Linux 5.9 Brings Safeguard Following NVIDIA's Recent "GPL Condom" Incident

As a result of that "NetGPU" code patch series and the ensuing discussion, longtime kernel developer Christoph Hellwig followed through with a set of kernel patches to tighten up access to kernel symbols exported as GPL-only and are frequently used by these open-source "shim" drivers to sit between the open-source kernel code and the binary kernel modules. This situation also known as the "GPL condom" defense is working to be better avoided with Linux 5.9+ kernels.
The summary of the change amounts to:
Have modules that use symbols from proprietary modules inherit the TAINT_PROPRIETARY_MODULE taint, in an effort to prevent GPL shim modules that are used to circumvent _GPL exports. These are modules that claim to be GPL licensed while also using symbols from proprietary modules. Such modules will be rejected while non-GPL modules will inherit the proprietary taint.
Jessica Yu this morning sent in the modules updates for Linux 5.9 that include Hellwig's patches.
141 Comments