What does the kernel taint value mean?

Running cat /proc/sys/kernel/tainted prints the current kernel taint value (in base 10). My understanding is that this value is a bitfield, where each bit indicates the absence or presence of a particular type of taint. You can extract the bits using

python3 -c 'from pprint import pprint; pprint(list(zip(range(50), reversed(bin(int(open("/proc/sys/kernel/tainted").read()))[2:]))))'

I've searched for documentation, but what I've seen only identifies the meaning of bits 0 through 10. For example, http://www.kernel.org/doc/Documentation/sysctl/kernel.txt says:

tainted:

Non-zero if the kernel has been tainted. Numeric values, which can be
ORed together. The letters are seen in "Tainted" line of Oops reports.

     1 (P):  A module with a non-GPL license has been loaded, this
             includes modules with no license.
             Set by modutils >= 2.4.9 and module-init-tools.
     2 (F): A module was force loaded by insmod -f.
            Set by modutils >= 2.4.9 and module-init-tools.
     4 (S): Unsafe SMP processors: SMP with CPUs not designed for SMP.
     8 (R): A module was forcibly unloaded from the system by rmmod -f.
    16 (M): A hardware machine check error occurred on the system.
    32 (B): A bad page was discovered on the system.
    64 (U): The user has asked that the system be marked "tainted". This
            could be because they are running software that directly modifies
            the hardware, or for other reasons.
   128 (D): The system has died.
   256 (A): The ACPI DSDT has been overridden with one supplied by the user
            instead of using the one provided by the hardware.
   512 (W): A kernel warning has occurred.
  1024 (C): A module from drivers/staging was loaded.
  2048 (I): The system is working around a severe firmware bug.
  4096 (O): An out-of-tree module has been loaded.
  8192 (E): An unsigned module has been loaded in a kernel supporting module
            signature.
 16384 (L): A soft lockup has previously occurred on the system.
 32768 (K): The kernel has been live patched.
 65536 (X): Auxiliary taint, defined and used by for distros.
131072 (T): The kernel was built with the struct randomization plugin.

I also tried viewing the documentation for the Ubuntu kernel by installing the linux-doc package and opening zless /usr/share/doc/linux-doc/sysctl/kernel.txt.gz, but that still only lists up to 1024.

In my case, I'm running the default PAE kernel (3.2.0-36-generic-pae) on Precise. I am also seeing bit 12 set.

Where is the complete documentation for what the tainted bits mean on Ubuntu kernels?


Looking at panic.c:

/**
 *      print_tainted - return a string to represent the kernel taint state.
 *
 *  'P' - Proprietary module has been loaded.
 *  'F' - Module has been forcibly loaded.
 *  'S' - SMP with CPUs not designed for SMP.
 *  'R' - User forced a module unload.
 *  'M' - System experienced a machine check exception.
 *  'B' - System has hit bad_page.
 *  'U' - Userspace-defined naughtiness.
 *  'D' - Kernel has oopsed before
 *  'A' - ACPI table overridden.
 *  'W' - Taint on warning.
 *  'C' - modules from drivers/staging are loaded.
 *  'I' - Working around severe firmware bug.
 *  'O' - Out-of-tree module has been loaded.
 *  'E' - Unsigned module has been loaded.
 *  'L' - A soft lockup has previously occurred.
 *  'K' - Kernel has been live patched.
 *
 *      The string is overwritten by the next call to print_tainted().
 */