cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

tainted-kernels.rst (8534B)

      1Tainted kernels
      2---------------
      3
      4The kernel will mark itself as 'tainted' when something occurs that might be
      5relevant later when investigating problems. Don't worry too much about this,
      6most of the time it's not a problem to run a tainted kernel; the information is
      7mainly of interest once someone wants to investigate some problem, as its real
      8cause might be the event that got the kernel tainted. That's why bug reports
      9from tainted kernels will often be ignored by developers, hence try to reproduce
     10problems with an untainted kernel.
     11
     12Note the kernel will remain tainted even after you undo what caused the taint
     13(i.e. unload a proprietary kernel module), to indicate the kernel remains not
     14trustworthy. That's also why the kernel will print the tainted state when it
     15notices an internal problem (a 'kernel bug'), a recoverable error
     16('kernel oops') or a non-recoverable error ('kernel panic') and writes debug
     17information about this to the logs ``dmesg`` outputs. It's also possible to
     18check the tainted state at runtime through a file in ``/proc/``.
     19
     20
     21Tainted flag in bugs, oops or panics messages
     22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     23
     24You find the tainted state near the top in a line starting with 'CPU:'; if or
     25why the kernel was tainted is shown after the Process ID ('PID:') and a shortened
     26name of the command ('Comm:') that triggered the event::
     27
     28	BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
     29	Oops: 0002 [#1] SMP PTI
     30	CPU: 0 PID: 4424 Comm: insmod Tainted: P        W  O      4.20.0-0.rc6.fc30 #1
     31	Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
     32	RIP: 0010:my_oops_init+0x13/0x1000 [kpanic]
     33	[...]
     34
     35You'll find a 'Not tainted: ' there if the kernel was not tainted at the
     36time of the event; if it was, then it will print 'Tainted: ' and characters
     37either letters or blanks. In above example it looks like this::
     38
     39	Tainted: P        W  O
     40
     41The meaning of those characters is explained in the table below. In this case
     42the kernel got tainted earlier because a proprietary Module (``P``) was loaded,
     43a warning occurred (``W``), and an externally-built module was loaded (``O``).
     44To decode other letters use the table below.
     45
     46
     47Decoding tainted state at runtime
     48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     49
     50At runtime, you can query the tainted state by reading
     51``cat /proc/sys/kernel/tainted``. If that returns ``0``, the kernel is not
     52tainted; any other number indicates the reasons why it is. The easiest way to
     53decode that number is the script ``tools/debugging/kernel-chktaint``, which your
     54distribution might ship as part of a package called ``linux-tools`` or
     55``kernel-tools``; if it doesn't you can download the script from
     56`git.kernel.org <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/tools/debugging/kernel-chktaint>`_
     57and execute it with ``sh kernel-chktaint``, which would print something like
     58this on the machine that had the statements in the logs that were quoted earlier::
     59
     60	Kernel is Tainted for following reasons:
     61	 * Proprietary module was loaded (#0)
     62	 * Kernel issued warning (#9)
     63	 * Externally-built ('out-of-tree') module was loaded  (#12)
     64	See Documentation/admin-guide/tainted-kernels.rst in the Linux kernel or
     65	 https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html for
     66	 a more details explanation of the various taint flags.
     67	Raw taint value as int/string: 4609/'P        W  O     '
     68
     69You can try to decode the number yourself. That's easy if there was only one
     70reason that got your kernel tainted, as in this case you can find the number
     71with the table below. If there were multiple reasons you need to decode the
     72number, as it is a bitfield, where each bit indicates the absence or presence of
     73a particular type of taint. It's best to leave that to the aforementioned
     74script, but if you need something quick you can use this shell command to check
     75which bits are set::
     76
     77	$ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done
     78
     79Table for decoding tainted state
     80~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     81
     82===  ===  ======  ========================================================
     83Bit  Log  Number  Reason that got the kernel tainted
     84===  ===  ======  ========================================================
     85  0  G/P       1  proprietary module was loaded
     86  1  _/F       2  module was force loaded
     87  2  _/S       4  kernel running on an out of specification system
     88  3  _/R       8  module was force unloaded
     89  4  _/M      16  processor reported a Machine Check Exception (MCE)
     90  5  _/B      32  bad page referenced or some unexpected page flags
     91  6  _/U      64  taint requested by userspace application
     92  7  _/D     128  kernel died recently, i.e. there was an OOPS or BUG
     93  8  _/A     256  ACPI table overridden by user
     94  9  _/W     512  kernel issued warning
     95 10  _/C    1024  staging driver was loaded
     96 11  _/I    2048  workaround for bug in platform firmware applied
     97 12  _/O    4096  externally-built ("out-of-tree") module was loaded
     98 13  _/E    8192  unsigned module was loaded
     99 14  _/L   16384  soft lockup occurred
    100 15  _/K   32768  kernel has been live patched
    101 16  _/X   65536  auxiliary taint, defined for and used by distros
    102 17  _/T  131072  kernel was built with the struct randomization plugin
    103===  ===  ======  ========================================================
    104
    105Note: The character ``_`` is representing a blank in this table to make reading
    106easier.
    107
    108More detailed explanation for tainting
    109~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    110
    111 0)  ``G`` if all modules loaded have a GPL or compatible license, ``P`` if
    112     any proprietary module has been loaded.  Modules without a
    113     MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
    114     insmod as GPL compatible are assumed to be proprietary.
    115
    116 1)  ``F`` if any module was force loaded by ``insmod -f``, ``' '`` if all
    117     modules were loaded normally.
    118
    119 2)  ``S`` if the kernel is running on a processor or system that is out of
    120     specification: hardware has been put into an unsupported configuration,
    121     therefore proper execution cannot be guaranteed.
    122     Kernel will be tainted if, for example:
    123
    124     - on x86: PAE is forced through forcepae on intel CPUs (such as Pentium M)
    125       which do not report PAE but may have a functional implementation, an SMP
    126       kernel is running on non officially capable SMP Athlon CPUs, MSRs are
    127       being poked at from userspace.
    128     - on arm: kernel running on certain CPUs (such as Keystone 2) without
    129       having certain kernel features enabled.
    130     - on arm64: there are mismatched hardware features between CPUs, the
    131       bootloader has booted CPUs in different modes.
    132     - certain drivers are being used on non supported architectures (such as
    133       scsi/snic on something else than x86_64, scsi/ips on non
    134       x86/x86_64/itanium, have broken firmware settings for the
    135       irqchip/irq-gic on arm64 ...).
    136
    137 3)  ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all
    138     modules were unloaded normally.
    139
    140 4)  ``M`` if any processor has reported a Machine Check Exception,
    141     ``' '`` if no Machine Check Exceptions have occurred.
    142
    143 5)  ``B`` If a page-release function has found a bad page reference or some
    144     unexpected page flags. This indicates a hardware problem or a kernel bug;
    145     there should be other information in the log indicating why this tainting
    146     occurred.
    147
    148 6)  ``U`` if a user or user application specifically requested that the
    149     Tainted flag be set, ``' '`` otherwise.
    150
    151 7)  ``D`` if the kernel has died recently, i.e. there was an OOPS or BUG.
    152
    153 8)  ``A`` if an ACPI table has been overridden.
    154
    155 9)  ``W`` if a warning has previously been issued by the kernel.
    156     (Though some warnings may set more specific taint flags.)
    157
    158 10) ``C`` if a staging driver has been loaded.
    159
    160 11) ``I`` if the kernel is working around a severe bug in the platform
    161     firmware (BIOS or similar).
    162
    163 12) ``O`` if an externally-built ("out-of-tree") module has been loaded.
    164
    165 13) ``E`` if an unsigned module has been loaded in a kernel supporting
    166     module signature.
    167
    168 14) ``L`` if a soft lockup has previously occurred on the system.
    169
    170 15) ``K`` if the kernel has been live patched.
    171
    172 16) ``X`` Auxiliary taint, defined for and used by Linux distributors.
    173
    174 17) ``T`` Kernel was build with the randstruct plugin, which can intentionally
    175     produce extremely unusual kernel structure layouts (even performance
    176     pathological ones), which is important to know when debugging. Set at
    177     build time.