import CS kexec-tools-2.0.26-14.el8

This commit is contained in:
eabdullin 2024-03-27 19:54:38 +00:00
parent 4e334b5cd7
commit 02fbb13546
6 changed files with 90 additions and 56 deletions

View File

@ -49,11 +49,6 @@ early_kdump_load()
EARLY_KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
if is_secure_boot_enforced; then
dinfo "Secure Boot is enabled. Using kexec file based syscall."
EARLY_KEXEC_ARGS="$EARLY_KEXEC_ARGS -s"
fi
# Here, only output the messages, but do not save these messages
# to a file because the target disk may not be mounted yet, the
# earlykdump is too early.

View File

@ -363,6 +363,14 @@ _get_nic_driver() {
ethtool -i "$1" | sed -n -E "s/driver: (.*)/\1/p"
}
_get_hpyerv_physical_driver() {
local _physical_nic
_physical_nic=$(find /sys/class/net/"$1"/ -name 'lower_*' | sed -En "s/\/.*lower_(.*)/\1/p")
[[ -n $_physical_nic ]] || return
_get_nic_driver "$_physical_nic"
}
kdump_install_nic_driver() {
local _netif _driver _drivers
@ -382,6 +390,11 @@ kdump_install_nic_driver() {
elif [[ $_driver == "team" ]]; then
# install the team mode drivers like team_mode_roundrobin.ko as well
_driver='=drivers/net/team'
elif [[ $_driver == "hv_netvsc" ]]; then
# A Hyper-V VM may have accelerated networking
# https://learn.microsoft.com/en-us/azure/virtual-network/accelerated-networking-overview
# Install the driver of physical NIC as well
_drivers+=("$(_get_hpyerv_physical_driver "$_netif")")
fi
_drivers+=("$_driver")
@ -1127,6 +1140,15 @@ install() {
's/\(^[[:space:]]*reserved_memory[[:space:]]*=\)[[:space:]]*[[:digit:]]*/\1 1024/' \
${initdir}/etc/lvm/lvm.conf &>/dev/null
# Skip initrd-cleanup.service and initrd-parse-etc.service becasue we don't
# need to switch root. Instead of removing them, we use ConditionPathExists
# to check if /proc/vmcore exists to determine if we are in kdump.
sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
"${initdir}/${systemdsystemunitdir}/initrd-cleanup.service" &> /dev/null
sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
"${initdir}/${systemdsystemunitdir}/initrd-parse-etc.service" &> /dev/null
# Save more memory by dropping switch root capability
dracut_no_switch_root
}

View File

@ -529,11 +529,24 @@ get_dracut_args_target()
echo $1 | grep "\-\-mount" | sed "s/.*--mount .\(.*\)/\1/" | cut -d' ' -f1
}
get_reserved_mem_size()
{
local reserved_mem_size=0
if is_fadump_capable; then
reserved_mem_size=$(< /sys/kernel/fadump/mem_reserved)
else
reserved_mem_size=$(< /sys/kernel/kexec_crash_size)
fi
echo "$reserved_mem_size"
}
check_crash_mem_reserved()
{
local mem_reserved
mem_reserved=$(cat /sys/kernel/kexec_crash_size)
mem_reserved=$(get_reserved_mem_size)
if [ $mem_reserved -eq 0 ]; then
derror "No memory reserved for crash kernel"
return 1
@ -700,6 +713,15 @@ prepare_kexec_args()
fi
fi
fi
# For secureboot enabled machines, use new kexec file based syscall.
# Old syscall will always fail as it does not have capability to do
# kernel signature verification.
if is_secure_boot_enforced; then
dinfo "Secure Boot is enabled. Using kexec file based syscall."
kexec_args="$kexec_args -s"
fi
echo $kexec_args
}

View File

@ -538,28 +538,22 @@ check_fs_modified()
check_system_modified()
{
local ret
local CONF_ERROR=2
local CONF_MODIFY=1
local CONF_NO_MODIFY=0
local conf_status=$CONF_NO_MODIFY
[[ -f $TARGET_INITRD ]] || return 1
check_files_modified
for _func in check_files_modified check_fs_modified check_drivers_modified; do
$_func
ret=$?
if [ $ret -ne 0 ]; then
return $ret
fi
# return immediately if an error occurred.
[[ $ret -eq "$CONF_ERROR" ]] && return "$ret"
[[ $ret -eq "$CONF_MODIFY" ]] && { conf_status="$CONF_MODIFY"; }
done
check_fs_modified
ret=$?
if [ $ret -ne 0 ]; then
return $ret
fi
check_drivers_modified
ret=$?
if [ $ret -ne 0 ]; then
return $ret
fi
return 0
return $conf_status
}
check_rebuild()
@ -653,20 +647,7 @@ function load_kdump_kernel_key()
return
fi
KDUMP_KEY_ID=$(cat /usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer |
keyctl padd asymmetric kernelkey-$RANDOM %:.ima)
}
# remove a previously loaded key. There's no real security implication
# to leaving it around, we choose to do this because it makes it easier
# to be idempotent and so as to reduce the potential for confusion.
function remove_kdump_kernel_key()
{
if [ -z "$KDUMP_KEY_ID" ]; then
return
fi
keyctl unlink $KDUMP_KEY_ID %:.ima
keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer"
}
# Load the kdump kernel specified in /etc/sysconfig/kdump
@ -679,15 +660,6 @@ load_kdump()
KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
KDUMP_COMMANDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}")
# For secureboot enabled machines, use new kexec file based syscall.
# Old syscall will always fail as it does not have capability to
# to kernel signature verification.
if is_secure_boot_enforced; then
dinfo "Secure Boot is enabled. Using kexec file based syscall."
KEXEC_ARGS="$KEXEC_ARGS -s"
load_kdump_kernel_key
fi
ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL"
# The '12' represents an intermediate temporary file descriptor
@ -708,9 +680,7 @@ load_kdump()
set +x
exec 2>&12 12>&-
remove_kdump_kernel_key
if [ $ret == 0 ]; then
if [[ $ret == 0 ]]; then
dinfo "kexec: loaded kdump kernel"
return 0
else
@ -848,7 +818,7 @@ propagate_ssh_key()
show_reserved_mem()
{
local mem=$(cat /sys/kernel/kexec_crash_size)
local mem=$(get_reserved_mem_size)
local mem_mb=$(expr $mem / 1024 / 1024)
dinfo "Reserved "$mem_mb"MB memory for crash kernel"
@ -1009,7 +979,13 @@ start_fadump()
start_dump()
{
if [ $DEFAULT_DUMP_MODE == "fadump" ]; then
# On secure boot enabled Power systems, load kernel signing key on .ima for signature
# verification using kexec file based syscall.
if [[ "$(uname -m)" == ppc64le ]] && is_secure_boot_enforced; then
load_kdump_kernel_key
fi
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
start_fadump
else
load_kdump
@ -1270,7 +1246,7 @@ do_estimate() {
# The default value when using crashkernel=auto
baseline_size=$((baseline * size_mb))
# Current reserved crashkernel size
reserved_size=$(cat /sys/kernel/kexec_crash_size)
reserved_size=$(get_reserved_mem_size)
# A pre-estimated value for userspace usage and kernel
# runtime allocation, 64M should good for most cases
runtime_size=$((64 * size_mb))

View File

@ -35,7 +35,8 @@ updating lists accordingly.
Supported Dump targets
----------------------
storage:
LVM volume (no thinp)
LVM volume
Thin provisioning volume
FC disks (qla2xxx, lpfc, bnx2fc, bfa)
software initiator based iSCSI
software RAID (mdraid)
@ -79,7 +80,6 @@ Unsupported Dump targets
------------------------
storage:
BIOS RAID
Thin provisioning volume
Software iSCSI with iBFT (bnx2i, cxgb3i, cxgb4i)
Software iSCSI with hybrid (be2iscsi)
FCoE

View File

@ -1,6 +1,6 @@
Name: kexec-tools
Version: 2.0.26
Release: 8%{?dist}
Release: 14%{?dist}
License: GPLv2
Group: Applications/System
Summary: The kexec/kdump userspace component
@ -396,6 +396,25 @@ done
%endif
%changelog
* Wed Feb 21 2024 Pingfan Liu <piliu@redhat.com> - 2.0.26-14
- dracut-module-setup: Skip initrd-cleanup and initrd-parse-etc in kdump
* Fri Feb 2 2024 Pingfan Liu <piliu@redhat.com> - 2.0.26-13
- dracut-module-setup.sh: also install the driver of physical NIC for Hyper-V VM with accelerated networking
* Wed Nov 22 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-12
- kdumpctl: Only returns immediately after an error occurs in check_*_modified
* Thu Nov 9 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-11
- powerpc: update kdumpctl to load kernel signing key for fadump
- powerpc: update kdumpctl to remove deletion of kernel signing key once loaded
* Tue Sep 26 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-10
- Introduce a function to get reserved memory size
* Tue Sep 19 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-9
- Add lvm thin provision to kdump supported-kdump-targets.txt
* Thu Aug 10 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-8
- mkdumprd: Use the correct syntax to redirect the stderr to null
- mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS