LinkSys and binary modules [LWN.net]

In response to pressure from the Free Software Foundation and the community, LinkSys has made a new tarball available containing the source for the firmware running in its WRT56G wireless router. This new source distribution (available here; get the 1.41.2 version) contains a good deal of new code, including the modifications to the kernel to support the Broadcom 4702 processor. Many of those who have been pursuing this particular GPL violation case are now satisfied.

The celebration is not universal, however; the new kernel source still lacks the driver for the wireless interface. Unlike the other kernel modifications found in the WRT54G router, the wireless interface is packaged as a separate, binary module. In the eyes of many, that packaging is sufficient to ensure that the driver is not a derived product of the kernel, and, thus, it need not be licensed under the GPL. But not everybody agrees.

The status of binary modules remains the subject of a great deal of confusion; it deserves (yet another) look. There is a widespread impression that Linus Torvalds has issued a blanket exemption to the GPL for closed-source modules. There are only two problems with this idea: (1) it is not entirely true, and (2) the relevance of Linus's opinion is limited. On the first point, consider this pronouncement from Linus, issued almost exactly one year ago:

There is NOTHING in the kernel license that allows modules to be non-GPL'd. The _only_ thing that allows for non-GPL modules is copyright law, and in particular the "derived work" issue. A vendor who distributes non-GPL modules is _not_ protected by the module interface per se, and should feel very confident that they can show in a court of law that the code is not derived.

On the second point, it suffices to remember that Linus is far from the only kernel copyright holder. He made a crucial decision years ago to not require copyright assignments from contributors, and, thus, to allow each contributor to retain copyrights on his or her code. As Linus's role has shifted from coding to rejecting contributions from others, the portion of the kernel code base carrying his copyright has shrunk. Linus can speak for himself, but not for the other kernel copyright holders. And some of the others are getting increasingly grumpy about closed-source modules.

The crucial question here is whether a court would find that a kernel module is a derived product of the kernel itself or not. There is a difference of opinion on that score, to say the least. Eight years ago, Linus suggested that kernel modules, by virtue of the module API which only allowed modules to link to "logically independent" functions within the kernel, were not derived products. As others have pointed out, the list of functions available to modules is rather less controlled these days. 2.6 loadable modules have access to a great many kernel functions (a quick grep turns up over 8000 exported symbols) and require a great deal of inline code from the kernel header files. By some accounts, any code that is so intimately tied into the kernel must be a derived product.

Others have taken the view that anything which can be unplugged and replaced is not a derived product. The existence of a plug-in interface creates a boundary which the GPL cannot cross. In some cases, this must be true; consider, for example, Linuxant's controversial new DriverLoader product. DriverLoader is a proprietary module which will interface Windows NDIS network drivers to the Linux kernel. The legal status of DriverLoader may be unclear, but nobody would argue that a binary Windows driver, when shoehorned into the Linux kernel in this way, becomes a derived product of the kernel. On the other hand, with a small (GPL-licensed) patch, the kernel could be opened to "pluggable" modules implementing proprietary network protocols, memory managers, schedulers, etc. This scheme, if considered legal, would allow proprietary code to be lodged within the heart of the Linux kernel. At that point, there would be no restriction on derived products at all.

Another view, less often heard, notes that the kernel module loader checks the license of every module loaded into the system. If the module lacks a free license, the kernel complains, but loads the module anyway. One could argue that this behavior is an explicit acknowledgment that closed-source modules are permissible.

The only way to get a definitive answer on the location of the GPL boundary will be to go in front of a judge. Even then, the answer is unlikely to be useful beyond the specific case considered there.

In the LinkSys case, some developers are claiming that the source for the binary modules should be released even if they are not strictly seen to be derived products. This claim is based on the following language from section 2 of the General Public License:

If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Some feel that the LinkSys WRT56G router is, indeed, a "whole which is a work based on the Program" and that the entire system must be licensed under the GPL if it is to be distributed legally. This view relies on the contract provisions of the GPL, and not just on copyright law; it is controversial, to say the least. By this reasoning, a Linux distribution with, say, a proprietary installer could be seen to be violating the GPL. In the end, this claim, too, can only be verified in a courtroom. Until then, the definition of a "whole" is subject to debate.

The status of closed-source modules has always been somewhat unclear, and one gets the impression that the kernel developers have been happy to keep it that way. There is a strong desire to discourage such modules, but, seemingly, little wish to abolish them altogether. The system has worked reasonably well so far, but it may well be asking for trouble in the longer term. With the current state of affairs, it seems certain that, sooner or later, a company or individual holding kernel copyrights will take a proprietary module vendor to court.

One of the best features of free software is the fact that users don't need to worry. The rights of users are broad and well defined; there is no equivalent of the Business Software Alliance looking for companies to raid. The distribution of closed-source kernel modules is an exception, however; nobody really knows if this distribution is legal or not. The free software community is not helped by this uncertainty; it really is past time to clarify the status of closed-source modules. Doing so will be a challenging task, but doing nothing will bring unwanted challenges of its own. The free software community does not need any more litigation, be it instigated by ourselves or by others.

(Log in to post comments)

LinkSys and binary modules

Posted Oct 14, 2003 19:18 UTC (Tue) by rknop (guest, #66) [Link]

The problem with clarifying whether or not binary loadable modules should be legal is that it will tear the free software community apart.

There are some who feel very strongly that they clearly should not be. This will range everywhere from the FSF argument that all proprietary software is bad, and therefore anything we do to support it is bad, from the more moderate argument that the GPL is incompatable with binary modules and therefore they shouldn't be allowed.

There are some who feel just as strongly that binary modules *should* be allowed. You're being just as exclusionary, the argument goes, by forbidding binary modules as proprietary vendors are by not supporting Linux. It's a practical thing; we want the hardware supported, vendors are supporting Linux by supplying those drivers, and we're ingrateful zealots to reject them.

The problem is, few on either side of the argument will want to yield to the other side. And, if we as a community settle on one side or the other, definitively, there will be a lot of ugly second-guessing and objection and fighting inside the community that doubtless Forbes and others will gleefully write about to show how anti-business and self-destructive the open source community is.

Many people like me feel ambiguously about the matter-- I really do not like being trapped into binary-only modules, because you're at the mercy of the vendor, and I want to have a fully free operating system. On the other hand, I'm a little leery of the hard-line answer that you must be fully free or not be supported at all, as then we do lock ourselves out. (E.g., I could no longer use the Lucent modem on my laptop; I'm not happy about the binary driver, but at least I can use it.)

In the end, I'd probably fall on the side of wanting to disallow binary kernel modules. Yeah, it could be inconvenient. On the other side, though, there's a very real danger that some sort of tightly-integrated binary plugin because a de-facto standard that everybody "running Linux" assumes that you mean "using this binary plugin", and it becomes nigh impossible to run a fully free OS any more and maintain any kind of compatability with hardware or the rest of the world. I'd rather we inconvenience ourselves a bit now and continue trying to make the argument to hardware vendors that releasing programming specs is a good thing than risk leaving ourselves open to this kind of future trap.

(Indeed, already we risk being in this trap for video cards. If ATI stops playing nice with releasing programming specs, we'll be stuck with having to choose one binary module or the other if we want to have graphics on our machines. Already, too many people say "just buy nVidia" for Linux, because you can download their drivers. I find myself arguing against that, and trying to make the *practical* argument, when people around where I work are buying hardware for Linux systems.)

-Rob

Practical vs. Possible

Posted Oct 14, 2003 20:17 UTC (Tue) by ncm (subscriber, #165) [Link]

The question of whether binary-only modules are allowed comes down to whether, and under what circumstances, it's possible to restrict them.

If such a module contains code copied from GPLed modules, then it is simply and unambiguously forbidden. The person whose code was copied has standing to sue, no matter what Linus or anybody else says. The trick is discovering whose code was copied, and persuading the injured party to pursue the matter, or delegate pursuit to somebody willing.

If the module is distributed along with a kernel, and it only works with that kernel, it's unambiguously forbidden. The combination is a derived work, and the GPL states clearly the rules for derived works. Anybody who has code in the kernel has standing to sue, no matter what Linus or anybody else says.

If the module is distributed independently of a kernel, and contains no code lifted from the kernel, and uses only published interfaces into the kernel, then (again) it doesn't matter what Linus or any other copyright holder says. Then, it's probably not a derived work. A judge might be persuaded either way. What Linus announced, and clarified, is just that fact: as best he understands, copyright law doesn't allow him to enforce the GPL in that case. What he said doesn't change the license, it just explains his understanding of what the license (and the copyright law it relies on) covers and doesn't cover.

Practical vs. Possible

Posted Oct 14, 2003 20:25 UTC (Tue) by rknop (guest, #66) [Link]

If the module is distributed independently of a kernel, and contains no code lifted from the kernel, and uses only published interfaces into the kernel, then (again) it doesn't matter what Linus or any other copyright holder says. Then, it's probably not a derived work.

The issue then becomes more continuous... just how much ought to be published interface? As the article notes, it's not too far to imagine making publishable interfaces such that pretty seriously core parts of the kernel could have proprietary plug-ins. Right now, we mostly have that just for device drivers.

-Rob

Practical vs. Possible

Posted Oct 14, 2003 20:38 UTC (Tue) by ncm (subscriber, #165) [Link]

If it's in a header file, it's probably published. Even if it's not in header file, the source is published. No matter what the FSF says, a judge is likely to decide that if you physically can plug into it without "circumventing" anybody's encryption, then you're allowed to. Of course, the more of that you do, the more fragile your module becomes.

None of these fine points apply to Linksys, of course. They can't just ship the module, they have to ship the kernel, too, or they don't have a router to sell. That puts them squarely under my second alternative, above, shipping what is unambiguously a derived work.

Practical vs. Possible

Posted Oct 14, 2003 20:55 UTC (Tue) by Ross (subscriber, #4065) [Link]

I don't think copyright's concept of derivative works have anything to do
with encyption. The only part of copyright that does is the DMCA and we
aren't talking about that here, at least I hope not :)

LinkSys and binary modules

Posted Oct 23, 2003 11:55 UTC (Thu) by Wol (guest, #4433) [Link]

Or go down the microkernel approach :-)

If the module runs as part of the kernel in kernel-mode, it's a derived work and must be open source.

If it runs as a user-land driver (like all drivers in a microkernel), then it is not a derived work, but it suffers all the penalties that usermode code (and microkernels in particular) suffer from.

This also has the nice side effect that binary-only code can no longer taint and/or crash the kernel.

Personally, I wouldn't have any problem with hardware driver source being released under a "you can only run this driver if you have this hardware" licence, but I suspect others would!

Cheers,
Wol

LinkSys and binary modules

Posted Oct 23, 2003 21:49 UTC (Thu) by mmarq (guest, #2332) [Link]

"Personally, I wouldn't have any problem with hardware driver source being released under a "you can only run this driver if you have this hardware" licence, but I suspect others would"

Correcty if i'm wrong, but couldnt the LANANA function as a support and guarantee mechanism that that really happens( no need for licences),... and considering a split driver model being it kernel/userland(like USB) or kernel/kernel, or not, the fact of any driver being "source" or "binary only" dosent really make any diference. I mean the coupling of specific hardware device with specific sofware driver, is always a given. If there is to much generalization inside Linux kernel, is because of design and lack of proper specs.

LinkSys and binary modules

Posted Oct 23, 2003 21:23 UTC (Thu) by mmarq (guest, #2332) [Link]

"I'd rather we inconvenience ourselves a bit now and continue trying to make the argument to hardware vendors that releasing programming specs is a good thing than risk leaving ourselves open to this kind of future trap."

This is not easy, but imagine that they, HV, not only dont release more specs "as usual", but with the closing of binary loadable modules, and the advent of M$ NGSCB/Paladium they will cease on any disclosure at all.

Wouldn't that represent the end of Linux ?

LinkSys and binary modules

Posted Oct 14, 2003 19:29 UTC (Tue) by james (subscriber, #1325) [Link]

The only way to get a definitive answer on the location of the GPL boundary will be to go in front of a judge. Even then, the answer is unlikely to be useful beyond the specific case considered there.

And then, of course, that decision won't be binding outside that legal system.

Under the Berne Convention, most countries' copyright rules these days are similar, but they're not identical. It would be quite possible for the same code to be declared legal in an American court under US law, but illegal in a German court under German law.

One could take the viewpoint that this uncertainty is a good thing, especially with the FSF around. Companies generally don't like legal uncertainty and the possibility of lawsuits, at least if they can acheive the same ends by obviously legal means. Uncertainty about where the boundary lies is an incentive to keep well on the right side of it.

Of course, there are companies who just hope they won't get sued. And we're back to the FSF's "enforcer" brigade.

James.

LinkSys and binary modules

Posted Oct 14, 2003 20:24 UTC (Tue) by JoeBuck (subscriber, #2330) [Link]

There are two cases: burning the Linux kernel and other programs into a ROM, or having a driver load firmware into a completely separate processor, such as the DSP chip in a modem or onto an external graphics processor.

In the latter case, from the point of view of the kernel, firmware is data, or, to use the language from the GPL, "can be reasonably considered independent and separate works", since the identical firmware is loaded by a Linux or a Windows kernel. Even RMS would not argue that the GPL requires firmware to be GPLed in such a case.

Of course, the Debian folks might well decide that non-free firmware violates the DFSG, but that's a separate matter.

Now, in the former case, if the ROM can't be altered, then one could argue that we can't even call the user programs separate works any more and the vendor would need to provide source for the whole thing.

LinkSys and binary modules

Posted Oct 14, 2003 23:14 UTC (Tue) by vmole (subscriber, #111) [Link]

Just to clarify:

Of course, the Debian folks might well decide that non-free firmware violates the DFSG, but that's a separate matter.

Note that the DFSG argument is strictly based on us shipping free software: binary code loaded into a DSP just doesn't qualify. We don't claim that the the fact that it's mixed up with a kernel driver inherently violates the GPL. It's purely a Debian thing.

binary modules include GPL code from kernel headers

Posted Oct 15, 2003 16:26 UTC (Wed) by pizza (subscriber, #46) [Link]

So under this intrepretaion, glibc has to be GPL, as it relies on kernel headers to build. Since glibc is therefore GPL, any applications which run on linux must also be considered GPL.

Food for thought. You can't have it both ways.

binary modules include GPL code from kernel headers

Posted Oct 15, 2003 18:19 UTC (Wed) by ballombe (subscriber, #9523) [Link]

Note the "user space programs" exception in Linux/COPYING.

Outside the above exception, kernel headers are under the GPL, not the
LGPL as are GLIBC headers.

So whereas non GPL programs can use GLIBC headers, non GPL modules cannot
use kernel headers.

Correct

Posted Oct 16, 2003 4:17 UTC (Thu) by Ross (subscriber, #4065) [Link]

This is why most binary modules use a wrapper which separates the non-GPLed code from the GPLed code. See the NVIDIA driver for an example.

Wrapper which separates the non-GPLed code from the GPLed code ?

Posted Oct 23, 2003 13:04 UTC (Thu) by khim (subscriber, #9252) [Link]

They try to make module usable with >1 version of kernel. You can not write such a wrapper NOW. You need to add exception like it's done for userspace programs ! And only copyright holder can add such exception.

binary modules include GPL code from kernel headers

Posted Oct 17, 2003 6:14 UTC (Fri) by dododge (subscriber, #2870) [Link]

If a binary module require GPL kernel headers files to build, then it is certainly GPL since kernel headers contain macro and inline functions,

Not necessarily. Earlier this year there was a big argument on LKML regarding header use. RMS stated the FSF position as:

Our view is that just using structure definitions, typedefs, enumeration constants, macros with simple bodies, etc., is NOT enough to make a derivative work. It would take a substantial amount of code (coming from inline functions or macros with substantial bodies) to do that.

Granted they do not define "simple" and "substantial", but they do at least believe a distinction exists and that some macros and/or functions would not automatically produce a derived work.

More info here: http://www.ussg.iu.edu/hypermail/linux/kernel/0301.1/0362.html

binary modules include GPL code from kernel headers

Posted Oct 17, 2003 11:53 UTC (Fri) by cross (subscriber, #13601) [Link]

This is a clearly ridiculous argument. Most software in C includes all sorts of headers with different licences and cannot be considered to be subject to the same license as all of them. The header defines the interface to the library, it should not be considered to be the library itself. Something to bear in mind when you write your own header files, anything you put there is being exported* (i.e. it's now outside your library), that is what header files are for.

*Export: to carry or send to some other place (Merriam-Webster)

binary modules include GPL code from kernel headers

Posted Oct 23, 2003 13:14 UTC (Thu) by khim (subscriber, #9252) [Link]

Something to bear in mind when you write your own header files, anything you put there is being exported* (i.e. it's now outside your library), that is what header files are for.

*Export: to carry or send to some other place (Merriam-Webster)

Such a bold statement will be more believable if you'll supply link to any law where C headers are mentioned at all. Otherwise you can, of course, apply it to your programs - but only to your programs.

Yes, it is a problem for things like libstd++ and such - that's why all quite non-trivial inline fuctions in libstd++ are not LGPL-copyrighted - exactly to make then usable for non-GPL programs!

LinkSys and binary modules

Posted Oct 16, 2003 5:29 UTC (Thu) by coriordan (guest, #7544) [Link]

> It is permissable to use GPL'd code with non-GPL'd additions

Yes. The GPL only covers distribution.

LinkSys and binary modules

Posted Oct 16, 2003 9:57 UTC (Thu) by zmower (subscriber, #3005) [Link]

So potentialy anyone who owns a LinkSys router could sue LinkSys for non-compliance with the GPL. I think (but IANAL) that the source for the binary module would have to be released if anyone did this. I'd defer to the FSF's judgement on this issue though as they have lawyers. And I don't have this hardware. I do have a Nvidia card (still getting my moneys worth out of a Geforce 256) but they seem to have thought about this issue much more than Linksys/Broadcom.

I don't think this case has been good for linux though. If you have proprietry hardware and want to keep your drivers closed then you really are at best entering an area of shady legality. I wonder if xBSD will gain on linux from this? Nightmare scenario: Desktop BSD with drivers to run all kit but still runs GPL software. Wake up screaming nightmare: released by M$. Now that would be embrace and extend.

LinkSys and binary modules

Posted Oct 16, 2003 18:22 UTC (Thu) by andrel (guest, #5166) [Link]

As far as the legal system is concerned, the only people harmed by copyright infringement (that's what a GPL violation is) are the copyright holders. So the kernel authors could sue, but people who purchase the router can't.

Binary drivers aren't in any of our long-term interest -- cases like this which push hardware manufacturers to publish the bus-level interface instead of crappy drivers are a good thing. If I wanted to be forced to use closed source drivers I'd run SCO or Microsoft, not GNU/Linux.

The GPL is in fact quite clear.

Posted Oct 16, 2003 15:03 UTC (Thu) by leonb (subscriber, #3054) [Link]

I believe that the GPL is quite clear about the binary module issues. Simply recall that the GPL only regulates copying. When Nvidia distributes binary modules, this distribution involves no copying of GPLed code. What users do with these modules is their sole business.

  "The act of running the program is not restricted"

The so-called viral nature of the GPL applies only when you distribute a "whole" containing sections covered by the GPL, and sections that would not necessarily be GPLed if they were distributed independently.

  "But when you distribute the same sections as part of a whole             
  which is a work based on the Program, the distribution of             
  the whole must be on the terms of this License, whose             
  permissions for other licensees extend to the entire whole,             
  and thus to each and every part regardless of who wrote it."

The key word here is distribute.

Linksys is indeed shipping boxes containing both the linux kernel and binary modules. The binary modules might not be GPLed if they were distributed separately. But this is not the case here. Therefore the GPL applies.

Overall this is very annoying because it can be argued that Linksys was acting in good faith. It could make sense to settle by giving them a break for a few years only, and ask them, in return, to make a donation to some worthy open source cause. This is very unlikely to happen. Such a break must be approved by all the kernel contributors without exception.

When Linus decided not to request copyright assignment, he made the GPL a lot nastier, because nobody has the power to soften it when it makes sense.

- Leon

P.S. --- Incidentally this also clarifies the dynamic linking versus static linking issues. Such technical issues are irrelevant. What matters is the composition of the products you are shipping. The GPL only bites when you are shipping GPLed code copyrighted by someone else.

LinkSys and binary modules

Posted Oct 23, 2003 20:51 UTC (Thu) by mmarq (guest, #2332) [Link]

IMHO Linux need a split driver model

LinkSys is an example of continuous abuse, because they didn't released "that module driver" source, and legally the author(s) of specific "interfaces" involved could sue LinkSys... That could prove to be very bad for both sides.

The flexibility of the C language, as a procedural paradigma, dosent stop there, and there are proves from the GNOME project and others of the possibility of "craving" a real Object Oriented model with "full?" inheritance out of plain C.

So the "full objectivation" of the kernel is the next logic step of "modulation", with hierarchy and classes, like subsystems to kobjects, and char, block, video and sound devices class. But being out of a procedural language, this objectivation, IMO, also speak API allover the place. So the "glue" necessary to make kobjects talk with other kobjects could be completly negligenciable and wrapped inside the kobjects themselfes...

And that could be what is all about a "split driver model":- kobjects talking to other kobjects,... that already have a high natural tendency to be "logically independent functions within the kernel"... only remaining the formality of publishing the APIs... and "hardening" against possible abuses of other functions diferent from the published APIs(important:-saves sueing).

(no bypassing of copyright laws, no special favores to no one)

Being not a expert, and beliving i didn't express to much mistakes, but if so, then please let me know, because in a sense nothing really changes, and a clever configurantion mechanism is plently capable of configure the compiling sources out of diferent paths into a unic binary or into diferent binarys in diferent places(like kernel loadable modules);

Actual:
from /usr/src/Linux to /boot and or /lib/modules/3.0.1(example)

With a split driver model:
from /usr/src/Linux and /usr/src/Drivers to /boot and or /lib/drivers/3.0.1

In the late model, a proprietary binary only driver, that is copyed directly into /lib/drivers/3.0.1(example) would lose the ability to be compiled "in" the specific characteristics of the target machine, and relying on hardware detection mechanism and something like DKMS to be inserted...

In the late model also, all open source drivers could be compiled into a unic kernel image, like is happening today.

And what new world is to have a separated main Linux and Drivers, in terms of time and man/brainpower wasted in fixing bugs or broken things, and accelarating development, at least, well inside the 2 years time frame!!...