[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Hypervisor loadable modules and GPL licensing issues (Was: Re: memory introspection)



I have retitled this thread such that it catches the attention which it
deserves.

On Tue, 2012-06-12 at 16:13 +0100, Mihai DonÈu wrote:
> On Tue, 12 Jun 2012 18:09:30 +0400 George Shuklin wrote:
> > I think creating a hypervisor-level GPL component with some kind API
> > and using it by proprietary dom0-level utility is fine solution.
> > Especially, if you make it somehow usable for all other world by
> > defining good API.
> > 
> 
> Let me offer some more details to make sure the image of what I'm doing
> is as clear as possible: the technology which focuses on rootkit
> detection by monitoring registers and memory accesses is encapsulated
> into a PE shared library (DLL). It's designed to be used with multiple
> hypervisors. This is the closed source blob. Because of its licensing
> and binary format it cannot be linked directly into Xen, so it needs
> to be "injected" (as if it were a module). So what I'm planning to do
> is:
> 
>     1. add a component which provides a generic API that can be used by
>        memory introspection technologies;
>     2. add a custom component which knows how to link in our
>        introspection engine (load a PE, resolve relocations etc.)
> 
> They will both be licensed under GPL. The second one, however, will not
> be too useful to a lot of people. It doesn't really fit in Xen as it
> is, it would if Xen had support for modules (so people can opt it out).
> I can probably pre-patch the PE and produce an image which can be
> loaded at a fixed address too ...
> 
> Now, from dom0 an user space tool would talk with the #2 component and
> inject the introspection engine into the HV. This is where the legal
> situation arises: when the whole thing starts functioning, there will
> effectively be a non-free piece of code talking with a GPL one _within
> the hypervisor_ (not hv <> dom0). How frowned upon is that? :-)

I don't think we particularly want/need a module loader in the
hypervisor, regardless of the license of the code which it is used to
load.

The legality of loading your non-GPL-compatible blob into the hypervisor
is a question which only a lawyer can answer. You should not take legal
advise from this mailing list.

My personal opinion is that it would not be acceptable to load non-GPL
compatible code into the hypervisor via any mechanism, it is hard to see
how any loadable module would not be a derived work of the hypervisor
and therefore subject to the terms of the GPL.

Ian.

> Ummm, as I'm writing this I get all kinds of ideas: I could probably
> convert the PE to ELF and add primitive module loading support to Xen.
> The module itself, however, will not be GPL.
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.