Potential nonfree code in Linux-libre

Felipe Sanches juca at members.fsf.org
Mon Aug 23 19:26:52 UTC 2021

I looked up the datasheet for the vs6624 chip. All of the memory positions
with a meaningful #define on vs6624_regs.h are the ones documented on the
datasheet. There are a few without #defines but with somewhat meaningful
names placed on comments. I suspect that those were either figured out by
reverse engineering or else the developer of this driver got access to
complementary docs.

There is also a large number of undocumented memory positions that are
written to the chip (the vs6624_p1 array). I was curious to see if these
"look like code" so I wrote a small python script to create a 64kbyte file
with the contents resulting from performing all those writes. By inspecting
the result on a hex editor, I see that a few mostly contiguous memory
regions are filled with those bytes, which could either mean some
code-blocks or some special-purpose range of registers. I also observed
that these values are all written to a different memory range (mostly at
9xxx) than the documented registers (from 0x0000 to 0x2616). So it might
indeed have a different purpose.

The datasheet also mentions that this 64k address range contains a mix of
RAM, ROM and "real registers". My hunch is that ROM has firmware written on
the factory that uses RAM for its stack and run-time variables but also for
reading user-provided settings. Those settings would be the ones documented
on the datasheet.

There's some small chance that the ROM code is written with hooks to
optional extensions to be loaded on RAM by the user, but that sounds way
too fancy, in my opinion.

Since the chip is manufactured by ST MicroElectronics, the embedded MCU
must be one of the cores that ST has. So it might be something like SMT8x
perhaps. Maybe we could try disassembling that block of bytes with the
opcode table of one of these ST cores to see if it makes any sense.

Also, I could not find which devices use this camera other than a very old
and discontinued phone. And the only parts I could find to buy are on ebay
for ~20 dollars and listed as "old-new stock". And these chips are also
listed as "obsolete" on some online electronic parts catalogs.

So here's my suggestion for the LinuxLibre project, I have a more pragmatic
We lack info on this and it could really be anything. I suggest removing it
and waiting until someone complains. Probably nobody will ever complain
because it is extremely unlikely someone is nowadays running LinuxLibre on
a device that uses this chip. And if such person exists, then we may have
the chance of actually poking the device to figure out more technical info
about it (such as dumping its internal ROM and disassemblying it to figure
out what is it actually doing with the values written to all of those
undocumented memory positions).

Happy Hacking!
Felipe "Juca" Sanches

Em sex., 20 de ago. de 2021 às 02:15, Alexandre Oliva <lxoliva at fsfla.org>

> Hello, Legimet,
> Thanks for the report.
> On Aug 18, 2021, Legimet <legimet.calc at gmail.com> wrote:
> > I noticed that there are some files which are included in Linux-libre,
> > but stripped from Debian's kernel:
> That's not so surprising.  Debian has different standards.  They even
> have a different Free Software definition, that they apply equally to
> software, documentation, functional and non-functional data.
> We follow the original Free Software definition, as it applies to
> software and other works for practical use.  We don't mind
> non-executable configuration data, which leads to different decisions.
> > arch/powerpc/platforms/8xx/micropatch.c
> I found this one suspicious, as I inherited the package from BLAG
> maintainers that followed gNewSense's decision from back then.  I have
> never challenged or reversed that decision, out of understanding that
> gNewSense had looked into and debated where to draw the line.
> > drivers/media/i2c/vs6624.c
> This one looks more like configuration data than code to me.  It's hard
> to tell why, and such hunches are by no means absolute, but there are
> plenty of other arrays that comes across as data rather than as code,
> and that we've retained.  deblob-check explicitly authorizes this one.
> The filename is indeed different nowadays, but the filename annotations
> are completely ignored by deblob-check.
> > drivers/video/fbdev/nvidia
> > drivers/video/fbdev/riva
> > The nvidia and riva drivers contain obfuscated source code, according to
> > the Debian dfsg patches:
> Source code provided with insufficient documentation is less desirable
> than properly documented source code, but that's not enough to make it
> non-Free Software.
> Whether it meets the requirements for corresponding sources under the
> GPL would be more relevant if we'd received it as object code at first,
> and had requested the corresponding sources.  Getting obfuscated code
> could then be challenged as failing to meet the obligation to provide
> the source code.
> We got poor, debatable source code, but it's hardly debatable that, once
> one of us compiles that and distributes the object code, that *is* the
> corresponding source code we had at our disposal, that we've used to
> compile into the object form.  We've never even had access to something
> that would be superior as source code, and we don't even know whether it
> exists.  So there's no issue of GPL compliance for *us*, or for our
> downstream.
> Absent evidence that there is a better version that was precompiled into
> what we're using as sources, we keep it.  I'm not even sure we'd have a
> case for removal if there was such evidence.
> I compare this situation with that of the decompiled version of the
> Brazilian tax software that I've been using to maintain and update it
> since 2007.  The binaries I got at first were LGPLed compiled Java code
> with debug info, that decompiled into compilable Java without comments.
> That's not the corresponding source code for the binaries I got, but
> once I adopted that as the sources I was going to modify to develop it
> further, and started mofiying it, it became source code, and, more than
> that, it became corresponding source code for the binaries I've built
> and distributed out of it.
> In this case again Debian uses different criteria.  And that's fine.
> They don't have to ship code (or data) they're not comfortable shipping,
> and they're free to modify the software to suit their needs, and to
> distribute the modified software if they wish.
> >> These drivers are also largely redundant with nouveau.  The RIVA 128
> >> (NV3) is not supported by nouveau but is about 15 years old and
> >> probably discontinued 10 years ago.
> This is not a relevant argument for us.
> If it's Free Software, or if it's not software but data, we keep it.
> If it's non-Free Software, or if it's software or documentation that
> induces to the use of non-Free Software, we drop it.
> Thanks again,
> --
> Alexandre Oliva, happy hacker                https://FSFLA.org/blogs/lxo/
>    Free Software Activist                       GNU Toolchain Engineer
> Disinformation flourishes because many people care deeply about injustice
> but very few check the facts.  Ask me about <https://stallmansupport.org>
> _______________________________________________
> linux-libre mailing list
> linux-libre at fsfla.org
> http://www.fsfla.org/cgi-bin/mailman/listinfo/linux-libre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.fsfla.org/pipermail/linux-libre/attachments/20210823/e460461d/attachment.htm>

More information about the linux-libre mailing list