From: Randy Dunlap <rdunlap@infradead.org>
To: Thorsten Leemhuis <linux@leemhuis.info>, linux-kernel@vger.kernel.org
Cc: Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org
Subject: Re: [PATCH v2] kernel-chktaint: add reporting for tainted modules
Date: Wed, 29 Oct 2025 23:25:43 -0700 [thread overview]
Message-ID: <6553266e-aa0e-4ca7-b83c-cf6df2764f3c@infradead.org> (raw)
In-Reply-To: <16cd7071-3c19-4e32-ba11-ce0856a6f2f8@leemhuis.info>
On 10/29/25 6:56 AM, Thorsten Leemhuis wrote:
> On 10/29/25 05:39, Randy Dunlap wrote:
>> Check all loaded modules and report any that have their 'taint'
>> flags set along with a count of all tainted modules.
>> The tainted module output format is:
>> * <module_name> (<taint_flags>)
>>
>> Example output:
>>
>> Kernel is "tainted" for the following reasons:
>> * externally-built ('out-of-tree') module was loaded (#12)
>> * unsigned module was loaded (#13)
>> Raw taint value as int/string: 12288/'G OE '
>>
>> Modules tainted: 1
>> * dump_test (OE)
>
> Great. Now I wonder if the "1" really is needed, but whatever. I only
> mentioned that because something else came to my mind:
Agreed. Will drop that line.
> The script can be called with a positive integer as parameter to decode
> a value you retrieved from /proc/sys/kernel/tainted on another system.
> Then the module check likely should be omitted.
>
> [...]
>> +echo "Raw taint value as int/string: $taint/'$out'"
>> +
>> +# report on any tainted loadable modules
>> +[ -r /sys/module/ ] && cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0
>
> Maybe by replacing that line with something like this (untested;
> not even sure if the foo && bar && baz || foobar really works):
>
> [ $1 -eq 0 ] && [ -r /sys/module/ ] && cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0
Looks good. I'll test that and send v3.Thanks.
--
~Randy
prev parent reply other threads:[~2025-10-30 6:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 4:39 [PATCH v2] kernel-chktaint: add reporting for tainted modules Randy Dunlap
2025-10-29 13:56 ` Thorsten Leemhuis
2025-10-30 6:25 ` Randy Dunlap [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6553266e-aa0e-4ca7-b83c-cf6df2764f3c@infradead.org \
--to=rdunlap@infradead.org \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@leemhuis.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).