diff --git a/www/conservancy/static/copyleft-compliance/vmware-lawsuit-faq.html b/www/conservancy/static/copyleft-compliance/vmware-lawsuit-faq.html new file mode 100644 index 0000000000000000000000000000000000000000..99761922b10da5a79a4b4e901ee1b656e135ed5e --- /dev/null +++ b/www/conservancy/static/copyleft-compliance/vmware-lawsuit-faq.html @@ -0,0 +1,614 @@ +{% extends "base_compliance.html" %} +{% block subtitle %}GPL Compliance Project For Linux Developers - {% endblock %} +{% block submenuselection %}VMwareLawsuitFAQ{% endblock %} +{% block content %} +
Conservancy maintains this
+ FAQ list regarding
+ Christoph Hellwig's lawsuit against VMware
+ in Germany over alleged GPL violations on Linux as a service to the
+ Free Software community, and in particular, the copyleft community. Conservancy
+ realizes this lawsuit generates many questions and interest
+ from the community. Legal counsel (both Conservancy's own, and
+ Christoph's lawyer, Till Jaeger) correctly advise us to limit our public
+ comments regarding specific details of the case while litigation remains
+ pending in court. Nevertheless, Conservancy, as a
+ non-profit charity serving the public good, seeks to be as transparent as
+ possible. If you have additional questions you'd like to see answered
+ here, please email
+ <info@sfconservancy.org>, but understand that we may often need
+ to answer: We cannot comment on this while litigation is pending
.
Neither Conservancy nor Christoph takes this action lightly nor without + exhausting every other possible alternative first. This lawsuit is the + outgrowth of years of effort to convince VMware to comply with GPL.
+ +In October 2011, Conservancy received a GPL violation report on + BusyBox for VMware's ESXi products. Conservancy opened the matter in its + usual, friendly, and non-confrontational way. Nevertheless, VMware + immediately referred Conservancy to VMware's outside legal counsel in the + USA, and Conservancy negotiated with VMware's legal counsel throughout + late 2011, 2012 and 2013. We exchanged and reviewed + CCS candidates, and + admittedly, VMware made substantial and good efforts toward compliance on + BusyBox. However, VMware still refused to fix a few minor and one major + compliance problem that we discovered during the process. Namely, there + was a major violation regarding Linux itself that ultimately became + Christoph's key complaint in this lawsuit.
+ +Meanwhile, when Conservancy realized in late 2012 there might be a major + Linux violation still present in VMware's ESXi products, Conservancy + representatives sought every industry contact we had for assistance, + including those from trade associations, companies (both competitors and + collaborators with VMware), and everyone else we could think of who might be + able to help us proceed with friendly negotiations that would achieve + compliance. While we cannot name publicly the people we asked for help + to convince VMware to comply, they include some of the most notable + executives, diplomats, and engineering managers in the Linux community. No + one was able to assist Conservancy in convincing VMware to comply with the + GPL. Then, in early 2014, VMware's outside legal counsel in the USA finally + took a clear and hard line with Conservancy stating that they would not + comply with the GPL on Linux and argued (in our view, incorrectly) that they + were already in compliance.
+ +Conservancy in parallel informed Christoph fully of the details of the + Linux violation on Christoph's copyrights, and based on Conservancy's + findings, Christoph began his own investigation and confirmed + Conservancy's compliance conclusions. Christoph then began his own + enforcement effort with legal representation from Till Jaeger. Christoph has + been unable to achieve compliance, either, through his negotiations in + 2014. VMware's last offer was a proposal for a settlement agreement that VMware would + only provide if Christoph signed an NDA, and Christoph chose (quite + reasonably) not to sign an NDA merely to look at the settlement offer.
+ +Thus, this lawsuit comes after years of negotiations by Conservancy to + achieve compliance — negotiations that ended in an outright refusal by + VMware's lawyers to comply. Those events were then followed by a year of + work by Christoph and Till to achieve compliance in a separate action.
+ +Simply put, Conservancy and Christoph fully exhausted every possible + non-litigation strategy and tactic to convince VMware to do the right thing + before filing this litigation.
++ Conservancy prepared this diagram to show the technical situation as we + understand it. The diagram compares the technical architecture of a full, + running Linux kernel with a full, running VMware kernel: +
+ + +
+ +If you want to download the diagram, it's available + in SVG + (English), PNG + (English), SVG + (German), and PNG + (German).
+The GPL violation at issue involves VMware's ESXi product. + Conservancy independently reviewed ESXi 5.5 and its incomplete + CCS + release as part of our GPL enforcement efforts described above.
+ +Conservancy's preliminary investigation indicated that the operating + system kernel of VMware ESXi product consists of three key components: +
Conservancy examined the incomplete CCS alongside the + binary “vmkernel” component. Such examination indicates that functions + in “vmkernel” do make function calls to Linux's kernel code + in the usual way for a single program written in C.
Many in the media have talked about the possibility that VMware might + use some so-called “shim layer” between Linux code and + VMware's proprietary code. While, for decades, there has been much talk of + various mechanisms of GPL obligation avoidance, Conservancy believes that + merely modifying technical details of a combination's construction + does not typically influence the legal analysis in a combined or + derivative work scenario.
+ +Furthermore, the technical details of VMware's alleged GPL violation + do not even mirror the typical scenarios that have usually been called + “shim layers”. Conservancy's analysis of VMware's ESXi + product, in fact, indicates that VMware rather flagrantly combined Linux + code in their own kernel, and evidence seems to indicate the work as a + whole was developed by modifying Linux code in tandem with + modifications to “vmkernel” in a tightly coupled manner.
+There are numerous examples available that show this. The + details of alleged infringement specifically relating to Hellwig's + contributions to Linux are of course the main matter of the + allegations in the litigation, and Conservancy + released the diagram above to exemplify that + issue. Conservancy continues to hope VMware will + agree to make public all court documents as a matter of public + good, since the court documents discuss the specifics of alleged + infringement on Hellwig's copyrights.
+ +However, Conservancy examined VMware's ESXi 5.5 product in detail + even before Hellwig's enforcement action began. Below is one example + among many where VMware's CCS was incomplete per GPLv2§2(c) and + GPLv2§3(a). (One can verify these results by + downloading and installing the binary and source + packages for VMware's ESXi 5.5 Update 2.) Note that this + example below is not necessarily regarding + Hellwig's copyrights; VMware incorporated Linux code copyrighted by + many others as well into their kernel.
+ +Our example begins with examination of the file
+ called vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c
,
+ which can be found in the “Open Source” release for
+ ESXi 5.5.0 Update 2 (5.5U2). A small excerpt from that file, found in the
+ function LinuxPCIDeviceRemoved()
, reads as follows:
+#include <linux/pci.h> +[...] +/* + * This function [...] is modelled after pci_remove_device, the function which would + * be called in a linux system. + */ +static void +LinuxPCIDeviceRemoved(vmk_PCIDevice vmkDev) +{ + LinuxPCIDevExt *pciDevExt; + struct pci_dev *linuxDev; +[...] + if (unlikely( + vmk_PCIGetDeviceName(vmkDev, vmkDevName, sizeof(vmkDevName)-1) != VMK_OK)) + { + vmkDevName[0] = 0; + } +[...] +VMKAPI_MODULE_CALL_VOID(pciDevExt->moduleID, + linuxDev->driver->remove, + linuxDev); ++ +
The function, vmk_PCIGetDeviceName()
must be defined, with an
+ implementation, for this code above to work, or even compile.
+ Inside BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h
,
+ found in the vmkdrivers
package of ESXi 5.5U2, shows a
+ function header definition for vmk_PCIGetDeviceName()
.
+ However, the source of its implementation is not provided there or
+ anywhere in the source release.
Further evidence that the implementation of this function occurs elsewhere
+ can by found by running objdump -x
on the un-vmtar'ed
+ vmklinux_9
module. Note the following output in the “SYMBOL
+ TABLE” section:
+0000000000000000 *UND* 0000000000000000 vmk_PCIGetDeviceName ++ +
+…and the following lines found in the “RELOCATION RECORDS FOR +[.text]” section: +
+ ++00000000000327ff R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +0000000000035318 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +00000000000387e1 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc +000000000003cf40 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc ++ +
The above two properties both suggest that the vmklinux_9
+ module requires: (a) a definition of the vmk_PCIGetDeviceName()
+ function to operate, but (b) that function is not defined
+ inside vmklinux_9
itself.
The definition can however be found in binary-only software provided in
+ ESXi 5.5U2 — specifically, inside a file named k.b00
,
+ which is located in partition 5 on a disk where ESXi has been installed (or
+ in the ESXi 5.5U2 installer ISO image). Running file
+ after gunzip
on this file yields “ELF 64-bit LSB shared
+ object”. Meanwhile, file k.b00
reports “gzip
+ compressed data, was ‘vmvisor64-vmkernel.stripped’”.
+ These findings strongly suggests this is an image of the
+ “vmkernel” component. An objdump -x
yields this
+ “SYMBOL TABLE” section:
+000041800036a408 g F .text 0000000000000137 vmk_PCIGetDeviceName ++ +
… which indicated these binary file contains the function body
+for vmk_PCIGetDeviceName
.
Furthermore, after detailed searching, Conservancy found no evidence that any
+ other code (other than modified Linux code) makes calls
+ to vmk_PCIGetDeviceName
. This provides a strong indication
+ that this function's primary purpose is to combine Linux code with
+ “vmkernel”. Conservancy also found other functions where similar analysis
+ yields similar results as above.
struct pci
combined with LinuxPCIDeviceRemoved()
Having established the direct and close combination
+ of vmk_PCIGetDeviceName
+ and LinuxPCIDeviceRemoved()
, focus now on the
+ quoted code from LinuxPCIDeviceRemoved()
. That code, note
+ that one of the local variables is struct pci_dev *linuxDev;
.
+ A definition of pci_dev
is found in
+ vmkdrivers/src_92/include/linux/pci.h
(which
+ is #include
'd above) reads:
+struct pci_dev { +[...] + struct pci_driver *driver; /* which driver has allocated this device */ +[...] +truct pci_driver { + char *name; +[...] + void (*remove) (struct pci_dev *dev); /* Device removed (NULL if not a hot-plug capable driver) */ +[...] +#if defined(__VMKLNX__) + /* 2008: Update from Linux source */ + u8 revision; /* PCI revision, low byte of class word */ +#endif /* defined(__VMKLNX__) */ + }; ++ +
These structures, and based on those from Linux itself + (a + similar version of this file can be seen in Linux 2.6.24), and as can + be seen above, have been modified to work with “vmkernel”
+ +In LinuxPCIDeviceRemoved()
, we saw a macro called with a
+ variable, linuxDev
which was of type struct pci
.
+ Thus, the combination of code from Linux's pci.h
+ and VMware's vmware/linux_pci.c
is very tightly coupled and
+ interdependent.
VMKAPI_MODULE_CALL_VOID
macro calls driver's codeThe
+ file BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/base/vmkapi_module.h
+ contains the macro definition of VMKAPI_MODULE_CALL_VOID
,
+ which is quoted below (with debug lines removed):
+
+#define VMKAPI_MODULE_CALL_VOID(moduleID, function, args...) \ +do { \ + vmk_ModInfoStack modStack; \ + vmk_ModulePushId(moduleID, function, &modStack); \ + (function)(args); \ + ) \ + vmk_ModulePopId(); \ +} while(0) ++ +
When the macro is expanded, it means that (function)(args)
is
+ actually expanded to linuxDev->driver->remove(linuxDev)
.
+ Therefore, we see LinuxPCIDeviceRemoved()
, makes directs calls
+ to a driver's remove() function, by combining with Linux's struct
+ pci
, and by VMware's introduction of this new calling code.
+ Conservancy has confirmed many drivers from Linux are incorporated via
+ these mechanisms; one specific example is discussed next.
VMware includes a file vmkdrivers/src_9/drivers/net/tg3/tg3.c
+ in their source release. This file appears to be Linux's tg3 driver. It
+ includes a definition of the struct pci_dev
for this device,
+ which reads:
+static struct pci_driver tg3_driver = { +[...] + .remove = __devexit_p(tg3_remove_one), ++ +
Therefore, when the code in LinuxPCIDeviceRemoved()
+ calls linuxDev->driver->remove(linuxDev)
, the code ultimately
+ called (in the case where a tg3 card is driven by the kernel)
+ is tg3_remove_one()
, which is found in tg3.c
and
+ comes directly from Linux.
(Note: __devexit_p
is a straightforward macro found
+ in vmkdrivers/src_92/include/linux/init.h
(which also comes
+ from Linux) that will simply expand to its first argument in this
+ case.)
tg3.c
VMware furthermore distributes a modified version of tg.c
in
+ binary form. This can be found in usr/lib/vmware/vmkmod/tg3
,
+ which is extracted by un-vmtar'ing the file net_tg3.v00
(found
+ on the ESXi 5.5U2 installer ISO image). Conservancy has confirmed that
+ file is a compiled version of tg3.c
Given this evidence and related contextual clues, the only logical + conclusions are:
+vmklinux_9
, a binary object, dynamically links with
+ the binary objects: k.b00
and tg3
(the
+ driver built from tg3.c
's source). These three binary
+ objects together form a single running binary (likely along with many
+ other binary objects as well).tg3.c
+ and pci.h
. Thus, the single running binary may be
+ distributed in binary form only under permissions provided under GPLv2
+ — in
+ particular GPLv2§2
+ and GPLv2§3.complete corresponding + machine-readable source codemust accompany binary + distributions such as these. GPLv2§3 further states + that
for an executable work, complete source code means all the + source code for all modules it contains.
k.b00
,
+ vmlinux_9
and tg3
.k.b00
.k.b00
.The above is but one piece of evidence among many, but hopefully it helps + to explain some of the “combined work” violations found in + VMware's ESXi product.
+ +The binary and source packages mentioned above are available
+on VMware's website. These packages contain the
+previously-mentioned linux_pci.c
,
+vmkapi_pci_incompat.h
, and k.b00
files, as well as
+ vmklinux_9
and the source code that builds the latter.
To obtain the source components, follow these steps (no login is required):
+ +VMware-ESX-550U2-ODP.iso
.vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c
+ and BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h
+ from vmkdrivers-gpl/vmkdrivers-gpl.tgz
with tar and gzip.vmklinux_9
by following the steps
+ in vmkdrivers-gpl/BUILD.txt
in the ISO.
+ (Note: vmklinux_9
is also available pre-built on a running
+ ESXi system; see below for instructions on how to access it).VMware-TOOLCHAIN-550u2-ODP.iso
and has a SHA-1 hash of
+ f679e81ffb2f92729917bbc64c2d541cf75b5b94.To obtain the binary components, follow these steps (a login is required):
+ +
VMware-VMvisor-Installer-5.5.0.update02-2068190.x86_64.iso
.k.b00
file in the root directory. Extract it
+using zcat k.b00 > vmvisor64-vmkernel
(or a similar command).
+Repeat the steps described above using objdump -x
+vmvisor64-vmkernel
.vmklinux_9
you will need to install
+ESXi on your system by booting the ISO and following the instructions. Once
+booted, you can then enable SSH access using “Customize System/View Logs ->
+Troubleshooting Options -> Enable SSH”. Login to the system with SSH
+and then run find /vmfs -name misc_dri.v00 -print
. On the
+resulting file, run zcat misc_dri.v00 > misc_dri.vmtar
then
+vmtar -x misc_dri.vmtar -o misc_dri.tar
. You can then extract
+misc_dri.tar
using the usual tar
to extract
+usr/lib/vmware/vmkmod/vmklinux_9
. The misc_dri.v00
+file is also available next to k.b00
in the root directory of
+the ISO (mentioned above), but the vmtar
command itself is only
+available when logged into an ESXi system. vmtar
can be found
+at bin/vmtar
inside
+sb.v00
on the ISO, but one needs vmtar
to open
+sb.v00
, similar to misc_dri.v00
above.Note that VMware may present you with EULAs and ToS when you download + software from VMware's website. Conservancy strongly suggests that you review these + terms in great detail with the assistance of your own legal counsel before + downloading the software and/or engaging in the process that Conservancy + discusses above.
+ +