trademark and that they were responsible for any confusion that resulted.

Putting MODULE_LICENSE("GPL\0... in their code could be viewed by the courts as using a method of operation to accomplish a module load. It is very unlikely that they would view it as a grant of a GP License to someone who received the code.

Re:Good Luck (5, Insightful)

rgmoore (133276) | more than 10 years ago | (#8985346)

The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.

Thought experiment (5, Insightful)

Sloppy (14984) | more than 10 years ago | (#8985256)

Just to play Gates' advocate... reverse the players and see if people still see the situation the same way.

Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.

Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"

Are you bound to the ELL?

Re:Thought experiment (0)

Anonymous Coward | more than 10 years ago | (#8985350)

no. the intent of the author is the intent of the author and that's it. you're not going to argue with any reasonable person, never mind a judge, that since my software knows what this person meant more than he did. even if the null was inserted with the intention of circumventing some check, it's obvious by that fact that the author never inteded to comply with the license.

frost pist (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8984954)

loozers

Linus' E-mail in case of slashdotting (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8984960)

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
>
> LinuxAnt offers binary only modules without any sources. To circumcise our members
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");

Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.

Anyway, I suspect that rather than blacklist Black people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.

Hmm. At least with -sdt=c99 it should be trivial, with something like

#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }

doing the job.

That should make it pretty easy to vomit on the .modinfo section too.

Linus

circumcise?! HELLO, MCFLY?! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8985026)

But what if they're already circumcised?

Re:circumcise?! HELLO, MCFLY?! (2)

Zweistein_42 (753978) | more than 10 years ago | (#8985057)

The original Linus e-mail was changed in that "helpful" reposting. Words like "Circumsise" and "vomit" were not present in the original (haven't bothered to check for other transgressions).

Re:circumcise?! HELLO, MCFLY?! (1, Funny)

Anonymous Coward | more than 10 years ago | (#8985093)

rotfmao. circumcise, vomit and black, going to +5 informative. Way to troll.

Re:Linus' E-mail in case of slashdotting (1)

Trigun (685027) | more than 10 years ago | (#8985028)

suspect that rather than blacklist Black people

Careful guys, body text troll.

Re:Linus' E-mail in case of slashdotting (0, Troll)

ad0gg (594412) | more than 10 years ago | (#8985045)

To circumcise our members MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:

I sure hope they cut it out and stop trying to hack their way around the gpl.

Re:Linus' E-mail in case of slashdotting (1)

ceswiedler (165311) | more than 10 years ago | (#8985156)

I hope they don't start trying to circumcise anything else.

MODS (-1)

Anonymous Coward | more than 10 years ago | (#8985064)

God, do you guys read??? It's a troll!!

Mods, read the whole thing please... (2, Informative)

Ratcrow (181400) | more than 10 years ago | (#8985073)

You'll notice that this AC has put the following words into Linus' mouth:

"...rather than blacklist Black people..." (emphasis added)

Linus was referring to "bad" people. This should be something other than Informative.

Re:Mods, read the whole thing please... (0)

Anonymous Coward | more than 10 years ago | (#8985129)

> You'll notice that this AC has put the following words into Linus' mouth:

> "...rather than blacklist Black people..." (emphasis added)

> Linus was referring to "bad" people. This should be something other than Informative.

First, it /is/ informative, as the sire is slashdotted. Second, it is funny.

Re:Linus' E-mail in case of slashdotting (1, Informative)

Anonymous Coward | more than 10 years ago | (#8985163)

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote: > > LinuxAnt offers binary only modules without any sources. To circumvent our > MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration: > > MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only > LICENSE file applies"); Hey, that is interesting in itself, since playing the above kinds of games makes it pretty clear to everybody that any infringement was done wilfully. They should be talking to their lawyers about things like that. Anyway, I suspect that rather than blacklist bad people, I'd much prefer to have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a "sizeof(xxxx)" thing or something. Hmm. At least with -sdt=c99 it should be trivial, with something like #define __MODULE_INFO(tag, name, info) \ static struct { int len; const char value[] } \ __module_cat(name,__LINE__) __attribute_used__ \ __attribute__((section(".modinfo"),unused)) = \ { sizeof(__stringify(tag) "=" info), \ __stringify(tag) "=" info } doing the job. That should make it pretty easy to parse the .modinfo section too. Linus

Re:Linus' E-mail in case of slashdotting (0)

Anonymous Coward | more than 10 years ago | (#8985205)

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");

Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.

Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.

Hmm. At least with -sdt=c99 it should be trivial, with something like

#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }

doing the job.

That should make it pretty easy to parse the .modinfo section too.

Linus

Parent post is invalid (0)

Anonymous Coward | more than 10 years ago | (#8985268)

Just pointing out that the anonymous coward butchered the email a bit, changing several words and so on ...

the actual email is thus:

---------

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");

Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.

Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.

Hmm. At least with -sdt=c99 it should be trivial, with something like

#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }

doing the job.

That should make it pretty easy to parse the .modinfo section too.

Linus
-

(i notice as i press the preview button that the post had already been modded down as a troll, so, well, i guess this message doesn't have any point anymore so i'll post anonymous too)

Real copy, without troll-ness (1, Informative)

Anonymous Coward | more than 10 years ago | (#8985272)

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");

Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.

Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.

Hmm. At least with -sdt=c99 it should be trivial, with something like

#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }

doing the job.

That should make it pretty easy to parse the .modinfo section too.

Linus

And the patch itself... (0)

Anonymous Coward | more than 10 years ago | (#8985293)

Hi,

LinuxAnt offers binary only modules without any sources. To circumvent our
MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:

MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
LICENSE file applies");

Since string comparisons stop at the first "\0" character, the kernel is
tricked into thinking the modules are GPL. Btw, the "GPL" directory they
are speaking about is empty.

The attached patch blacklists all modules having "Linuxant" or "Conexant"
in their author string. This may seem a bit broad, but AFAIK both
companies never have released anything under the GPL and have a strong
history of binary-only modules.

Regards,
Carl-Daniel
--
http://www. hailfinger.org/

["module_blacklist.diff" (text/plain)]

--- linux-2.6.5/kernel/module.c~ 2004-04-04 05:37:37.000000000 +0200
+++ linux-2.6.5/kernel/module.c 2004-04-27 01:24:14.000000000 +0200
@@ -34,6 +34,7 @@
#include <linux/vermagic.h>
#include <linux/notifier.h>
#include <linux/stop_machine.h>
+#include <linux/string.h>
#include <asm/uaccess.h>
#include <asm/semaphore.h>
#include <asm/pgalloc.h>
@@ -1112,6 +1113,14 @@
}
}

+static inline int license_author_is_not_blacklisted(const char *author)
+{
+ /* LinuxAnt is known to ship non-GPL modules with license=="GPL"
+ to cheat on our checks. Stop them from doing that. */
+ return !(strstr(author, "Linuxant")
+ || strstr(author, "Conexant"));
+}
+
static inline int license_is_gpl_compatible(const char *license)
{
return (strcmp(license, "GPL") == 0
@@ -1121,12 +1130,16 @@
|| strcmp(license, "Dual MPL/GPL") == 0);
}

-static void set_license(struct module *mod, const char *license)
+static void set_license(struct module *mod, const char *license,
+ const char *author)
{
if (!license)
license = "unspecified";
+ if (!author)
+ author = "unspecified";

- mod->license_gplok = license_is_gpl_compatible(license);
+ mod->license_gplok = license_is_gpl_compatible(license)
+ && license_author_is_not_blacklisted(author);
if (!mod->license_gplok) {
printk(KERN_WARNING "%s: module license '%s' taints kernel.\n",
mod->name, license);
@@ -1466,7 +1479,8 @@
module_unload_init(mod);

/* Set up license info based on the info section */
- set_license(mod, get_modinfo(sechdrs, infoindex, "license"));
+ set_license(mod, get_modinfo(sechdrs, infoindex, "license"),
+ get_modinfo(sechdrs, infoindex, "author"));

/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(sechdrs, symindex, strtab, versindex, pcpuindex,

Of course Linus has something to say. (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8984968)

You make it sound like he's just a figurehead now. I would expect him to say something, and I would expect slashdot to not trivialize it.

Re:Of course Linus has something to say. (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8985060)

Actually he is, he did, and they should. Who do you think Linus is, some Obi-Wan Kenobi of OS programming? He is a borrower and a cobbler who took bits and pieces out of AT&T UNIX to make his own derivative OS version. Genius, in the truest sense of the word? Nope just an entrepreneur. Not much different than Bill Gates and Paul Allen ripping off IBM DOS.

Re:Of course Linus has something to say. (1, Funny)

Entropius (188861) | more than 10 years ago | (#8985082)

I don't think they were trivializing anything--rather alluding to Linus' tendency to make pithy, and often insightful, comments on pretty much everything.

My modem driver must be broken... (3, Funny)

Anonymous Coward | more than 10 years ago | (#8984975)

The site's not loading.

Sic the GPL lawyers! (-1, Troll)

mattgreen (701203) | more than 10 years ago | (#8984985)

We know it'll hold up in court. Right? Guys? Hello?

Squashing... (5, Insightful)

jargoone (166102) | more than 10 years ago | (#8984993)

Anyway, I suspect that rather than blacklist bad people, I'd much preferto have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a sizeof(xxxx)" thing or something.

Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.

When it's acceptable to lie (4, Funny)

Anonymous Coward | more than 10 years ago | (#8984995)

If the Kernel asks you if you think its gained wait or if its ass looks big in those drivers.

Re:When it's acceptable to lie (1)

nacturation (646836) | more than 10 years ago | (#8985138)

If the kernel is slower, then I guess it has gained wait. On the other hand, I don't know how to measure the weight of a kernel.

Re:When it's acceptable to lie (2, Funny)

Trigun (685027) | more than 10 years ago | (#8985167)

In lbs and oz. in the U.S., in stones in Britan, In Kilos and grams virtually everywhere else.

Re:When it's acceptable to lie (0)

Anonymous Coward | more than 10 years ago | (#8985265)

No no no. You'd use Newtons, as kilo and grams aren't units of weight, but units of mass; and although I know I have to do some strange things with goats and candles to get my SCSI chain working, I don't think there's any masses in the kernel yet. /This bad pun brought to you by another bad pun.

Re:When it's acceptable to lie (0)

Anonymous Coward | more than 10 years ago | (#8985319)

Sir, that's a 200 pound kernel you're trying to load. PLEASE be careful!

I don't known about fat... (1)

Bill, Shooter of Bul (629286) | more than 10 years ago | (#8985181)

but the default Fedora kernel sure is bloated!

I'm just kidding, I never use default kernels for very long. So for all I know Fedora's is the karen Carpenter of kernels. Its just so much fun to customize.

Get over it (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8985004)

Modules should not lie about their licenses. Fine.

BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.

Re:Get over it (2, Interesting)

REBloomfield (550182) | more than 10 years ago | (#8985040)

The issue is how the kernel treats binary only modules. If it loads one of these drivers, belieing it to be GPL, and your system gets b0rked, then I'll bet you'll be the first running screaming, with all the people with RedHat maintenance contracts closely behind...

Can't get over it (5, Interesting)

Rotworm (649729) | more than 10 years ago | (#8985061)

I don't believe that. Companies that make hardware shouldn't be so dogged about protecting their software. I buy a router/etc for the hardware, not for the companies excellent firmware. I don't see why companies should protect their firmware at all, if it's open source, more people will buy their hardware.

Re:Can't get over it (4, Insightful)

REBloomfield (550182) | more than 10 years ago | (#8985105)

Actually, I buy hardware based on how well it does the job, how well it performs, how reliable it is. The firmware could be written in elbonian pictograms for all i care, and i would hope that most people buying IT hardware do the same thing.

Re:Can't get over it (3, Insightful)

dave420 (699308) | more than 10 years ago | (#8985143)

Without the firmware, that router of yours would cease working. Whether you know it or not, every purchase of hardware you buy for your computer is dependent HEAVILY on the firmware. It's the same with drivers, and owing to the fact it's easier and cheaper to change something in sofware than hardware, more and more will be done in drivers/firmware, which means this will get even more common.

If you can't find it in your heart to accept binary drivers, maybe computers aren't for you ;) j/k

Re:Can't get over it (4, Interesting)

Rotworm (649729) | more than 10 years ago | (#8985199)

Without the firmware, that router of yours would cease working.
Give more credit than that.
I realize they won't work, but firmware should not be a core component of a hardware company, they should work on their hardware first, and not consider firmware a company-breaking secret technology.
For instance, open firmware makes this possible [techtv.com] .

Re:Can't get over it (1)

aug24 (38229) | more than 10 years ago | (#8985296)

This is a horrible perspective, and it ties in to the whole idea of software patenting.

Having purchased the hardware, the driver/firmware is nothing more than a set of instructions which may or may not be specific to that hardware (I'm thinking about WinModems for example).

If you accept that there can be IP (the famous nebulous phrase) in that driver/firmware then you are accepting that people should be allowed to protect ideas (patent-style), rather than expressions of ideas (copyright-style).

Open sourcing your driver/firmware does not remove your protection under copyright law. This is just about people trying to keep ideas that they can't patent under lock and key. It should be fought tooth and nail.

Justin.

Re:Can't get over it (1)

Kenja (541830) | more than 10 years ago | (#8985338)

So by your logic, Linux should just drop the whole GPL idea. After all, the OS nothing more than a set of instructions which may or may not be specific to that hardware.

Re:Can't get over it (1)

fostware (551290) | more than 10 years ago | (#8985251)

Tell us whether your precious features are fully hardware or part software. It's too hard to tell these days. Just have a look at PATA RAID, and modern sound cards.

Re:Can't get over it (5, Insightful)

Kenja (541830) | more than 10 years ago | (#8985284)

" I buy a router/etc for the hardware, not for the companies excellent firmware."

The hell you say. A Cisco router is just a CPU and some RAM with a few IO ports thrown in. Its the IOS firmware and software that makes it do its thing.

Re:Get over it (2, Informative)

Zweistein_42 (753978) | more than 10 years ago | (#8985101)

>>the linux kernel developers need to get over their fanaticism about open-source drivers. I thought the problem here is of a non-GPL driver *claiming* to be GPL? Any other crusade developers may or may not have is mostly irrelevant in this particular case.

Re:Get over it (3, Insightful)

Lussarn (105276) | more than 10 years ago | (#8985108)

Linux is an open source system, you should be able to run a fully usable linux system using nothing but open source components.

That is a hard requirement for Linux success, in the past, now, and in the future.

For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.

For the record I do run nvidia binary driver today.

Re:Get over it (2, Insightful)

Shippy (123643) | more than 10 years ago | (#8985308)

Linux is an open source system, you should be able to run a fully usable linux system using nothing but open source components.

And in a perfect world there would be no war or hunger.

That is a hard requirement for Linux success, in the past, now, and in the future.

No, that is a hard requirement that is going to further alienate the Linux community and make companies less likely to bother supporting their hardware on the platform. What this will result in is drivers made by the community that work, but don't have all the snazzy features you paid $$$ for.

That's also why I have just a SoundBlaster 16 PCI. It does the trick and sounds good, but it's also just about the only card you can buy and take advantage of all its features.

For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.

Like.... somewhere else where they... build cool 3D graphics cards... and have open source drivers... which would be.... who? I'm also assuming this company would care enough about the few hundred to few thousand Linux customers they might get versus the few million Windows customers?

For the record I do run nvidia binary driver today.

Yep, thought ya did. Why didn't you take your money elsewhere?

Personally, I think the Linux community needs to just deal. You can't have your cake and eat it, too. Maybe after Linux gains some significant user-base, you can demand things from product manufacturers. Until then, however, you should ease up a bit and just be happy that Linux is even supported.

Re:Get over it (2, Insightful)

adamjaskie (310474) | more than 10 years ago | (#8985170)

There is NOT a problem with binary only vs. open source modules. It is a problem with the company lying to the kernel, saying their module has a GPL liscense, when in fact it does not. There would be no problem if the liscense string had said:
"GPL for files in the \"GPL\" directory; for others, only LICENSE file applies"
instead, however, it says:
"GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies"
Notice the sneaky \0.

Excuse me, but... (4, Insightful)

iamacat (583406) | more than 10 years ago | (#8985237)

It is a problem with the company lying to the kernel

Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.

Re:Get over it (0)

Anonymous Coward | more than 10 years ago | (#8985179)

If you don't like it then don't use it. The value of their card may be in the driver, but keep in mind the value of the GPL is in having things open source. If they aren't compatible with that model then accept that you'll have to go play with the other OS.

Get over it? Can't... (2, Insightful)

Penguinisto (415985) | more than 10 years ago | (#8985213)

There are too many potential liabilities that can come up further downstream from non-GPL code pretending to be GPL. While it would be easy enough for a home-geek or a guy who downloads and inventories all his own stuff to know that a given item is no big deal license-wise, developers wanting a clean box to work from may decide to go grabbing bits and parts that may not be OSS, and they (like any human being) may have forgotten (or if they grabbed the libs from a local network server, not even know) that it wasn't.

As for your assertion, drivers can be non-OSS and still work perfectly, and OEM's aren't forced to make their stuff OSS - just ask NVIDIA if you don't believe me. Therefore, you're posting a strawman there...

The linuxant cheat isn't a problem because of the source code being closed, it is a problem because it pretends to be open-source when it is not, failing to warn whoever installs it.

Re:Get over it (4, Insightful)

MartinG (52587) | more than 10 years ago | (#8985242)

For wireless cards, the FCC effectively prohibits it.

No, the FCC says the card cannot do certain things. Putting these restrictions in the drivers of each individual OS is not a good plan. The restrictions belong in the firmware. This is a safer way to ensure FCC compliance at the same time as allowing open source drivers.

The linux kernel developers need to get over their fanaticism about open-source drivers.

Who the hell are you to tell the kernel developers what they should care about? The kernel is licensed and written the way it is because the developers want it like that. If 3rd parties aren't prepared to play along, then they don't have to release linux drivers. They can't have it both ways.

Re:Get over it (2, Insightful)

nacturation (646836) | more than 10 years ago | (#8985260)

As far as spoofing the GPL string, what's the problem here? Do you hear Open Source advocates decrying browsers such as Mozilla for spoofing the user agent string and claiming to be Internet Explorer? "But websites won't display properly unless we lie about it and claim to be Internet Explorer!" Right. Just as their drivers won't work properly unless they lie about it and claim to be GPL?

Which one is the pot and which is the kettle here?

Re:Get over it (1)

poptones (653660) | more than 10 years ago | (#8985285)

The FCC doesn't "prohibit" manufacturers releasing documentation about how their cards work - the companies simply use this as an excuse to hide their "proprietary" information. I can buy a Sam's photofact of any of thousands of radio transmitters without having a license, if the FCC cared I'm sure that hole would have been plugged long ago. There's nothing special about "digital" devices except to the manufacturers of those devices.

And yes, they WOULD sell more devices if they would not be so hung up on proprietary information. I was chomping at the bit for months to buy one of those cool new motherboards with the 3dfx chipset until I learned that the drivers basically suck ass and are only available in binary form. If that's the only choice I have I'll stick with my less powerful but well supported SIS chipset motherboard that actually has BETTER drivers in linux (and supports more modes) than the manufacturer's "supported" windows drivers.

Re:Get over it (5, Informative)

srwalter (39999) | more than 10 years ago | (#8985309)

This isn't about fanaticism. This is about the overworked lkml guys not supporting binary drivers for the companies.

The kernel will happily load any modules you tell it to, binary or not, licensed or not. The reason this tag exists is so the loading of a binary driver will "taint" your kernel. That way when you submit a bug report, the kernel developers know that you had a binary only module loaded.

In that case, they'll ask you to reproduce the produce without the binary module loaded. If the problem doesn't happen, it's the vendor's problem, and not Linux's. And rightly so.

What's wrong with this?

Poor processes (3, Insightful)

heironymouscoward (683461) | more than 10 years ago | (#8985007)

Part of every attempt to legislate (which the kernel's interrogation of drivers is) should include the question "how will people cheat, and how can we stop this". Otherwise this kind of game is inevitable.

(And if the answer to the question is: "people will cheat and we can't stop them", then there is little point in playing legislator.)

Re:Poor processes (1)

LostCluster (625375) | more than 10 years ago | (#8985063)

Bringing in the lawyers is the only way to stop GPL violators. There's just no technical way to test whether somebody who's claiming to comply with the GPL is really doing so.

They could have just put "GPL" in the string and the kernel would be fooled all the same.

Re:Poor processes (2, Interesting)

heironymouscoward (683461) | more than 10 years ago | (#8985200)

Bringing in the lawyers is the only way to stop GPL violators.

It's true when it comes to closed products (like DVD players). But not when it comes to drivers that the kernel can actively choose to load or reject.

All it takes is a community-moderated database of drivers and their GPL-conformancy status. A non-conformant driver would be rejected by the kernel. Its authors would have to release the source code and have this vetted.

Something like the GPL equivalent of trusted computing.

Are they really 'lying'? (4, Interesting)

Richard_at_work (517087) | more than 10 years ago | (#8985037)

Interesting story, considering the gray area many consider binary modules to be. Linus has said that he considers binary modules to not be far enough removed from GPL code and thus infringing, but since binary modules have been around since very early on in the kernels development history without any enforcement of the GPL with regards to them, wouldnt that potentially count against the GPL applying to binary modules if someone did decide to take action? Doesnt the whole idea of kernel license strings interfere with this view as well? If modules are infringing if they arent GPL, then why would they need to tell the kernel that they arent under the GPL? Also, where in the Kernel license does it require you to be truthful to the kernel about your modules license? Nowhere, because it cant. The GPL will not allow you to put that limitation on use of the kernel. Again, it comes back to wondering about the legality of binary modules.

Personally, I dont use linux and as such, this doesnt directly affect me. But still, it raises interesting questions about how far removed code has to be to be able to be licensed differently. The kernel module API is a publically available API, and Linus does not consider this to be far enough removed. So what is? Does the kernel have to adhere to the CPUs or Motherboards firmware license, because its using a publically available API just like kernel modules are?

Interesting. Very interesting!

Translation: (-1, Flamebait)

Gothmolly (148874) | more than 10 years ago | (#8985086)

I don't use linux, and I don't really know how this licensing stuff works, and I haven't bothered to read up on the binary module topic, but I can speculate wildly on possible scenarios, and use the term 'API', so I must be +1, Insightful!

Re:Translation: (1)

Richard_at_work (517087) | more than 10 years ago | (#8985194)

Ok, let me expand on my post then. I dont use Linux. I used to, then I moved to *BSD for reasons i do not want to go into (not ideological tho). I know roughly how the licensing works and have read up on the binary module topic, but since I am not a lawyer, I do not know 100% how the licensing works or would be applied in various cases, and I doubt anyone else can seriously lay this problem to rest, unless it was decided by a court of law. Im not speculating widely, Im asking leading questions, there is a difference. If you wish to attack me further, please feel free, this is a public forum.

Re:Are they really 'lying'? (1)

onta (444562) | more than 10 years ago | (#8985225)

that's the point of having to tell the kernel, so that it can make available to the module only the public part of the API if the module is not GPL-compatible.

IIRC linus also said in the past that sticking to using that API does not automatically make the module a non-derivative work.

Re:Are they really 'lying'? (0)

Anonymous Coward | more than 10 years ago | (#8985280)

But still, it raises interesting questions about how far removed code has to be to be able to be licensed differently.
It raises no interesting questions. If the code is a derivative work it must comply with the licence. This is a legal question and as such is completely uninteresting.

Linus' take (2, Funny)

Call Me Black Cloud (616282) | more than 10 years ago | (#8985055)


If we wait in this pumpkin patch long enough, the Great Pumpkin will rise up and give out toys. It will then float to the offices of the evil developers and smite them.

Real world vs. fanboy fantasies (1)

Mike Bourna (748040) | more than 10 years ago | (#8985056)

Only clueless fanboys would give a damn about under which license their drivers are distributed. As long as they do what they're supposed, so what?

This is different from something meaningful, like Microsoft's excellent WHLQ certification. I'm surprised that no other vendor, including LinuxOS Inc., has copied the idea of certified drivers yet. Microsoft has taken the initiative to take responsibility, this is something that the GPG/Linux community needs to copy.

I am what most people would consider a highly trained technical professional. Unlike most people who spout off at this site, I have the certificates to prove this, and furthermore they're issued by the biggest software company in existence.

I know how to tell facts from marketing fluff. Now, here are the facts as they're found by SEVERAL INDEPENDENT RESEARCH INSTITUTES:

Expenses for file-server workloads under Windows, compared to LinuxOS:
  • Staffing expenses were 33.5% better.
  • Training costs were 32.3% better.


They compared Microsofts IIS to the Linux 7.0 webserver. For Windows, the cost was only:
  • $40.25 per megabit of throughput per second.
  • $1.79 per peak request per second.


Application development and support costs for Windows compared to an opensores solution like J2EE:
  • 28.2% less for large enterprises.
  • 25.0% less for medium organizations.


A full Windows installation, compared to installing Linux, on an Enterprise Server boxen:
  • Is nearly three hours faster.
  • Requires 77% fewer steps.


Compared to the best known opensores webserver "Red Hat", Microsoft IIS:
  • Has 276% better peak performance for static transactions.
  • Has 63% better peak performance for dynamic content.


These are hard numbers and 100% FACTS! There are several more where these came from.

Who do you think we professionals trust more?
Reliable companies with tried and tested products, or that bedroom coder Thorwaldes who publicly admits that he is in fact A HACKER???

--
Copyright (c) 2004 Mike Bouma, MCSE, MCDST, MS Office Specialist, widely respected Amigan

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled "GNU
Free Documentation License".

Re:Real world vs. fanboy fantasies (1)

dijjnn (227302) | more than 10 years ago | (#8985235)

you're statements are facetious. If your comment isn't modded down as flamebait and/or offtopic, then someone made a mistake.



I am what most people would consider a highly trained technical professional. Unlike most people who spout off at this site, I have the certificates to prove this, and furthermore they're issued by the biggest software company in existence.



yes, because most people consider an MCSE to be better than a PSE or a CCNP. That's the way it is on the street, is it? I'll take a free software zealot over you any day, at least they know what they're talking about, even if their opinions are far left.



Re:Real world vs. fanboy fantasies (1)

Lord Kano (13027) | more than 10 years ago | (#8985327)

Only clueless fanboys would give a damn about under which license their drivers are distributed.

You've obviously never needed to use a driver with the 2.4 kernel that was written for the 2.2 kernel.

LK

Creative null character? (3, Insightful)

News for nerds (448130) | more than 10 years ago | (#8985085)

All those C string functions are todays source of plague. Even though I'm not Miguel de Icaza it's obvious that we should move to something new.

Re:Creative null character? (1)

Rakshasa Taisab (244699) | more than 10 years ago | (#8985222)

We already have something new and better, C++ std::string. Beats me why people stick to C...

Obviously, this is the wrong approach entirely (1)

RLiegh (247921) | more than 10 years ago | (#8985119)

I hate to propose something so drastic; but it's pretty clear that the kernel module loader need to operate the same way that good firewalls work: allow nothing except for that which is explicitly permitted.

Meaning, the kernel devs should focus on writing up a white list; not a black list.

Re:Obviously, this is the wrong approach entirely (1)

iamacat (583406) | more than 10 years ago | (#8985299)

And then, the kernel being open source, I will patch it to disable any checking so that I can enjoy my modem/video drivers and release the patch publically, under GPL. Wahoo!

Someone explain to me again how modules "taint" (0)

Anonymous Coward | more than 10 years ago | (#8985121)

You can run closed source binaries linking closed source shared libraries, but somehow closed source modules are not ok??

Couldn't one

Couldn't one ... (0)

Anonymous Coward | more than 10 years ago | (#8985190)

Couldn't one move the code from the driver to user space to an executable or library, then have some hooks in kernel space.

Perhaps someone could write a chain module loader, which is itself GPL'd, but has no restraints of what "chained modules" it loads?

Re:Someone explain to me again how modules "taint" (1)

Trigun (685027) | more than 10 years ago | (#8985261)

Modules are an extension of the kernel, whereas programs that run on a linux system are not. And it's not like your system will prevent you from loading closed source modules, just lets you know that you won't be running a GPL kernel if you choose to load them. Political, yes. Fanatical? Hell no.

But why? (5, Insightful)

Erwos (553607) | more than 10 years ago | (#8985147)

Why did they even bother with this silly (if not cunning) trick in the first place? I mean, OK, no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal that it needs to be circumvented?

I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.

-Erwos

Re:But why? (1)

tomstdenis (446163) | more than 10 years ago | (#8985234)

I second that motion. My kernel has been tainted by... oh highly optimized nvidia drivers... ;-)

Tom

Re:But why? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8985291)

It displays a "kernel tainted" message? How childish! Anyone besides me liken this to a racist community which displays a "community tained" sign if a black person were to move in?

Why are they doing this? (2, Interesting)

aaronmcdaid (771190) | more than 10 years ago | (#8985150)

Excuse my ignorance, but why are they doing this?
I assume it's to allow them to access some 'GPL only' functionality.

This reminds me of the court case where a console game maker was allowed by the court to insert some copyrighted text because it was the only way to make a game that would work.
Is there any similarity, lawyers of /. ?

Now I'm waiting until the /.ing is over so I can RTFA and get some facts!

I don't see what the big deal is (1, Interesting)

Call Me Black Cloud (616282) | more than 10 years ago | (#8985159)


Could someone explain to me why this is an issue? The web page where you download the drivers reads:

Most files in this package are released under terms described in the LICENSE file. Some distinct components, located in the modules/GPL directory however are covered by the GNU General Public License. See the files LICENSE and modules/GPL/COPYING for details.

It doesn't sound like they're trying to hide anything ("LICENSE" above is linked to their license) yet everyone is running around claiming evil intent. What would they gain by this ruse, if it was intentional? Has anyone contacted the company directly to get their take on it?

Re:I don't see what the big deal is (2, Informative)

0x0d0a (568518) | more than 10 years ago | (#8985316)

You'd have to read the list for exact details of what's irritating the people specifically, but here's a link [iu.edu] .

Basically, Linux and friends (in frusteration at trying to troubleshoot non-open-source drivers, where they can't tell what's going on or fix anything) introduced a "tainting" system. Basically, they refuse to handle bug reports or fix anything on a system that has any "tainted" modules loaded.

This tends to increase direct customer dissatisfaction with closed-source drivers.

nonGPL modules (3, Informative)

nuggz (69912) | more than 10 years ago | (#8985321)

One of the issues with closed source kernel modules is that some developers don't want to waste time debugging them. Since they aren't GPL, and there is no source, they feel their time can be better utilized in other places.

One way to note this is have each module announce its license to the kernel, and a method exists for this.

I think the intent is clearly to try and fool people into supporting this module, even if that person wishes to avoid supporting non GPL code.

I think this is very underhanded, and going to create significant ill will with some developers.

Does that thing actually work? (2, Insightful)

Otter (3800) | more than 10 years ago | (#8985166)

Has anyone ever gotten the modem in the TiBook to work with that driver? I've struggled with it a number of times (using YDL) and everyone on the lists or IRC just said, "Yeah, didn't work for me, either."

hypocrites (0, Insightful)

Anonymous Coward | more than 10 years ago | (#8985168)

It strikes me that alot of the same people so rabidly against DRM when used by big companies for the media they produce, are now demanding that linux include what can be seen as it's own DRM to prevent people from running unauthorized non-GPL kernel code.

My God! (5, Funny)

WwWonka (545303) | more than 10 years ago | (#8985185)

...lying to the kernel about their license

Insubordination at its worst! Lying to the kernel!

Private Function, get Corporal Punishement on the phone and have them admonished immediatley!

Agreed (1)

0x0d0a (568518) | more than 10 years ago | (#8985233)

Clearly this is a case of needing to revoke the driver's Major Number.

So what's it going to be? (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8985209)

People are circumventing the almighty GPL! Is /. going to complain and be hypocritical by cheering on other circumventing techniques like PlayFair, DeCSS, and other DRM removers?

If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.

I know! (5, Funny)

ignavusincognitus (750099) | more than 10 years ago | (#8985220)

Let's add cryptographic checks to the module loader. The vendors will need to have their modules signed if they want them to be loaded. Before signing, license terms will be verified. This way we can also guarantee that the modules do not affect stability.

I'm sure this hans't been done [microsoft.com] before.

LINUS IS WORTH A LITTLE MORE THAN TWO CENTS (-1)

Anonymous Coward | more than 10 years ago | (#8985221)



Especially considering the Slashdot losers from Holland, Michigan are all worth 6 figures because of the bad boy from Helsinki.

So, a little less patronizing for the man next time, eh?

Original Post and Linus's Reply. (0)

Anonymous Coward | more than 10 years ago | (#8985249)

Original Post:

Someone needs to take a look at the MODULE_LICENSE string reported by
the HSF modem drivers made by LinuxAnt.

http://www.linuxant.com/drivers/hsf/full/downloa ds .php

They creatively inserted a \0 character in it.
MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others,
only LICENSE file applies");

Runnning modinfo -F license on the compiled driver gives:
GPL because of their creative null character. The actual license for most of
the files is NOT GPL.
--=20
Jon
http://tesla.resnet.mtu.edu
The only meaning in life is the meaning you create for it.

Linus's Reply:

On Tue, 27 Apr 2004, Carl-Daniel Hailfinger wrote:
>
> LinuxAnt offers binary only modules without any sources. To circumvent our
> MODULE_LICENSE checks LinuxAnt has inserted a "\0" into their declaration:
>
> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only
> LICENSE file applies");

Hey, that is interesting in itself, since playing the above kinds of games
makes it pretty clear to everybody that any infringement was done
wilfully. They should be talking to their lawyers about things like that.

Anyway, I suspect that rather than blacklist bad people, I'd much prefer
to have the module tags be done as counted strings instead. It should be
easy enough to do by just having the macro prepend a "sizeof(xxxx)"
thing or something.

Hmm. At least with -sdt=c99 it should be trivial, with something like

#define __MODULE_INFO(tag, name, info) \
static struct { int len; const char value[] } \
__module_cat(name,__LINE__) __attribute_used__ \
__attribute__((section(".modinfo"),unused)) = \
{ sizeof(__stringify(tag) "=" info), \
__stringify(tag) "=" info }

doing the job.

That should make it pretty easy to parse the .modinfo section too.

Linus

Please post other response if you have it. It was unavailable by the time I got to it.

On KernelTrap too (1)

unsinged int (561600) | more than 10 years ago | (#8985333)

Hop on over there [kerneltrap.org] if you want the whole thing.

linus's comment mirrored (1)

kwasar01 (760437) | more than 10 years ago | (#8985257)

Linus 2 cents [kwasar.biz]

Spend a penny (3, Funny)

eltoyoboyo (750015) | more than 10 years ago | (#8985279)

Linus' 2 cents undoubtedly cost the hoster of his message [theaimsgroup.com] more than that in /.ed bandwidth.

Lying should be OK... (5, Insightful)

zulux (112259) | more than 10 years ago | (#8985290)

Here's why:

If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...

What would Wine get to return?

What is MODULE_LICENSE? (1)

alanwj (242317) | more than 10 years ago | (#8985312)

What is the effect of the MODULE_LICENSE checks? In particular, what benefit does LinuxAnt gain from tricking the kernel into thinking its license string is "GPL"?

-Alan

DMCA (1)

rabel (531545) | more than 10 years ago | (#8985313)

We need some good DMCA-type encryption and copy protection in the kernel. Perhaps Microsoft would volunteer to write that module? To prevent this sort of thing from happening in the future, every user should be get a passport ID to use their drivers. That'll fix it.

The system makes you lie (4, Informative)

RAMMS+EIN (578166) | more than 10 years ago | (#8985337)

The licensing constraints on modules makes you lie about the license your module is under. Consider this:

I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.

Ok, that may sound confusing as I typed it in a hurry, but you can make sense of it if you try.

DMCA?? (0)

Anonymous Coward | more than 10 years ago | (#8985348)

I HATE to say this, and IANAL, but doesn't it protect us in this case? ...
Just my 2 cents ...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?