Tainted kernels

The kernel will mark itself as ‘tainted’ when something occurs that might berelevant later when investigating problems. Don’t worry too much about this,most of the time it’s not a problem to run a tainted kernel; the information ismainly of interest once someone wants to investigate some problem, as its realcause might be the event that got the kernel tainted. That’s why bug reportsfrom tainted kernels will often be ignored by developers, hence try to reproduceproblems with an untainted kernel.

Note the kernel will remain tainted even after you undo what caused the taint(i.e. unload a proprietary kernel module), to indicate the kernel remains nottrustworthy. That’s also why the kernel will print the tainted state when itnotices an internal problem (a ‘kernel bug’), a recoverable error(‘kernel oops’) or a non-recoverable error (‘kernel panic’) and writes debuginformation about this to the logsdmesg outputs. It’s also possible tocheck the tainted state at runtime through a file in/proc/.

Tainted flag in bugs, oops or panics messages

You find the tainted state near the top in a line starting with ‘CPU:’; if orwhy the kernel was tainted is shown after the Process ID (‘PID:’) and a shortenedname of the command (‘Comm:’) that triggered the event:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000000Oops: 0002 [#1] SMP PTICPU: 0 PID: 4424 Comm: insmod Tainted: P        W  O      4.20.0-0.rc6.fc30 #1Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011RIP: 0010:my_oops_init+0x13/0x1000 [kpanic][...]

You’ll find a ‘Not tainted: ‘ there if the kernel was not tainted at thetime of the event; if it was, then it will print ‘Tainted: ‘ and characterseither letters or blanks. In above example it looks like this:

Tainted: P        W  O

The meaning of those characters is explained in the table below. In this casethe kernel got tainted earlier because a proprietary Module (P) was loaded,a warning occurred (W), and an externally-built module was loaded (O).To decode other letters use the table below.

Decoding tainted state at runtime

At runtime, you can query the tainted state by readingcat/proc/sys/kernel/tainted. If that returns0, the kernel is nottainted; any other number indicates the reasons why it is. The easiest way todecode that number is the scripttools/debugging/kernel-chktaint, which yourdistribution might ship as part of a package calledlinux-tools orkernel-tools; if it doesn’t you can download the script fromgit.kernel.organd execute it withshkernel-chktaint, which would print something likethis on the machine that had the statements in the logs that were quoted earlier:

Kernel is Tainted for following reasons: * Proprietary module was loaded (#0) * Kernel issued warning (#9) * Externally-built ('out-of-tree') module was loaded  (#12)See Documentation/admin-guide/tainted-kernels.rst in the Linux kernel or https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html for a more details explanation of the various taint flags.Raw taint value as int/string: 4609/'P        W  O     '

You can try to decode the number yourself. That’s easy if there was only onereason that got your kernel tainted, as in this case you can find the numberwith the table below. If there were multiple reasons you need to decode thenumber, as it is a bitfield, where each bit indicates the absence or presence ofa particular type of taint. It’s best to leave that to the aforementionedscript, but if you need something quick you can use this shell command to checkwhich bits are set:

$ for i in $(seq 18); do echo $(($i-1)) $(($(cat /proc/sys/kernel/tainted)>>($i-1)&1));done

Table for decoding tainted state

BitLogNumberReason that got the kernel tainted
0G/P1proprietary module was loaded
1_/F2module was force loaded
2_/S4SMP kernel oops on an officially SMP incapable processor
3_/R8module was force unloaded
4_/M16processor reported a Machine Check Exception (MCE)
5_/B32bad page referenced or some unexpected page flags
6_/U64taint requested by userspace application
7_/D128kernel died recently, i.e. there was an OOPS or BUG
8_/A256ACPI table overridden by user
9_/W512kernel issued warning
10_/C1024staging driver was loaded
11_/I2048workaround for bug in platform firmware applied
12_/O4096externally-built (“out-of-tree”) module was loaded
13_/E8192unsigned module was loaded
14_/L16384soft lockup occurred
15_/K32768kernel has been live patched
16_/X65536auxiliary taint, defined for and used by distros
17_/T131072kernel was built with the struct randomization plugin

Note: The character_ is representing a blank in this table to make readingeasier.

More detailed explanation for tainting

  1. G if all modules loaded have a GPL or compatible license,P ifany proprietary module has been loaded. Modules without aMODULE_LICENSE or with a MODULE_LICENSE that is not recognised byinsmod as GPL compatible are assumed to be proprietary.
  2. F if any module was force loaded byinsmod-f,'' if allmodules were loaded normally.
  3. S if the oops occurred on an SMP kernel running on hardware thathasn’t been certified as safe to run multiprocessor.Currently this occurs only on various Athlons that are notSMP capable.
  4. R if a module was force unloaded byrmmod-f,'' if allmodules were unloaded normally.
  5. M if any processor has reported a Machine Check Exception,'' if no Machine Check Exceptions have occurred.
  6. B If a page-release function has found a bad page reference or someunexpected page flags. This indicates a hardware problem or a kernel bug;there should be other information in the log indicating why this taintingoccured.
  7. U if a user or user application specifically requested that theTainted flag be set,'' otherwise.
  8. D if the kernel has died recently, i.e. there was an OOPS or BUG.
  9. A if an ACPI table has been overridden.
  10. W if a warning has previously been issued by the kernel.(Though some warnings may set more specific taint flags.)
  11. C if a staging driver has been loaded.
  12. I if the kernel is working around a severe bug in the platformfirmware (BIOS or similar).
  13. O if an externally-built (“out-of-tree”) module has been loaded.
  14. E if an unsigned module has been loaded in a kernel supportingmodule signature.
  15. L if a soft lockup has previously occurred on the system.
  16. K if the kernel has been live patched.
  17. X Auxiliary taint, defined for and used by Linux distributors.
  18. T Kernel was build with the randstruct plugin, which can intentionallyproduce extremely unusual kernel structure layouts (even performancepathological ones), which is important to know when debugging. Set atbuild time.