From 08e8f1ef3df270daef4ffc9c4bb15669f72d5d2f Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Wed, 14 Jan 2026 22:47:56 -0800 Subject: [PATCH] kernel-chktaint: add reporting for tainted modules Check all loaded modules and report any that have their 'taint' flags set. The tainted module output format is: * () Example output: Kernel is "tainted" for the following reasons: * externally-built ('out-of-tree') module was loaded (#12) * unsigned module was loaded (#13) Raw taint value as int/string: 12288/'G OE ' Tainted modules: * dump_test (OE) Link: https://lkml.kernel.org/r/20260115064756.531592-1-rdunlap@infradead.org Signed-off-by: Randy Dunlap Acked-by: Thorsten Leemhuis Cc: Jonathan Corbet Signed-off-by: Andrew Morton --- tools/debugging/kernel-chktaint | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chktaint index e7da0909d0970..e1571c04afb50 100755 --- a/tools/debugging/kernel-chktaint +++ b/tools/debugging/kernel-chktaint @@ -211,9 +211,25 @@ else addout "J" echo " * fwctl's mutating debug interface was used (#19)" fi +echo "Raw taint value as int/string: $taint/'$out'" + +# report on any tainted loadable modules +[ "$1" = "" ] && [ -r /sys/module/ ] && \ + cnt=`grep [A-Z] /sys/module/*/taint | wc -l` || cnt=0 +if [ $cnt -ne 0 ]; then + echo + echo "Tainted modules:" + for dir in `ls /sys/module` ; do + if [ -r /sys/module/$dir/taint ]; then + modtnt=`cat /sys/module/$dir/taint` + [ "$modtnt" = "" ] || echo " * $dir ($modtnt)" + fi + done +fi + +echo echo "For a more detailed explanation of the various taint flags see" echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources" echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html" -echo "Raw taint value as int/string: $taint/'$out'" #EOF# -- 2.47.3