Friday, September 16, 2011

How to check whether current running kernel is tainted(contaminated) or not ?

■ Requirement : check whether current running kernel is tainted(contaminated) or not
■ OS Environment : Linux, RHEL, Centos
■ Resolution : 

The Linux kernel maintains a"taint state" which is included in kernel error messages. The taint state provides an indication whether something has happened to the running kernel that affects whether a kernel error or hang can be troubleshoot effectively by analysing the kernel source code. Some of the information in the taint relates to whether the information provided by the kernel in an error message can be considered trustworthy.

1. Following command could be used :

$ cat /proc/sys/kernel/tainted
536870912

Use the following to decipher the taint value :

Non-zero if the kernel has been tainted. Numeric values, which can be ORed together:

1 - A module with a non-GPL license has been loaded, this includes modules with no license. Set by modutils >= 2.4.9 and module-init-tools.
2 - A module was force loaded by insmod -f. Set by modutils >= 2.4.9 and module-init-tools.
4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
8 - A module was forcibly unloaded from the system by rmmod -f.
16 - A hardware machine check error occurred on the system.
32 - A bad page was discovered on the system.
64 - The user has asked that the system be marked "tainted". This could be because they are running software that directly modifies the hardware, or for other reasons.
128 - The system has died.
256 - The ACPI DSDT has been overridden with one supplied by the user instead of using the one provided by the hardware.
512 - A kernel warning has occurred.
1024 - A module from drivers/staging was loaded.
268435456 - Unsupported hardware
536870912 - Technology Preview code was loaded

The taint status of the kernel not only indicates whether or not the kernel has been tainted but also indicates what type(s) of event caused the kernel to be marked as tainted. This information is encoded through single-character flags in the string following "Tainted:" in a kernel error message.

* P: Proprietary module has been loaded, i.e. a module that is not licensed under the GNU General Public License (GPL) or a compatible license. This may indicate that source code for this module is not available to the Linux kernel developers.
* G: The opposite of P: the kernel has been tainted (for a reason indicated by a different flag), but all modules loaded into it were licensed under the GPL or a license compatible with the GPL.
* F: Module has been forcibly loaded using the force option "-f" of insmod or modprobe, which caused a sanity check of the versioning information from the module (if present) to be skipped.
* S: SMP with CPUs not designed for SMP. The Linux kernel is running with Symmetric MultiProcessor support (SMP), but the CPUs in the system are not designed or certified for SMP use.
* R: User forced a module unload. A module which was in use or was not designed to be removed has been forcefully removed from the running kernel using the force option "-f" of rmmod.
* M: System experienced a machine check exception. A Machine Check Exception (MCE) has been raised while the kernel was running. MCEs are triggered by the hardware to indicate a hardware related problem, for example the CPU's temperature exceeding a treshold or a memory bank signaling an uncorrectable error.
* B: System has hit bad_page, indicating a corruption of the virtual memory subsystem, possibly caused by malfunctioning RAM or cache memory.
* U: Userspace-defined naughtiness.
* D: Kernel has oopsed before
* A: ACPI table overridden.
* W: Taint on warning.
* C: modules from drivers/staging are loaded.
* I: Working around severe firmware bug.

The taint flags above are implemented in the standard Linux kernel and indicate the information provided in kernel error messages is not necessarily to be trusted. Additionally, the following flags are used by the RHEL kernel:

* H: Hardware is unsupported.
* T: Technology Preview code is loaded.

No comments:

Post a Comment