kernel taint

最新推荐文章于 2023-03-31 20:12:24 发布
最新推荐文章于 2023-03-31 20:12:24 发布
阅读量882 收藏 1
点赞数
文章标签: 操作系统
原文链接:https://yq.aliyun.com/articles/15255
版权
在CentOS7 x64安装了ocz revodrive3x2驱动后, 系统无法启动.
查看dmesg信息, 有几条内核被污染的告警. 
# dmesg
[   11.568655] oczpcie: module verification failed: signature and/or required key missing - tainting kernel
[   11.590198] oczvca: module license 'OCZ' taints kernel.
[   11.590200] oczvca: module license 'OCZ' taints kernel.
[   11.590204] Disabling lock debugging due to kernel taint

同时内核污染状态如下 : 
 
[root@localhost ~]# sysctl -a|grep tain
kernel.tainted = 6147

数字组合如下 : 
 
1 - A module with a non-GPL license has been loaded, this
       includes modules with no license.
       Set by modutils >= 2.4.9 and module-init-tools.
2 - A module was force loaded by insmod -f.
       Set by modutils >= 2.4.9 and module-init-tools.
2048 - The system is working around a severe firmware bug.
4096 - An out-of-tree module has been loaded.

卸载rpm包, 重新启动系统正常, 还有一个告警和OCZ驱动RPM包无关.
[root@localhost ~]# sysctl -a|grep taint
kernel.tainted = 2048
2048 - The system is working around a severe firmware bug.

dmesg信息如下  : 
[    0.407649] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[    0.407722] ACPI Error: [CDW1] Namespace lookup failure, AE_NOT_FOUND (20130517/psargs-359)
[    0.407727] ACPI Error: Method parse/execution failed [\_SB_._OSC] (Node ffff8817ba92b870), AE_NOT_FOUND (20130517/psparse-536)
[    0.407915] ACPI: Interpreter enabled
[    0.407920] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S1_] (20130517/hwxface-571)
[    0.407924] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20130517/hwxface-571)
[    0.407927] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S3_] (20130517/hwxface-571)
[    0.407939] ACPI: (supports S0 S4 S5)
[    0.407940] ACPI: Using IOAPIC for interrupt routing
[    0.408037] HEST: Table parsing has been initialized.
[    0.408041] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    0.408095] ACPI: No dock devices found.
[    0.412782] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    0.412790] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI]
[    0.412903] acpi PNP0A08:00: PCIe AER handled by firmware
[    0.413128] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME PCIeCapability]


OCZ revodrive 3 x2 pcie SSD由默认的mvsas驱动.
 
Disk /dev/sdc: 120.0 GB, 120034123776 bytes, 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x60d0fce7

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048   468881407   234439680   83  Linux

Disk /dev/sdd: 120.0 GB, 120034123776 bytes, 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

参数如下 : 
[root@localhost modprobe.d]# ll /sys/module/mvsas/parameters/*
-r--r--r-- 1 root root 4096 Nov 27 00:06 /sys/module/mvsas/parameters/collector
[root@localhost modprobe.d]# cat /sys/module/mvsas/parameters/*
1
[root@localhost modprobe.d]# modinfo mvsas
filename:       /lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/scsi/mvsas/mvsas.ko
license:        GPL
version:        0.8.16
description:    Marvell 88SE6440 SAS/SATA controller driver
author:         Jeff Garzik <jgarzik@pobox.com>
srcversion:     4FF6FB6153E662306329CB3
alias:          pci:v00001B85d00001084sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001083sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001080sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001044sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001043sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001042sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001041sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001040sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001022sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001021sv*sd*bc*sc*i*
alias:          pci:v00001B4Bd00009485sv*sd00009480bc*sc*i*
alias:          pci:v00001B4Bd00009445sv*sd00009480bc*sc*i*
alias:          pci:v00001B4Bd00009480sv*sd00009480bc*sc*i*
alias:          pci:v00001103d00002760sv*sd*bc*sc*i*
alias:          pci:v00001103d00002744sv*sd*bc*sc*i*
alias:          pci:v00001103d00002740sv*sd*bc*sc*i*
alias:          pci:v00001103d00002722sv*sd*bc*sc*i*
alias:          pci:v00001103d00002721sv*sd*bc*sc*i*
alias:          pci:v00001103d00002720sv*sd*bc*sc*i*
alias:          pci:v00001103d00002710sv*sd*bc*sc*i*
alias:          pci:v00009005d00000450sv*sd*bc*sc*i*
alias:          pci:v000017D3d00001320sv*sd*bc*sc*i*
alias:          pci:v000017D3d00001300sv*sd*bc*sc*i*
alias:          pci:v000011ABd00009180sv*sd*bc*sc*i*
alias:          pci:v000011ABd00009480sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006485sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006440sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006440sv*sd00006480bc*sc*i*
alias:          pci:v000011ABd00006340sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006320sv*sd*bc*sc*i*
depends:        libsas,scsi_transport_sas
intree:         Y
vermagic:       3.10.0-123.el7.x86_64 SMP mod_unload modversions 
signer:         CentOS Linux kernel signing key
sig_key:        BC:83:D0:FE:70:C6:2F:AB:1C:58:B4:EB:AA:95:E3:93:61:28:FC:F4
sig_hashalgo:   sha256
parm:           collector:
        If greater than one, tells the SAS Layer to run in Task Collector
        Mode.  
        If 1 or 0, tells the SAS Layer to run in Direct Mode.
        The mvsas SAS LLDD supports both modes.
        Default: 1 (Direct Mode).
 (int)

mvsas 参数可更改, 但是依旧是240变成2块120G的块设备.
 
[root@localhost modprobe.d]# pwd
/etc/modprobe.d
[root@localhost modprobe.d]# vi mvsas.conf 
options mvsas collector=2
[root@localhost modprobe.d]# rmmod mvsas && modprobe mvsas


[参考]
1.  https://www.kernel.org/doc/Documentation/sysctl/kernel.txt 
tainted:

Non-zero if the kernel has been tainted.  Numeric values, which
can be ORed together:

   1 - A module with a non-GPL license has been loaded, this
       includes modules with no license.
       Set by modutils >= 2.4.9 and module-init-tools.
   2 - A module was force loaded by insmod -f.
       Set by modutils >= 2.4.9 and module-init-tools.
   4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
   8 - A module was forcibly unloaded from the system by rmmod -f.
  16 - A hardware machine check error occurred on the system.
  32 - A bad page was discovered on the system.
  64 - The user has asked that the system be marked "tainted".  This
       could be because they are running software that directly modifies
       the hardware, or for other reasons.
 128 - The system has died.
 256 - The ACPI DSDT has been overridden with one supplied by the user
        instead of using the one provided by the hardware.
 512 - A kernel warning has occurred.
1024 - A module from drivers/staging was loaded.
2048 - The system is working around a severe firmware bug.
4096 - An out-of-tree module has been loaded.
8192 - An unsigned module has been loaded in a kernel supporting module
       signature.
16384 - A soft lockup has previously occurred on the system.

2.  https://www.kernel.org/doc/Documentation/module-signing.txt 
==========================
CONFIGURING MODULE SIGNING
==========================

The module signing facility is enabled by going to the "Enable Loadable Module
Support" section of the kernel configuration and turning on

	CONFIG_MODULE_SIG	"Module signature verification"

This has a number of options available:

 (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)

     This specifies how the kernel should deal with a module that has a
     signature for which the key is not known or a module that is unsigned.

     If this is off (ie. "permissive"), then modules for which the key is not
     available and modules that are unsigned are permitted, but the kernel will
     be marked as being tainted, and the concerned modules will be marked as
     tainted, shown with the character 'E'.

     If this is on (ie. "restrictive"), only modules that have a valid
     signature that can be verified by a public key in the kernel's possession
     will be loaded.  All other modules will generate an error.

     Irrespective of the setting here, if the module has a signature block that
     cannot be parsed, it will be rejected out of hand.


 (2) "Automatically sign all modules" (CONFIG_MODULE_SIG_ALL)

     If this is on then modules will be automatically signed during the
     modules_install phase of a build.  If this is off, then the modules must
     be signed manually using:

	scripts/sign-file


 (3) "Which hash algorithm should modules be signed with?"

     This presents a choice of which hash algorithm the installation phase will
     sign the modules with:

	CONFIG_MODULE_SIG_SHA1		"Sign modules with SHA-1"
	CONFIG_MODULE_SIG_SHA224	"Sign modules with SHA-224"
	CONFIG_MODULE_SIG_SHA256	"Sign modules with SHA-256"
	CONFIG_MODULE_SIG_SHA384	"Sign modules with SHA-384"
	CONFIG_MODULE_SIG_SHA512	"Sign modules with SHA-512"

     The algorithm selected here will also be built into the kernel (rather
     than being a module) so that modules signed with that algorithm can have
     their signatures checked without causing a dependency loop.

3. http://ocz.com/consumer/download/drivers
weixin_34092370
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Taint analysis
03-19
taint analysis 污点数据分析,ppt,下载
编写Linux内核模块
03-30 5143
最近由于学习需要,学习了一下Linux内核模块的编写方法,特此把学习过程中的问题记录下来!!! // //hello.c // #include #include #include static int hello_init(void) { printk(KERN_WARNING "Module init: Hello world!\n"); return 0; } stati
内核模块编译时出现的问题解决
manchestermi的博客
09-01 1万+
第一次把自己编译的驱动模块加载进开发板,就出现问题,还好没花费多长时间,下面列举出现的问题及解决方案      1:出现insmod: error inserting 'hello.ko': -1 Invalid module format 法一(网上的):是因为内核模块生成的环境与运行的环境不一致,用linux-2.6.27内核源代码生成的模块,可能就不能在linux-2.6.3
Linux Kernel Tainted
echoisland的专栏
01-09 3499
Kernel Tainted Posted January 6th, 2008 by jfinstrom The Linux kernel maintains a "taint state" which is included in kernel error messages. The taint state provides an indication whether
Disabling lock debugging due to kernel taint 问题求解
shjhuang的专栏
03-11 1万+
环境: arm-linux, kernel3.2.0, arm-gcc 4.6.3 编写驱动后,加载时提示如下: Disabling lock debugging due to kernel taint 在网上收到的解决方案是增加 MODULE_LICENSE("GPL");语句。但是实际上我已经添加了。 如果把MODULE_LICENSE("GPL");删
Kernel, tainted, 被污染的实例;panic_on_taint
mzhan017的博客
03-02 1105
介绍 https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html https://forums.xilinx.com/t5/Embedded-Development-Tools/Loading-out-of-tree-module-taints-kernel-2017-3/td-p/848762 实例 Feb 25 10:10:40 qrms6-oam-b kernel: [ 9159.028796] WARNING: CP
深入了解Linux内存检测技术
m0_74282605的博客
03-16 524
----------------------------------虽然分配32字节,但是对应分配了64字节。在test_code/slub_debug目录下执行make.sh,将slub.ko/slub2.ko/slub3.ko放入data。重复释放可以被slub_debug识别。kasan可以检测到越界访问、访问已释放内存、重复释放等类型错误,其中重复释放借助于slub_debug。kasan是一个动态检查内存错误的工具,可以检查内存越界访问、使用已释放内存、重复释放以及栈溢出。
effective taint analysis of web applications
01-12
O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. Taj: effective taint analysis of web applications. InPLDI,pages87–97,2009.
taintTaint是一个PHP扩展,用于检测XSS代码
01-30
taint是PECL扩展名,因此您可以通过以下方式简单地安装它: pecl install taint 在Linux上编译污点 $/path/to/phpize $./configure --with-php-config=/path/to/php-config/ $make && make install 用法 启用污点后...
taint-entropy-panda
05-03
熊猫PANDA是用于架构中立动态分析的开源平台。 它基于QEMU整个系统仿真器构建,因此分析可以访问来宾中执行的所有代码和所有数据。 PANDA增加了记录和重放执行的功能,从而可以进行迭代,深入的整个系统分析。...
labeltainter:根据节点或自定义标签设置Kubernetes节点污点,而无需在引导节点时对其进行配置。 远非理想,但对某些受管节点组设置很有用
03-25
贴标签的人 根据节点或自定义标签设置Kubernetes节点污点,而无需在引导节点时对其进行配置。 对于不直接控制节点的受管节点组设置很有用,因此无法轻松在节点上设置污点。 考虑到问题的限制,我认为这是一个很好...
module license 'unspecified' taints kernel解决方法
小小城御园的博客
09-13 8555
当加载驱动出现如下字样: module license 'unspecified' taints kernel 或 Disabling lock debugging due to kernel taint 需要加入MODULE_LICENSE("GPL");模块许可证,就可以避免这个错误。 模块许可证(LICENSE)声明描述内核模块的许可权限,如果不声明LICENSE,模块被加载时...
no symbol version for 的解决方法
sy84436446的博客
11-26 1465
在写GPIB驱动时遇到如下错误: root@am335x:~# insmod /mnt/nfs/am335x/drive/nat9914_driver/nat9914_driver.ko Disabling lock debugging due to kernel taint nat9914_driver: no symbol version for gpmc_cs_write_reg n...
Linux驱动开发——内核模块
qq_52479948的博客
03-31 1966
目录 内核模块的由来 第一个内核模块程序 内核模块工具 将多个源文件编译生成一个内核模块 内核模块参数 内核模块依赖 关于内核模块的进一步讨论 习题 内核模块的由来 最近一直在玩那些其它的技术,眼看快暑假了,我决定夯实一下我的驱动方面的技能,迎接我的实习,找了一本书,接下来就跟着这本书学了 先来看第二章,内核模块 Linux是宏内核(或单内核)的操作系统的典型代表,它和微内核(典型的代表是 Windows操作系统)的最大区别在于所有的内核功能都被整体
Linux内核死机调试方法总结
weixin_30376083的博客
04-01 923
使用空指针和缓冲区溢出是产生oops的两个最常见原因。 1、直接查看oops信息,首先查找源代码发生oops的位置,通过查看指令寄存器EIP的值,可以找到位置。再查找函数调用栈可以得到更多的信息。从函数调用栈可辨别出局部变量,全局变量和函数参数。较为重要的信息就是指令指针(EIP),即出错指令的地址。 例如:在函数faulty_read的oops信息的函数调用栈中,栈顶为ffffffff,栈顶...
嵌入式驱动模块的加载与卸载
新时代农民工---码农
04-19 3033
最近学习正点原子嵌入式驱动模块加载与卸载的时候,使用命令:modprobe chrdevbase.ko 出现 hrdevbase: version magic '4.1.15 SMP preempt mod_unload modversions ARMv6 p2v8 ’ should be '4.1.15 SMP preempt mod_unload modversions ARMv7 p2v8 ’ 问题原因:这种报错是内核版本和模块版本不一致,所以导致加载不成功 温馨提示:这里的内核版本不是ubun
linux Oops和Panic关系
热门推荐
hunanchenxingyu的专栏
03-31 1万+
常在河边走,哪能不湿鞋。用Linux,总有死机的时候,如果运气好,会看到一些所谓”Oops”信息(在屏幕上或系统日志中),比如: Unable to handle kernel paging request at virtual address f899b670 printing eip: c01de48c *pde = 00737067 Oops: 0002 [#1] Modules
关于内核模块挂载出现“no symbol version for”问题的研究
04-07 1万+
http://blog.chinaunix.net/uid-20543672-id-3023148.html 前几天一个同事问我:如果一个模块要调用另一个模块的函数,要不要做什么特别的处理?我当时只是知道需要将被调用的函数EXPORT_SYMBOL();。但是由于具体的模块实验自己还没有做过,我就立马做了一个给他看,自己也验证一下。这实验一做,问题就来了:虽然在编译通过了(有警告:
kubectl taint
最新发布
07-28
kubectl taint是一个Kubernetes命令行工具(kubectl)提供的命令,用于向节点添加或移除污点(taint)。污点是一种用于标记节点的特性,可以阻止Pod在该节点上调度。 要使用kubectl taint命令,您需要指定节点的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值