Linux kernel tainted

linuxsap-hana

Our Network security team has installed Crowdstrike Falcon sensor on our SAP system Linux server. This has caused kernel to be tainted. following is extract from supportconfig ran on Linux server via user root. Any idea how to fix this error and make the kernel error free?

#==[ Configuration File ]===========================#
# /proc/sys/kernel/tainted
1073754113


Kernel Status -- Tainted: P           OE   N 
  TAINT: (P) Proprietary module has been loaded
  TAINT: (O) Out-of-tree module has been loaded
  TAINT: (E) Unsigned module has been loaded
  TAINT: (N) Unsupported modules loaded

module=falcon_lsm_serviceable ERROR                     Module info unavailable  
module=falcon_nf_netcontain ERROR                     Module info unavailable  
module=falcon_lsm_pinned_7103 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_7002 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6903 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6805 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6703 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6602 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6404 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6402 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6401 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6109 ERROR                     Module info unavailable  
module=falcon_lsm_pinned_6106 ERROR                     Module info unavailable

Best Answer

Tainted kernel means a condition that likely is out of support for the upstream Linux developers. Most maintainers on the LKML will ask for a reproduction of the problem on a non tainted kernel.

Proprietary or out of tree kernel modules are a very common reason for this to be reported. But not the only one, for example a processor logging a machine check exception will be tainted. A faulty CPU can cause all kinds of strange behavior, so replacing that before claiming a kernel bug exists is prudent.

Other support channels like your distro OS support may be willing to deal with tainted kernel, ask them. That error is not necessarily a functional problem, just that a script could not identify details of proprietary modules.

Related Solutions

Linux Apache2 – How to Disable All Disk Caching

I don't think you can disable all disk caching in Linux.

As a hack, you could keep running "sync; echo 3 > /proc/sys/vm/drop_caches" to flush almost anything that is cached in memory. From the console

watch -n 1 `sync; echo 3 > /proc/sys/vm/drop_caches`

would do the trick. In the above example nothing will remain cached by the kernel for more than a second, though it will have no effect on data held in memory by Apache or other processes. It may also not flush stuff from any memory-mapped files that are still open with portions locked.

If you only want nothing cached at the start of a test run, and don't care if it caches stuff during the tests, then you could just add a single call to "sync" and "echo 3 > /proc/sys/vm/drop_caches" at the start of your test run.

If your test involves scripts that access a database you will need to be able to tell your database back-end to not cache stuff in RAM between tests also.

Linux Routing – Tuning IP Routing Parameters: secret_interval and tcp_mem

I never ever encountered this issue. However, you should probably increase your hash table width in order to reduce its depth. Using "dmesg", you'll see how many entries you currently have:

$ dmesg | grep '^IP route'
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)

You can change this value with the kernel boot command line parameter rhash_entries. First try it by hand then add it to your lilo.conf or grub.conf.

For example: kernel vmlinux rhash_entries=131072

It is possible that you have a very limited hash table because you have assigned little memory to your HAProxy VM (the route hash size is adjusted depending on total RAM).

Concerning tcp_mem, be careful. Your initial settings make me think you were running with 1 GB of RAM, 1/3 of which could be allocated to TCP sockets. Now you've allocated 367872 * 4096 bytes = 1.5 GB of RAM to TCP sockets. You should be very careful not to run out of memory. A rule of thumb is to allocate 1/3 of the memory to HAProxy and another 1/3 to the TCP stack and the last 1/3 to the rest of the system.

I suspect that your "out of socket memory" message comes from default settings in tcp_rmem and tcp_wmem. By default you have 64 kB allocated on output for each socket and 87 kB on input. This means a total of 300 kB for a proxied connection, just for socket buffers. Add to that 16 or 32 kB for HAProxy, and you see that with 1 GB of RAM you'll only support 3000 connections.

By changing the default settings of tcp_rmem and tcp_wmem (middle param), you can get a lot lower on memory. I get good results with values as low as 4096 for the write buffer, and 7300 or 16060 in tcp_rmem (5 or 11 TCP segments). You can change those settings without restarting, however they will only apply to new connections.

If you prefer not to touch your sysctls too much, the latest HAProxy, 1.4-dev8, allows you to tweak those parameters from the global configuration, and per side (client or server).

I am hoping this helps!

Best Answer

Related Solutions

Linux Apache2 – How to Disable All Disk Caching

Linux Routing – Tuning IP Routing Parameters: secret_interval and tcp_mem

Related Topic