Linux 5.9 Brings Safeguard Following NVIDIA's Recent "GPL Condom" Incident

Stemming from the recent discussions over NVIDIA NetGPU code that relied on another shim for interfacing between NVIDIA's proprietary driver and the open-source kernel code, a new patch is on the way for Linux 5.9 to fight back against such efforts.

As a result of that "NetGPU" code patch series and the ensuing discussion, longtime kernel developer Christoph Hellwig followed through with a set of kernel patches to tighten up access to kernel symbols exported as GPL-only and are frequently used by these open-source "shim" drivers to sit between the open-source kernel code and the binary kernel modules. This situation also known as the "GPL condom" defense is working to be better avoided with Linux 5.9+ kernels.

The summary of the change amounts to:

Have modules that use symbols from proprietary modules inherit the TAINT_PROPRIETARY_MODULE taint, in an effort to prevent GPL shim modules that are used to circumvent _GPL exports. These are modules that claim to be GPL licensed while also using symbols from proprietary modules. Such modules will be rejected while non-GPL modules will inherit the proprietary taint.

Jessica Yu this morning sent in the modules updates for Linux 5.9 that include Hellwig's patches.