Last active
May 12, 2025 10:02
-
-
Save quonic/ad96946cec15ac58f1f832fba21dea41 to your computer and use it in GitHub Desktop.
Get the reasons for a tainted Linux kernel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Get-KernelTaint.sh | |
| # | |
| # This script checks the kernel taint status by reading the value from | |
| # /proc/sys/kernel/tainted. It interprets the taint flags and prints | |
| # corresponding messages to indicate the reason for the taint. | |
| # It also provides a summary of the taint status. | |
| # | |
| # License: MIT | |
| # | |
| # https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html | |
| # | |
| # | Bit | Log | Number | Reason that got the kernel tainted | | |
| # |-----|-----|--------|-------------------------------------------------------| | |
| # | 0 | G/P | 1 | proprietary module was loaded | | |
| # | 1 | _/F | 2 | module was force loaded | | |
| # | 2 | _/S | 4 | kernel running on an out of specification system | | |
| # | 3 | _/R | 8 | module was force unloaded | | |
| # | 4 | _/M | 16 | processor reported a Machine Check Exception (MCE) | | |
| # | 5 | _/B | 32 | bad page referenced or some unexpected page flags | | |
| # | 6 | _/U | 64 | taint requested by userspace application | | |
| # | 7 | _/D | 128 | kernel died recently, i.e. there was an OOPS or BUG | | |
| # | 8 | _/A | 256 | ACPI table overridden by user | | |
| # | 9 | _/W | 512 | kernel issued warning | | |
| # | 10 | _/C | 1024 | staging driver was loaded | | |
| # | 11 | _/I | 2048 | workaround for bug in platform firmware applied | | |
| # | 12 | _/O | 4096 | externally-built (“out-of-tree”) module was loaded | | |
| # | 13 | _/E | 8192 | unsigned module was loaded | | |
| # | 14 | _/L | 16384 | soft lockup occurred | | |
| # | 15 | _/K | 32768 | kernel has been live patched | | |
| # | 16 | _/X | 65536 | auxiliary taint, defined for and used by distros | | |
| # | 17 | _/T | 131072 | kernel was built with the struct randomization plugin | | |
| # | 18 | _/N | 262144 | an in-kernel test has been run | | |
| # | 19 | _/J | 524288 | userspace used a mutating debug operation in fwctl | | |
| _taint_found=false | |
| declare -A taint_reasons=( | |
| [0]="Proprietary module was loaded" | |
| [1]="Module was force loaded" | |
| [2]="Kernel running on an out of specification system" | |
| [3]="Module was force unloaded" | |
| [4]="Processor reported a Machine Check Exception (MCE)" | |
| [5]="Bad page referenced or some unexpected page flags" | |
| [6]="Taint requested by userspace application" | |
| [7]="Kernel died recently, i.e. there was an OOPS or BUG" | |
| [8]="ACPI table overridden by user" | |
| [9]="Kernel issued warning" | |
| [10]="Staging driver was loaded" | |
| [11]="Workaround for bug in platform firmware applied" | |
| [12]="Externally-built ('out-of-tree') module was loaded" | |
| [13]="Unsigned module was loaded" | |
| [14]="Soft lockup occurred" | |
| [15]="Kernel has been live patched" | |
| [16]="Auxiliary taint, defined for and used by distros" | |
| [17]="Kernel was built with the struct randomization plugin" | |
| [18]="An in-kernel test has been run" | |
| [19]="Userspace used a mutating debug operation in fwctl" | |
| ) | |
| for _bit in "${!taint_reasons[@]}"; do | |
| if ((($(cat /proc/sys/kernel/tainted) >> _bit & 1) == 1)); then | |
| echo "Kernel is tainted: ${taint_reasons[$_bit]}" | |
| _taint_found=true | |
| fi | |
| done | |
| if [[ "${_taint_found}" == false ]]; then | |
| echo "[Info] Kernel is not tainted" | |
| exit 0 | |
| else | |
| echo "[Error] Kernel is tainted" | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment