RE: Options depending on STANDALONE

RE: Options depending on STANDALONE

[Brown, Len]

>On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
>> ACPI_CUSTOM_DSDT seems to be the most interesting case.
>> It's anyway not usable for distribution kernels, and AFAIR the ACPI 
>> people prefer to get the kernel working with all original DSDTs
>> (which usually work with at least one other OS) than letting 
>> the people workaround the problem by using a custom DSDT.
>
>Not true at all.  For SuSE kernels, we have a patch that lets people
>load a new DSDT from initramfs due to broken machines requiring a
>replacement in order to work properly.

CONFIG_ACPI_CUSTOM_DSDT allows hackers to debug their system
by building a modified DSDT into the kernel to over-ride what
came with the system.  It would make no sense for a distro
to use it, unless the distro were shipping only on 1 model machine.
This technique is necessary for debugging, but makes no
sense for production.

The initramfs method shipped by SuSE is more flexible, allowing
the hacker to stick the DSDT image in the initrd and use it
without re-compiling the kernel.

I have refused to accept the initrd patch into Linux many times,
and always will.

I've advised SuSE many times that they should not be shipping it,
as it means that their supported OS is running on modified firmware --
which, by definition, they can not support.  Indeed, one could view
this method as couter-productive to the evolution of Linux --
since it is our stated goal to run on the same machines that Windows
runs on -- without requiring customers to modify those machines
to run Linux.

-Len

Re: Options depending on STANDALONE

[Greg KH]

On Thu, Aug 03, 2006 at 04:49:08PM -0400, Brown, Len wrote:
> I've advised SuSE many times that they should not be shipping it,
> as it means that their supported OS is running on modified firmware --
> which, by definition, they can not support.  Indeed, one could view
> this method as couter-productive to the evolution of Linux --
> since it is our stated goal to run on the same machines that Windows
> runs on -- without requiring customers to modify those machines
> to run Linux.

Ok, if it's your position that we should not support this, I'll see what
I can do to remove it from our kernel tree...

If there are any other patches that we are carrying that you (or anyone
else) feel we should not be, please let me know.

thanks,

greg k-h

Re: Options depending on STANDALONE

[Dave Jones]

On Thu, Aug 03, 2006 at 01:51:27PM -0700, Greg Kroah-Hartman wrote:
 > On Thu, Aug 03, 2006 at 04:49:08PM -0400, Brown, Len wrote:
 > > I've advised SuSE many times that they should not be shipping it,
 > > as it means that their supported OS is running on modified firmware --
 > > which, by definition, they can not support.  Indeed, one could view
 > > this method as couter-productive to the evolution of Linux --
 > > since it is our stated goal to run on the same machines that Windows
 > > runs on -- without requiring customers to modify those machines
 > > to run Linux.
 > 
 > Ok, if it's your position that we should not support this, I'll see what
 > I can do to remove it from our kernel tree...
 > 
 > If there are any other patches that we are carrying that you (or anyone
 > else) feel we should not be, please let me know.

It's somewhat hard to tell when the source rpm's don't match the binaries.
See ftp://ftp.suse.com/pub/projects/kernel/kotd/x86_64/HEAD for example,
and notice the lack of 2.6.18rc3 source, just 2.6.16.  Or am I looking
in the wrong place ? (The other arch's all seem to suffer this curious problem).

		Dave




-- 
http://www.codemonkey.org.uk

Re: Options depending on STANDALONE

[Greg KH]

On Thu, Aug 03, 2006 at 05:01:30PM -0400, Dave Jones wrote:
> On Thu, Aug 03, 2006 at 01:51:27PM -0700, Greg Kroah-Hartman wrote:
>  > On Thu, Aug 03, 2006 at 04:49:08PM -0400, Brown, Len wrote:
>  > > I've advised SuSE many times that they should not be shipping it,
>  > > as it means that their supported OS is running on modified firmware --
>  > > which, by definition, they can not support.  Indeed, one could view
>  > > this method as couter-productive to the evolution of Linux --
>  > > since it is our stated goal to run on the same machines that Windows
>  > > runs on -- without requiring customers to modify those machines
>  > > to run Linux.
>  > 
>  > Ok, if it's your position that we should not support this, I'll see what
>  > I can do to remove it from our kernel tree...
>  > 
>  > If there are any other patches that we are carrying that you (or anyone
>  > else) feel we should not be, please let me know.
> 
> It's somewhat hard to tell when the source rpm's don't match the binaries.
> See ftp://ftp.suse.com/pub/projects/kernel/kotd/x86_64/HEAD for example,
> and notice the lack of 2.6.18rc3 source, just 2.6.16.  Or am I looking
> in the wrong place ? (The other arch's all seem to suffer this curious problem).

Bleah, our KOTD build is still broken...

We do have a 2.6.18rc3 kernel, and everything rebased on that, but it's
not getting out to the world just yet for some odd reason.  It will show
up in the next Opensuse 10.2 Alpha release some time next week, but it
should be mirroring nightly too.

/me goes off to kick the build system

thanks,

greg k-h

RE: Options depending on STANDALONE

[Thomas Renninger]

On Thu, 2006-08-03 at 16:49 -0400, Brown, Len wrote:
> >On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
> >> ACPI_CUSTOM_DSDT seems to be the most interesting case.
> >> It's anyway not usable for distribution kernels, and AFAIR the ACPI 
> >> people prefer to get the kernel working with all original DSDTs
> >> (which usually work with at least one other OS) than letting 
> >> the people workaround the problem by using a custom DSDT.
> >
> >Not true at all.  For SuSE kernels, we have a patch that lets people
> >load a new DSDT from initramfs due to broken machines requiring a
> >replacement in order to work properly.
> 
> CONFIG_ACPI_CUSTOM_DSDT allows hackers to debug their system
> by building a modified DSDT into the kernel to over-ride what
> came with the system.  It would make no sense for a distro
> to use it, unless the distro were shipping only on 1 model machine.
> This technique is necessary for debugging, but makes no
> sense for production.
> 
> The initramfs method shipped by SuSE is more flexible, allowing
> the hacker to stick the DSDT image in the initrd and use it
> without re-compiling the kernel.
> 
> I have refused to accept the initrd patch into Linux many times,
> and always will.
> 
> I've advised SuSE many times that they should not be shipping it,
> as it means that their supported OS is running on modified firmware --
> which, by definition, they can not support.  
Tainting the kernel if done so should be sufficient.
> Indeed, one could view
> this method as couter-productive to the evolution of Linux --
> since it is our stated goal to run on the same machines that Windows
> runs on -- without requiring customers to modify those machines
> to run Linux.

There are three reasons for the initrd patch (last one also applies for
the compile in functionality):

1)
There might be "BIOS bugs" that will never get fixed:
https://bugzilla.novell.com/show_bug.cgi?id=160671
(Because it's an obvious BIOS bug, "compatibility" fixing it could make
things worse).

2)
There might be "ACPICA/kernel bugs" that take a while until they get
fixed:

This happens often. There comes out a new machine, using AML in a
slightly other way, we need to fix it in kernel/ACPICA. Until the patch
appears mainline may take a month or two. Until the distro of your
choice that makes use of the fix comes out might take half a year or
more...
And backporting ACPICA fixes to older kernels is currently not possible
as ACPICA patches appear in a big bunch of some thousand lines patches.
But this hopefully changes soon.

In my mind come:
- alias broken in certain cases
   https://bugziall.novell.com/show_bug.cgi?id=113099
- recon amount of elements in packages
   https://bugzilla.novell.com/show_bug.cgi?id=189488
- wrong offsets at Field and Operation Region declarations
   -> should be compatible for quite a while now
- ...

3)
Debugging.
This is why at least compile in or via initrd must be provided in
mainline kernel IMHO. Intel people themselves ask the bug reporter to
override ACPI tables with a patched table to debug the system.
Do you really think ripping out all overriding functionality from the
kernel is a good idea?

     Thomas

It is true that some users are happy with a fixed DSDT, even you tell
them to find the root cause..., but sooner or later they always come
back.

Re: Options depending on STANDALONE

[Greg KH]

On Mon, Aug 07, 2006 at 07:33:31PM +0200, Thomas Renninger wrote:
> On Thu, 2006-08-03 at 16:49 -0400, Brown, Len wrote:
> > >On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
> > >> ACPI_CUSTOM_DSDT seems to be the most interesting case.
> > >> It's anyway not usable for distribution kernels, and AFAIR the ACPI 
> > >> people prefer to get the kernel working with all original DSDTs
> > >> (which usually work with at least one other OS) than letting 
> > >> the people workaround the problem by using a custom DSDT.
> > >
> > >Not true at all.  For SuSE kernels, we have a patch that lets people
> > >load a new DSDT from initramfs due to broken machines requiring a
> > >replacement in order to work properly.
> > 
> > CONFIG_ACPI_CUSTOM_DSDT allows hackers to debug their system
> > by building a modified DSDT into the kernel to over-ride what
> > came with the system.  It would make no sense for a distro
> > to use it, unless the distro were shipping only on 1 model machine.
> > This technique is necessary for debugging, but makes no
> > sense for production.
> > 
> > The initramfs method shipped by SuSE is more flexible, allowing
> > the hacker to stick the DSDT image in the initrd and use it
> > without re-compiling the kernel.
> > 
> > I have refused to accept the initrd patch into Linux many times,
> > and always will.
> > 
> > I've advised SuSE many times that they should not be shipping it,
> > as it means that their supported OS is running on modified firmware --
> > which, by definition, they can not support.  
> Tainting the kernel if done so should be sufficient.
> > Indeed, one could view
> > this method as couter-productive to the evolution of Linux --
> > since it is our stated goal to run on the same machines that Windows
> > runs on -- without requiring customers to modify those machines
> > to run Linux.
> 
> There are three reasons for the initrd patch (last one also applies for
> the compile in functionality):

<snip>

Yeah, you and others within SuSE have convinced me to not drop this
patch from our kernel tree.

Sorry Len.

thanks,

greg k-h

Re: Options depending on STANDALONE

[Eric Piel]

08/07/2006 07:33 PM, Thomas Renninger wrote/a écrit:
> 
> There are three reasons for the initrd patch (last one also applies for
> the compile in functionality):
Hi, I just happen to be the maintainer "this initrd patch" ;-) I agree 
with you Thomas. IMHO, this patch is really useful in our "not so 
perfect" world. Few more comments below:

> 
> 1)
> There might be "BIOS bugs" that will never get fixed:
> https://bugzilla.novell.com/show_bug.cgi?id=160671
> (Because it's an obvious BIOS bug, "compatibility" fixing it could make
> things worse).
This is really feature #1, PC manufacturers come to sometimes extremely 
ugly things when they code their ACPI tables. You can find lots of BIOS 
containing in their ACPI tables tests like "do this if OS name is 13 
letters long, and that if OS name is 11 letters long..." Obviously 
Linux is most of the time not within those tests!

1.5) Feature adding. Some (crazy?) people are working on new 
implementation of their ACPI table to add features (cf the "Smart 
Battery System for Linux" project).

In those two cases, you really can't expect every user to recompile it's 
Linux kernel to get an new DSDT table :-)

> 2)
> There might be "ACPICA/kernel bugs" that take a while until they get
> fixed:
> 
> This happens often. There comes out a new machine, using AML in a
> slightly other way, we need to fix it in kernel/ACPICA. Until the patch
> appears mainline may take a month or two. Until the distro of your
> choice that makes use of the fix comes out might take half a year or
> more...
> And backporting ACPICA fixes to older kernels is currently not possible
> as ACPICA patches appear in a big bunch of some thousand lines patches.
> But this hopefully changes soon.
> 
> In my mind come:
> - alias broken in certain cases
>    https://bugziall.novell.com/show_bug.cgi?id=113099
> - recon amount of elements in packages
>    https://bugzilla.novell.com/show_bug.cgi?id=189488
> - wrong offsets at Field and Operation Region declarations
>    -> should be compatible for quite a while now
> - ...
Agree, although I  believe of this as more an excuse than a reason. 
Linux is still full of bugs, lots of which cannot be fixed by ACPI table 
swapping anyway...

> 3)
> Debugging.
> This is why at least compile in or via initrd must be provided in
> mainline kernel IMHO. Intel people themselves ask the bug reporter to
> override ACPI tables with a patched table to debug the system.
> Do you really think ripping out all overriding functionality from the
> kernel is a good idea?
Well, I think even Len agree with this usage :-)

All in all, I'm really _not_ asking for inclusion of the patch in the 
main tree. Just asking you not to think too much bad of the distros 
which use this patch ;-) (IIRC, at least Mandriva and Ubuntu include it 
in addition to SuSE)

See you,
Eric

RE: Options depending on STANDALONE

[Thomas Renninger]

On Mon, 2006-08-07 at 19:33 +0200, Thomas Renninger wrote:
> On Thu, 2006-08-03 at 16:49 -0400, Brown, Len wrote:
> > >On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
> > >> ACPI_CUSTOM_DSDT seems to be the most interesting case.
> > >> It's anyway not usable for distribution kernels, and AFAIR the ACPI 
> > >> people prefer to get the kernel working with all original DSDTs
> > >> (which usually work with at least one other OS) than letting 
> > >> the people workaround the problem by using a custom DSDT.
> > >
> > >Not true at all.  For SuSE kernels, we have a patch that lets people
> > >load a new DSDT from initramfs due to broken machines requiring a
> > >replacement in order to work properly.
> > 
> > CONFIG_ACPI_CUSTOM_DSDT allows hackers to debug their system
> > by building a modified DSDT into the kernel to over-ride what
> > came with the system.  It would make no sense for a distro
> > to use it, unless the distro were shipping only on 1 model machine.
> > This technique is necessary for debugging, but makes no
> > sense for production.
> > 
> > The initramfs method shipped by SuSE is more flexible, allowing
> > the hacker to stick the DSDT image in the initrd and use it
> > without re-compiling the kernel.
> > 
> > I have refused to accept the initrd patch into Linux many times,
> > and always will.
> > 
> > I've advised SuSE many times that they should not be shipping it,
> > as it means that their supported OS is running on modified firmware --
> > which, by definition, they can not support.  
> Tainting the kernel if done so should be sufficient.
> > Indeed, one could view
> > this method as couter-productive to the evolution of Linux --
> > since it is our stated goal to run on the same machines that Windows
> > runs on -- without requiring customers to modify those machines
> > to run Linux.
> 
> There are three reasons for the initrd patch (last one also applies for
> the compile in functionality):
> 
> 1)
> There might be "BIOS bugs" that will never get fixed:
> https://bugzilla.novell.com/show_bug.cgi?id=160671
> (Because it's an obvious BIOS bug, "compatibility" fixing it could make
> things worse).
> 
> 2)
> There might be "ACPICA/kernel bugs" that take a while until they get
> fixed:
> 
> This happens often. There comes out a new machine, using AML in a
> slightly other way, we need to fix it in kernel/ACPICA. Until the patch
> appears mainline may take a month or two. Until the distro of your
> choice that makes use of the fix comes out might take half a year or
> more...
> And backporting ACPICA fixes to older kernels is currently not possible
> as ACPICA patches appear in a big bunch of some thousand lines patches.
> But this hopefully changes soon.
> 
> In my mind come:
> - alias broken in certain cases
>    https://bugziall.novell.com/show_bug.cgi?id=113099
> - recon amount of elements in packages
>    https://bugzilla.novell.com/show_bug.cgi?id=189488
> - wrong offsets at Field and Operation Region declarations
>    -> should be compatible for quite a while now
> - ...
> 
> 3)
> Debugging.
> This is why at least compile in or via initrd must be provided in
> mainline kernel IMHO. Intel people themselves ask the bug reporter to
> override ACPI tables with a patched table to debug the system.
> Do you really think ripping out all overriding functionality from the
> kernel is a good idea?

A last sentence...
I forgot the most important point that could make all others obsolete:
4)
Vendors don't care about Linux yet.
For laptops I know two vendors who eventually would fix their BIOS (for
special models, HP and Lenovo) and provide a BIOS update for customers.
If we could convince those to at least validate their BIOSes with Intel
ACPICA in some way, most stuff described in point 2 would not happen.
Hopefully Novell has more influence here than SUSE had to make at least
the big players take more care about Linux support. I think it's getting
better...

I hope those who never used ACPICA and ignored any "Could you please
switch this byte for us in AML code" cries from Linux customers will get
punished with incompatibility with newer M$ ACPI interpreters at some
time and will be forced to provide last minute updates and I hope it
hurts.

   Thomas

A proposal - binary

[Zachary Amsden]

I would like to propose an interface for linking a GPL kernel, 
specifically,
Linux, against binary blobs.  Stop.  Before you condemn this as evil, 
let me
explain in precise detail what a binary blob is.

First, there are two kinds of binary blobs.  There are the evil, malignant
kind, that use manipulative and despicable techniques to subvert the GPL by
copying code into Linux and, the most evil kind, which uses a GPL 
wrapper to
export GPL-only symbols to the binary blob.  This is unconditionally 
wrong.  I
do not support this kind of use.  These evil blobs are used to lock 
people into
a particular type of protocol or proprietary hardware interface.  In my
personal opinion, they should be unconditionally banned, or at least 
phased out
rapidly from any GPL kernel.  I have been frustrated by this in the 
past, where
binary filesystem modules would not allow me access to AFS when 
upgrading to a
new kernel version.  I do not wish that on anyone.

But there is also another kind of binary blob.  These are not the evil, 
nasty
subversion type blobs, but a benign kind that actually exists in binary 
form
not to close off choice, but to open it.  This is exactly the kind of 
binary
interface we are proposing with the VMI design.  Only with a specific
ABI can you guarantee future compatibility.  This is exactly the same thing
I believe some hardware vendors are trying to do.  When you have a fairly
complex interaction with the hardware layer, you have a lot of code which
suddenly becomes hardware dependent.  When that hardware is actually 
changing
rapidly, you have a serious problem keeping released drivers for that 
hardware
in sync.  Software release cycles are becoming much longer, and 
delivering new
capabilities to average consumers outside of that software release cycle 
is a
very difficult problem to solve.  As a result, vendors build some smarts 
into
the hardware - a firmware piece that can be loaded and actually run on the
processor.  This firmware allows the same driver to be used for many 
different
versions of the hardware, allowing a single software release to support
multiple versions of yet to be released hardware.  It is only natural to 
run
this privileged software inside a privileged context - the kernel.

In our case, this "hardware" is actually the virtual machine.  We must deal
with changes to the underlying hardware, as they are happening rapidly, 
and we
must support future compatibility for customers that decide to start 
using a
virtual machine in 2006 - it is a virtual machine, after all, and it should
continue running in 2016, no matter what the underlying hardware at that 
time
will look like.  In this sense, we have an even larger future compatibility
problem to solve than most hardware vendors.  So it is critical to get an
interface that works now.

The essence of our interface is a separation between the kernel, and the
hypervisor compatibility layer, which we call the VMI.  This layer is
completely separate from the kernel, and absolutely cannot be compiled 
into the
kernel.  Why?  Because doing so negates all of the benefits this layer is
supposed to provide.  It is separate from the kernel not to lock anyone 
into a
proprietary design or prevent anyone from distributing a working 
kernel.  It is
separate to allow the hypervisor backend to change radically without
introducing any changes whatsoever into the kernel.  This is absolutely
required for future compatibility - with new versions of each hypervisor 
being
released regularly, and new competing hypervisors emerging, it is a 
necessity.
This allows the hypervisor development process, as well as the Linux kernel
development process, to continue unimpeded in the face of rapid change 
on each
side.  Having an open binary interface encourages growth and competition in
this area, rather than locking anyone into a proprietary design.  It 
also does
not stop anyone from distributing a working, fully source compiled 
kernel in
any circumstance I can imagine.  If you don't have the firmware for a 
VE-10TB
network card compiled into your kernel, but also don't have a VE-10TB 
network
card, you haven't been deprived of anything, and have very little to 
complain
about.  Provided, of course, that when you do buy a VE-10TB network 
card, it
happily provides the required firmware to you at boot time.

On the other hand, the GPL is not friendly to this type of linking against
binary fragments that come from firmware.  But they really, absolutely, 
must be
separate from the kernel.  There is no argument against this from a feature
point of view.  But there is also no reason that they must be 
binary-only.  The
interface between the two components surely must be binary - just as the
interface between userspace and the kernel, or between the apps and 
glibc must
be binary.  This means the code from one layer is visible to the other 
purely
as a binary "blob".  But not an evil one.  And by NO circumstances, is it
required to be a CLOSED source binary blob.  In fact, why can't it be 
open?  In
the event of a firmware bug, in fact, it is very desirable to have this
software be open so that it can be fixed - and reflashed onto the card, 
where
the firmware belongs.

Let me illustrate the major differences between an "evil" binary blob, a
typical vendor designed hardware support layer, a well designed, open 
binary
interface, and a traditional ROM or extensible firmware layer.  I think you
will see why our VMI layer is quite similar to a traditional ROM, and very
dissimilar to an evil GPL-circumvention device.  I can't truly speak for 
the
video card vendors who have large binary modules in the kernel, but I would
imagine I'm not far off in my guesses, and they can correct me if I am 
wrong.

                                         EVIL    VENDOR     VMI      ROM
Module runs at kernel privilege level:     YES       YES     YES    
MAYBE (*)
Module is copied into the kernel:          YES     MAYBE      NO       NO
Module is part of kernel address space:    YES       YES      NO(+)    ??
Module has hooks back into kernel:         YES     MAYBE      NO       NO
Kernel has hooks into module:              YES       YES     YES      YES
Module has proprietary 3rd party code:   MAYBE     MAYBE(?)   NO      YES
Module has significant software IP:        YES     MAYBE(?)   NO    
MAYBE (?)
Module is open source:                      NO     MAYBE   MAYBE       NO

(*) In the ROM case, sometimes these are run in V8086 mode, not at full
hardware privilege level, and whether the < 1MB physical ROM region is 
part of
the "kernel" address space proper, or just happens to appear in kernel 
address
space as a result of linear mapping of physical space is a debatable 
matter.

(+) The VMI layer is not technically part of the kernel address space.  
It is
never mapped by the kernel, and merely exists magically hanging out in 
virtual
address space above the top of the fixmap, in hypervisor address space.  
But it
can be read and called into by the kernel, so whether this constitutes 
being
part of the same address space is a dicey matter of precise definition.  
I would
propose that only supervisor level pages that are allocated, mapped and
controlled by the kernel constitute the kernel address space, or 
alternately,
the kernel address space consists of the linear range of virtual address 
space
for which it can create supervisor-level mappings.

(?) There are only two reasonable objections I can see to open sourcing the
binary layer.  One is revealing IP by letting people see the code.  This is
really a selfish concern, not a justification for keeping the code 
binary only,
while still allowing it the privilege of running in the kernel address 
space.
The other objection I see is if that code has 3rd party pieces in it 
that are
unable to be licensed under an open software license.  This really is a 
hard
stopper for open sourcing the code, as the vendor doesn't actually own the
copyright, and thus can't redistribute that code under a different 
license.  We
don't have any such restrictions, as we wrote all our code ourselves, 
but many
ROMs and firmware layers do have such problems.  ROMs might also have 
some IP
in the form of trade secrets protecting power management or other 
features run
in SMM mode - but this is just a guess.  And IANAL - so take all this 
with a
grain of salt, it is purely my uninformed personal opinion.

This brings me to the essence of my proposal - why not allow binary 
"blobs" to
be linked inside Linux, in exactly the same way modules are linked?  If 
these
binary modules are actually open sourced, but separate from the kernel, is
there no reason they can't actually link against GPL symbols within Linux?
What if these modules exposed an ELF header which had exactly the same
information as a typical module?  In this case, kernel version is not 
relevant,
as these modules are truly kernel independent, but device/module version 
is.
The biggest issue is that the source and build environment to these 
modules is
not the standard environment -- in fact many of these binary modules 
might have
extremely bizarre build requirements.  We certainly do.  But still there
remains no reason that a well encapsulated build environment and open 
source
distribution of these modules cannot exist.  We are actively working on 
this for
our VMI layer.  Perhaps a good solution to this problem would be to 
provide a
link embedded in the binary which points to a URL where this environment 
can be
downloaded and built - or even fully buildable compressed source within the
binary itself for most friendly binaries with plenty of space to burn.
There may be other issues which I may not be aware of on our end, but that
has no bearing on finding out what the Linux and open source community 
wants.

I propose this as a solution because I would like to see binary (only) 
blobs go
away, and I would never again like to see hardware vendors design stupid 
code
which relies on firmware in the operating system to initialize a hardware
device (can I say WinModem?) which is not published and open code.  The 
point
of an interface like this is to open and standardize things in a way that
vendors can benefit from a hardware abstraction layer, and to make sure 
that
the GPL is not violated in the process of doing so.  I would very much 
like to
see Linux come up with a long term proposal that can accommodate open 
firmware
which actually runs in kernel mode, while at the same time assuring that 
this
code is authorized within the license boundaries afforded to it and 
available
for use by any operating system.

Thank you very much for your patience - I can get verbose, and I've already
gone too long.  This is still a very controversial issue, and I wanted to
clarify several points that merit attention before dooming myself to 
enduring
the yet to come flames.  Again, I must say IANAL, and I can't promise
that VMware or any other hardware vendor that wants to use a binary
interface will agree to everything I have proposed.  But I would like to
open the issue for discussion and get feedback from the open source 
community
on this issue, which I think will become more important in the future.

Zach

Re: A proposal - binary

[Arjan van de Ven]

On Thu, 2006-08-03 at 03:14 -0700, Zachary Amsden wrote:
> I would like to propose an interface for linking a GPL kernel, 
> specifically,
> Linux, against binary blobs.  Stop.  Before you condemn this as evil, 
> let me
> explain in precise detail what a binary blob is.


Hi,

you use a lot of words for saying something self contradictory. It's
very simple; based on your mail, there's no reason the VMI gateway page
can't be (also) GPL licensed (you're more than free obviously to dual,
tripple or quadruple license it). Once your gateway thing is gpl
licensed, your entire proposal is moot in the sense that there is no
issue on the license front. See: it can be very easy. Much easier than
trying to get a license exception (which is very unlikely you'll get)...


Now you can argue for hours about if such an interface is desirable or
not, but I didn't think your email was about that.

Greetings,
    Arjan van de Ven

-- 
if you want to mail me at work (you don't), use arjan (at) linux.intel.com

Re: A proposal - binary

[Zachary Amsden]

Arjan van de Ven wrote:
> Hi,
>
> you use a lot of words for saying something self contradictory. It's
> very simple; based on your mail, there's no reason the VMI gateway page
> can't be (also) GPL licensed (you're more than free obviously to dual,
> tripple or quadruple license it). Once your gateway thing is gpl
> licensed, your entire proposal is moot in the sense that there is no
> issue on the license front. See: it can be very easy. Much easier than
> trying to get a license exception (which is very unlikely you'll get)...
>
>
> Now you can argue for hours about if such an interface is desirable or
> not, but I didn't think your email was about that.
>   

Arjan, thank you for reading my prolific manifesto.  I am not arguing 
for the interface being desirable, and I don't think I'm being self 
contradictory.  There was some confusion over technical details of the 
VMI gateway page that I wanted to make explicit.  Hopefully I have fully 
explained those.  I'm not trying to get a license exemption, I'm trying 
to come up with a model that current and future hardware vendors can 
follow when faced with the same set of circumstances.

It was not 100% clear based on conversations at OLS that open-sourcing 
the VMI layer met the letter and intent of the kernel license model.  
There were some arguments that not having the source integrated into the 
kernel violated the spirit of the GPL by not allowing one to distribute 
a fully working kernel.  I wanted to show that is not true, and the 
situation is actually quite unique.  Perhaps we can use this to 
encourage open sourced firmware layers, instead of trying to ban drivers 
which rely on firmware from the kernel.

Zach

Re: A proposal - binary

[Greg KH]

On Thu, Aug 03, 2006 at 11:08:04AM -0700, Zachary Amsden wrote:
> Perhaps we can use this to encourage open sourced firmware layers,
> instead of trying to ban drivers which rely on firmware from the
> kernel.

No one is trying to ban such drivers.  Well, except the odd people on
debian-legal, but all the kernel developers know to ignore them :)

thanks,

greg k-h

Re: A proposal - binary

[Zachary Amsden]

Greg KH wrote:
> On Thu, Aug 03, 2006 at 11:08:04AM -0700, Zachary Amsden wrote:
>   
>> Perhaps we can use this to encourage open sourced firmware layers,
>> instead of trying to ban drivers which rely on firmware from the
>> kernel.
>>     
>
> No one is trying to ban such drivers.  Well, except the odd people on
> debian-legal, but all the kernel developers know to ignore them :)
>   

That is good to know.  But there is a kernel option which doesn't make 
much sense in that case:

[*] Select only drivers that don't need compile-time external firmware


Zach

Re: A proposal - binary

[Greg KH]

On Thu, Aug 03, 2006 at 12:14:57PM -0700, Zachary Amsden wrote:
> Greg KH wrote:
> >On Thu, Aug 03, 2006 at 11:08:04AM -0700, Zachary Amsden wrote:
> >  
> >>Perhaps we can use this to encourage open sourced firmware layers,
> >>instead of trying to ban drivers which rely on firmware from the
> >>kernel.
> >>    
> >
> >No one is trying to ban such drivers.  Well, except the odd people on
> >debian-legal, but all the kernel developers know to ignore them :)
> >  
> 
> That is good to know.  But there is a kernel option which doesn't make 
> much sense in that case:
> 
> [*] Select only drivers that don't need compile-time external firmware

No, that is very different.  That option is present if you don't want to
build some firmware images from the source that is present in the kernel
tree, and instead, use the pre-built stuff that is also present in the
kernel tree.

It is there so that we do not require some additional tools that the
majority of kernel developers do not have installed on their machine in
order to create a working kernel image for some types of hardware.

Hope this helps,

greg k-h

Re: A proposal - binary

[Dave Jones]

On Thu, Aug 03, 2006 at 12:36:00PM -0700, Greg Kroah-Hartman wrote:

 > > That is good to know.  But there is a kernel option which doesn't make 
 > > much sense in that case:
 > > 
 > > [*] Select only drivers that don't need compile-time external firmware
 > 
 > No, that is very different.  That option is present if you don't want to
 > build some firmware images from the source that is present in the kernel
 > tree, and instead, use the pre-built stuff that is also present in the
 > kernel tree.

You're describing PREVENT_FIRMWARE_BUILD.  The text Zach quoted is from
STANDALONE, which is something else completely.  That allows us to not
build drivers that pull in things from /etc and the like during compile.
(Whoever thought that was a good idea?)

		Dave

-- 
http://www.codemonkey.org.uk

Options depending on STANDALONE

[Adrian Bunk]

On Thu, Aug 03, 2006 at 03:56:17PM -0400, Dave Jones wrote:
> On Thu, Aug 03, 2006 at 12:36:00PM -0700, Greg Kroah-Hartman wrote:
> 
>  > > That is good to know.  But there is a kernel option which doesn't make 
>  > > much sense in that case:
>  > > 
>  > > [*] Select only drivers that don't need compile-time external firmware
>  > 
>  > No, that is very different.  That option is present if you don't want to
>  > build some firmware images from the source that is present in the kernel
>  > tree, and instead, use the pre-built stuff that is also present in the
>  > kernel tree.
> 
> You're describing PREVENT_FIRMWARE_BUILD.  The text Zach quoted is from
> STANDALONE, which is something else completely.  That allows us to not
> build drivers that pull in things from /etc and the like during compile.
> (Whoever thought that was a good idea?)

We should also look at what drivers do depend on STANDALONE:
- some OSS drivers
- one DVB driver option (DVB_AV7110_FIRMWARE)
- ACPI_CUSTOM_DSDT

The OSS drivers are more or less RIP, so let's ignore them.

Is DVB_AV7110_FIRMWARE really still required?
ALL other drivers work without such an option.

ACPI_CUSTOM_DSDT seems to be the most interesting case.
It's anyway not usable for distribution kernels, and AFAIR the ACPI 
people prefer to get the kernel working with all original DSDTs
(which usually work with at least one other OS) than letting the people 
workaround the problem by using a custom DSDT.

It might therefore be possile simply getting rid of CONFIG_STANDALONE?

> 		Dave

cu
Adrian

-- 

    Gentoo kernels are 42 times more popular than SUSE kernels among
    KLive users  (a service by SUSE contractor Andrea Arcangeli that
    gathers data about kernels from many users worldwide).

       There are three kinds of lies: Lies, Damn Lies, and Statistics.
                                                    Benjamin Disraeli

Re: Options depending on STANDALONE

[Greg KH]

On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
> ACPI_CUSTOM_DSDT seems to be the most interesting case.
> It's anyway not usable for distribution kernels, and AFAIR the ACPI 
> people prefer to get the kernel working with all original DSDTs
> (which usually work with at least one other OS) than letting the people 
> workaround the problem by using a custom DSDT.

Not true at all.  For SuSE kernels, we have a patch that lets people
load a new DSDT from initramfs due to broken machines requiring a
replacement in order to work properly.

thanks,

greg k-h

Re: Options depending on STANDALONE

[Dave Jones]

On Thu, Aug 03, 2006 at 01:28:07PM -0700, Greg Kroah-Hartman wrote:
 > On Thu, Aug 03, 2006 at 10:25:43PM +0200, Adrian Bunk wrote:
 > > ACPI_CUSTOM_DSDT seems to be the most interesting case.
 > > It's anyway not usable for distribution kernels, and AFAIR the ACPI 
 > > people prefer to get the kernel working with all original DSDTs
 > > (which usually work with at least one other OS) than letting the people 
 > > workaround the problem by using a custom DSDT.
 > 
 > Not true at all.  For SuSE kernels, we have a patch that lets people
 > load a new DSDT from initramfs due to broken machines requiring a
 > replacement in order to work properly.

Whilst this is a quick fix for users who either know how to hack DSDTs
themselves, or know where to get a fixed one, it doesn't solve the bigger
problem, that the interpretor doesn't get fixed.
And by 'fixed', I mean we aren't bug for bug compatible with that
other OS.  We need to be adding workarounds to the ACPI interpretor
so this stuff 'just works', not hiding from the problem and creating
"but it works in $otherdistro when I do this" scenarios.

		Dave

-- 
http://www.codemonkey.org.uk