Files @ 0da1410edfee
Branch filter:

Location: website/www/conservancy/static/copyleft-compliance/vmware-lawsuit-faq.html

bkuhn
VMware lawsuit: add links to new announcement.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
{% extends "base_compliance.html" %}
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
{% block submenuselection %}VMwareLawsuitFAQ{% endblock %}
{% block content %}
<h1>Frequently Asked Questions about Christoph Hellwig's VMware Lawsuit</h1>

<p><strong>Update 2019-04-02:</strong> Please
  see <a href="https://sfconservancy.org/news/2019/apr/02/vmware-no-appeal/">this
  announcement regarding conclusion of the VMware Suit in Germany</a>.  The
  remaining material below is left as it was before that announcement:</p>


<p>Conservancy maintains this
  <abbr title="Frequently Asked Questions">FAQ</abbr> list regarding
  <a href="/news/2015/mar/05/vmware-lawsuit/">Christoph Hellwig's lawsuit against VMware
  in Germany over alleged GPL violations on Linux</a> as a service to the
  Free Software community, and in particular, the copyleft community.  Conservancy
  realizes this lawsuit generates many questions and interest
  from the community.  Legal counsel (both Conservancy's own, and
  Christoph's lawyer, Till Jaeger) correctly advise us to limit our public
  comments regarding specific details of the case while litigation remains
  pending in court.  Nevertheless, Conservancy, as a
  non-profit charity serving the public good, seeks to be as transparent as
  possible.  If you have additional questions you'd like to see answered
  here, please <a href="mailto:info@sfconservancy.org">email
  &lt;info@sfconservancy.org&gt;</a>, but understand that we may often need
  to answer: <q>We cannot comment on this while litigation is pending</q>.</p>

<dl>
  <dt>Who is the Plaintiff in the lawsuit?</dt>

  <dd>Christoph is one of most active developers of the Linux kernel. He has
   contributed 279,653 lines of code to the latest Linux 3.19 kernel, and
   thus ranks 20th among the 1,340 developers involved in that release.
   Christoph also ranks 4th among those who have reviewed third-party source
   code, and he has tirelessly corrected and commented on other developers'
   contributions.</dd>

  <dt id="court-documents">Are the court documents released?</dt>

  <dd>Not currently.  Court proceedings are not public by default in Germany
  (unlike in the USA).  Conservancy will continue to update this FAQ with
  information that Conservancy knows about the case.  We would all also
  welcome an agreement with VMware whereby both sides would agree to publish
  all Court documents.  Unfortunately, VMware has explicitly asked for the
  filings not to be published.   Accordingly, Conservancy itself has not
  even been able to review VMware's statement of defense nor Christoph's
  response to that statement of defense.</dd>

  <dt id="funding">Who's funding this lawsuit?</dt>

  <dd>Conservancy has engaged in a grant agreement with Christoph Hellwig for
  the purposes of pursuing this specific legal action in Germany.
  Conservancy is funding this legal action specifically as part of
  Conservancy's program activity in
  its <a href="/copyleft-compliance/about.html">GPL Compliance
  Project for Linux Developers</a>.</dd>

  <dt id="combined-and-derivative-works">Is this the Great Test Case of Combined / Derivative Works?</dt>

  <dd>This case is specifically regarding a combined work that VMware
  allegedly created by combining their own code (&ldquo;vmkernel&rdquo;) with
  portions of Linux's code, which was licensed only under GPLv2.  As such,
  this, to our knowledge, marks the first time an enforcement case is
  exclusively focused on this type of legal question relating to GPL.
  However, there are so many different ways to make combined and/or
  derivative works that are covered by GPL that no single case could possibly
  include all such issues. </dd>

  <dt id="why-lawsuit">Why must you file a lawsuit?  Isn't there any other way to convince
    VMware to comply with GPL?</dt>

  <dd><p>Neither Conservancy nor Christoph takes this action lightly nor without
  exhausting every other possible alternative first.  This lawsuit is the
    outgrowth of years of effort to convince VMware to comply with GPL.</p>

    <p>In October 2011, Conservancy received a GPL violation report on
  BusyBox for VMware's ESXi products.  Conservancy opened the matter in its
  usual, friendly, and non-confrontational way.  Nevertheless, VMware
  immediately referred Conservancy to VMware's outside legal counsel in the
  USA, and Conservancy negotiated with VMware's legal counsel throughout
  late 2011, 2012 and 2013.  We exchanged and reviewed
  <a title="Complete, Corresponding Source" href="https://copyleft.org/guide/comprehensive-gpl-guidech6.html#x9-470005.2.1">CCS</a> candidates, and
  admittedly, VMware made substantial and good efforts toward compliance on
  BusyBox.  However, VMware still refused to fix a few minor and one major
  compliance problem that we discovered during the process.  Namely, there
  was a major violation regarding Linux itself that ultimately became
  Christoph's key complaint in this lawsuit.</p>

 <p>Meanwhile, when Conservancy realized in late 2012 there might be a major
 Linux violation still present in VMware's ESXi products, Conservancy
 representatives sought every industry contact we had for assistance,
 including those from trade associations, companies (both competitors and
 collaborators with VMware), and everyone else we could think of who might be
 able to help us proceed with friendly negotiations that would achieve
 compliance.  While we cannot name publicly the people we asked for help
 to convince VMware to comply, they include some of the most notable
 executives, diplomats, and engineering managers in the Linux community.  No
 one was able to assist Conservancy in convincing VMware to comply with the
 GPL.  Then, in early 2014, VMware's outside legal counsel in the USA finally
 took a clear and hard line with Conservancy stating that they would not
 comply with the GPL on Linux and argued (in our view, incorrectly) that they
 were already in compliance.</p>

 <p>Conservancy in parallel informed Christoph fully of the details of the
   Linux violation on Christoph's copyrights, and based on Conservancy's
   findings, Christoph began his own investigation and confirmed
   Conservancy's compliance conclusions.  Christoph then began his own
   enforcement effort with legal representation from Till Jaeger.  Christoph has
   been unable to achieve compliance, either, through his negotiations in
   2014.  VMware's last offer was a proposal for a settlement agreement that VMware would
   only provide if Christoph signed an NDA, and Christoph chose (quite
   reasonably) not to sign an NDA merely to look at the settlement offer.</p>

 <p>Thus, this lawsuit comes after years of negotiations by Conservancy to
 achieve compliance &mdash; negotiations that ended in an outright refusal by
 VMware's lawyers to comply.  Those events were then followed by a year of
   work by Christoph and Till to achieve compliance in a separate action.</p>

 <p>Simply put, Conservancy and Christoph fully exhausted every possible
 non-litigation strategy and tactic to convince VMware to do the right thing
 before filing this litigation.</p>
  </dd>    

  <dt>What are VMware's primary defenses for their alleged copyright
    infringement?</dt>

  <dd>With the guidance of counsel, Christoph was able to provide Conservancy
  with a high-level summary of VMware's statement of defense, which we share
  in this FAQ.  Specifically, VMware's statement of defense primarily focuses
  on two issues.  First, VMware questions Christoph's copyright interest in
  the Linux kernel and his right to bring this action.  Second, VMware claims
  vmklinux is an &ldquo;interoperability module&rdquo; which communicates
  through a stable interface called VMK API.</dd>

  <dt>How did Christoph respond to VMware's statement of defense?</dt>

  <dd>Christoph's response discusses his extensive contributions to the Linux
  kernel and disputes the technical merits of VMware's assertions. The
  response points out that vmklinux is <strong>not</strong> an
  interoperability module, but rather an arbitrary separation of the Linux
  derived module from vmkernel.   Specifically, vmklinux is nonfunctional
  with any non-ESX OS, and vmklinux is tied intimately to a specific version
  of ESXi.  Vmklinux does not allow reuse of unmodified Linux drivers in
  binary or source form.  Christoph further points out that if the Court
  allows proprietarization of an arbitrary split portion of GPL'd computer
  programs, it could allow redistributors to trivially bypass the strong
  copyleft terms found in the GPL.  Finally, the response explains that
  vmkernel and vmklinux don't &ldquo;communicate over an interface&rdquo;,
  rather they run in the same process as a single computer program.  Thus,
  VMK API, as used by vmklinux, is not an &ldquo;interface&rdquo; as set
  forth in
  the <a href="http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32009L0024&from=EN">EU
      Directive 2009/24/EC</a>.</dd>

  <dt id="tech">Can you explain further how VMware incorporated code from Linux into
  their kernel?</dt>

  <dd>
  <p id="diagram">
    Conservancy prepared this diagram to show the technical situation as we
    understand it.  The diagram compares the technical architecture of a full,
    running Linux kernel with a full, running VMware kernel:
    <p>
      <a href="/copyleft-compliance/linux-vs-vmkernel_en.png">
    <img class="inside-faq" alt="[Diagram of Linux and VMware running kernels]" src="/copyleft-compliance/linux-vs-vmkernel_en_scaled.png" /></a>
    </p>

    <p>If you want to download the diagram, it's available
    in <a href="/copyleft-compliance/linux-vs-vmkernel_en.svg">SVG
    (English)</a>, <a href="/copyleft-compliance/linux-vs-vmkernel_en.png">PNG
    (English)</a>, <a href="/copyleft-compliance/linux-vs-vmkernel_de.svg">SVG
    (German)</a>, and <a href="/copyleft-compliance/linux-vs-vmkernel_de.png">PNG
    (German)</a>.</p>
  </dd>

  <dt>Can you explain further in words (rather than a picture) about the central
  component in ESXi that the lawsuit alleges violates the GPL?</dt>
<dd>
    <p>The GPL violation at issue involves VMware's ESXi product.
    Conservancy independently reviewed ESXi 5.5 and its incomplete
      <abbr title="complete, corresponding source">CCS</abbr>
    release as part of our GPL enforcement efforts described above.</p>

    <p>Conservancy's preliminary investigation indicated that the operating
    system kernel of VMware ESXi product consists of three key components:
        <ul>
          <li> the proprietary component &ldquo;vmkernel&rdquo;, which is
            released in binary form only,</li>
            <li>the kernel module &ldquo;vmklinux&rdquo;, which contains modified Linux
Code, and for which (at least some) source code is provided.
            <li>other kernel modules with device drivers, most of which are
            modified Linux drivers, and for which (at least some) source code
              is provided.</li>
        </ul>

    <p>Conservancy examined the incomplete CCS alongside the
           binary &ldquo;vmkernel&rdquo; component.  Such examination indicates that functions
           in &ldquo;vmkernel&rdquo; do make function calls to Linux's kernel code
      in the usual way for a single program written in C.</p></dd>

    <dt>Doesn't VMware's &ldquo;shim layer&rdquo; insulate them from GPL
    obligations and allow them to keep certain code in their kernel
    proprietary?</dt>

    <dd>
    <p>Many in the media have talked about the possibility that VMware might
    use some so-called &ldquo;shim layer&rdquo; between Linux code and
    VMware's proprietary code.  While, for decades, there has been much talk of
    various mechanisms of GPL obligation avoidance, Conservancy believes that
    merely modifying technical details of a combination's construction
    does not typically influence the legal analysis in a combined or
    derivative work scenario.</p>

    <p>Furthermore, the technical details of VMware's alleged GPL violation
    do not even mirror the typical scenarios that have usually been called
    &ldquo;shim layers&rdquo;.  Conservancy's analysis of VMware's ESXi
    product, in fact, indicates that VMware rather flagrantly combined Linux
    code in their own kernel, and evidence seems to indicate the work as a
    whole was developed by modifying Linux code in tandem with
    modifications to &ldquo;vmkernel&rdquo; in a tightly coupled manner.</p>
    </dd>
   <dt id="shim-meaningless">Is Conservancy proposing a &ldquo;shim
      layer&rdquo; as a viable solution for GPL compliance?</dt>

    <dd>No, in fact, as we say above, Conservancy doesn't think the phrase
        &ldquo;shim layer&rdquo; has any meaning, despite regular use of that
        phrase in the media.  Conservancy generally doubts there is any
        technological manipulation that changes the outcome of a
        combined/derivative work analysis.</dd>

    <dt id="example">Can you give a <em>specific</em> example, with code, showing how
    VMware combined Linux source code with their binary-only components?</dt>

     <dd><p>There are numerous examples available that show this.  The
       details of alleged infringement specifically relating to Hellwig's
       contributions to Linux are of course the main matter of the
       allegations in the litigation, and Conservancy
       released <a href="#diagram">the diagram above</a> to exemplify that
       issue.  Conservancy continues to <a href="#court-documents">hope VMware will
       agree to make public all court documents</a> as a matter of public
       good, since the court documents discuss the specifics of alleged
         infringement on Hellwig's copyrights.</p>

       <p>However, Conservancy examined VMware's ESXi 5.5 product in detail
       even before Hellwig's enforcement action began.  Below is one example
       among many where VMware's CCS was incomplete per GPLv2&sect;2(c) and
       GPLv2&sect;3(a).  (One can verify these results by
       <a href="#verify">downloading and installing the binary and source
       packages for VMware's ESXi 5.5 Update 2</a>.)  Note that this
       example below is not necessarily regarding
       Hellwig's copyrights; VMware incorporated Linux code copyrighted by
       many others as well into their kernel.</p>

       <h3>Example of &ldquo;vmkernel&rdquo;'s combination with Linux code</h3>
       <p>Our example begins with examination of the file
           called <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>,
           which can be found in the &ldquo;Open Source&rdquo; release for
           ESXi 5.5.0 Update 2 (5.5U2).  A small excerpt from that file, found in the
           function <code>LinuxPCIDeviceRemoved()</code>, reads as follows:</p>

<pre>
#include &lt;linux/pci.h&gt;
[...]
/*
 * This function [...] is modelled after pci_remove_device, the function which would
 * be called in a linux system.
 */
static void
LinuxPCIDeviceRemoved(vmk_PCIDevice vmkDev)
{
   LinuxPCIDevExt *pciDevExt;
   struct pci_dev *linuxDev;
[...]
  if (unlikely(
    vmk_PCIGetDeviceName(vmkDev, vmkDevName, sizeof(vmkDevName)-1) != VMK_OK))
  {
      vmkDevName[0] = 0;
  }
[...]
VMKAPI_MODULE_CALL_VOID(pciDevExt->moduleID,
                        linuxDev->driver->remove,
                        linuxDev);
</pre>        

<h4>Combination of &ldquo;vmkernel&rdquo; code with &ldquo;vmkdrivers&rdquo;</h4>

<p>The function, <code>vmk_PCIGetDeviceName()</code> must be defined, with an
      implementation, for this code above to work, or even compile.
      Inside <code>BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h</code>,
      found in the <code>vmkdrivers</code> package of ESXi 5.5U2, shows a
      function header definition for <code>vmk_PCIGetDeviceName()</code>.
      However, the source of its implementation is not provided there or
      anywhere in the source release.</p>

<p>Further evidence that the implementation of this function occurs elsewhere
  can by found by running <code>objdump -x</code> on the un-vmtar'ed
  <code>vmklinux_9</code> module.  Note the following output in the &ldquo;SYMBOL
  TABLE&rdquo; section:</p>

<pre>
0000000000000000         *UND*  0000000000000000 vmk_PCIGetDeviceName
</pre>

<p>
&hellip;and the following lines found in the  &ldquo;RELOCATION RECORDS FOR
[.text]&rdquo; section:
</p>

<pre>
00000000000327ff R_X86_64_PC32     vmk_PCIGetDeviceName+0xfffffffffffffffc
0000000000035318 R_X86_64_PC32     vmk_PCIGetDeviceName+0xfffffffffffffffc
00000000000387e1 R_X86_64_PC32     vmk_PCIGetDeviceName+0xfffffffffffffffc
000000000003cf40 R_X86_64_PC32     vmk_PCIGetDeviceName+0xfffffffffffffffc
</pre>

<p>The above two properties both suggest that the <code>vmklinux_9</code>
 module requires: (a) a definition of the <code>vmk_PCIGetDeviceName()</code>
 function to operate, but (b) that function is not defined
 inside <code>vmklinux_9</code> itself.</p>

<p>The definition can however be found in binary-only software provided in
  ESXi 5.5U2 &mdash; specifically, inside a file named <code>k.b00</code>,
  which is located in partition 5 on a disk where ESXi has been installed (or
  in the ESXi 5.5U2 installer ISO image).  Running <code>file</code>
  after <code>gunzip</code> on this file yields &ldquo;ELF 64-bit LSB shared
  object&rdquo;.  Meanwhile, <code>file k.b00</code> reports &ldquo;gzip
  compressed data, was &lsquo;vmvisor64-vmkernel.stripped&rsquo;&rdquo;.
  These findings strongly suggests this is an image of the
  &ldquo;vmkernel&rdquo; component.  An <code>objdump -x</code> yields this
  &ldquo;SYMBOL TABLE&rdquo; section:</p>

<pre>
000041800036a408 g     F .text  0000000000000137 vmk_PCIGetDeviceName
</pre>

<p>&hellip; which indicated these binary file contains the function body
for  <code>vmk_PCIGetDeviceName</code>.</p>

<p>Furthermore, after detailed searching, Conservancy found no evidence that any
  other code (other than modified Linux code) makes calls
  to <code>vmk_PCIGetDeviceName</code>.  This provides a strong indication
  that this function's primary purpose is to combine Linux code with
  &ldquo;vmkernel&rdquo;.  Conservancy also found other functions where similar analysis
  yields similar results as above.</p>

<h4>Linux's <code>struct pci</code> combined with <code>LinuxPCIDeviceRemoved()</code></h4>

<p>Having established the direct and close combination
  of <code>vmk_PCIGetDeviceName</code>
  and <code>LinuxPCIDeviceRemoved()</code>,  focus now on the
  quoted code from <code>LinuxPCIDeviceRemoved()</code>.  That code, note
  that one of the local variables is <code>struct pci_dev *linuxDev;</code>.
  A definition of <code>pci_dev</code> is found in
  <code>vmkdrivers/src_92/include/linux/pci.h</code> (which
  is <code>#include</code>'d above) reads:</p>

  <pre>
struct pci_dev {
[...]
       struct pci_driver *driver;      /* which driver has allocated this device */
[...]
truct pci_driver {
        char *name;
[...]
        void (*remove) (struct pci_dev *dev);   /* Device removed (NULL if not a hot-plug capable driver) */
[...]
#if defined(__VMKLNX__)
        /* 2008: Update from Linux source */
        u8              revision;       /* PCI revision, low byte of class word */
#endif /* defined(__VMKLNX__) */
  };
</pre>

<p>These structures, and based on those from Linux itself
  (<a href="http://lxr.free-electrons.com/source/include/linux/pci.h?v=2.6.24">a
    similar version of this file can be seen in Linux 2.6.24</a>), and as can
  be seen above, have been modified to work with &ldquo;vmkernel&rdquo;</p>

<p>In <code>LinuxPCIDeviceRemoved()</code>, we saw a macro called with a
  variable, <code>linuxDev</code> which was of type <code>struct pci</code>.
  Thus, the combination of code from Linux's <code>pci.h</code>
  and VMware's <code>vmware/linux_pci.c</code> is very tightly coupled and
  interdependent.</p>

<h4><code>VMKAPI_MODULE_CALL_VOID</code> macro calls driver's code</h4>

<p>The
  file <code>BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/base/vmkapi_module.h</code>
  contains the macro definition of  <code>VMKAPI_MODULE_CALL_VOID</code>,
  which is quoted below (with debug lines removed):
<pre>
#define VMKAPI_MODULE_CALL_VOID(moduleID, function, args...)  \
do {                                                    \
    vmk_ModInfoStack modStack;                          \
    vmk_ModulePushId(moduleID, function, &amp;modStack);    \
    (function)(args);                                   \
    )                                                   \
    vmk_ModulePopId();                                  \
} while(0)
</pre>

<p>When the macro is expanded, it means that <code>(function)(args)</code> is
  actually expanded to <code>linuxDev->driver->remove(linuxDev)</code>.
  Therefore, we see <code>LinuxPCIDeviceRemoved()</code>, makes directs calls
  to a driver's remove() function, by combining with Linux's <code>struct
  pci</code>, and by VMware's introduction of this new calling code.
  Conservancy has confirmed many drivers from Linux are incorporated via
  these mechanisms; one specific example is discussed next.</p>

<h4>Combination of the tg3 driver with &ldquo;vmkernel&rdquo;</h4>

<p>VMware includes a file <code>vmkdrivers/src_9/drivers/net/tg3/tg3.c</code>
  in their source release.  This file appears to be Linux's tg3 driver.  It
  includes a definition of the <code>struct pci_dev</code> for this device,
  which reads:</p>

<pre>
static struct pci_driver tg3_driver = {
[...]
        .remove         = __devexit_p(tg3_remove_one),
</pre>

<p>Therefore, when the code in <code>LinuxPCIDeviceRemoved()</code>
  calls <code>linuxDev->driver->remove(linuxDev)</code>, the code ultimately
  called (in the case where a tg3 card is driven by the kernel)
  is <code>tg3_remove_one()</code>, which is found in <code>tg3.c</code> and
  comes directly from Linux.</p>

<p>(Note: <code>__devexit_p</code> is a straightforward macro found
  in <code>vmkdrivers/src_92/include/linux/init.h</code> (which also comes
  from Linux) that will simply expand to its first argument in this
  case.)</p>

<h4>VMware distribution of binary version of <code>tg3.c</code></h4>

<p>VMware furthermore distributes a modified version of <code>tg.c</code> in
  binary form.  This can be found in <code>usr/lib/vmware/vmkmod/tg3</code>,
  which is extracted by un-vmtar'ing the file <code>net_tg3.v00</code> (found
  on the ESXi 5.5U2 installer ISO image).  Conservancy has confirmed that
  file is a compiled version of <code>tg3.c</code></p>

<h4>Conclusions</h4>

<p>Given this evidence and related contextual clues, the only logical
  conclusions are:</p>
    <ul><li><code>vmklinux_9</code>, a binary object, dynamically links with
        the binary objects: <code>k.b00</code> and <code>tg3</code> (the
        driver built from <code>tg3.c</code>'s source).  These three binary
        objects together form a single running binary (likely along with many
        other binary objects as well).</li>
      <li>That single running binary contains code licensed under the GPLv2
       &mdash; namely the code derived from <code>tg3.c</code>
       and <code>pci.h</code>.  Thus, the single running binary may be
       distributed in binary form only under permissions provided under GPLv2
       &mdash; in
       particular <a href="https://gnu.org/licenses/gpl-2.0.html#section2">GPLv2&sect;2</a>
       and <a href="https://gnu.org/licenses/gpl-2.0.html#section3">GPLv2&sect;3</a>.</li>
      <li>GPLv2&sect;3(a&ndash;b) requires that <q>complete corresponding
          machine-readable source code</q> must accompany binary
          distributions such as these.  GPLv2&sect;3 further states
          that <q>for an executable work, complete source code means all the
          source code for all modules it contains</q>.</li>
      <li>The binary work in question contains modules from <code>k.b00</code>,
        <code>vmlinux_9</code> and <code>tg3</code>.</li>
      <li>VMware did not provide source code for any modules found in
        <code>k.b00</code>.</li>
      <li>Therefore, VMware failed to comply with the GPLv2, as such
      compliance requires source code (or an offer therefor) for the material
        in <code>k.b00</code>.</li>
    </ul>
<p>The above is but one piece of evidence among many, but hopefully it helps
  to explain some of the &ldquo;combined work&rdquo; violations found in
  VMware's ESXi product.</p>

<dt id="verify">How can I verify Conservancy's technical findings above?</dt>

<dd><p>The binary and source packages mentioned above are available
on VMware's website.  These packages contain the
previously-mentioned <code>linux_pci.c</code>,
<code>vmkapi_pci_incompat.h</code>, and <code>k.b00</code> files, as well as
    <code>vmklinux_9</code> and the source code that builds the latter.</p>

  <p>To speed up the process, Conservancy has provided
  a <a href="https://git.sfconservancy.org/?p=vmkdrivers;a=summary">Git
  repository that we built that includes the source components that VMware
  released</a>, and which are discussed above in our examples.  However, one
  can also obtain the source components directly from VMware, by following
  these steps (no login is required):</p>

<ol>
<li>Visit <a href="https://my.vmware.com/web/vmware/details?downloadGroup=ESXI55U2_OSS&productId=353">https://my.vmware.com/web/vmware/details?downloadGroup=ESXI55U2_OSS&productId=353</a>.</li>

<li>Click the &ldquo;Download&rdquo; button beside the text that reads
&ldquo;Open Source Code for VMware vSphere ESXi 5.5 Update 2&rdquo;.</li>

<li>Confirm that the SHA-1 hash matches the published one
  (d121634668a137ec808b63679fd941cef9a59715), found under &ldquo;Read
  More&rdquo; on that web page.</li>

<li>Mount (or otherwise open) the
  downloaded <code>VMware-ESX-550U2-ODP.iso</code>.</li>

<li>Extract <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>
  and <code>BLD/build/HEADERS/vmkapi-current-all-public/vmkernel64/release/device/vmkapi_pci_incompat.h</code>
  from <code>vmkdrivers-gpl/vmkdrivers-gpl.tgz</code> with tar and gzip.</li>

<li>Generate <code>vmklinux_9</code> by following the steps
  in <code>vmkdrivers-gpl/BUILD.txt</code> in the ISO.
  (Note: <code>vmklinux_9</code> is also available pre-built on a running
  ESXi system; <a href="#vmklinux">see below for instructions on how to access it</a>).</li>

<li>You may need the &ldquo;Supporting Toolchain packages for VMware
  vSphere ESXi 5.5.0 Update 2&rdquo; file from the above download page to
  complete the build &mdash; upon downloading you will find it is named
  <code>VMware-TOOLCHAIN-550u2-ODP.iso</code> and has a SHA-1 hash of
  f679e81ffb2f92729917bbc64c2d541cf75b5b94.</li>

</ol>

  <p>To obtain the binary components, follow these steps (a login is required):<p>

<ol>
<li>Register for an account at <a href="https://my.vmware.com/web/vmware/registration">https://my.vmware.com/web/vmware/registration</a>.</li>

<li>Click the &ldquo;Activate Now&rdquo; link in the follow-up email.  Enter
  the password used at registration time.  Click &ldquo;Continue&rdquo;.</li>

<li>Visit <a href="https://my.vmware.com/web/vmware/evalcenter?p=free-esxi5">https://my.vmware.com/web/vmware/evalcenter?p=free-esxi5</a>.</li>

<li>Click &ldquo;Register&rdquo; (under the text that reads &ldquo;You have
  not registered for this product&rdquo;).</li>

<li>Enter the number of servers you plan to install on (e.g., 1).  Click
  &ldquo;Continue&rdquo;.</li>

<li>If the &ldquo;VMware vSphere Hypervisor 5.5 Update 2 &ndash;
  Binaries&rdquo; section is not expanded, click the plus sign next to it.</li>

<li>Click the &ldquo;Manually Download&rdquo; link that's beside &ldquo;ESXi
  5.5 Update 2 ISO image (Includes VMware Tools)&rdquo;.</li>

<li>Confirm that the SHA-1 hash matches the published one (9475938b51cafc86c8b17d09f2493cb6b4fae927).</li>

<li>Mount (or open via some other means) the
downloaded <code>VMware-VMvisor-Installer-5.5.0.update02-2068190.x86_64.iso</code>.</li>

<li>Find the <code>k.b00</code> file in the root directory.  Extract it
using <code>zcat k.b00 &gt; vmvisor64-vmkernel</code> (or a similar command).
Repeat the steps described above using <code>objdump -x
vmvisor64-vmkernel</code>.</li>

<li id="vmklinux">To retrieve <code>vmklinux_9</code> you will need to install
ESXi on your system by booting the ISO and following the instructions.  Once
booted, you can then enable SSH access using &ldquo;Customize System/View Logs -&gt;
Troubleshooting Options -&gt; Enable SSH&rdquo;.  Login to the system with SSH
and then run <code>find /vmfs -name misc_dri.v00 -print</code>.  On the
resulting file, run <code>zcat misc_dri.v00 &gt; misc_dri.vmtar</code> then
<code>vmtar -x misc_dri.vmtar -o misc_dri.tar</code>.  You can then extract
<code>misc_dri.tar</code> using the usual <code>tar</code> to extract
<code>usr/lib/vmware/vmkmod/vmklinux_9</code>.  The <code>misc_dri.v00</code>
file is also available next to <code>k.b00</code> in the root directory of
the ISO (mentioned above), but the <code>vmtar</code> command itself is only
available when logged into an ESXi system. <code>vmtar</code> can be found
at <code>bin/vmtar</code> inside
<code>sb.v00</code> on the ISO, but one needs <code>vmtar</code> to open
<code>sb.v00</code>, similar to <code>misc_dri.v00</code> above.</li>

</ol>

  <p>Note that VMware may present you with <abbr title="End User Licensing Agreement">EULA</abbr>s and <abbr title="Terms of Service">ToS</abbr> when you download
  software from VMware's website.  Conservancy strongly suggests that you review these
  terms in great detail with the assistance of your own legal counsel before
  downloading the software and/or engaging in the process that Conservancy
  discusses above.</p>

<dt id="similarity-analysis">How do you know Christoph's code is present in
  VMware's work?</dt>

<dd>Conservancy
published <a href="/copyleft-compliance/vmware-code-similarity.html">its
comparison analysis between Christoph's code and VMware's code</a>. This
particular analysis uses a two step process: (a) use Linux's public Git logs
to find Christoph's contributions from Christoph, and (b) use a widely
accepted and heavily academically cited tool, CCFinderX, to show that VMware
copied Christoph's code into their product.</dd>

<dt id="appeal">I heard that Christoph's case was dismissed.  Is that
  true?</dt>

  <dd>There was a ruling in July 2016 in the Hamburg District Court, which
    dismissed Christoph's case against VMware.  The ruling concerned German
    evidence law and the Court did not rule on the merits of the case. The
    ruling centered around German evidentary rules related to documenting
    Christoph's contributions that appear in VMware's product.
    In <a href="http://bombadil.infradead.org/~hch/vmware/2016-08-09.html">a
    statement on his website</a>, Christoph Hellwig announced that he will
    appeal the ruling. Christoph also published
    (in <a href="http://bombadil.infradead.org/~hch/vmware/Urteil_2016-07-08.pdf">German</a>
    and <a href="http://bombadil.infradead.org/~hch/vmware/Judgment_2016-07-08.pdf">English)
    the Court's ruling</a> which explains why the materials submitted did not
    satisfy German evidence rules &mdash; despite publicly available
    information in Linux's Git repositories. In addition, the Court chose not
    to seek expert testimony.</dd>
  <dt id="statements-of-support">Have others issued statements of support about this action?</dt>
  <dd>Various individuals and groups have publicly stated their support for
    Conservancy's and Hellwig's actions in this matter.  They include:
    <ul>
        <li><a href="http://www.april.org/en/statement-support-software-freedom-conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">APRIL</a></li>
        <li><a href="https://fsf.org/news/conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">Free
            Software Foundation</a></li>
        <li><a href="https://fsfe.org/news/2015/news-20150331-01.en.html">Free
            Software Foundation Europe</a></li>
        <li><a href="https://www.gnome.org/news/2015/03/gnome-supports-gpl-compliance-through-vmware-suit-2/">GNOME Foundation</a></li>
        <li><a href="http://opensource.org/node/739">Open Source Initiative</a></li>
        <li><a href="https://samba.org/samba/news/announcements/2015-03-06_vmware_lawsuit.html">The
            Samba Team</a></li>
        <li><a href="http://sourceforge.net/p/swig/news/2015/03/defending-the-gpl/">The
        SWIG Project</a></li>
        <li><a href="https://plus.google.com/104877287288155269055/posts/cHgyreA76yY">Dave Airlie, Linux Developer</a></li>
        <li><a href="https://twitter.com/mjg59/status/573530001758294016">Matthew Garrett, Linux Developer</a></li>
        <li><a href="/news/2015/mar/05/vmware-lawsuit/#glikely">Grant Likely, Linux Kernel Engineer</a></li>
        <li><a href="http://mina86.com/2015/03/11/the-time-has-come-to-stand-up-for-the-gpl/">Michal Nazarewicz, Linux Developer</a></li>
        <li><a href="http://lwn.net/Articles/635624/">Luis R. Rodriguez (aka mcgrof), Linux Developer</a></li>
        <li><a href="http://lwn.net/Articles/635855/">Wolfram Sang, Linux Developer</a></li>
        <li><a href="https://twitter.com/josh_triplett/status/573543072929198083">Josh
        Triplett, Linux Developer</a></li>
        <li><a href="https://lwn.net/Articles/635617/">Rik van Riel, Linux Developer</a></li>
    </ul>
  </dd>

<dt>I
see <a href="https://fsf.org/news/conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">FSF's
statement of support</a>, but why
isn't <a href="https://www.fsf.org/licensing/compliance">FSF enforcing</a> in
this case?</dt>

<dd>While FSF are the authors and license steward of the GNU GPL, it's up to
the copyright holder to enforce GPL.  VMware created an operating system by
combining parts of the kernel named Linux with their own proprietary code,
and then added BusyBox to provide the userspace operating system components.
As such, ESXi is not
a <a href="https://www.gnu.org/gnu/linux-and-gnu.html">traditional GNU/Linux
system</a>.  FSF has many copyrights of its own, but these are almost
exclusively on various parts of the GNU system, not on the kernel, Linux.  As
such, FSF probably does not have copyright interests available to directly
enforce the GPL regarding the primary issue in this case.</dd>

  <dt><em>I</em> care about copyleft and the GPL.  How can I help?</dt>

  <dd>Conservancy needs <a href="#donate-box" class="donate-now">your immediate financial
  support to proceed with this litigation</a>.  Litigation costs are
  unpredictable, and this lawsuit may take years to resolve.  Conservancy is
  prepared to fund this case through its conclusion, but we can only do so
  with <a href="/supporter/"><em>your</em> support</a>.  If you are an
  individual who supports copyleft and wants to see it defended, please
  donate now.  And, if you make a public statement of support, please email the
  URL
  to <a href="mailto:info@sfconservancy.org">&lt;info@sfconservancy.org&gt;</a>,
  as we'd like to include representative selection of supportive statements above.</dd>

  <dt>Why is the case in Germany?</dt>

  <dd>Copyright infringement claims can be brought anywhere that distribution
  of the copyrighted works occur.  VMware distributes ESXi throughout the
  world, but Germany is close to Christoph's home and his lawyer was
  available to do the litigation work there.  Finally, historically,
  Mr. Jaeger's cases in Germany have usually achieved worldwide compliance on
  the products at issue in those cases.</dd>
  
</dl>
{% endblock %}

<!--  LocalWords:  Christoph Hellwig VMware vmkernel Linux's GPLv VMware's
 -->
<!--  LocalWords:  ESXi CCS Christoph's Jaeger NDA SVG PNG vmklinux vmk un
 -->
<!--  LocalWords:  Hellwig's PCIGetDeviceName vmvisor vmkDev vmkDevName UND
 -->
<!--  LocalWords:  sizeof VMKAPI pciDevExt moduleID linuxDev vmtar'ed LSB ec
 -->
<!--  LocalWords:  xfffffffffffffffc gzip login vSphere SHA fd cef pre ffb
 -->
<!--  LocalWords:  Toolchain bbc Hypervisor cafc cb fae ToS Airlie mcgrof
 -->
<!--  LocalWords:  Rik userspace Jaeger's endblock
 -->