我的操作系统是Fedora 17.最近,内核污染警告“kernel / auditsc.c:1772的内核错误!-abrt”发生: 不应报告此问题(这可能是一个已知问题)。发生内核问题,但内核已被污染(flags:GD)。内核维护者无法诊断受污染的报告。
然后,我得到以下内容:
# cat /proc/sys/kernel/tainted
128
# dmesg | grep -i taint
[ 8306.955523] Pid: 4511, comm: chrome Tainted: G D 3.9.10-100.fc17.i686.PAE #1 Dell Inc.
[ 8307.366310] Pid: 4571, comm: chrome Tainted: G D 3.9.10-100.fc17.i686.PAE #1 Dell Inc.
似乎值“128”非常严重: 128 - 系统已经死亡。
这个警告怎么样?由于chrome被标记为“受污染”的来源,任何人都会遇到这个问题?
答案 0 :(得分:18)
To(over)简化,' tainted'意味着内核处于一种状态之外的状态,如果它是从开源源新建的并以预期的方式使用的话。这是一种标记内核以警告人们(例如开发人员)可能存在未知原因使其不可靠的方法,并且调试它可能很困难或不可能。
在这种情况下,' GD'意味着所有模块都被许可为GPL或兼容(即非专有),并且发生崩溃或BUG()。
原因如下:
请参阅:oops-tracing.txt
---------------------------------------------------------------------------
Tainted kernels:
Some oops reports contain the string 'Tainted: ' after the program
counter. This indicates that the kernel has been tainted by some
mechanism. The string is followed by a series of position-sensitive
characters, each representing a particular tainted value.
1: 'G' if all modules loaded have a GPL or compatible license, 'P' if
any proprietary module has been loaded. Modules without a
MODULE_LICENSE or with a MODULE_LICENSE that is not recognised by
insmod as GPL compatible are assumed to be proprietary.
2: 'F' if any module was force loaded by "insmod -f", ' ' if all
modules were loaded normally.
3: 'S' if the oops occurred on an SMP kernel running on hardware that
hasn't been certified as safe to run multiprocessor.
Currently this occurs only on various Athlons that are not
SMP capable.
4: 'R' if a module was force unloaded by "rmmod -f", ' ' if all
modules were unloaded normally.
5: 'M' if any processor has reported a Machine Check Exception,
' ' if no Machine Check Exceptions have occurred.
6: 'B' if a page-release function has found a bad page reference or
some unexpected page flags.
7: 'U' if a user or user application specifically requested that the
Tainted flag be set, ' ' otherwise.
8: 'D' if the kernel has died recently, i.e. there was an OOPS or BUG.
9: 'A' if the ACPI table has been overridden.
10: 'W' if a warning has previously been issued by the kernel.
(Though some warnings may set more specific taint flags.)
11: 'C' if a staging driver has been loaded.
12: 'I' if the kernel is working around a severe bug in the platform
firmware (BIOS or similar).
13: 'O' if an externally-built ("out-of-tree") module has been loaded.
14: 'E' if an unsigned module has been loaded in a kernel supporting
module signature.
15: 'L' if a soft lockup has previously occurred on the system.
16: 'K' if the kernel has been live patched.
The primary reason for the 'Tainted: ' string is to tell kernel
debuggers if this is a clean kernel or if anything unusual has
occurred. Tainting is permanent: even if an offending module is
unloaded, the tainted value remains to indicate that the kernel is not
trustworthy.
答案 1 :(得分:2)
还要显示/proc/sys/kernel/tainted文件内容的数字:
Non-zero if the kernel has been tainted. Numeric values, which can be
ORed together. The letters are seen in "Tainted" line of Oops reports.
1 (P): A module with a non-GPL license has been loaded, this
includes modules with no license.
Set by modutils >= 2.4.9 and module-init-tools.
2 (F): A module was force loaded by insmod -f.
Set by modutils >= 2.4.9 and module-init-tools.
4 (S): Unsafe SMP processors: SMP with CPUs not designed for SMP.
8 (R): A module was forcibly unloaded from the system by rmmod -f.
16 (M): A hardware machine check error occurred on the system.
32 (B): A bad page was discovered on the system.
64 (U): The user has asked that the system be marked "tainted". This
could be because they are running software that directly modifies
the hardware, or for other reasons.
128 (D): The system has died.
256 (A): The ACPI DSDT has been overridden with one supplied by the user
instead of using the one provided by the hardware.
512 (W): A kernel warning has occurred.
1024 (C): A module from drivers/staging was loaded.
2048 (I): The system is working around a severe firmware bug.
4096 (O): An out-of-tree module has been loaded.
8192 (E): An unsigned module has been loaded in a kernel supporting module
signature.
16384 (L): A soft lockup has previously occurred on the system.
32768 (K): The kernel has been live patched.
65536 (X): Auxiliary taint, defined and used by for distros.
131072 (T): The kernel was built with the struct randomization plugin.
来源:https://www.kernel.org/doc/Documentation/sysctl/kernel.txt
信用:https://askubuntu.com/questions/248470/what-does-the-kernel-taint-value-mean
答案 2 :(得分:0)
这很有趣: #clamscan -ria --max-filesize = 4095M --max-scansize = 4095M / opt / google / chrome 确定了2017年9月3日包含Trojan.Mirai-5932143-0的版本 它仅针对最大的clamscan参数进行了识别。虽然chrome有6周的更新周期,但下一个版本已于9月20日发布 #ls -l chrome -rwxr-XR-X。 1 root root 119675208 Sep 20 19:49 / opt / google / chrome / chrome # Trojan.Miray(我禁用它)的版本有 #ls -l /tmp/chrome-Trojan.Mirai-5932143-0 ----------。 1根root 119662712 9月3日22:00 /tmp/chrome-Trojan.Mirai-5932143-0 #sha256sum /tmp/chrome-Trojan.Mirai-5932143-0 03a03cda6d328dd40ceda2773bc0077c7f69486b752802a5685a4be0316db2fb /tmp/chrome-Trojan.Mirai-5932143-0 # 自从我在RHEL上发生内核崩溃。检查 #rpm -aV 但是,表示系统是干净的。 总而言之,我对Chrome仍然感到不安。