Documentation/admin-guide/tainted-kernels.rst

0001 Tainted kernels
0002 ---------------
0003
0004 The kernel will mark itself as 'tainted' when something occurs that might be
0005 relevant later when investigating problems. Don't worry too much about this,
0006 most of the time it's not a problem to run a tainted kernel; the information is
0007 mainly of interest once someone wants to investigate some problem, as its real
0008 cause might be the event that got the kernel tainted. That's why bug reports
0009 from tainted kernels will often be ignored by developers, hence try to reproduce
0010 problems with an untainted kernel.
0011
0012 Note the kernel will remain tainted even after you undo what caused the taint
0013 (i.e. unload a proprietary kernel module), to indicate the kernel remains not
0014 trustworthy. That's also why the kernel will print the tainted state when it
0015 notices an internal problem (a 'kernel bug'), a recoverable error
0016 ('kernel oops') or a non-recoverable error ('kernel panic') and writes debug
0017 information about this to the logs ``dmesg`` outputs. It's also possible to
0018 check the tainted state at runtime through a file in ``/proc/``.
0019
0020
0021 Tainted flag in bugs, oops or panics messages
0022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0023
0024 You find the tainted state near the top in a line starting with 'CPU:'; if or
0025 why the kernel was tainted is shown after the Process ID ('PID:') and a shortened
0026 name of the command ('Comm:') that triggered the event::
0027
0028         BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
0029         Oops: 0002 [#1] SMP PTI
0030         CPU: 0 PID: 4424 Comm: insmod Tainted: P        W  O      4.20.0-0.rc6.fc30 #1
0031         Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
0032         RIP: 0010:my_oops_init+0x13/0x1000 [kpanic]
0033         [...]
0034
0035 You'll find a 'Not tainted: ' there if the kernel was not tainted at the
0036 time of the event; if it was, then it will print 'Tainted: ' and characters
0037 either letters or blanks. In above example it looks like this::
0038
0039         Tainted: P        W  O
0040
0041 The meaning of those characters is explained in the table below. In this case
0042 the kernel got tainted earlier because a proprietary Module (``P``) was loaded,
0043 a warning occurred (``W``), and an externally-built module was loaded (``O``).
0044 To decode other letters use the table below.
0045
0046
0047 Decoding tainted state at runtime
0048 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0049
0050 At runtime, you can query the tainted state by reading
0051 ``cat /proc/sys/kernel/tainted``. If that returns ``0``, the kernel is not
0052 tainted; any other number indicates the reasons why it is. The easiest way to
0053 decode that number is the script ``tools/debugging/kernel-chktaint``, which your
0054 distribution might ship as part of a package called ``linux-tools`` or
0055 ``kernel-tools``; if it doesn't you can download the script from
0056 `git.kernel.org <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/tools/debugging/kernel-chktaint>`_
0057 and execute it with ``sh kernel-chktaint``, which would print something like
0058 this on the machine that had the statements in the logs that were quoted earlier::
0059
0060         Kernel is Tainted for following reasons:
0061          * Proprietary module was loaded (#0)
0062          * Kernel issued warning (#9)
0063          * Externally-built ('out-of-tree') module was loaded  (#12)
0064         See Documentation/admin-guide/tainted-kernels.rst in the Linux kernel or
0065          https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html for
0066          a more details explanation of the various taint flags.
0067         Raw taint value as int/string: 4609/'P        W  O     '
0068
0069 You can try to decode the number yourself. That's easy if there was only one
0070 reason that got your kernel tainted, as in this case you can find the number
0071 with the table below. If there were multiple reasons you need to decode the
0072 number, as it is a bitfield, where each bit indicates the absence or presence of
0073 a particular type of taint. It's best to leave that to the aforementioned
0074 script, but if you need something quick you can use this shell command to check
0075 which bits are set::
0076
0077         $ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done
0078
0079 Table for decoding tainted state
0080 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0081
0082 ===  ===  ======  ========================================================
0083 Bit  Log  Number  Reason that got the kernel tainted
0084 ===  ===  ======  ========================================================
0085   0  G/P       1  proprietary module was loaded
0086   1  _/F       2  module was force loaded
0087   2  _/S       4  kernel running on an out of specification system
0088   3  _/R       8  module was force unloaded
0089   4  _/M      16  processor reported a Machine Check Exception (MCE)
0090   5  _/B      32  bad page referenced or some unexpected page flags
0091   6  _/U      64  taint requested by userspace application
0092   7  _/D     128  kernel died recently, i.e. there was an OOPS or BUG
0093   8  _/A     256  ACPI table overridden by user
0094   9  _/W     512  kernel issued warning
0095  10  _/C    1024  staging driver was loaded
0096  11  _/I    2048  workaround for bug in platform firmware applied
0097  12  _/O    4096  externally-built ("out-of-tree") module was loaded
0098  13  _/E    8192  unsigned module was loaded
0099  14  _/L   16384  soft lockup occurred
0100  15  _/K   32768  kernel has been live patched
0101  16  _/X   65536  auxiliary taint, defined for and used by distros
0102  17  _/T  131072  kernel was built with the struct randomization plugin
0103  18  _/N  262144  an in-kernel test has been run
0104 ===  ===  ======  ========================================================
0105
0106 Note: The character ``_`` is representing a blank in this table to make reading
0107 easier.
0108
0109 More detailed explanation for tainting
0110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0111
0112  0)  ``G`` if all modules loaded have a GPL or compatible license, ``P`` if
0113      any proprietary module has been loaded.  Modules without a
0114      MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
0115      insmod as GPL compatible are assumed to be proprietary.
0116
0117  1)  ``F`` if any module was force loaded by ``insmod -f``, ``' '`` if all
0118      modules were loaded normally.
0119
0120  2)  ``S`` if the kernel is running on a processor or system that is out of
0121      specification: hardware has been put into an unsupported configuration,
0122      therefore proper execution cannot be guaranteed.
0123      Kernel will be tainted if, for example:
0124
0125      - on x86: PAE is forced through forcepae on intel CPUs (such as Pentium M)
0126        which do not report PAE but may have a functional implementation, an SMP
0127        kernel is running on non officially capable SMP Athlon CPUs, MSRs are
0128        being poked at from userspace.
0129      - on arm: kernel running on certain CPUs (such as Keystone 2) without
0130        having certain kernel features enabled.
0131      - on arm64: there are mismatched hardware features between CPUs, the
0132        bootloader has booted CPUs in different modes.
0133      - certain drivers are being used on non supported architectures (such as
0134        scsi/snic on something else than x86_64, scsi/ips on non
0135        x86/x86_64/itanium, have broken firmware settings for the
0136        irqchip/irq-gic on arm64 ...).
0137
0138  3)  ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all
0139      modules were unloaded normally.
0140
0141  4)  ``M`` if any processor has reported a Machine Check Exception,
0142      ``' '`` if no Machine Check Exceptions have occurred.
0143
0144  5)  ``B`` If a page-release function has found a bad page reference or some
0145      unexpected page flags. This indicates a hardware problem or a kernel bug;
0146      there should be other information in the log indicating why this tainting
0147      occurred.
0148
0149  6)  ``U`` if a user or user application specifically requested that the
0150      Tainted flag be set, ``' '`` otherwise.
0151
0152  7)  ``D`` if the kernel has died recently, i.e. there was an OOPS or BUG.
0153
0154  8)  ``A`` if an ACPI table has been overridden.
0155
0156  9)  ``W`` if a warning has previously been issued by the kernel.
0157      (Though some warnings may set more specific taint flags.)
0158
0159  10) ``C`` if a staging driver has been loaded.
0160
0161  11) ``I`` if the kernel is working around a severe bug in the platform
0162      firmware (BIOS or similar).
0163
0164  12) ``O`` if an externally-built ("out-of-tree") module has been loaded.
0165
0166  13) ``E`` if an unsigned module has been loaded in a kernel supporting
0167      module signature.
0168
0169  14) ``L`` if a soft lockup has previously occurred on the system.
0170
0171  15) ``K`` if the kernel has been live patched.
0172
0173  16) ``X`` Auxiliary taint, defined for and used by Linux distributors.
0174
0175  17) ``T`` Kernel was build with the randstruct plugin, which can intentionally
0176      produce extremely unusual kernel structure layouts (even performance
0177      pathological ones), which is important to know when debugging. Set at
0178      build time.