Ben Sturmfels
531a97a3c9
The directory nesting is unnecessary here and confusing to navigate. I've moved all apps to the project subdirectory, currently called "www", but soon to be renamed "conservancy". I've also moved manage.py to the top-level directory.
726 lines
36 KiB
HTML
726 lines
36 KiB
HTML
{% extends "base_compliance.html" %}
|
|
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
|
|
{% block submenuselection %}PastLawsuits{% endblock %}
|
|
{% block content %}
|
|
<h1>Frequently Asked Questions about Christoph Hellwig's VMware Lawsuit</h1>
|
|
|
|
<p><strong>Update 2019-04-02:</strong> Please
|
|
see <a href="https://sfconservancy.org/news/2019/apr/02/vmware-no-appeal/">this
|
|
announcement regarding conclusion of the VMware suit in Germany</a>. Since the suit has
|
|
concluded, any funds you donate here will support our ongoing compliance efforts. The
|
|
remaining material below is left as it was before that announcement:</p>
|
|
|
|
|
|
<p>Conservancy maintains this
|
|
<abbr title="Frequently Asked Questions">FAQ</abbr> list regarding
|
|
<a href="/news/2015/mar/05/vmware-lawsuit/">Christoph Hellwig's lawsuit against VMware
|
|
in Germany over alleged GPL violations on Linux</a> as a service to the
|
|
Free Software community, and in particular, the copyleft community. Conservancy
|
|
realizes this lawsuit generates many questions and interest
|
|
from the community. Legal counsel (both Conservancy's own, and
|
|
Christoph's lawyer, Till Jaeger) correctly advise us to limit our public
|
|
comments regarding specific details of the case while litigation remains
|
|
pending in court. Nevertheless, Conservancy, as a
|
|
non-profit charity serving the public good, seeks to be as transparent as
|
|
possible. If you have additional questions you'd like to see answered
|
|
here, please <a href="mailto:info@sfconservancy.org">email
|
|
<info@sfconservancy.org></a>, but understand that we may often need
|
|
to answer: <q>We cannot comment on this while litigation is pending</q>.</p>
|
|
|
|
<details>
|
|
<summary>Who is the Plaintiff in the lawsuit?</summary>
|
|
|
|
<p>Christoph is one of most active developers of the Linux kernel. He has
|
|
contributed 279,653 lines of code to the latest Linux 3.19 kernel, and
|
|
thus ranks 20th among the 1,340 developers involved in that release.
|
|
Christoph also ranks 4th among those who have reviewed third-party source
|
|
code, and he has tirelessly corrected and commented on other developers'
|
|
contributions.</p>
|
|
</details>
|
|
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="court-documents">Are the court documents released?</summary>
|
|
|
|
<p>Not currently. Court proceedings are not public by default in Germanyg (unlike in the USA). Conservancy will continue to update this FAQ with
|
|
information that Conservancy knows about the case. We would all also
|
|
welcome an agreement with VMware whereby both sides would agree to publish
|
|
all Court documents. Unfortunately, VMware has explicitly asked for the
|
|
filings not to be published. Accordingly, Conservancy itself has not
|
|
even been able to review VMware's statement of defense nor Christoph's
|
|
response to that statement of defense.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="funding">Who's funding this lawsuit?</summary>
|
|
|
|
<p>Conservancy has engaged in a grant agreement with Christoph Hellwig for
|
|
the purposes of pursuing this specific legal action in Germany.
|
|
Conservancy is funding this legal action specifically as part of
|
|
Conservancy's program activity in
|
|
its <a href="/copyleft-compliance/about.html">GPL Compliance
|
|
Project for Linux Developers</a>.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="combined-and-derivative-works">Is this the Great Test Case of Combined / Derivative Works?</summary>
|
|
|
|
<p>This case is specifically regarding a combined work that VMware
|
|
allegedly created by combining their own code (“vmkernel”) with
|
|
portions of Linux's code, which was licensed only under GPLv2. As such,
|
|
this, to our knowledge, marks the first time an enforcement case is
|
|
exclusively focused on this type of legal question relating to GPL.
|
|
However, there are so many different ways to make combined and/or
|
|
derivative works that are covered by GPL that no single case could possibly
|
|
include all such issues. </p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="why-lawsuit">Why must you file a lawsuit? Isn't there any other way to convince VMware to comply with GPL?</summary>
|
|
|
|
<p>Neither Conservancy nor Christoph takes this action lightly nor without
|
|
exhausting every other possible alternative first. This lawsuit is the
|
|
outgrowth of years of effort to convince VMware to comply with GPL.</p>
|
|
|
|
<p>In October 2011, Conservancy received a GPL violation report on
|
|
BusyBox for VMware's ESXi products. Conservancy opened the matter in its
|
|
usual, friendly, and non-confrontational way. Nevertheless, VMware
|
|
immediately referred Conservancy to VMware's outside legal counsel in the
|
|
USA, and Conservancy negotiated with VMware's legal counsel throughout
|
|
late 2011, 2012 and 2013. We exchanged and reviewed
|
|
<a title="Complete, Corresponding Source" href="https://copyleft.org/guide/comprehensive-gpl-guidech6.html#x9-470005.2.1">CCS</a> candidates, and
|
|
admittedly, VMware made substantial and good efforts toward compliance on
|
|
BusyBox. However, VMware still refused to fix a few minor and one major
|
|
compliance problem that we discovered during the process. Namely, there
|
|
was a major violation regarding Linux itself that ultimately became
|
|
Christoph's key complaint in this lawsuit.</p>
|
|
|
|
<p>Meanwhile, when Conservancy realized in late 2012 there might be a major
|
|
Linux violation still present in VMware's ESXi products, Conservancy
|
|
representatives sought every industry contact we had for assistance,
|
|
including those from trade associations, companies (both competitors and
|
|
collaborators with VMware), and everyone else we could think of who might be
|
|
able to help us proceed with friendly negotiations that would achieve
|
|
compliance. While we cannot name publicly the people we asked for help
|
|
to convince VMware to comply, they include some of the most notable
|
|
executives, diplomats, and engineering managers in the Linux community. No
|
|
one was able to assist Conservancy in convincing VMware to comply with the
|
|
GPL. Then, in early 2014, VMware's outside legal counsel in the USA finally
|
|
took a clear and hard line with Conservancy stating that they would not
|
|
comply with the GPL on Linux and argued (in our view, incorrectly) that they
|
|
were already in compliance.</p>
|
|
|
|
<p>Conservancy in parallel informed Christoph fully of the details of the
|
|
Linux violation on Christoph's copyrights, and based on Conservancy's
|
|
findings, Christoph began his own investigation and confirmed
|
|
Conservancy's compliance conclusions. Christoph then began his own
|
|
enforcement effort with legal representation from Till Jaeger. Christoph has
|
|
been unable to achieve compliance, either, through his negotiations in
|
|
2014. VMware's last offer was a proposal for a settlement agreement that VMware would
|
|
only provide if Christoph signed an NDA, and Christoph chose (quite
|
|
reasonably) not to sign an NDA merely to look at the settlement offer.</p>
|
|
|
|
<p>Thus, this lawsuit comes after years of negotiations by Conservancy to
|
|
achieve compliance — negotiations that ended in an outright refusal by
|
|
VMware's lawyers to comply. Those events were then followed by a year of
|
|
work by Christoph and Till to achieve compliance in a separate action.</p>
|
|
|
|
<p>Simply put, Conservancy and Christoph fully exhausted every possible
|
|
non-litigation strategy and tactic to convince VMware to do the right thing
|
|
before filing this litigation.</p>
|
|
</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary>What are VMware's primary defenses for their alleged copyright
|
|
infringement?</summary>
|
|
|
|
<p>With the guidance of counsel, Christoph was able to provide Conservancy
|
|
with a high-level summary of VMware's statement of defense, which we share
|
|
in this FAQ. Specifically, VMware's statement of defense primarily focuses
|
|
on two issues. First, VMware questions Christoph's copyright interest in
|
|
the Linux kernel and his right to bring this action. Second, VMware claims
|
|
vmklinux is an “interoperability module” which communicates
|
|
through a stable interface called VMK API.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary>How did Christoph respond to VMware's statement of defense?</summary>
|
|
|
|
<p>Christoph's response discusses his extensive contributions to the Linux
|
|
kernel and disputes the technical merits of VMware's assertions. The
|
|
response points out that vmklinux is <strong>not</strong> an
|
|
interoperability module, but rather an arbitrary separation of the Linux
|
|
derived module from vmkernel. Specifically, vmklinux is nonfunctional
|
|
with any non-ESX OS, and vmklinux is tied intimately to a specific version
|
|
of ESXi. Vmklinux does not allow reuse of unmodified Linux drivers in
|
|
binary or source form. Christoph further points out that if the Court
|
|
allows proprietarization of an arbitrary split portion of GPL'd computer
|
|
programs, it could allow redistributors to trivially bypass the strong
|
|
copyleft terms found in the GPL. Finally, the response explains that
|
|
vmkernel and vmklinux don't “communicate over an interface”,
|
|
rather they run in the same process as a single computer program. Thus,
|
|
VMK API, as used by vmklinux, is not an “interface” as set
|
|
forth in
|
|
the <a href="http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32009L0024&from=EN">EU
|
|
Directive 2009/24/EC</a>.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="tech">Can you explain further how VMware incorporated code from Linux into
|
|
their kernel?</summary>
|
|
|
|
<p>
|
|
<p id="diagram">
|
|
Conservancy prepared this diagram to show the technical situation as we
|
|
understand it. The diagram compares the technical architecture of a full,
|
|
running Linux kernel with a full, running VMware kernel:
|
|
<p>
|
|
<a href="/copyleft-compliance/linux-vs-vmkernel_en.png">
|
|
<img class="inside-faq" alt="[Diagram of Linux and VMware running kernels]" src="/copyleft-compliance/linux-vs-vmkernel_en_scaled.png" /></a>
|
|
</p>
|
|
|
|
<p>If you want to download the diagram, it's available
|
|
in <a href="/copyleft-compliance/linux-vs-vmkernel_en.svg">SVG
|
|
(English)</a>, <a href="/copyleft-compliance/linux-vs-vmkernel_en.png">PNG
|
|
(English)</a>, <a href="/copyleft-compliance/linux-vs-vmkernel_de.svg">SVG
|
|
(German)</a>, and <a href="/copyleft-compliance/linux-vs-vmkernel_de.png">PNG
|
|
(German)</a>.</p>
|
|
</p>
|
|
</p>details>
|
|
|
|
<details>
|
|
<summary>Can you explain further in words (rather than a picture) about the central
|
|
component in ESXi that the lawsuit alleges violates the GPL?</summary>
|
|
<p>
|
|
<p>The GPL violation at issue involves VMware's ESXi product.
|
|
Conservancy independently reviewed ESXi and its incomplete
|
|
<abbr title="complete, corresponding source">CCS</abbr>
|
|
release as part of our GPL enforcement efforts described above.</p>
|
|
|
|
<p>Conservancy's preliminary investigation indicated that the operating
|
|
system kernel of VMware ESXi product consists of three key components:
|
|
<ul>
|
|
<li> the proprietary component “vmkernel”, which is
|
|
released in binary form only,</li>
|
|
<li>the kernel module “vmklinux”, which contains modified Linux
|
|
Code, and for which (at least some) source code is provided.
|
|
<li>other kernel modules with device drivers, most of which are
|
|
modified Linux drivers, and for which (at least some) source code
|
|
is provided.</li>
|
|
</ul>
|
|
|
|
<p>Conservancy examined the incomplete CCS alongside the
|
|
binary “vmkernel” component. Such examination indicates that functions
|
|
in “vmkernel” do make function calls to Linux's kernel code
|
|
in the usual way for a single program written in C.</p></p>
|
|
</li>details>
|
|
|
|
<details>
|
|
<summary>Doesn't VMware's “shim layer” insulate them from GPL
|
|
obligations and allow them to keep certain code in their kernel
|
|
proprietary?</summary>
|
|
|
|
<p>
|
|
<p>Many in the media have talked about the possibility that VMware might
|
|
use some so-called “shim layer” between Linux code and
|
|
VMware's proprietary code. While, for decades, there has been much talk of
|
|
various mechanisms of GPL obligation avoidance, Conservancy believes that
|
|
merely modifying technical details of a combination's construction
|
|
does not typically influence the legal analysis in a combined or
|
|
derivative work scenario.</p>
|
|
|
|
<p>Furthermore, the technical details of VMware's alleged GPL violation
|
|
do not even mirror the typical scenarios that have usually been called
|
|
“shim layers”. Conservancy's analysis of VMware's ESXi
|
|
product, in fact, indicates that VMware rather flagrantly combined Linux
|
|
code in their own kernel, and evidence seems to indicate the work as a
|
|
whole was developed by modifying Linux code in tandem with
|
|
modifications to “vmkernel” in a tightly coupled manner.</p>
|
|
</p></details>
|
|
|
|
<details>
|
|
<summary id="shim-meaningless">Is Conservancy proposing a “shim
|
|
layer” as a viable solution for GPL compliance?</summary>
|
|
|
|
<p>No, in fact, as we say above, Conservancy doesn't think the phrase
|
|
“shim layer” has any meaning, despite regular use of that
|
|
phrase in the media. Conservancy generally doubts there is any
|
|
technological manipulation that changes the outcome of a
|
|
combined/derivative work analysis.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="example">Can you give a <em>specific</em> example, with code, showing how
|
|
VMware combined Linux source code with their binary-only components?</summary>
|
|
|
|
<p><p>There are numerous examples available that show this. The
|
|
details of alleged infringement specifically relating to Hellwig's
|
|
contributions to Linux are of course the main matter of the
|
|
allegations in the litigation, and Conservancy
|
|
released <a href="#diagram">the diagram above</a> to exemplify that
|
|
issue. Conservancy continues to <a href="#court-documents">hope VMware will
|
|
agree to make public all court documents</a> as a matter of public
|
|
good, since the court documents discuss the specifics of alleged
|
|
infringement on Hellwig's copyrights.</p>
|
|
|
|
<p>However, Conservancy examined VMware's ESXi product in detail
|
|
even before Hellwig's enforcement action began. Below is one example
|
|
among many where VMware's CCS was incomplete per GPLv2§2(c) and
|
|
GPLv2§3(a). (One can verify these results by
|
|
<a href="#verify">downloading and installing the binary and source
|
|
packages for VMware's ESXi 6.0</a>.) Note that this
|
|
example below is not necessarily regarding
|
|
Hellwig's copyrights; VMware incorporated Linux code copyrighted by
|
|
many others as well into their kernel.</p>
|
|
|
|
<h3>Example of “vmkernel”'s combination with Linux code</h3>
|
|
<p>Our example begins with examination of the file
|
|
called <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>,
|
|
which can be found in the “Open Source” release for
|
|
ESXi 6.0. A small excerpt from that file, found in the
|
|
function <code>LinuxPCIDeviceRemoved()</code>, reads as follows:</p>
|
|
|
|
<pre>
|
|
#include <linux/pci.h>
|
|
[...]
|
|
/*
|
|
* This function [...] is modelled after pci_remove_device, the function which would
|
|
* be called in a linux system.
|
|
*/
|
|
static void
|
|
LinuxPCIDeviceRemoved(vmk_PCIDevice vmkDev)
|
|
{
|
|
LinuxPCIDevExt *pciDevExt;
|
|
struct pci_dev *linuxDev;
|
|
[...]
|
|
if (unlikely(
|
|
vmk_PCIGetDeviceName(vmkDev, vmkDevName, sizeof(vmkDevName)-1) != VMK_OK))
|
|
{
|
|
vmkDevName[0] = 0;
|
|
}
|
|
[...]
|
|
VMKAPI_MODULE_CALL_VOID(pciDevExt->moduleID,
|
|
linuxDev->driver->remove,
|
|
linuxDev);
|
|
</pre>
|
|
|
|
<h4>Combination of “vmkernel” code with “vmkdrivers”</h4>
|
|
|
|
<p>The function, <code>vmk_PCIGetDeviceName()</code> must be defined, with an
|
|
implementation, for this code above to work, or even compile.
|
|
Inside <code>BLD/build/HEADERS/vmkapi-current-all-public/generic/release/hardware/vmkapi_pci_incompat.h</code>,
|
|
found in the <code>vmkdrivers</code> package of ESXi 6.0, shows a
|
|
function header definition for <code>vmk_PCIGetDeviceName()</code>.
|
|
However, the source of its implementation is not provided there or
|
|
anywhere in the source release.</p>
|
|
|
|
<p>Further evidence that the implementation of this function occurs elsewhere
|
|
can by found by running <code>objdump -x</code> on the un-vmtar'ed
|
|
<code>vmklinux_9</code> module. Note the following output in the “SYMBOL
|
|
TABLE” section:</p>
|
|
|
|
<pre>
|
|
0000000000000000 *UND* 0000000000000000 vmk_PCIGetDeviceName
|
|
</pre>
|
|
|
|
<p>
|
|
…and the following lines found in the “RELOCATION RECORDS FOR
|
|
[.text]” section:
|
|
</p>
|
|
|
|
<pre>
|
|
0000000000032db3 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc
|
|
00000000000333ea R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc
|
|
0000000000036644 R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc
|
|
000000000003986a R_X86_64_PC32 vmk_PCIGetDeviceName+0xfffffffffffffffc
|
|
</pre>
|
|
|
|
<p>The above two properties both suggest that the <code>vmklinux_9</code>
|
|
module requires: (a) a definition of the <code>vmk_PCIGetDeviceName()</code>
|
|
function to operate, but (b) that function is not defined
|
|
inside <code>vmklinux_9</code> itself.</p>
|
|
|
|
<p>The definition can however be found in binary-only software provided in
|
|
ESXi 6.0 — specifically, inside a file named <code>k.b00</code>,
|
|
which is located in partition 5 on a disk where ESXi has been installed (or
|
|
in the ESXi 6.0 installer ISO image). Running <code>file</code>
|
|
after <code>gunzip</code> on this file yields “ELF 64-bit LSB shared
|
|
object”. Meanwhile, <code>file k.b00</code> reports “gzip
|
|
compressed data, was ‘vmvisor64-vmkernel.stripped’”.
|
|
These findings strongly suggests this is an image of the
|
|
“vmkernel” component. An <code>objdump -x</code> yields this
|
|
“SYMBOL TABLE” section:</p>
|
|
|
|
<pre>
|
|
000041800033193c g F .text 000000000000012e vmk_PCIGetDeviceName
|
|
</pre>
|
|
|
|
<p>… which indicated these binary file contains the function body
|
|
for <code>vmk_PCIGetDeviceName</code>.</p>
|
|
|
|
<p>Furthermore, after detailed searching, Conservancy found no evidence that any
|
|
other code (other than modified Linux code) makes calls
|
|
to <code>vmk_PCIGetDeviceName</code>. This provides a strong indication
|
|
that this function's primary purpose is to combine Linux code with
|
|
“vmkernel”. Conservancy also found other functions where similar analysis
|
|
yields similar results as above.</p>
|
|
|
|
<h4>Linux's <code>struct pci</code> combined with <code>LinuxPCIDeviceRemoved()</code></h4>
|
|
|
|
<p>Having established the direct and close combination
|
|
of <code>vmk_PCIGetDeviceName</code>
|
|
and <code>LinuxPCIDeviceRemoved()</code>, focus now on the
|
|
quoted code from <code>LinuxPCIDeviceRemoved()</code>. That code, note
|
|
that one of the local variables is <code>struct pci_dev *linuxDev;</code>.
|
|
A definition of <code>pci_dev</code> is found in
|
|
<code>vmkdrivers/src_92/include/linux/pci.h</code> (which
|
|
is <code>#include</code>'d above) reads:</p>
|
|
|
|
<pre>
|
|
struct pci_dev {
|
|
[...]
|
|
#if defined(__VMKLNX__)
|
|
/* 2008: Update from Linux source */
|
|
u8 revision; /* PCI revision, low byte of class word */
|
|
#endif /* defined(__VMKLNX__) */
|
|
[...]
|
|
struct pci_driver *driver; /* which driver has allocated this device */
|
|
[...]
|
|
struct pci_driver {
|
|
struct list_head node;
|
|
char *name;
|
|
[...]
|
|
void (*remove) (struct pci_dev *dev); /* Device removed (NULL if not a hot-plug capable driver) */
|
|
[...]
|
|
};
|
|
</pre>
|
|
|
|
<p>These structures, and based on those from Linux itself
|
|
(<a href="http://lxr.free-electrons.com/source/include/linux/pci.h?v=2.6.24">a
|
|
similar version of this file can be seen in Linux 2.6.24</a>), and as can
|
|
be seen above, have been modified to work with “vmkernel”.</p>
|
|
|
|
<p>In <code>LinuxPCIDeviceRemoved()</code>, we saw a macro called with a
|
|
variable, <code>linuxDev</code> which was of type <code>struct pci</code>.
|
|
Thus, the combination of code from Linux's <code>pci.h</code>
|
|
and VMware's <code>vmware/linux_pci.c</code> is very tightly coupled and
|
|
interdependent.</p>
|
|
|
|
<h4><code>VMKAPI_MODULE_CALL_VOID</code> macro calls driver's code</h4>
|
|
|
|
<p>The
|
|
file <code>BLD/build/HEADERS/vmkapi-current-all-public/generic/release/base/vmkapi_module.h</code>
|
|
contains the macro definition of <code>VMKAPI_MODULE_CALL_VOID</code>,
|
|
which is quoted below (with debug lines removed):
|
|
<pre>
|
|
#define VMKAPI_MODULE_CALL_VOID(moduleID, function, args...) \
|
|
do { \
|
|
vmk_ModInfoStack modStack; \
|
|
vmk_ModulePushId(moduleID, function, &modStack); \
|
|
(function)(args); \
|
|
) \
|
|
vmk_ModulePopId(); \
|
|
} while(0)
|
|
</pre>
|
|
|
|
<p>When the macro is expanded, it means that <code>(function)(args)</code> is
|
|
actually expanded to <code>linuxDev->driver->remove(linuxDev)</code>.
|
|
Therefore, we see <code>LinuxPCIDeviceRemoved()</code> makes directs calls
|
|
to a driver's remove() function, by combining with Linux's <code>struct
|
|
pci</code>, and by VMware's introduction of this new calling code.
|
|
Conservancy has confirmed many drivers from Linux are incorporated via
|
|
these mechanisms; one specific example is discussed next.</p>
|
|
|
|
<h4>Combination of the tg3 driver with “vmkernel”</h4>
|
|
|
|
<p>VMware includes a file <code>vmkdrivers/src_9/drivers/net/tg3/tg3.c</code>
|
|
in their source release. This file appears to be Linux's tg3 driver. It
|
|
includes a definition of the <code>struct pci_dev</code> for this device,
|
|
which reads:</p>
|
|
|
|
<pre>
|
|
static struct pci_driver tg3_driver = {
|
|
[...]
|
|
.remove = __devexit_p(tg3_remove_one),
|
|
</pre>
|
|
|
|
<p>Therefore, when the code in <code>LinuxPCIDeviceRemoved()</code>
|
|
calls <code>linuxDev->driver->remove(linuxDev)</code>, the code
|
|
ultimately called (in the case where a tg3 card is driven by the kernel)
|
|
is <code>tg3_remove_one()</code>, which is found in <code>tg3.c</code> and
|
|
comes directly from Linux.</p>
|
|
|
|
<p>(Note: <code>__devexit_p</code> is a straightforward macro found
|
|
in <code>vmkdrivers/src_92/include/linux/init.h</code> (which also comes
|
|
from Linux) that will simply expand to its first argument in this
|
|
case.)</p>
|
|
|
|
<h4>VMware distribution of binary version of <code>tg3.c</code></h4>
|
|
|
|
<p>VMware furthermore distributes a modified version of <code>tg3.c</code> in
|
|
binary form. This can be found in <code>usr/lib/vmware/vmkmod/tg3</code>,
|
|
which is extracted by un-vmtar'ing the file <code>net_tg3.v00</code> (found
|
|
on the ESXi 6.0 installer ISO image). Conservancy has confirmed that
|
|
file is a compiled version of <code>tg3.c</code>.</p>
|
|
|
|
<h4>Conclusions</h4>
|
|
|
|
<p>Given this evidence and related contextual clues, the only logical
|
|
conclusions are:</p>
|
|
<ul><li><code>vmklinux_9</code>, a binary object, dynamically links with
|
|
the binary objects: <code>k.b00</code> and <code>tg3</code> (the
|
|
driver built from <code>tg3.c</code>'s source). These three binary
|
|
objects together form a single running binary (likely along with many
|
|
other binary objects as well).</li>
|
|
<li>That single running binary contains code licensed under the GPLv2
|
|
— namely the code derived from <code>tg3.c</code>
|
|
and <code>pci.h</code>. Thus, the single running binary may be
|
|
distributed in binary form only under permissions provided under GPLv2
|
|
— in
|
|
particular <a href="https://gnu.org/licenses/gpl-2.0.html#section2">GPLv2§2</a>
|
|
and <a href="https://gnu.org/licenses/gpl-2.0.html#section3">GPLv2§3</a>.</li>
|
|
<li>GPLv2§3(a–b) requires that <q>complete corresponding
|
|
machine-readable source code</q> must accompany binary
|
|
distributions such as these. GPLv2§3 further states
|
|
that <q>for an executable work, complete source code means all the
|
|
source code for all modules it contains</q>.</li>
|
|
<li>The binary work in question contains modules from <code>k.b00</code>,
|
|
<code>vmlinux_9</code> and <code>tg3</code>.</li>
|
|
<li>VMware did not provide source code for any modules found in
|
|
<code>k.b00</code>.</li>
|
|
<li>Therefore, VMware failed to comply with the GPLv2, as such
|
|
compliance requires source code (or an offer therefor) for the material
|
|
in <code>k.b00</code>.</li>
|
|
</ul>
|
|
<p>The above is but one piece of evidence among many, but hopefully it helps
|
|
to explain some of the “combined work” violations found in
|
|
VMware's ESXi product. Conservancy did a similar analysis for ESXi 5.0
|
|
as well as ESXi 5.5 Update 2 and found nearly identical results.</p>
|
|
</p>details>
|
|
|
|
<details>
|
|
<summary id="verify">How can I verify Conservancy's technical findings above?</summary>
|
|
|
|
<p><p>The binary and source packages mentioned above are available
|
|
on VMware's website. These packages contain the
|
|
previously-mentioned <code>linux_pci.c</code>,
|
|
<code>vmkapi_pci_incompat.h</code>, and <code>k.b00</code> files, as well as
|
|
<code>vmklinux_9</code> and the source code that builds the latter.</p>
|
|
|
|
<p>To speed up the process, Conservancy has provided
|
|
a <a href="https://git.sfconservancy.org/?p=vmkdrivers;a=summary">Git
|
|
repository that we built that includes the source components that VMware
|
|
released</a>, and which are discussed above in our examples. However, one
|
|
can also obtain the source components directly from VMware, by following
|
|
these steps (no login is required):</p>
|
|
|
|
<ol>
|
|
<li>Visit <a href="https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491">https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491</a>.</li>
|
|
|
|
<li>Click the “Download” button beside the text that reads
|
|
“Open source software accompanying ESXi”.</li>
|
|
|
|
<li>Confirm that the SHA-1 hash matches the published one
|
|
(35811b981470abe8b606d8a7a97c9795ce570597), found under “Read
|
|
More” on that web page.</li>
|
|
|
|
<li>Mount (or otherwise open) the
|
|
downloaded <code>VMware-ESXI-600-ODP.iso</code>.</li>
|
|
|
|
<li>Extract <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>
|
|
and <code>BLD/build/HEADERS/vmkapi-current-all-public/generic/release/hardware/vmkapi_pci_incompat.h</code>
|
|
from <code>vmkdrivers-gpl/vmkdrivers-gpl.tgz</code> with tar and gzip.</li>
|
|
|
|
<li>Generate <code>vmklinux_9</code> by following the steps
|
|
in <code>vmkdrivers-gpl/BUILD.txt</code> in the ISO.
|
|
(Note: <code>vmklinux_9</code> is also available pre-built on a running
|
|
ESXi system; <a href="#vmklinux">see below for instructions on how to access it</a>).</li>
|
|
|
|
<li>You may need the “Open source software disclosure package for
|
|
toolchain” file from the above download page to
|
|
complete the build — upon downloading you will find it is named
|
|
<code>VMware-TOOLCHAIN-600-ODP.iso</code> and has a SHA-1 hash of
|
|
9a68df4cbeb645c25002a02f11b1923f98d3d5b5.</li>
|
|
|
|
</ol>
|
|
|
|
<p>To obtain the binary components, follow these steps (a login is required):<p>
|
|
|
|
<ol>
|
|
<li>Register for an account at <a href="https://my.vmware.com/web/vmware/registration">https://my.vmware.com/web/vmware/registration</a>.</li>
|
|
|
|
<li>Click the “Activate Now” link in the follow-up email. Enter
|
|
the password used at registration time. Click “Continue”.</li>
|
|
|
|
<li>Visit <a href="https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6">https://my.vmware.com/web/vmware/evalcenter?p=free-esxi6</a>.</li>
|
|
|
|
<li>Click “Register” (under the text that reads “You have
|
|
not registered for this product”).</li>
|
|
|
|
<li>Enter the number of servers you plan to install on (e.g., 1). Click
|
|
“Continue”.</li>
|
|
|
|
<li>If the “VMware vSphere Hypervisor 6.0 –
|
|
Binaries” section is not expanded, click the plus sign next to it.</li>
|
|
|
|
<li>Click the “Manually Download” link that's beside “ESXi
|
|
ISO image (Includes VMware Tools)”.</li>
|
|
|
|
<li>Confirm that the SHA-1 hash matches the published one (a38a9d37ea529329338de049679c1dd1687d3860).</li>
|
|
|
|
<li>Mount (or open via some other means) the
|
|
downloaded <code>VMware-VMvisor-Installer-6.0.0-2494585.x86_64.iso</code>.</li>
|
|
|
|
<li>Find the <code>k.b00</code> file in the root directory. Extract it
|
|
using <code>zcat k.b00 > vmvisor64-vmkernel</code> (or a similar command).
|
|
Repeat the steps described above using <code>objdump -x
|
|
vmvisor64-vmkernel</code>.</li>
|
|
|
|
<li id="vmklinux">To retrieve <code>vmklinux_9</code> you will need to install
|
|
ESXi on your system by booting the ISO and following the instructions. Once
|
|
booted, you can then enable SSH access using “Customize System/View Logs ->
|
|
Troubleshooting Options -> Enable SSH”. Login to the system with SSH
|
|
and then run <code>find /vmfs -name misc_dri.v00 -print</code>. On the
|
|
resulting file, run <code>zcat misc_dri.v00 > misc_dri.vmtar</code> then
|
|
<code>vmtar -x misc_dri.vmtar -o misc_dri.tar</code>. You can then extract
|
|
<code>misc_dri.tar</code> using the usual <code>tar</code> to extract
|
|
<code>usr/lib/vmware/vmkmod/vmklinux_9</code>. The <code>misc_dri.v00</code>
|
|
file is also available next to <code>k.b00</code> in the root directory of
|
|
the ISO (mentioned above), but the <code>vmtar</code> command itself is only
|
|
available when logged into an ESXi system. <code>vmtar</code> can be found
|
|
at <code>bin/vmtar</code> inside
|
|
<code>sb.v00</code> on the ISO, but one needs <code>vmtar</code> to open
|
|
<code>sb.v00</code>, similar to <code>misc_dri.v00</code> above.</li>
|
|
|
|
</ol>
|
|
|
|
<p>Note that VMware may present you with <abbr title="End User Licensing Agreement">EULA</abbr>s and <abbr title="Terms of Service">ToS</abbr> when you download
|
|
software from VMware's website. Conservancy strongly suggests that you review these
|
|
terms in great detail with the assistance of your own legal counsel before
|
|
downloading the software and/or engaging in the process that Conservancy
|
|
discusses above.</p>
|
|
</p>details>
|
|
|
|
<details>
|
|
<summary id="similarity-analysis">How do you know Christoph's code is present in
|
|
VMware's work?</summary>
|
|
|
|
<p>Conservancy
|
|
published <a href="/copyleft-compliance/vmware-code-similarity.html">its
|
|
comparison analysis between Christoph's code and VMware's code</a>. This
|
|
particular analysis uses a two step process: (a) use Linux's public Git logs
|
|
to find Christoph's contributions from Christoph, and (b) use a widely
|
|
accepted and heavily academically cited tool, CCFinderX, to show that VMware
|
|
copied Christoph's code into their product.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary id="appeal">I heard that Christoph's case was dismissed. Is that
|
|
true?</summary>
|
|
|
|
<p>There was a ruling in July 2016 in the Hamburg District Court, which
|
|
dismissed Christoph's case against VMware. The ruling concerned German
|
|
evidence law and the Court did not rule on the merits of the case. The
|
|
ruling centered around German evidentary rules related to documenting
|
|
Christoph's contributions that appear in VMware's product.
|
|
In <a href="http://bombadil.infradead.org/~hch/vmware/2016-08-09.html">a
|
|
statement on his website</a>, Christoph Hellwig announced that he will
|
|
appeal the ruling. Christoph also published
|
|
(in <a href="http://bombadil.infradead.org/~hch/vmware/Urteil_2016-07-08.pdf">German</a>
|
|
and <a href="http://bombadil.infradead.org/~hch/vmware/Judgment_2016-07-08.pdf">English)
|
|
the Court's ruling</a> which explains why the materials submitted did not
|
|
satisfy German evidence rules — despite publicly available
|
|
information in Linux's Git repositories. In addition, the Court chose not
|
|
to see</p>details>
|
|
|
|
<details>k expert testimony.</p>
|
|
<summary id="statements-of-support">Have others issued statements of support about this action?</summary>
|
|
<p>Various individuals and groups have publicly stated their support for
|
|
Conservancy's and Hellwig's actions in this matter. They include:
|
|
<ul>
|
|
<li><a href="http://www.april.org/en/statement-support-software-freedom-conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">APRIL</a></li>
|
|
<li><a href="https://fsf.org/news/conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">Free
|
|
Software Foundation</a></li>
|
|
<li><a href="https://fsfe.org/news/2015/news-20150331-01.en.html">Free
|
|
Software Foundation Europe</a></li>
|
|
<li><a href="https://www.gnome.org/news/2015/03/gnome-supports-gpl-compliance-through-vmware-suit-2/">GNOME Foundation</a></li>
|
|
<li><a href="http://opensource.org/node/739">Open Source Initiative</a></li>
|
|
<li><a href="https://samba.org/samba/news/announcements/2015-03-06_vmware_lawsuit.html">The
|
|
Samba Team</a></li>
|
|
<li><a href="http://sourceforge.net/p/swig/news/2015/03/defending-the-gpl/">The
|
|
SWIG Project</a></li>
|
|
<li><a href="https://web.archive.org/web/20170911061201/https://plus.google.com/104877287288155269055/posts/cHgyreA76yY">Dave Airlie, Linux Developer</a></li>
|
|
<li><a href="https://twitter.com/mjg59/status/573530001758294016">Matthew Garrett, Linux Developer</a></li>
|
|
<li><a href="/news/2015/mar/05/vmware-lawsuit/#glikely">Grant Likely, Linux Kernel Engineer</a></li>
|
|
<li><a href="http://mina86.com/2015/03/11/the-time-has-come-to-stand-up-for-the-gpl/">Michal Nazarewicz, Linux Developer</a></li>
|
|
<li><a href="http://lwn.net/Articles/635624/">Luis R. Rodriguez (aka mcgrof), Linux Developer</a></li>
|
|
<li><a href="http://lwn.net/Articles/635855/">Wolfram Sang, Linux Developer</a></li>
|
|
<li><a href="https://twitter.com/josh_triplett/status/573543072929198083">Josh
|
|
Triplett, Linux Developer</a></li>
|
|
<li><a href="https://lwn.net/Articles/635617/">Rik van Riel, Linux Developer</a></li>
|
|
</ul>
|
|
</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary>I
|
|
see <a href="https://fsf.org/news/conservancy-and-christoph-hellwig-gpl-enforcement-lawsuit">FSF's
|
|
statement of support</a>, but why
|
|
isn't <a href="https://www.fsf.org/licensing/compliance">FSF enforcing</a> in
|
|
this case?</summary>
|
|
|
|
<p>While FSF are the authors and license steward of the GNU GPL, it's up to
|
|
the copyright holder to enforce GPL. VMware created an operating system by
|
|
combining parts of the kernel named Linux with their own proprietary code,
|
|
and then added BusyBox to provide the userspace operating system components.
|
|
As such, ESXi is not
|
|
a <a href="https://www.gnu.org/gnu/linux-and-gnu.html">traditional GNU/Linux
|
|
system</a>. FSF has many copyrights of its own, but these are almost
|
|
exclusively on various parts of the GNU system, not on the kernel, Linux. As
|
|
such, FSF probably does not have copyright interests available to directly
|
|
enforce the GPL regarding the primary issue in this case.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary><em>I</em> care about copyleft and the GPL. How can I help?</summary>
|
|
|
|
<p>Conservancy needs <a href="#donate-box" class="donate-now">your immediate financial
|
|
support to proceed with this litigation</a>. Litigation costs are
|
|
unpredictable, and this lawsuit may take years to resolve. Conservancy is
|
|
prepared to fund this case through its conclusion, but we can only do so
|
|
with <a href="/sustainer/"><em>your</em> support</a>. If you are an
|
|
individual who supports copyleft and wants to see it defended, please
|
|
donate now. And, if you make a public statement of support, please email the
|
|
URL
|
|
to <a href="mailto:info@sfconservancy.org"><info@sfconservancy.org></a>,
|
|
as we'd like to include representative selection of supportive statements above.</p>
|
|
</details>
|
|
|
|
<details>
|
|
<summary>Why is the case in Germany?</summary>
|
|
|
|
<p>Copyright infringement claims can be brought anywhere that distribution
|
|
of the copyrighted works occur. VMware distributes ESXi throughout the
|
|
world, but Germany is close to Christoph's home and his lawyer was
|
|
available to do the litigation work there. Finally, historically,
|
|
Mr. Jaeger's cases in Germany have usually achieved worldwide compliance on
|
|
the products at issue in those cases.</p>
|
|
</details>
|
|
{% endblock %}
|
|
|
|
<!-- LocalWords: Christoph Hellwig VMware vmkernel Linux's GPLv VMware's
|
|
-->
|
|
<!-- LocalWords: ESXi CCS Christoph's Jaeger NDA SVG PNG vmklinux vmk un
|
|
-->
|
|
<!-- LocalWords: Hellwig's PCIGetDeviceName vmvisor vmkDev vmkDevName UND
|
|
-->
|
|
<!-- LocalWords: sizeof VMKAPI pciDevExt moduleID linuxDev vmtar'ed LSB ec
|
|
-->
|
|
<!-- LocalWords: xfffffffffffffffc gzip login vSphere SHA fd cef pre ffb
|
|
-->
|
|
<!-- LocalWords: Toolchain bbc Hypervisor cafc cb fae ToS Airlie mcgrof
|
|
-->
|
|
<!-- LocalWords: Rik userspace Jaeger's endblock
|
|
-->
|