From 18ad81db689f92b749fe41da157e43f95ee39cf8 2015-03-12 14:59:22
From: Bradley M. Kuhn
The GPL violation at issue involves VMware's ESXi product. + Conservancy independently reviewed ESXi 5.5 and its incomplete + CCS + release as part of our GPL enforcement efforts described above.
+ +Conservancy's preliminary investigation indicated that the operating + system kernel of VMware ESXi product consists of three key components: +
Conservancy examined the incomplete CCS alongside the + binary “vmkernel” component. Such examination indicates that function + in “vmkernel” do make function calls to Linux's kernel code + in the usual way for a single program written in C.
+ + +Many in the media have talked about the possibility that VMware might + use some so-called “shim layer” between Linux code and + VMware's proprietary code. While, for decades, there has been much talk of + various mechanisms of GPL obligation avoidance, Conservancy believes that + merely modifying technical details of a combination's construction + does not typically influence the legal analysis in a combined or + derivative work scenario.
+ +Furthermore, the technical details of VMware's alleged GPL violation + do not even mirror the typical scenarios that have usually been called + “shim layers”. Conservancy's analysis of VMware's ESXi + product, in fact, indicates that VMware rather flagrantly combined Linux + code in their own kernel, and evidence seems to indicate the work as a + whole was developed by modifying Linux code in tandem with + modifications to “vmkernel” in a tightly coupled manner.
+ +There are numerous examples available that show this. The + details of alleged infringement specifically relating to Hellwig's + contributions to Linux are of course the main matter of the + allegations in the litigation, and Conservancy + released the diagram above to exemplify that + issue. Conservancy continues to hope VMware will + agree to make public all court documents as a matter of public + good, since the court documents discuss the specifics of alleged + infringement on Hellwig's copyrights.
+ +However, Conservancy examined VMware's ESXi 5.5 product in detail + even before Hellwig's enforcement action began. Below is one example + among many where VMware's CCS was incomplete per GPLv2§2(c) and + GPLv2§3(a). (One can verify these results by + downloading and installing the binary and source + packages for VMware's ESXi 5.5 Update 2.) Note that this + example below is not necessarily regarding + Hellwig's copyrights; VMware incorporated Linux code copyrighted by + many others as well into their kernel.
+ +As one example, examine the file
+ called vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c
,
+ which can be found in the “Open Source” release for
+ ESXi 5.5.0 Update 2 (5.5U2). A small excerpt from that file, found in the
+ function LinuxPCIDeviceRemoved()
, reads as follows:
+
+if (unlikely( + /* NOTE: vmk_PCIGetDeviceName is defined in vmvisor64-vmkernel */ + vmk_PCIGetDeviceName(vmkDev, vmkDevName, sizeof(vmkDevName)-1) != VMK_OK)) +{ + vmkDevName[0] = 0; +} +[...] +/* VMKAPI_MODULE_CALL_VOID is a macro calling driver's remove() here */ +VMKAPI_MODULE_CALL_VOID(pciDevExt->moduleID, + linuxDev->driver->remove, + linuxDev); ++ +
The function, vmk_PCIGetDeviceName()
must be defined, with an
+ implementation, for this code above to work, or even compile.
+ Inside BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h
,
+ found in the vmkdrivers
package of ESXi 5.5U2, shows a
+ function header definition for vmk_PCIGetDeviceName()
.
+ However, the source of its implementation is not provided there or
+ anywhere in the source release.
Further evidence that the implementation of this function occurs elsewhere
+ can by found by running objdump -x
on the un-vmtar'ed
+ vmklinux_9
module. Note the following output in the “SYMBOL
+ TABLE” section:
+
+
+0000000000000000 *UND* 0000000000000000 vmk_PCIGetDeviceName ++ +…and the following lines found in the “RELOCATION RECORDS FOR +[.text]” section: + +
+00000000000327ff R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +0000000000035318 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +00000000000387e1 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +000000000003cf40 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc ++ + +
The above two properties both suggest that the vmklinux_9
+ module requires: (a) a definition of the vmk_PCIGetDeviceName()
+ function to operate, but (b) that function is not defined
+ inside vmklinux_9
itself.
The definition can however be found in binary-only software provided in
+ ESXi 5.5U2 — specifically, inside a file named k.b00
,
+ which is located in partition 5 on a disk where ESXi has been installed (or
+ in the ESXi 5.5U2 installer ISO image). Running file
+ after gunzip
on this file yields “ELF 64-bit LSB shared
+ object”. Meanwhile, file k.b00
reports “gzip
+ compressed data, was ‘vmvisor64-vmkernel.stripped’”.
+ These findings strongly suggests this is an image of the
+ “vmkernel” component. An objdump -x
yields this
+ “SYMBOL TABLE” section:
+
+000041800036a408 g F .text 0000000000000137 vmk_PCIGetDeviceName ++ +… which indicated these binary file contains the function body +for
vmk_PCIGetDeviceName
.
+
+Finally, after detailed searching, Conservancy found no evidence that any
+ other code (other than modified Linux code) makes calls
+ to vmk_PCIGetDeviceName
. This provides a strong indication
+ that this function's primary purpose is to combine Linux code with
+ “vmkernel”. Conservancy also found other functions where similar analysis
+ yields similar results as above.
Given this evidence and related contextual clues, the only logical + conclusions are: +
vmklinux_9
, as a binary object, dynamically links
+ with k.b00
, another binary object, to form a single running
+ binary.complete corresponding + machine-readable source codemust accompany binary + distributions such as these. GPLv2§3 further states + that
for an executable work, complete source code means all the + source code for all modules it contains.
k.b00
and
+ vmlinux_9
.k.b00
.k.b00
.The above is but one piece of evidence among many, but hopefully it helps + to explain the types of “combined work” violations found in + VMware's ESXi product.
+ +The binary and source packages mentioned above are available
+on VMware's website. These packages contain the
+previously-mentioned linux_pci.c
,
+vmkapi_pci_incompat.h
, and k.b00
files, as well as
+ vmklinux_9
and the source code that builds the latter.
To obtain the source components, follow these steps (no login is required): + +
VMware-ESX-550U2-ODP.iso
.vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c
+ and BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h
+ from vmkdrivers-gpl/vmkdrivers-gpl.tgz
with tar and gzip.vmklinux_9
by following the steps
+ in vmkdrivers-gpl/BUILD.txt
in the ISO.
+ (Note: vmklinux_9
is also available pre-built on a running
+ ESXi system; see below for instructions on how to access it).VMware-TOOLCHAIN-550u2-ODP.iso
and has a SHA-1 hash of
+ f679e81ffb2f92729917bbc64c2d541cf75b5b94.To obtain the binary components, follow these steps (a login is required): + +
VMware-VMvisor-Installer-5.5.0.update02-2068190.x86_64.iso
.k.b00
file in the root directory. Extract it
+using zcat k.b00 > vmvisor64-vmkernel
(or a similar command).
+Repeat the steps described above using objdump -x
+vmvisor64-vmkernel
.vmklinux_9
you will need to install
+ESXi on your system by booting the ISO and following the instructions. Once
+booted, you can then enable SSH access using “Customize System/View Logs ->
+Troubleshooting Options -> Enable SSH”. Login to the system with SSH
+and then run find /vmfs -name misc_dri.v00 -print
. On the
+resulting file, run zcat misc_dri.v00 > misc_dri.vmtar
then
+vmtar -x misc_dri.vmtar -o misc_dri.tar
. You can then extract
+misc_dri.tar
using the usual tar
to extract
+usr/lib/vmware/vmkmod/vmklinux_9
. The misc_dri.v00
+file is also available next to k.b00
in the root directory of
+the ISO (mentioned above), but the vmtar
command itself is only
+available when logged into an ESXi system. vmtar
can be found
+at bin/vmtar
inside
+sb.v00
on the ISO, but one needs vmtar
to open
+sb.v00
, similar to misc_dri.v00
above.Note that VMware may present you with EULAs and ToS when you download + software from VMware's website. Conservancy strongly suggests that you review these + terms in great detail with the assistance of your own legal counsel before + downloading the software and/or engaging in the process that Conservancy + discusses above.
+