New Lawsuit Targets “Shims” Between Linux and Proprietary Code

today announced that Christoph Hellwig, a member of its GPL Compliance Project for Linux Developers, has sued virtualization software maker VMware for copyright infringement in the district court of Hamburg, Germany. Till Jaeger, a lawyer with an excellent track record in cases enforcing free and open source software licenses, is representing Hellwig. (Disclosure: Software Freedom Conservancy is a client of my firm, but I am not involved in this case.) The product at issue in the lawsuit is VMware’s ESXi hypervisor, which is an operating system that creates and manages virtual machines. At the heart of ESXi (now called vSphere) is VMware’s proprietary kernel, called VMkernel, which interfaces between ESXi’s virtual machines and the physical hardware it’s installed on. Hellwig alleges that VMkernel is a derivative work of the Linux kernel, including his contributions (which are found in Linux’s SCSI subsystem and radix tree implementation), and that VMware must therefore provide the VMkernel source code to its customers according to the terms of the GNU GPL version 2. VMware apparently disagrees. This case is interesting because it relates to one of the most contentious issues in interpreting the GPL: whether loadable kernel modules (LKMs) are derivative works of the Linux kernel. LKMs are pieces of object code that extend the kernel’s functionality. They are called “loadable” because they can be loaded as needed, while the kernel is running, and unloaded when they are no longer needed (e.g. to free up memory). The most common use for LKMs is to load new device drivers, but they have other uses as well. Whether LKMs are derivative of the kernel has for years been the source of heated debate between (some) kernel developers and (some) companies that make proprietary Linux-based products. Many such companies prefer to think of LKMs like separate components that merely interface with the kernel, because this interpretation allows them to keep some of their operating system (and driver) code closed and proprietary. However, as many developers and GPL advocates have pointed out, when these modules are loaded, they become an inseparable part of the running kernel. They interface with the kernel just like any built-in kernel code would, and they have no use except as part of the kernel. The Linux kernel developers are themselves divided about how (if at all) to address this issue. In VMware’s case, the issue is not exactly a proprietary LKM. Rather, its that VMkernel treats Linux itself like an LKM. When an ESXi system boots up, VMkernel is the first part of the operating system loaded into memory. VMkernel contains several low-level operating system services, such as a process scheduler and memory allocator (services handled by the Linux kernel on Linux-based systems). Once it is loaded, VMkernel loads vmklinux, a subset of the Linux kernel containing other important kernel services, including the SCSI subsystem and the radix tree implementation where Hellwig’s code is found. VMkernel also loads some proprietary VMware LKMs, while vmklinux loads GPL-licensed LKMs produced by the Linux kernel project. (Thanks to Matthew Garrett for his help sorting through this. Any errors are mine.) Here’s how VMware’s own developer, William Lam, explains it:

VMware made a decision to use Linux derived drivers to provide the widest variety of support for storage, network and other hardware devices for ESX. Since ESX and specifically the VMkernel is NOT Linux, to accomplish this we built a translation (shim) layer module called vmklinux which sits in between the VMkernel and drivers. This vmklinux module is what enables ESX to function with the linux derived drivers and provides an API which can speak directly to the VMkernel.
(Lam’s post goes on to say that VMware eliminated vmklinux from recent versions of ESXi. Conservancy’s announcement says that “VMware’s current ESXi products infringe” Hellwig’s copyrights. I’m not sure what the source of this discrepancy is.) VMware provides source code for vmklinux and the GPL-licensed LKMs under GPLv2, but maintains that VMkernel and the VMware-produced LKMs are proprietary. Conservancy has published a diagram showing its interpretation of the relationship between these components, as compared to in a typical Linux-based hypervisor: Conservancy Diagram: VMkernel versus typical Linux system No filings from this case are available yet, and VMware has not responded publicly. However, from Lam’s post it seems that VMware believes that the interface between VMkernel and vmklinux creates sufficient separation to render them separate works under copyright law (and thus exempt VMkernel from GPL’s copyleft requirement). This is not the first time that VMware’s virtualization products have been accused of violating the Linux kernel’s copyrights, but it’s the first time they’ve been sued for it. A previous version of ESX came under fire in 2008 for its use of VMkernel in conjunction with Linux, although at that time the relationship seems to have been reversed: Linux booted first, and loaded VMkernel by way of a purpose-built kernel module “shim” called vmnix. No court, in the US or in Germany, has decided the question of how the GPL is implicated in either architecture. But the outcome could have a significant impact on the architectural decisions of companies producing Linux-based products. I’m generally skeptical of clever technical architectures designed to magically separate proprietary components from the GPL software they extend. Such measures often appear “too cute by half,” and may be seen by judges as transparent efforts to circumvent the intent of the FOSS developers, and to free ride off of their hard work.]]]]> ]]>

Road to Nowhere

In Liminae: The Road to Nowhere

It takes us about six hours to drive to the rural state jail (that’s owned by two judges) the Feds contracted with to hold our client. Accused of computer crimes, he can’t effectively review evidence in jail – there’s no practical access to computers in the gulag. They’ve seized all his assets claiming they’re the ill-gotten gains of crimes the government can’t identify, and their computer forensics – if you can call them that – have no scientific basis and are full of basic errors and typos. In my decade as a federal criminal defense lawyer doing computer cases across the country, I’ve never come across a case where the government was so completely off.

Read More »

Guilty Until Proven Innocent

A defendant’s view from the trenches of federal criminal court This post is originally published to Substack. You can read and follow us there. https://torekeland.substack.com/p/guilty-until-proven-innocent

Read More »

For media inquiries, please email info@torekeland.com

30 WALL STREET, 8TH FLOOR • NEW YORK, NY 10005

©2022 Tor Ekeland Law, PLLC   •  info@torekeland.com

Attorney Advertising   •   Past results do not guarantee future results   •   Licensed in New York