* [PATCH] kernel-chktaint: add reporting for tainted modules
@ 2025-10-28 7:12 Randy Dunlap
2025-10-28 10:05 ` Thorsten Leemhuis
0 siblings, 1 reply; 3+ messages in thread
From: Randy Dunlap @ 2025-10-28 7:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Randy Dunlap, Thorsten Leemhuis, Jonathan Corbet, linux-doc
Check all loaded modules and report any that have their 'taint'
flags set along with a count of all tainted modules.
The tainted module output format is:
<module_name>: taint=<flags>
Example output:
Kernel is "tainted" for the following reasons:
* externally-built ('out-of-tree') module was loaded (#12)
* unsigned module was loaded (#13)
Raw taint value as int/string: 12288/'G OE '
Modules tainted: count=1
dump_test: taint=OE
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
---
Cc: Thorsten Leemhuis <linux@leemhuis.info>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
---
tools/debugging/kernel-chktaint | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- linux-next-20251027.orig/tools/debugging/kernel-chktaint
+++ linux-next-20251027/tools/debugging/kernel-chktaint
@@ -211,9 +211,24 @@ else
addout "J"
echo " * fwctl's mutating debug interface was used (#19)"
fi
+echo "Raw taint value as int/string: $taint/'$out'"
+
+# report on any tainted loadable modules
+[ -r /sys/module/ ] && cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0
+if [ $cnt -ne 0 ]; then
+ echo
+ echo "Modules tainted: count=$cnt"
+ for dir in `ls /sys/module` ; do
+ if [ -r /sys/module/$dir/taint ]; then
+ modtnt=`cat /sys/module/$dir/taint`
+ [ "$modtnt" = "" ] || echo "$dir: taint=$modtnt"
+ fi
+ done
+fi
+
+echo
echo "For a more detailed explanation of the various taint flags see"
echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources"
echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html"
-echo "Raw taint value as int/string: $taint/'$out'"
#EOF#
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] kernel-chktaint: add reporting for tainted modules
2025-10-28 7:12 [PATCH] kernel-chktaint: add reporting for tainted modules Randy Dunlap
@ 2025-10-28 10:05 ` Thorsten Leemhuis
2025-10-28 19:51 ` Randy Dunlap
0 siblings, 1 reply; 3+ messages in thread
From: Thorsten Leemhuis @ 2025-10-28 10:05 UTC (permalink / raw)
To: Randy Dunlap, linux-kernel; +Cc: Jonathan Corbet, linux-doc
On 10/28/25 08:12, Randy Dunlap wrote:
> Check all loaded modules and report any that have their 'taint'
> flags set along with a count of all tainted modules.
> The tainted module output format is:
> <module_name>: taint=<flags>
>
> Example output:
>
> Kernel is "tainted" for the following reasons:
> * externally-built ('out-of-tree') module was loaded (#12)
> * unsigned module was loaded (#13)
> Raw taint value as int/string: 12288/'G OE '
I wonder if it would be easier more readable if the format used above...
> Modules tainted: count=1
> dump_test: taint=OE
...would be reused here somewhat. Like this maybe?
Modules tainted: 1
* dump_test (OE)
Anyway:
Acked-by: Thorsten Leemhuis <linux@leemhuis.info>
Ciao, Thorsten
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> ---
> Cc: Thorsten Leemhuis <linux@leemhuis.info>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: linux-doc@vger.kernel.org
> ---
> tools/debugging/kernel-chktaint | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> --- linux-next-20251027.orig/tools/debugging/kernel-chktaint
> +++ linux-next-20251027/tools/debugging/kernel-chktaint
> @@ -211,9 +211,24 @@ else
> addout "J"
> echo " * fwctl's mutating debug interface was used (#19)"
> fi
> +echo "Raw taint value as int/string: $taint/'$out'"
> +
> +# report on any tainted loadable modules
> +[ -r /sys/module/ ] && cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0
>
> +if [ $cnt -ne 0 ]; then
> + echo
> + echo "Modules tainted: count=$cnt"
> + for dir in `ls /sys/module` ; do
> + if [ -r /sys/module/$dir/taint ]; then
> + modtnt=`cat /sys/module/$dir/taint`
> + [ "$modtnt" = "" ] || echo "$dir: taint=$modtnt"
> + fi
> + done
> +fi
> +
> +echo
> echo "For a more detailed explanation of the various taint flags see"
> echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources"
> echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html"
> -echo "Raw taint value as int/string: $taint/'$out'"
> #EOF#
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] kernel-chktaint: add reporting for tainted modules
2025-10-28 10:05 ` Thorsten Leemhuis
@ 2025-10-28 19:51 ` Randy Dunlap
0 siblings, 0 replies; 3+ messages in thread
From: Randy Dunlap @ 2025-10-28 19:51 UTC (permalink / raw)
To: Thorsten Leemhuis, linux-kernel; +Cc: Jonathan Corbet, linux-doc
On 10/28/25 3:05 AM, Thorsten Leemhuis wrote:
> On 10/28/25 08:12, Randy Dunlap wrote:
>> Check all loaded modules and report any that have their 'taint'
>> flags set along with a count of all tainted modules.
>> The tainted module output format is:
>> <module_name>: taint=<flags>
>>
>> Example output:
>>
>> Kernel is "tainted" for the following reasons:
>> * externally-built ('out-of-tree') module was loaded (#12)
>> * unsigned module was loaded (#13)
>> Raw taint value as int/string: 12288/'G OE '
>
> I wonder if it would be easier more readable if the format used above...
>> Modules tainted: count=1
>> dump_test: taint=OE
>
> ...would be reused here somewhat. Like this maybe?
>
> Modules tainted: 1
> * dump_test (OE)
Yeah, I like that. Thanks.
--
~Randy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-28 19:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-28 7:12 [PATCH] kernel-chktaint: add reporting for tainted modules Randy Dunlap
2025-10-28 10:05 ` Thorsten Leemhuis
2025-10-28 19:51 ` Randy Dunlap
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).