Commit | Line | Data |
---|---|---|
337c188d MCC |
1 | Tainted kernels |
2 | --------------- | |
3 | ||
896dd323 TL |
4 | The kernel will mark itself as 'tainted' when something occurs that might be |
5 | relevant later when investigating problems. Don't worry too much about this, | |
6 | most of the time it's not a problem to run a tainted kernel; the information is | |
7 | mainly of interest once someone wants to investigate some problem, as its real | |
8 | cause might be the event that got the kernel tainted. That's why bug reports | |
9 | from tainted kernels will often be ignored by developers, hence try to reproduce | |
10 | problems with an untainted kernel. | |
11 | ||
12 | Note the kernel will remain tainted even after you undo what caused the taint | |
13 | (i.e. unload a proprietary kernel module), to indicate the kernel remains not | |
14 | trustworthy. That's also why the kernel will print the tainted state when it | |
15 | notices an internal problem (a 'kernel bug'), a recoverable error | |
16 | ('kernel oops') or a non-recoverable error ('kernel panic') and writes debug | |
17 | information about this to the logs ``dmesg`` outputs. It's also possible to | |
18 | check the tainted state at runtime through a file in ``/proc/``. | |
19 | ||
20 | ||
21 | Tainted flag in bugs, oops or panics messages | |
22 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
23 | ||
24 | You find the tainted state near the top in a line starting with 'CPU:'; if or | |
25 | why the kernel was tainted is shown after the Process ID ('PID:') and a shortened | |
26 | name of the command ('Comm:') that triggered the event:: | |
27 | ||
28 | BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 | |
29 | Oops: 0002 [#1] SMP PTI | |
30 | CPU: 0 PID: 4424 Comm: insmod Tainted: P W O 4.20.0-0.rc6.fc30 #1 | |
31 | Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 | |
32 | RIP: 0010:my_oops_init+0x13/0x1000 [kpanic] | |
33 | [...] | |
34 | ||
35 | You'll find a 'Not tainted: ' there if the kernel was not tainted at the | |
36 | time of the event; if it was, then it will print 'Tainted: ' and characters | |
f9197538 | 37 | either letters or blanks. In the example above it looks like this:: |
896dd323 TL |
38 | |
39 | Tainted: P W O | |
40 | ||
2cb3188b | 41 | The meaning of those characters is explained in the table below. In this case |
896dd323 TL |
42 | the kernel got tainted earlier because a proprietary Module (``P``) was loaded, |
43 | a warning occurred (``W``), and an externally-built module was loaded (``O``). | |
44 | To decode other letters use the table below. | |
45 | ||
46 | ||
47 | Decoding tainted state at runtime | |
48 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
49 | ||
50 | At runtime, you can query the tainted state by reading | |
51 | ``cat /proc/sys/kernel/tainted``. If that returns ``0``, the kernel is not | |
52 | tainted; any other number indicates the reasons why it is. The easiest way to | |
53 | decode that number is the script ``tools/debugging/kernel-chktaint``, which your | |
54 | distribution might ship as part of a package called ``linux-tools`` or | |
f9197538 | 55 | ``kernel-tools``; if it doesn't, you can download the script from |
896dd323 TL |
56 | `git.kernel.org <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/tools/debugging/kernel-chktaint>`_ |
57 | and execute it with ``sh kernel-chktaint``, which would print something like | |
58 | this on the machine that had the statements in the logs that were quoted earlier:: | |
59 | ||
60 | Kernel is Tainted for following reasons: | |
61 | * Proprietary module was loaded (#0) | |
62 | * Kernel issued warning (#9) | |
63 | * Externally-built ('out-of-tree') module was loaded (#12) | |
1943b35e | 64 | See Documentation/admin-guide/tainted-kernels.rst in the Linux kernel or |
896dd323 TL |
65 | https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html for |
66 | a more details explanation of the various taint flags. | |
67 | Raw taint value as int/string: 4609/'P W O ' | |
68 | ||
69 | You can try to decode the number yourself. That's easy if there was only one | |
70 | reason that got your kernel tainted, as in this case you can find the number | |
71 | with the table below. If there were multiple reasons you need to decode the | |
72 | number, as it is a bitfield, where each bit indicates the absence or presence of | |
73 | a particular type of taint. It's best to leave that to the aforementioned | |
74 | script, but if you need something quick you can use this shell command to check | |
75 | which bits are set:: | |
76 | ||
77 | $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done | |
78 | ||
79 | Table for decoding tainted state | |
80 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
81 | ||
82 | === === ====== ======================================================== | |
83 | Bit Log Number Reason that got the kernel tainted | |
84 | === === ====== ======================================================== | |
85 | 0 G/P 1 proprietary module was loaded | |
86 | 1 _/F 2 module was force loaded | |
547f574f | 87 | 2 _/S 4 kernel running on an out of specification system |
896dd323 TL |
88 | 3 _/R 8 module was force unloaded |
89 | 4 _/M 16 processor reported a Machine Check Exception (MCE) | |
90 | 5 _/B 32 bad page referenced or some unexpected page flags | |
91 | 6 _/U 64 taint requested by userspace application | |
92 | 7 _/D 128 kernel died recently, i.e. there was an OOPS or BUG | |
93 | 8 _/A 256 ACPI table overridden by user | |
94 | 9 _/W 512 kernel issued warning | |
95 | 10 _/C 1024 staging driver was loaded | |
96 | 11 _/I 2048 workaround for bug in platform firmware applied | |
97 | 12 _/O 4096 externally-built ("out-of-tree") module was loaded | |
98 | 13 _/E 8192 unsigned module was loaded | |
99 | 14 _/L 16384 soft lockup occurred | |
100 | 15 _/K 32768 kernel has been live patched | |
101 | 16 _/X 65536 auxiliary taint, defined for and used by distros | |
102 | 17 _/T 131072 kernel was built with the struct randomization plugin | |
2852ca7f | 103 | 18 _/N 262144 an in-kernel test has been run |
896dd323 TL |
104 | === === ====== ======================================================== |
105 | ||
106 | Note: The character ``_`` is representing a blank in this table to make reading | |
107 | easier. | |
108 | ||
109 | More detailed explanation for tainting | |
110 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
111 | ||
112 | 0) ``G`` if all modules loaded have a GPL or compatible license, ``P`` if | |
337c188d MCC |
113 | any proprietary module has been loaded. Modules without a |
114 | MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by | |
115 | insmod as GPL compatible are assumed to be proprietary. | |
116 | ||
896dd323 | 117 | 1) ``F`` if any module was force loaded by ``insmod -f``, ``' '`` if all |
337c188d MCC |
118 | modules were loaded normally. |
119 | ||
547f574f MCS |
120 | 2) ``S`` if the kernel is running on a processor or system that is out of |
121 | specification: hardware has been put into an unsupported configuration, | |
122 | therefore proper execution cannot be guaranteed. | |
123 | Kernel will be tainted if, for example: | |
124 | ||
125 | - on x86: PAE is forced through forcepae on intel CPUs (such as Pentium M) | |
126 | which do not report PAE but may have a functional implementation, an SMP | |
127 | kernel is running on non officially capable SMP Athlon CPUs, MSRs are | |
128 | being poked at from userspace. | |
129 | - on arm: kernel running on certain CPUs (such as Keystone 2) without | |
130 | having certain kernel features enabled. | |
131 | - on arm64: there are mismatched hardware features between CPUs, the | |
132 | bootloader has booted CPUs in different modes. | |
133 | - certain drivers are being used on non supported architectures (such as | |
134 | scsi/snic on something else than x86_64, scsi/ips on non | |
135 | x86/x86_64/itanium, have broken firmware settings for the | |
136 | irqchip/irq-gic on arm64 ...). | |
3ecf671f AR |
137 | - x86/x86_64: Microcode late loading is dangerous and will result in |
138 | tainting the kernel. It requires that all CPUs rendezvous to make sure | |
139 | the update happens when the system is as quiescent as possible. However, | |
140 | a higher priority MCE/SMI/NMI can move control flow away from that | |
141 | rendezvous and interrupt the update, which can be detrimental to the | |
142 | machine. | |
337c188d | 143 | |
896dd323 | 144 | 3) ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all |
337c188d MCC |
145 | modules were unloaded normally. |
146 | ||
896dd323 | 147 | 4) ``M`` if any processor has reported a Machine Check Exception, |
337c188d MCC |
148 | ``' '`` if no Machine Check Exceptions have occurred. |
149 | ||
896dd323 TL |
150 | 5) ``B`` If a page-release function has found a bad page reference or some |
151 | unexpected page flags. This indicates a hardware problem or a kernel bug; | |
152 | there should be other information in the log indicating why this tainting | |
7a87724d | 153 | occurred. |
337c188d | 154 | |
896dd323 | 155 | 6) ``U`` if a user or user application specifically requested that the |
337c188d MCC |
156 | Tainted flag be set, ``' '`` otherwise. |
157 | ||
896dd323 | 158 | 7) ``D`` if the kernel has died recently, i.e. there was an OOPS or BUG. |
337c188d | 159 | |
896dd323 | 160 | 8) ``A`` if an ACPI table has been overridden. |
337c188d | 161 | |
896dd323 | 162 | 9) ``W`` if a warning has previously been issued by the kernel. |
337c188d MCC |
163 | (Though some warnings may set more specific taint flags.) |
164 | ||
896dd323 | 165 | 10) ``C`` if a staging driver has been loaded. |
337c188d | 166 | |
896dd323 | 167 | 11) ``I`` if the kernel is working around a severe bug in the platform |
337c188d MCC |
168 | firmware (BIOS or similar). |
169 | ||
896dd323 | 170 | 12) ``O`` if an externally-built ("out-of-tree") module has been loaded. |
337c188d | 171 | |
896dd323 | 172 | 13) ``E`` if an unsigned module has been loaded in a kernel supporting |
337c188d MCC |
173 | module signature. |
174 | ||
896dd323 TL |
175 | 14) ``L`` if a soft lockup has previously occurred on the system. |
176 | ||
177 | 15) ``K`` if the kernel has been live patched. | |
337c188d | 178 | |
896dd323 | 179 | 16) ``X`` Auxiliary taint, defined for and used by Linux distributors. |
337c188d | 180 | |
896dd323 TL |
181 | 17) ``T`` Kernel was build with the randstruct plugin, which can intentionally |
182 | produce extremely unusual kernel structure layouts (even performance | |
183 | pathological ones), which is important to know when debugging. Set at | |
184 | build time. | |
1b2255db BP |
185 | |
186 | 18) ``N`` if an in-kernel test, such as a KUnit test, has been run. |