lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251028071211.18065-1-rdunlap@infradead.org>
Date: Tue, 28 Oct 2025 00:12:11 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: linux-kernel@...r.kernel.org
Cc: Randy Dunlap <rdunlap@...radead.org>,
	Thorsten Leemhuis <linux@...mhuis.info>,
	Jonathan Corbet <corbet@....net>,
	linux-doc@...r.kernel.org
Subject: [PATCH] kernel-chktaint: add reporting for tainted modules

Check all loaded modules and report any that have their 'taint'
flags set along with a count of all tainted modules.
The tainted module output format is:
<module_name>: taint=<flags>

Example output:

Kernel is "tainted" for the following reasons:
 * externally-built ('out-of-tree') module was loaded  (#12)
 * unsigned module was loaded (#13)
Raw taint value as int/string: 12288/'G           OE      '

Modules tainted: count=1
dump_test: taint=OE


Signed-off-by: Randy Dunlap <rdunlap@...radead.org>
---
Cc: Thorsten Leemhuis <linux@...mhuis.info>
Cc: Jonathan Corbet <corbet@....net>
Cc: linux-doc@...r.kernel.org
---
 tools/debugging/kernel-chktaint |   17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

--- linux-next-20251027.orig/tools/debugging/kernel-chktaint
+++ linux-next-20251027/tools/debugging/kernel-chktaint
@@ -211,9 +211,24 @@ else
 	addout "J"
 	echo " * fwctl's mutating debug interface was used (#19)"
 fi
+echo "Raw taint value as int/string: $taint/'$out'"
+
+# report on any tainted loadable modules
+[ -r /sys/module/ ] && cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0
 
+if [ $cnt -ne 0 ]; then
+	echo
+	echo "Modules tainted: count=$cnt"
+	for dir in `ls /sys/module` ; do
+		if [ -r /sys/module/$dir/taint ]; then
+			modtnt=`cat /sys/module/$dir/taint`
+			[ "$modtnt" = "" ] || echo "$dir: taint=$modtnt"
+		fi
+	done
+fi
+
+echo
 echo "For a more detailed explanation of the various taint flags see"
 echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources"
 echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html"
-echo "Raw taint value as int/string: $taint/'$out'"
 #EOF#

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ