On 02/21/18 04:59, Stephen Morris wrote:
On 20/2/18 8:54 am, Ed Greshko wrote:
> On 02/20/18 04:41, Stephen Morris wrote:
>> I'm using the nvidia drivers from negativo17. I have the nvidia source
module
>> registered with dkms and it seems to be being compiled when I get a new kernel,
if
>> that is the case what do I need to do to resolve the following messages shown by
>> "dmesg"?
>>
>>
>> [ 14.934074] nvidia: loading out-of-tree module taints kernel.
>> [ 14.934086] nvidia: module license 'NVIDIA' taints kernel.
>> [ 14.934087] Disabling lock debugging due to kernel taint
>> [ 14.943865] nvidia: module verification failed: signature and/or required key
>> missing - tainting kernel
>
> When you load a proprietary module into the kernel it becomes tainted. There is no
> way to "fix" it. It is like replacing the battery in your iPhone with a
battery you
> bought on the street corner. You have voided the warranty.
I been in the situation of compiling kernel modules in other linux distributions
where you could put statements in your source to stop these messages, but I have
forgotten what they were.
Looking at dmesg again this morning, and searching for the work 'taints' I get
the
2nd message listed above but not the first message (why?), and this search displays
a message in the same format as the first message for my wifi driver which is also
compiled, but I don't see any messages with the word 'taints' in them for the
6
compiled kernel modules provided by the vendor of my mouse that I am compiling via
dkms. Of the 6 modules I am compiling one and possibly two are being actively
loaded and used by the kernel, so why are these not producing the messages?
Also given that this morning I am seeing the equivalent of the first message for my
wifi driver, but I am not seeing it for the nvidia driver, which makes it look like
these messages are random, are they actually random or is the lack of the message
and indication that the kernel is potentially not working correctly?
I'm confused as to what your goal is and what your understanding of what
"taints" a
kernel.
The lack of a message in dmesg or the journal with the word "taint" doesn't
guarantee
your kernel hasn't been tainted as there are several ways to have the kernel flagged
as "tainted".
Take this VM that I've just installed.
[egreshko@f27k-v ~]$ dmesg | grep -i taint
[egreshko@f27k-v ~]$ journalctl -b 0 | grep -i taint
[egreshko@f27k-v ~]$ ./tainted
Taint value: 1024
[bit] [bit value] [description]
10 1024 A module from drivers/staging was loaded
As it happens, the VM is connected to a wireless usb device which loads a
drivers/staging module and thus the kernel is considered "tainted"
Now, take my desktop which is "seriously" tainted.
[egreshko@meimei tainted]$ dmesg | grep -i taint
[ 6.508288] nvidia: loading out-of-tree module taints kernel.
[ 6.508297] nvidia: module license 'NVIDIA' taints kernel.
[ 6.508298] Disabling lock debugging due to kernel taint
[ 6.515118] nvidia: module verification failed: signature and/or required key
missing - tainting kernel
[ 11.598031] CPU: 1 PID: 0 Comm: swapper/1 Tainted: P C OE
4.15.3-300.fc27.x86_64 #1
[egreshko@meimei tainted]$ journalctl -b 0 | grep -i taint
Feb 18 17:59:21
meimei.greshko.com kernel: nvidia: loading out-of-tree module taints
kernel.
Feb 18 17:59:21
meimei.greshko.com kernel: nvidia: module license 'NVIDIA' taints
kernel.
Feb 18 17:59:21
meimei.greshko.com kernel: Disabling lock debugging due to kernel taint
Feb 18 17:59:21
meimei.greshko.com kernel: nvidia: module verification failed:
signature and/or required key missing - tainting kernel
Feb 18 17:59:26
meimei.greshko.com kernel: CPU: 1 PID: 0 Comm: swapper/1 Tainted:
P C OE 4.15.3-300.fc27.x86_64 #1
[egreshko@meimei tainted]$ ./tainted
Taint value: 13313
[bit] [bit value] [description]
0 1 A module with a non-GPL license has been loaded, this
includes modules with no license.
Set by modutils >= 2.4.9 and module-init-tools
10 1024 A module from drivers/staging was loaded
12 4096 An out-of-tree module has been loaded
13 8192 An unsigned module has been loaded in a kernel supporting
module signature
So, do you just want to eliminate the messages to make yourself think your kernel
isn't tainted? Or something else?
--
A motto of mine is: When in doubt, try it out