kernel taint

在CentOS7 x64安装了ocz revodrive3x2驱动后, 系统无法启动.

http://ocz.com/consumer/download/drivers/linux-v4.1.769/oczpcie-fedora19-v4.1.769.x86_64.rpm

http://ocz.com/consumer/download/drivers

查看dmesg信息, 有几条内核被污染的告警. 

# dmesg
[   11.568655] oczpcie: module verification failed: signature and/or required key missing - tainting kernel
[   11.590198] oczvca: module license 'OCZ' taints kernel.
[   11.590200] oczvca: module license 'OCZ' taints kernel.
[   11.590204] Disabling lock debugging due to kernel taint

同时内核污染状态如下 :  

[root@localhost ~]# sysctl -a|grep tain
kernel.tainted = 6147

数字组合如下 :  

1 - A module with a non-GPL license has been loaded, this
       includes modules with no license.
       Set by modutils >= 2.4.9 and module-init-tools.
2 - A module was force loaded by insmod -f.
       Set by modutils >= 2.4.9 and module-init-tools.
2048 - The system is working around a severe firmware bug.
4096 - An out-of-tree module has been loaded.

卸载rpm包, 重新启动系统正常, 还有一个告警和OCZ驱动RPM包无关.
[root@localhost ~]# sysctl -a|grep taint
kernel.tainted = 2048
2048 - The system is working around a severe firmware bug.

dmesg信息如下  : 

[    0.407649] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[    0.407722] ACPI Error: [CDW1] Namespace lookup failure, AE_NOT_FOUND (20130517/psargs-359)
[    0.407727] ACPI Error: Method parse/execution failed [\_SB_._OSC] (Node ffff8817ba92b870), AE_NOT_FOUND (20130517/psparse-536)
[    0.407915] ACPI: Interpreter enabled
[    0.407920] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S1_] (20130517/hwxface-571)
[    0.407924] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20130517/hwxface-571)
[    0.407927] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S3_] (20130517/hwxface-571)
[    0.407939] ACPI: (supports S0 S4 S5)
[    0.407940] ACPI: Using IOAPIC for interrupt routing
[    0.408037] HEST: Table parsing has been initialized.
[    0.408041] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    0.408095] ACPI: No dock devices found.
[    0.412782] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    0.412790] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI]
[    0.412903] acpi PNP0A08:00: PCIe AER handled by firmware
[    0.413128] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME PCIeCapability]

OCZ revodrive 3 x2 pcie SSD由默认的mvsas驱动. 

Disk /dev/sdc: 120.0 GB, 120034123776 bytes, 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x60d0fce7

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048   468881407   234439680   83  Linux

Disk /dev/sdd: 120.0 GB, 120034123776 bytes, 234441648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

参数如下 : 

[root@localhost modprobe.d]# ll /sys/module/mvsas/parameters/*
-r--r--r-- 1 root root 4096 Nov 27 00:06 /sys/module/mvsas/parameters/collector
[root@localhost modprobe.d]# cat /sys/module/mvsas/parameters/*
1
[root@localhost modprobe.d]# modinfo mvsas
filename:       /lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/scsi/mvsas/mvsas.ko
license:        GPL
version:        0.8.16
description:    Marvell 88SE6440 SAS/SATA controller driver
author:         Jeff Garzik <jgarzik@pobox.com>
srcversion:     4FF6FB6153E662306329CB3
alias:          pci:v00001B85d00001084sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001083sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001080sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001044sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001043sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001042sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001041sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001040sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001022sv*sd*bc*sc*i*
alias:          pci:v00001B85d00001021sv*sd*bc*sc*i*
alias:          pci:v00001B4Bd00009485sv*sd00009480bc*sc*i*
alias:          pci:v00001B4Bd00009445sv*sd00009480bc*sc*i*
alias:          pci:v00001B4Bd00009480sv*sd00009480bc*sc*i*
alias:          pci:v00001103d00002760sv*sd*bc*sc*i*
alias:          pci:v00001103d00002744sv*sd*bc*sc*i*
alias:          pci:v00001103d00002740sv*sd*bc*sc*i*
alias:          pci:v00001103d00002722sv*sd*bc*sc*i*
alias:          pci:v00001103d00002721sv*sd*bc*sc*i*
alias:          pci:v00001103d00002720sv*sd*bc*sc*i*
alias:          pci:v00001103d00002710sv*sd*bc*sc*i*
alias:          pci:v00009005d00000450sv*sd*bc*sc*i*
alias:          pci:v000017D3d00001320sv*sd*bc*sc*i*
alias:          pci:v000017D3d00001300sv*sd*bc*sc*i*
alias:          pci:v000011ABd00009180sv*sd*bc*sc*i*
alias:          pci:v000011ABd00009480sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006485sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006440sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006440sv*sd00006480bc*sc*i*
alias:          pci:v000011ABd00006340sv*sd*bc*sc*i*
alias:          pci:v000011ABd00006320sv*sd*bc*sc*i*
depends:        libsas,scsi_transport_sas
intree:         Y
vermagic:       3.10.0-123.el7.x86_64 SMP mod_unload modversions
signer:         CentOS Linux kernel signing key
sig_key:        BC:83:D0:FE:70:C6:2F:AB:1C:58:B4:EB:AA:95:E3:93:61:28:FC:F4
sig_hashalgo:   sha256
parm:           collector:
        If greater than one, tells the SAS Layer to run in Task Collector
        Mode.
        If 1 or 0, tells the SAS Layer to run in Direct Mode.
        The mvsas SAS LLDD supports both modes.
        Default: 1 (Direct Mode).
 (int)

mvsas 参数可更改, 但是依旧是240变成2块120G的块设备. 

[root@localhost modprobe.d]# pwd
/etc/modprobe.d
[root@localhost modprobe.d]# vi mvsas.conf
options mvsas collector=2
[root@localhost modprobe.d]# rmmod mvsas && modprobe mvsas

[参考]
1. https://www.kernel.org/doc/Documentation/sysctl/kernel.txt 

tainted:

Non-zero if the kernel has been tainted.  Numeric values, which
can be ORed together:

   1 - A module with a non-GPL license has been loaded, this
       includes modules with no license.
       Set by modutils >= 2.4.9 and module-init-tools.
   2 - A module was force loaded by insmod -f.
       Set by modutils >= 2.4.9 and module-init-tools.
   4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
   8 - A module was forcibly unloaded from the system by rmmod -f.
  16 - A hardware machine check error occurred on the system.
  32 - A bad page was discovered on the system.
  64 - The user has asked that the system be marked "tainted".  This
       could be because they are running software that directly modifies
       the hardware, or for other reasons.
 128 - The system has died.
 256 - The ACPI DSDT has been overridden with one supplied by the user
        instead of using the one provided by the hardware.
 512 - A kernel warning has occurred.
1024 - A module from drivers/staging was loaded.
2048 - The system is working around a severe firmware bug.
4096 - An out-of-tree module has been loaded.
8192 - An unsigned module has been loaded in a kernel supporting module
       signature.
16384 - A soft lockup has previously occurred on the system.

2. https://www.kernel.org/doc/Documentation/module-signing.txt 

==========================
CONFIGURING MODULE SIGNING
==========================

The module signing facility is enabled by going to the "Enable Loadable Module
Support" section of the kernel configuration and turning on

	CONFIG_MODULE_SIG	"Module signature verification"

This has a number of options available:

 (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)

     This specifies how the kernel should deal with a module that has a
     signature for which the key is not known or a module that is unsigned.

     If this is off (ie. "permissive"), then modules for which the key is not
     available and modules that are unsigned are permitted, but the kernel will
     be marked as being tainted, and the concerned modules will be marked as
     tainted, shown with the character 'E'.

     If this is on (ie. "restrictive"), only modules that have a valid
     signature that can be verified by a public key in the kernel's possession
     will be loaded.  All other modules will generate an error.

     Irrespective of the setting here, if the module has a signature block that
     cannot be parsed, it will be rejected out of hand.

 (2) "Automatically sign all modules" (CONFIG_MODULE_SIG_ALL)

     If this is on then modules will be automatically signed during the
     modules_install phase of a build.  If this is off, then the modules must
     be signed manually using:

	scripts/sign-file

 (3) "Which hash algorithm should modules be signed with?"

     This presents a choice of which hash algorithm the installation phase will
     sign the modules with:

	CONFIG_MODULE_SIG_SHA1		"Sign modules with SHA-1"
	CONFIG_MODULE_SIG_SHA224	"Sign modules with SHA-224"
	CONFIG_MODULE_SIG_SHA256	"Sign modules with SHA-256"
	CONFIG_MODULE_SIG_SHA384	"Sign modules with SHA-384"
	CONFIG_MODULE_SIG_SHA512	"Sign modules with SHA-512"

     The algorithm selected here will also be built into the kernel (rather
     than being a module) so that modules signed with that algorithm can have
     their signatures checked without causing a dependency loop.

3. http://ocz.com/consumer/download/drivers
时间: 2024-10-03 18:48:45

kernel taint的相关文章

Linux中安装sosreport和supportconfig来收集系统信息

  sosreport sosreport是一个类型于supportconfig 的工具,sosreport是python编写的一个工具,适用于centos(和redhat一样,包名为sos).ubuntu(其下包名为sosreport)等大多数版本的linux .sosreport在github上的托管页面为:https://github.com/sosreport/sos ,而且默认在很多系统的源里都已经集成有.如果使用的是正版redhat,在出现系统问题,寻求官方支持时,官方一般也会通过s

Linux系统如何安装和使用shell编写的工具supportconfig

  supportconfig作为Linux系统shell编写的工具,其功能是非常强大的,但还是有很多人对supportconfig工具不了解,不知如何使用supportconfig工具,下面小编就简单的给大家介绍下Linux安装使用supportconfig的方法. 一.supportconfig的安装 可以通过yast进行安装,也可以通过zypper命令进行安装,安装命令如下: 直接使用源进行安装 代码如下 #zypper install supportutils 也可以将rpm包下载下来使

如何开发Linux内核?

 如何开发Linux内核? 推荐这篇文章: http://www.tldp.org/LDP/lkmpg/2.6/html/lkmpg.html 下面是在Ubuntu下的输出: root@myhostname  # makemake: Warning: File `Makefile' has modification time 11 s in the futuremake -C /lib/modules/3.13.0-24-generic/build M=/root modulesmake[1

《嵌入式Linux开发实用教程》——4.2 字符设备驱动

4.2 字符设备驱动 Linux操作系统将所有的设备都会看成是文件,因此当我们需要访问设备时,都是通过操作文件的方式进行访问.对字符设备的读写是以字节为单位进行的. 对字符设备驱动程序的学习过程,主要以两个具有代表性且在OK6410开发平台可实践性的字符驱动展开分析,分别为LED驱动程序.ADC驱动程序. 4.2.1 LED驱动程序设计 为了展现LED的裸板程序和基于Linux系统的LED驱动程序的区别与减少难度梯度,在写LED驱动程序之前很有必要先看一下LED的裸板程序是怎样设计的. 1.LE

linux中supportconfig安装与使用方法

由于工作原因,平时需要suse的工程师做二线技术支持,除了经常会提交kdump分析的结果给suse 工程师定位根因.而在没有kdump生成时,经常会用的指令就是supportconfig收集系统信息.其收集内容基本涵盖了内核.模块.系统.服务等几乎所有我们能想到的信息,另外还会出一份简单的health check报告,其除了适用于suse企业版外,同样在opensuse上也可以使用.本篇就结合现网使用的场景对supportconfig命令做一个简单的概括. 一.supportconfig的安装

dump_stack 实现分析【转】

转自:http://kernel.meizu.com/2017/03/18-40-19-dump_stack.html 1 简介 说起 dump_stack() ,相信从事 Linux 内核或者驱动相关开发的同行对于此函数肯定不陌生.我们经常会用到此函数来对自己的代码进行 debug,可以快速帮助开发者理清函数调用流程,或者说解决 bug-- 首先我们来看一下 dump_stack 的打印,相信很多人都遇到过 : [ 4.778339] <1>-(1)[258:charger_thread]C

The Linux Kernel Module Programming Guide

The Linux Kernel Module Programming Guide Peter Jay SalzmanMichael BurianOri Pomerantz Copyright 2001 Peter Jay Salzman The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software

Linux Kernel sys_call_table、Kernel Symbols Export Table Generation Principle、Difference Between System Calls Entrance In 32bit、64bit Linux【转】

转自:http://www.cnblogs.com/LittleHann/p/4127096.html 目录 1. sys_call_table:系统调用表 2. 内核符号导出表:Kernel-Symbol-Table 3. Linux 32bit.64bit环境下系统调用入口的异同 4. Linux 32bit.64bit环境下sys_call_table replace hook   1. sys_call_table:系统调用表 0x1: sys_call_table简介 sys_call

docker means on kernel &gt;= 3.8.0 stable?

在CentOS 6.5 x64使用前端启动docker server时发现报了一个警告 WARNING: You are running linux kernel version 2.6.32-431.23.3.el6.x86_64, which might be unstable running docker.  Please upgrade your kernel to 3.8.0. 看样子要把内核升到3.8.0以上啊, 那就上CentOS 7吧(内核是3.10.0).  http://wi