1 Tainted kernels 1 Tainted kernels
2 --------------- 2 ---------------
3 3
4 The kernel will mark itself as 'tainted' when 4 The kernel will mark itself as 'tainted' when something occurs that might be
5 relevant later when investigating problems. Do 5 relevant later when investigating problems. Don't worry too much about this,
6 most of the time it's not a problem to run a t 6 most of the time it's not a problem to run a tainted kernel; the information is
7 mainly of interest once someone wants to inves 7 mainly of interest once someone wants to investigate some problem, as its real
8 cause might be the event that got the kernel t 8 cause might be the event that got the kernel tainted. That's why bug reports
9 from tainted kernels will often be ignored by 9 from tainted kernels will often be ignored by developers, hence try to reproduce
10 problems with an untainted kernel. 10 problems with an untainted kernel.
11 11
12 Note the kernel will remain tainted even after 12 Note the kernel will remain tainted even after you undo what caused the taint
13 (i.e. unload a proprietary kernel module), to 13 (i.e. unload a proprietary kernel module), to indicate the kernel remains not
14 trustworthy. That's also why the kernel will p 14 trustworthy. That's also why the kernel will print the tainted state when it
15 notices an internal problem (a 'kernel bug'), 15 notices an internal problem (a 'kernel bug'), a recoverable error
16 ('kernel oops') or a non-recoverable error ('k 16 ('kernel oops') or a non-recoverable error ('kernel panic') and writes debug
17 information about this to the logs ``dmesg`` o 17 information about this to the logs ``dmesg`` outputs. It's also possible to
18 check the tainted state at runtime through a f 18 check the tainted state at runtime through a file in ``/proc/``.
19 19
20 20
21 Tainted flag in bugs, oops or panics messages 21 Tainted flag in bugs, oops or panics messages
22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23 23
24 You find the tainted state near the top in a l 24 You find the tainted state near the top in a line starting with 'CPU:'; if or
25 why the kernel was tainted is shown after the 25 why the kernel was tainted is shown after the Process ID ('PID:') and a shortened
26 name of the command ('Comm:') that triggered t 26 name of the command ('Comm:') that triggered the event::
27 27
28 BUG: unable to handle kernel NULL poin 28 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
29 Oops: 0002 [#1] SMP PTI 29 Oops: 0002 [#1] SMP PTI
30 CPU: 0 PID: 4424 Comm: insmod Tainted: 30 CPU: 0 PID: 4424 Comm: insmod Tainted: P W O 4.20.0-0.rc6.fc30 #1
31 Hardware name: Red Hat KVM, BIOS 0.5.1 31 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
32 RIP: 0010:my_oops_init+0x13/0x1000 [kp 32 RIP: 0010:my_oops_init+0x13/0x1000 [kpanic]
33 [...] 33 [...]
34 34
35 You'll find a 'Not tainted: ' there if the ker 35 You'll find a 'Not tainted: ' there if the kernel was not tainted at the
36 time of the event; if it was, then it will pri 36 time of the event; if it was, then it will print 'Tainted: ' and characters
37 either letters or blanks. In the example above !! 37 either letters or blanks. In above example it looks like this::
38 38
39 Tainted: P W O 39 Tainted: P W O
40 40
41 The meaning of those characters is explained i 41 The meaning of those characters is explained in the table below. In this case
42 the kernel got tainted earlier because a propr 42 the kernel got tainted earlier because a proprietary Module (``P``) was loaded,
43 a warning occurred (``W``), and an externally- 43 a warning occurred (``W``), and an externally-built module was loaded (``O``).
44 To decode other letters use the table below. 44 To decode other letters use the table below.
45 45
46 46
47 Decoding tainted state at runtime 47 Decoding tainted state at runtime
48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
49 49
50 At runtime, you can query the tainted state by 50 At runtime, you can query the tainted state by reading
51 ``cat /proc/sys/kernel/tainted``. If that retu 51 ``cat /proc/sys/kernel/tainted``. If that returns ``0``, the kernel is not
52 tainted; any other number indicates the reason 52 tainted; any other number indicates the reasons why it is. The easiest way to
53 decode that number is the script ``tools/debug 53 decode that number is the script ``tools/debugging/kernel-chktaint``, which your
54 distribution might ship as part of a package c 54 distribution might ship as part of a package called ``linux-tools`` or
55 ``kernel-tools``; if it doesn't, you can downl !! 55 ``kernel-tools``; if it doesn't you can download the script from
56 `git.kernel.org <https://git.kernel.org/pub/sc 56 `git.kernel.org <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/tools/debugging/kernel-chktaint>`_
57 and execute it with ``sh kernel-chktaint``, wh 57 and execute it with ``sh kernel-chktaint``, which would print something like
58 this on the machine that had the statements in 58 this on the machine that had the statements in the logs that were quoted earlier::
59 59
60 Kernel is Tainted for following reason 60 Kernel is Tainted for following reasons:
61 * Proprietary module was loaded (#0) 61 * Proprietary module was loaded (#0)
62 * Kernel issued warning (#9) 62 * Kernel issued warning (#9)
63 * Externally-built ('out-of-tree') mo 63 * Externally-built ('out-of-tree') module was loaded (#12)
64 See Documentation/admin-guide/tainted- 64 See Documentation/admin-guide/tainted-kernels.rst in the Linux kernel or
65 https://www.kernel.org/doc/html/lates 65 https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html for
66 a more details explanation of the var 66 a more details explanation of the various taint flags.
67 Raw taint value as int/string: 4609/'P 67 Raw taint value as int/string: 4609/'P W O '
68 68
69 You can try to decode the number yourself. Tha 69 You can try to decode the number yourself. That's easy if there was only one
70 reason that got your kernel tainted, as in thi 70 reason that got your kernel tainted, as in this case you can find the number
71 with the table below. If there were multiple r 71 with the table below. If there were multiple reasons you need to decode the
72 number, as it is a bitfield, where each bit in 72 number, as it is a bitfield, where each bit indicates the absence or presence of
73 a particular type of taint. It's best to leave 73 a particular type of taint. It's best to leave that to the aforementioned
74 script, but if you need something quick you ca 74 script, but if you need something quick you can use this shell command to check
75 which bits are set:: 75 which bits are set::
76 76
77 $ for i in $(seq 18); do echo $(($i-1) 77 $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done
78 78
79 Table for decoding tainted state 79 Table for decoding tainted state
80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
81 81
82 === === ====== ============================ 82 === === ====== ========================================================
83 Bit Log Number Reason that got the kernel t 83 Bit Log Number Reason that got the kernel tainted
84 === === ====== ============================ 84 === === ====== ========================================================
85 0 G/P 1 proprietary module was loade 85 0 G/P 1 proprietary module was loaded
86 1 _/F 2 module was force loaded 86 1 _/F 2 module was force loaded
87 2 _/S 4 kernel running on an out of 87 2 _/S 4 kernel running on an out of specification system
88 3 _/R 8 module was force unloaded 88 3 _/R 8 module was force unloaded
89 4 _/M 16 processor reported a Machine 89 4 _/M 16 processor reported a Machine Check Exception (MCE)
90 5 _/B 32 bad page referenced or some 90 5 _/B 32 bad page referenced or some unexpected page flags
91 6 _/U 64 taint requested by userspace 91 6 _/U 64 taint requested by userspace application
92 7 _/D 128 kernel died recently, i.e. t 92 7 _/D 128 kernel died recently, i.e. there was an OOPS or BUG
93 8 _/A 256 ACPI table overridden by use 93 8 _/A 256 ACPI table overridden by user
94 9 _/W 512 kernel issued warning 94 9 _/W 512 kernel issued warning
95 10 _/C 1024 staging driver was loaded 95 10 _/C 1024 staging driver was loaded
96 11 _/I 2048 workaround for bug in platfo 96 11 _/I 2048 workaround for bug in platform firmware applied
97 12 _/O 4096 externally-built ("out-of-tr 97 12 _/O 4096 externally-built ("out-of-tree") module was loaded
98 13 _/E 8192 unsigned module was loaded 98 13 _/E 8192 unsigned module was loaded
99 14 _/L 16384 soft lockup occurred 99 14 _/L 16384 soft lockup occurred
100 15 _/K 32768 kernel has been live patched 100 15 _/K 32768 kernel has been live patched
101 16 _/X 65536 auxiliary taint, defined for 101 16 _/X 65536 auxiliary taint, defined for and used by distros
102 17 _/T 131072 kernel was built with the st 102 17 _/T 131072 kernel was built with the struct randomization plugin
103 18 _/N 262144 an in-kernel test has been r 103 18 _/N 262144 an in-kernel test has been run
104 === === ====== ============================ 104 === === ====== ========================================================
105 105
106 Note: The character ``_`` is representing a bl 106 Note: The character ``_`` is representing a blank in this table to make reading
107 easier. 107 easier.
108 108
109 More detailed explanation for tainting 109 More detailed explanation for tainting
110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
111 111
112 0) ``G`` if all modules loaded have a GPL or 112 0) ``G`` if all modules loaded have a GPL or compatible license, ``P`` if
113 any proprietary module has been loaded. 113 any proprietary module has been loaded. Modules without a
114 MODULE_LICENSE or with a MODULE_LICENSE t 114 MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
115 insmod as GPL compatible are assumed to b 115 insmod as GPL compatible are assumed to be proprietary.
116 116
117 1) ``F`` if any module was force loaded by ` 117 1) ``F`` if any module was force loaded by ``insmod -f``, ``' '`` if all
118 modules were loaded normally. 118 modules were loaded normally.
119 119
120 2) ``S`` if the kernel is running on a proce 120 2) ``S`` if the kernel is running on a processor or system that is out of
121 specification: hardware has been put into 121 specification: hardware has been put into an unsupported configuration,
122 therefore proper execution cannot be guar 122 therefore proper execution cannot be guaranteed.
123 Kernel will be tainted if, for example: 123 Kernel will be tainted if, for example:
124 124
125 - on x86: PAE is forced through forcepae 125 - on x86: PAE is forced through forcepae on intel CPUs (such as Pentium M)
126 which do not report PAE but may have a 126 which do not report PAE but may have a functional implementation, an SMP
127 kernel is running on non officially cap 127 kernel is running on non officially capable SMP Athlon CPUs, MSRs are
128 being poked at from userspace. 128 being poked at from userspace.
129 - on arm: kernel running on certain CPUs 129 - on arm: kernel running on certain CPUs (such as Keystone 2) without
130 having certain kernel features enabled. 130 having certain kernel features enabled.
131 - on arm64: there are mismatched hardware 131 - on arm64: there are mismatched hardware features between CPUs, the
132 bootloader has booted CPUs in different 132 bootloader has booted CPUs in different modes.
133 - certain drivers are being used on non s 133 - certain drivers are being used on non supported architectures (such as
134 scsi/snic on something else than x86_64 134 scsi/snic on something else than x86_64, scsi/ips on non
135 x86/x86_64/itanium, have broken firmwar 135 x86/x86_64/itanium, have broken firmware settings for the
136 irqchip/irq-gic on arm64 ...). 136 irqchip/irq-gic on arm64 ...).
137 - x86/x86_64: Microcode late loading is d 137 - x86/x86_64: Microcode late loading is dangerous and will result in
138 tainting the kernel. It requires that a 138 tainting the kernel. It requires that all CPUs rendezvous to make sure
139 the update happens when the system is a 139 the update happens when the system is as quiescent as possible. However,
140 a higher priority MCE/SMI/NMI can move 140 a higher priority MCE/SMI/NMI can move control flow away from that
141 rendezvous and interrupt the update, wh 141 rendezvous and interrupt the update, which can be detrimental to the
142 machine. 142 machine.
143 143
144 3) ``R`` if a module was force unloaded by ` 144 3) ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all
145 modules were unloaded normally. 145 modules were unloaded normally.
146 146
147 4) ``M`` if any processor has reported a Mac 147 4) ``M`` if any processor has reported a Machine Check Exception,
148 ``' '`` if no Machine Check Exceptions ha 148 ``' '`` if no Machine Check Exceptions have occurred.
149 149
150 5) ``B`` If a page-release function has foun 150 5) ``B`` If a page-release function has found a bad page reference or some
151 unexpected page flags. This indicates a h 151 unexpected page flags. This indicates a hardware problem or a kernel bug;
152 there should be other information in the 152 there should be other information in the log indicating why this tainting
153 occurred. 153 occurred.
154 154
155 6) ``U`` if a user or user application speci 155 6) ``U`` if a user or user application specifically requested that the
156 Tainted flag be set, ``' '`` otherwise. 156 Tainted flag be set, ``' '`` otherwise.
157 157
158 7) ``D`` if the kernel has died recently, i. 158 7) ``D`` if the kernel has died recently, i.e. there was an OOPS or BUG.
159 159
160 8) ``A`` if an ACPI table has been overridde 160 8) ``A`` if an ACPI table has been overridden.
161 161
162 9) ``W`` if a warning has previously been is 162 9) ``W`` if a warning has previously been issued by the kernel.
163 (Though some warnings may set more specif 163 (Though some warnings may set more specific taint flags.)
164 164
165 10) ``C`` if a staging driver has been loaded 165 10) ``C`` if a staging driver has been loaded.
166 166
167 11) ``I`` if the kernel is working around a s 167 11) ``I`` if the kernel is working around a severe bug in the platform
168 firmware (BIOS or similar). 168 firmware (BIOS or similar).
169 169
170 12) ``O`` if an externally-built ("out-of-tre 170 12) ``O`` if an externally-built ("out-of-tree") module has been loaded.
171 171
172 13) ``E`` if an unsigned module has been load 172 13) ``E`` if an unsigned module has been loaded in a kernel supporting
173 module signature. 173 module signature.
174 174
175 14) ``L`` if a soft lockup has previously occ 175 14) ``L`` if a soft lockup has previously occurred on the system.
176 176
177 15) ``K`` if the kernel has been live patched 177 15) ``K`` if the kernel has been live patched.
178 178
179 16) ``X`` Auxiliary taint, defined for and us 179 16) ``X`` Auxiliary taint, defined for and used by Linux distributors.
180 180
181 17) ``T`` Kernel was build with the randstruc 181 17) ``T`` Kernel was build with the randstruct plugin, which can intentionally
182 produce extremely unusual kernel structur 182 produce extremely unusual kernel structure layouts (even performance
183 pathological ones), which is important to 183 pathological ones), which is important to know when debugging. Set at
184 build time. 184 build time.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.