Linux 6.6 To Better Protect Against The Illicit Behavior Of NVIDIA's Proprietary Driver
The Linux 6.6 modules infrastructure is changing to better protect against the illicit behavior of NVIDIA's proprietary kernel driver.
Luis Chamberlain sent out the modules changes today for the Linux 6.6 merge window. Most notable with the modules update is a change that better builds up the defenses against NVIDIA's proprietary kernel driver from using GPL-only symbols. Or in other words, bits that only true open-source drivers should be utilizing and not proprietary kernel drivers like NVIDIA's default Linux driver in respecting the original kernel code author's intent.
A change made back in 2020 to the kernel module code inherits the TAINT_PROPRIETARY_MODULE and better protects against proprietary modules using GPL-only symbols following a NVIDIA GPL condom incident. Well, NVIDIA Linux engineers have since worked around that to be able to use GPL-only symbols within their binary blob. As a result we have new defenses being put in place for the kernel.
Christoph Hellwig who authored the latest defensive measure explained:
This change to only allow symbol_get of EXPORT_SYMBOL_GPL modules will now be in place with Linux 6.6. Luis Chamberlain further added in today's pull request:
Back in 2020 when the original defense was added, NVIDIA recommended avoiding the Linux 5.9 for the time being. They ended up having a supported driver several weeks later. It will be interesting to see this time how long Linux 6.6+ thwarts their kernel driver. At least NVIDIA is now maintaining their open GPU kernel driver option since last year as an alternative to their proprietary kernel driver.
The full list of modules changes for Linux 6.6 can be found via this pull request.
Luis Chamberlain sent out the modules changes today for the Linux 6.6 merge window. Most notable with the modules update is a change that better builds up the defenses against NVIDIA's proprietary kernel driver from using GPL-only symbols. Or in other words, bits that only true open-source drivers should be utilizing and not proprietary kernel drivers like NVIDIA's default Linux driver in respecting the original kernel code author's intent.
A change made back in 2020 to the kernel module code inherits the TAINT_PROPRIETARY_MODULE and better protects against proprietary modules using GPL-only symbols following a NVIDIA GPL condom incident. Well, NVIDIA Linux engineers have since worked around that to be able to use GPL-only symbols within their binary blob. As a result we have new defenses being put in place for the kernel.
Christoph Hellwig who authored the latest defensive measure explained:
"It has recently come to my attention that nvidia is circumventing the protection added in 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary modules into an allegedly GPL licensed module and then re-exporting them.
Given that symbol_get was only ever intended for tightly cooperating modules using very internal symbols it is logical to restrict it to being used on EXPORY_SYMBOL_GPL and prevent nvidia from costly DMCA circumvention of access controls lawsuits.
All symbols except for four used through symbol_get were already exported as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in the preparation patches."
This change to only allow symbol_get of EXPORT_SYMBOL_GPL modules will now be in place with Linux 6.6. Luis Chamberlain further added in today's pull request:
"Christoph Hellwig's symbol_get() fix to Nvidia's efforts to circumvent the protection he put in place in year 2020 to prevent proprietary modules from using GPL only symbols, and also ensuring proprietary modules which export symbols grandfather their taint. That was done through year 2020 commit 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE"). Christoph's new fix is done by clarifing __symbol_get() was only ever intended to prevent module reference loops by Linux kernel modules and so making it only find symbols exported via EXPORT_SYMBOL_GPL(). The circumvention tactic used by Nvidia was to use symbol_get() to purposely swift through proprietary module symbols and completley bypass our traditional EXPORT_SYMBOL*() annotations and community agreed upon restrictions."
Back in 2020 when the original defense was added, NVIDIA recommended avoiding the Linux 5.9 for the time being. They ended up having a supported driver several weeks later. It will be interesting to see this time how long Linux 6.6+ thwarts their kernel driver. At least NVIDIA is now maintaining their open GPU kernel driver option since last year as an alternative to their proprietary kernel driver.
The full list of modules changes for Linux 6.6 can be found via this pull request.
235 Comments