From 32ae4b9ca1f88fdcae16af29ae227100fd6bd1bf Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 31 May 2024 16:45:43 +0000 Subject: [PATCH] Import from AlmaLinux stable repository --- .gitignore | 4 +- .kexec-tools.metadata | 3 - SOURCES/dracut-early-kdump.sh | 5 - SOURCES/dracut-module-setup.sh | 91 ++++++++++++++++++- SOURCES/kdump-lib.sh | 24 ++++- SOURCES/kdump.sysconfig.s390x | 2 +- SOURCES/kdumpctl | 70 +++++--------- ..._mem_section_validation_with_vmlinux.patch | 76 ---------------- ...-failure-of-reading-memory-when-5-le.patch | 72 +++++++++++++++ SOURCES/mkdumprd | 8 +- ...64-Add-support-for-ARMv8.2-LVA-52-bi.patch | 18 ++-- SOURCES/supported-kdump-targets.txt | 4 +- SPECS/kexec-tools.spec | 77 +++++++++++++--- 13 files changed, 288 insertions(+), 166 deletions(-) delete mode 100644 .kexec-tools.metadata delete mode 100644 SOURCES/kexec-tools-2.0.24-makedumpfile-Avoid_false_positive_mem_section_validation_with_vmlinux.patch create mode 100644 SOURCES/kexec-tools-2.0.26-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch diff --git a/.gitignore b/.gitignore index d6b0ce0..aa5f4a7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/1.7.1.tar.gz +SOURCES/1.7.2.tar.gz SOURCES/eppic_050615.tar.gz -SOURCES/kexec-tools-2.0.25.tar.xz +SOURCES/kexec-tools-2.0.26.tar.xz diff --git a/.kexec-tools.metadata b/.kexec-tools.metadata deleted file mode 100644 index 321a87f..0000000 --- a/.kexec-tools.metadata +++ /dev/null @@ -1,3 +0,0 @@ -8f8485c2a1edbc730f4fa1b96ae3ec8d8f1f9761 SOURCES/1.7.1.tar.gz -a096c8e0892b559f40b01916aae240652f75b68a SOURCES/eppic_050615.tar.gz -78d5d4f7e9d358ca234db9c84a551d9d411eb0b5 SOURCES/kexec-tools-2.0.25.tar.xz diff --git a/SOURCES/dracut-early-kdump.sh b/SOURCES/dracut-early-kdump.sh index 129841e..0124564 100755 --- a/SOURCES/dracut-early-kdump.sh +++ b/SOURCES/dracut-early-kdump.sh @@ -49,11 +49,6 @@ early_kdump_load() EARLY_KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}") - if is_secure_boot_enforced; then - dinfo "Secure Boot is enabled. Using kexec file based syscall." - EARLY_KEXEC_ARGS="$EARLY_KEXEC_ARGS -s" - fi - # Here, only output the messages, but do not save these messages # to a file because the target disk may not be mounted yet, the # earlykdump is too early. diff --git a/SOURCES/dracut-module-setup.sh b/SOURCES/dracut-module-setup.sh index 9cbb5d6..97be76f 100755 --- a/SOURCES/dracut-module-setup.sh +++ b/SOURCES/dracut-module-setup.sh @@ -108,6 +108,17 @@ source_ifcfg_file() { fi } +add_dns_netdev() { + local _server _route + + _server=$1 + _route=`/sbin/ip -o route get to $_server 2>&1` + [ $? != 0 ] && echo "DNS server $_server unreachable" + + _netdev=$(get_ip_route_field "$_route" "dev") + _save_kdump_netifs "$_netdev" "$(kdump_setup_ifname $_netdev)" +} + # $1: netdev name kdump_setup_dns() { local _nameserver _dns @@ -115,8 +126,8 @@ kdump_setup_dns() { source_ifcfg_file $1 - [ -n "$DNS1" ] && echo "nameserver=$DNS1" > "$_dnsfile" - [ -n "$DNS2" ] && echo "nameserver=$DNS2" >> "$_dnsfile" + [ -n "$DNS1" ] && echo "nameserver=$DNS1" > "$_dnsfile" && add_dns_netdev "$DNS1" + [ -n "$DNS2" ] && echo "nameserver=$DNS2" >> "$_dnsfile" && add_dns_netdev "$DNS2" while read content; do @@ -128,6 +139,7 @@ kdump_setup_dns() { if [ ! -f $_dnsfile ] || [ ! $(cat $_dnsfile | grep -q $_dns) ]; then echo "nameserver=$_dns" >> "$_dnsfile" + add_dns_netdev "$_dns" fi done < "/etc/resolv.conf" } @@ -347,6 +359,51 @@ EOF rm -f "$_netif_allowlist_nm_conf" } +_get_nic_driver() { + ethtool -i "$1" | sed -n -E "s/driver: (.*)/\1/p" +} + +_get_hpyerv_physical_driver() { + local _physical_nic + + _physical_nic=$(find /sys/class/net/"$1"/ -name 'lower_*' | sed -En "s/\/.*lower_(.*)/\1/p") + [[ -n $_physical_nic ]] || return + _get_nic_driver "$_physical_nic" +} + +kdump_install_nic_driver() { + local _netif _driver _drivers + + _drivers=() + + for _netif in $1; do + [[ $_netif == lo ]] && continue + _driver=$(_get_nic_driver "$_netif") + if [[ -z $_driver ]]; then + derror "Failed to get the driver of $_netif" + exit 1 + fi + + if [[ $_driver == "802.1Q VLAN Support" ]]; then + # ethtool somehow doesn't return the driver name for a VLAN NIC + _driver=8021q + elif [[ $_driver == "team" ]]; then + # install the team mode drivers like team_mode_roundrobin.ko as well + _driver='=drivers/net/team' + elif [[ $_driver == "hv_netvsc" ]]; then + # A Hyper-V VM may have accelerated networking + # https://learn.microsoft.com/en-us/azure/virtual-network/accelerated-networking-overview + # Install the driver of physical NIC as well + _drivers+=("$(_get_hpyerv_physical_driver "$_netif")") + fi + + _drivers+=("$_driver") + done + + [[ -n ${_drivers[*]} ]] || return + instmods "${_drivers[@]}" +} + kdump_setup_bridge() { local _netdev=$1 local _brif _dev _mac _kdumpdev @@ -481,6 +538,18 @@ kdump_setup_znet() { echo rd.znet=${NETTYPE},${SUBCHANNELS}${_options} rd.znet_ifname=$(kdump_setup_ifname $_netdev):${SUBCHANNELS} > ${initdir}/etc/cmdline.d/30znet.conf } +_get_nic_driver() { + ethtool -i "$1" | sed -n -E "s/driver: (.*)/\1/p" +} + +_rename_hypver_netdev() { + local _udev_rule_dir + + _udev_rule_dir=${initdir}/etc/udev/rules.d + mkdir -p "$_udev_rule_dir" + printf 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="hv_netvsc", ATTR{address}=="%s", ATTR{type}=="1", NAME="%s"\n' "$2" "$1" > "${_udev_rule_dir}/80-hv_netvsc-ifname.rules" +} + # Setup dracut to bringup a given network interface kdump_setup_netdev() { local _netdev=$1 _srcaddr=$2 @@ -529,8 +598,12 @@ kdump_setup_netdev() { elif kdump_is_vlan "$_netdev"; then kdump_setup_vlan "$_netdev" else - _ifname_opts=" ifname=$kdumpnic:$_netmac" - echo "$_ifname_opts" >> $_ip_conf + if [[ $(_get_nic_driver "$1") != hv_netvsc ]]; then + _ifname_opts=" ifname=$kdumpnic:$_netmac" + echo "$_ifname_opts" >> $_ip_conf + else + _rename_hypver_netdev "$kdumpnic" "$_netmac" + fi fi _save_kdump_netifs "$_netdev" "$_kdumpdev" @@ -1053,6 +1126,7 @@ install() { _netifs=$(_get_kdump_netifs) if [[ -n "$_netifs" ]]; then kdump_install_nm_netif_allowlist "$_netifs" + kdump_install_nic_driver "$_netifs" fi kdump_install_systemd_conf @@ -1066,6 +1140,15 @@ install() { 's/\(^[[:space:]]*reserved_memory[[:space:]]*=\)[[:space:]]*[[:digit:]]*/\1 1024/' \ ${initdir}/etc/lvm/lvm.conf &>/dev/null + # Skip initrd-cleanup.service and initrd-parse-etc.service becasue we don't + # need to switch root. Instead of removing them, we use ConditionPathExists + # to check if /proc/vmcore exists to determine if we are in kdump. + sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \ + "${initdir}/${systemdsystemunitdir}/initrd-cleanup.service" &> /dev/null + + sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \ + "${initdir}/${systemdsystemunitdir}/initrd-parse-etc.service" &> /dev/null + # Save more memory by dropping switch root capability dracut_no_switch_root } diff --git a/SOURCES/kdump-lib.sh b/SOURCES/kdump-lib.sh index 4abef85..8dd63a6 100755 --- a/SOURCES/kdump-lib.sh +++ b/SOURCES/kdump-lib.sh @@ -529,11 +529,24 @@ get_dracut_args_target() echo $1 | grep "\-\-mount" | sed "s/.*--mount .\(.*\)/\1/" | cut -d' ' -f1 } +get_reserved_mem_size() +{ + local reserved_mem_size=0 + + if is_fadump_capable; then + reserved_mem_size=$(< /sys/kernel/fadump/mem_reserved) + else + reserved_mem_size=$(< /sys/kernel/kexec_crash_size) + fi + + echo "$reserved_mem_size" +} + check_crash_mem_reserved() { local mem_reserved - mem_reserved=$(cat /sys/kernel/kexec_crash_size) + mem_reserved=$(get_reserved_mem_size) if [ $mem_reserved -eq 0 ]; then derror "No memory reserved for crash kernel" return 1 @@ -700,6 +713,15 @@ prepare_kexec_args() fi fi fi + + # For secureboot enabled machines, use new kexec file based syscall. + # Old syscall will always fail as it does not have capability to do + # kernel signature verification. + if is_secure_boot_enforced; then + dinfo "Secure Boot is enabled. Using kexec file based syscall." + kexec_args="$kexec_args -s" + fi + echo $kexec_args } diff --git a/SOURCES/kdump.sysconfig.s390x b/SOURCES/kdump.sysconfig.s390x index 3bdc178..8e80963 100644 --- a/SOURCES/kdump.sysconfig.s390x +++ b/SOURCES/kdump.sysconfig.s390x @@ -17,7 +17,7 @@ KDUMP_COMMANDLINE="" # This variable lets us remove arguments from the current kdump commandline # as taken from either KDUMP_COMMANDLINE above, or from /proc/cmdline # NOTE: some arguments such as crashkernel will always be removed -KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet log_buf_len swiotlb prot_virt ignition.firstboot" +KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug quiet log_buf_len swiotlb prot_virt ignition.firstboot zfcp.allow_lun_scan" # This variable lets us append arguments to the current kdump commandline # after processed by KDUMP_COMMANDLINE_REMOVE diff --git a/SOURCES/kdumpctl b/SOURCES/kdumpctl index ba32806..b5bef85 100755 --- a/SOURCES/kdumpctl +++ b/SOURCES/kdumpctl @@ -538,28 +538,22 @@ check_fs_modified() check_system_modified() { local ret + local CONF_ERROR=2 + local CONF_MODIFY=1 + local CONF_NO_MODIFY=0 + local conf_status=$CONF_NO_MODIFY [[ -f $TARGET_INITRD ]] || return 1 - check_files_modified - ret=$? - if [ $ret -ne 0 ]; then - return $ret - fi + for _func in check_files_modified check_fs_modified check_drivers_modified; do + $_func + ret=$? + # return immediately if an error occurred. + [[ $ret -eq "$CONF_ERROR" ]] && return "$ret" + [[ $ret -eq "$CONF_MODIFY" ]] && { conf_status="$CONF_MODIFY"; } + done - check_fs_modified - ret=$? - if [ $ret -ne 0 ]; then - return $ret - fi - - check_drivers_modified - ret=$? - if [ $ret -ne 0 ]; then - return $ret - fi - - return 0 + return $conf_status } check_rebuild() @@ -653,20 +647,7 @@ function load_kdump_kernel_key() return fi - KDUMP_KEY_ID=$(cat /usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer | - keyctl padd asymmetric kernelkey-$RANDOM %:.ima) -} - -# remove a previously loaded key. There's no real security implication -# to leaving it around, we choose to do this because it makes it easier -# to be idempotent and so as to reduce the potential for confusion. -function remove_kdump_kernel_key() -{ - if [ -z "$KDUMP_KEY_ID" ]; then - return - fi - - keyctl unlink $KDUMP_KEY_ID %:.ima + keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer" } # Load the kdump kernel specified in /etc/sysconfig/kdump @@ -679,15 +660,6 @@ load_kdump() KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}") KDUMP_COMMANDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}") - # For secureboot enabled machines, use new kexec file based syscall. - # Old syscall will always fail as it does not have capability to - # to kernel signature verification. - if is_secure_boot_enforced; then - dinfo "Secure Boot is enabled. Using kexec file based syscall." - KEXEC_ARGS="$KEXEC_ARGS -s" - load_kdump_kernel_key - fi - ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL" # The '12' represents an intermediate temporary file descriptor @@ -708,9 +680,7 @@ load_kdump() set +x exec 2>&12 12>&- - remove_kdump_kernel_key - - if [ $ret == 0 ]; then + if [[ $ret == 0 ]]; then dinfo "kexec: loaded kdump kernel" return 0 else @@ -848,7 +818,7 @@ propagate_ssh_key() show_reserved_mem() { - local mem=$(cat /sys/kernel/kexec_crash_size) + local mem=$(get_reserved_mem_size) local mem_mb=$(expr $mem / 1024 / 1024) dinfo "Reserved "$mem_mb"MB memory for crash kernel" @@ -1009,7 +979,13 @@ start_fadump() start_dump() { - if [ $DEFAULT_DUMP_MODE == "fadump" ]; then + # On secure boot enabled Power systems, load kernel signing key on .ima for signature + # verification using kexec file based syscall. + if [[ "$(uname -m)" == ppc64le ]] && is_secure_boot_enforced; then + load_kdump_kernel_key + fi + + if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then start_fadump else load_kdump @@ -1270,7 +1246,7 @@ do_estimate() { # The default value when using crashkernel=auto baseline_size=$((baseline * size_mb)) # Current reserved crashkernel size - reserved_size=$(cat /sys/kernel/kexec_crash_size) + reserved_size=$(get_reserved_mem_size) # A pre-estimated value for userspace usage and kernel # runtime allocation, 64M should good for most cases runtime_size=$((64 * size_mb)) diff --git a/SOURCES/kexec-tools-2.0.24-makedumpfile-Avoid_false_positive_mem_section_validation_with_vmlinux.patch b/SOURCES/kexec-tools-2.0.24-makedumpfile-Avoid_false_positive_mem_section_validation_with_vmlinux.patch deleted file mode 100644 index 8a7dd8a..0000000 --- a/SOURCES/kexec-tools-2.0.24-makedumpfile-Avoid_false_positive_mem_section_validation_with_vmlinux.patch +++ /dev/null @@ -1,76 +0,0 @@ - commit 6d0d95ecc04a70f8448d562ff0fbbae237f5c929 - Author: Kazuhito Hagio - Date: Thu Apr 21 08:58:29 2022 +0900 - - [PATCH] Avoid false-positive mem_section validation with vmlinux - - Currently get_mem_section() validates if SYMBOL(mem_section) is the address - of the mem_section array first. But there was a report that the first - validation wrongly returned TRUE with -x vmlinux and SPARSEMEM_EXTREME - (4.15+) on s390x. This leads to crash failing statup with the following - seek error: - - crash: seek error: kernel virtual address: 67fffc2800 type: "memory section root table" - - Skip the first validation when satisfying the conditions. - - Reported-by: Dave Wysochanski - Signed-off-by: Kazuhito Hagio - Reviewed-and-Tested-by: Philipp Rudo - Reviewed-by: Pingfan Liu - - diff --git a/makedumpfile-1.7.1/makedumpfile.c b/makedumpfile-1.7.1/makedumpfile.c - index a2f45c84cee3ba57ce3d3cf3f1905e6a03f4fd09..65d1c7c2f02c9ae8ead9de0f0217235fe72b3ca7 100644 - --- a/makedumpfile-1.7.1/makedumpfile.c - +++ b/makedumpfile-1.7.1/makedumpfile.c - @@ -3698,6 +3698,22 @@ validate_mem_section(unsigned long *mem_sec, - return ret; - } - - +/* - + * SYMBOL(mem_section) varies with the combination of memory model and - + * its source: - + * - + * SPARSEMEM - + * vmcoreinfo: address of mem_section root array - + * -x vmlinux: address of mem_section root array - + * - + * SPARSEMEM_EXTREME v1 - + * vmcoreinfo: address of mem_section root array - + * -x vmlinux: address of mem_section root array - + * - + * SPARSEMEM_EXTREME v2 (with 83e3c48729d9 and a0b1280368d1) 4.15+ - + * vmcoreinfo: address of mem_section root array - + * -x vmlinux: address of pointer to mem_section root array - + */ - static int - get_mem_section(unsigned int mem_section_size, unsigned long *mem_maps, - unsigned int num_section) - @@ -3710,12 +3726,27 @@ get_mem_section(unsigned int mem_section_size, unsigned long *mem_maps, - strerror(errno)); - return FALSE; - } - + - + /* - + * There was a report that the first validation wrongly returned TRUE - + * with -x vmlinux and SPARSEMEM_EXTREME v2 on s390x, so skip it. - + * Howerver, leave the fallback validation as it is for the -i option. - + */ - + if (is_sparsemem_extreme() && info->name_vmlinux) { - + unsigned long flag = 0; - + if (get_symbol_type_name("mem_section", DWARF_INFO_GET_SYMBOL_TYPE, - + NULL, &flag) - + && !(flag & TYPE_ARRAY)) - + goto skip_1st_validation; - + } - + - ret = validate_mem_section(mem_sec, SYMBOL(mem_section), - mem_section_size, mem_maps, num_section); - - if (!ret && is_sparsemem_extreme()) { - unsigned long mem_section_ptr; - - +skip_1st_validation: - if (!readmem(VADDR, SYMBOL(mem_section), &mem_section_ptr, - sizeof(mem_section_ptr))) - goto out; diff --git a/SOURCES/kexec-tools-2.0.26-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch b/SOURCES/kexec-tools-2.0.26-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch new file mode 100644 index 0000000..2454485 --- /dev/null +++ b/SOURCES/kexec-tools-2.0.26-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch @@ -0,0 +1,72 @@ +From 58553ad03187f0cf208d6c4a0dc026c6338e5edd Mon Sep 17 00:00:00 2001 +From: "Daisuke Hatayama (Fujitsu)" +Date: Wed, 29 Mar 2023 12:44:10 +0000 +Subject: [PATCH] [PATCH] sadump: fix failure of reading memory when 5-level + paging is enabled + +makedumpfile fails as follows for memory dumps collected by sadump +when 5-level paging is enabled on the corresponding systems: + + # makedumpfile -l -d 31 -x ./vmlinux ./dump.sadump dump.sadump-ld31 + __vtop4_x86_64: Can't get a valid pgd. + ...snip... + __vtop4_x86_64: Can't get a valid pgd. + calc_kaslr_offset: failed to calculate kaslr_offset and phys_base; default to 0 + __vtop4_x86_64: Can't get a valid pgd. + readmem: Can't convert a virtual address(ffffffff82fce960) to physical address. + readmem: type_addr: 0, addr:ffffffff82fce960, size:1024 + cpu_online_mask_init: Can't read cpu_online_mask memory. + + makedumpfile Failed. + +This is because 5-level paging support has not been done yet for +sadump; the work of the 5-level paging support was done by the commit +30a3214a7193e94c551c0cebda5918a72a35c589 (PATCH 4/4 arch/x86_64: Add +5-level paging support) but that was focused on the core part only. + +Having said that, most of things has already been finished in the +commit. What needs to be newly added for sadump is just how to check +if 5-level paging is enabled for a given memory dump. + +For that purpose, let's refer to CR4.LA57, bit 12 of CR4, representing +whether 5-level paging is enabled or not. We can do this because +memory dumps collected by sadump have SMRAM as note information and +they include CR4 together with the other control registers. + +Signed-off-by: HATAYAMA Daisuke +--- + sadump_info.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/makedumpfile-1.7.2/sadump_info.c b/makedumpfile-1.7.2/sadump_info.c +index adfa8dc..2c44068 100644 +--- a/makedumpfile-1.7.2/sadump_info.c ++++ b/makedumpfile-1.7.2/sadump_info.c +@@ -1362,6 +1362,7 @@ static int linux_banner_sanity_check(ulong cr3) + #define PTI_USER_PGTABLE_BIT (info->page_shift) + #define PTI_USER_PGTABLE_MASK (1 << PTI_USER_PGTABLE_BIT) + #define CR3_PCID_MASK 0xFFFull ++#define CR4_LA57 (1 << 12) + int + calc_kaslr_offset(void) + { +@@ -1397,6 +1398,8 @@ calc_kaslr_offset(void) + else + cr3 = smram.Cr3 & ~CR3_PCID_MASK; + ++ NUMBER(pgtable_l5_enabled) = !!(smram.Cr4 & CR4_LA57); ++ + /* Convert virtual address of IDT table to physical address */ + idtr_paddr = vtop4_x86_64_pagetable(idtr, cr3); + if (idtr_paddr == NOT_PADDR) { +@@ -1417,6 +1420,7 @@ calc_kaslr_offset(void) + + DEBUG_MSG("sadump: idtr=%" PRIx64 "\n", idtr); + DEBUG_MSG("sadump: cr3=%" PRIx64 "\n", cr3); ++ DEBUG_MSG("sadump: cr4=%" PRIx32 "\n", smram.Cr4); + DEBUG_MSG("sadump: idtr(phys)=%" PRIx64 "\n", idtr_paddr); + DEBUG_MSG("sadump: devide_error(vmlinux)=%lx\n", + divide_error_vmlinux); +-- +2.31.1 + diff --git a/SOURCES/mkdumprd b/SOURCES/mkdumprd index 23013d3..e5c6e06 100644 --- a/SOURCES/mkdumprd +++ b/SOURCES/mkdumprd @@ -29,7 +29,7 @@ SAVE_PATH=$(get_save_path) OVERRIDE_RESETTABLE=0 extra_modules="" -dracut_args="--add kdumpbase --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict -o \"plymouth dash resume ifcfg earlykdump\" --compress=xz" +dracut_args="--add kdumpbase --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict --hostonly-nics '' -o \"plymouth dash resume ifcfg earlykdump\" --compress=xz" readonly MKDUMPRD_TMPDIR="$(mktemp -d -t mkdumprd.XXXXXX)" [ -d "$MKDUMPRD_TMPDIR" ] || perror_exit "dracut: mktemp -p -d -t dracut.XXXXXX failed." @@ -442,7 +442,11 @@ if ! is_fadump_capable; then # so it doesn't affect the logic of check_dump_fs_modified(). is_dump_to_rootfs && add_mount "$(to_dev_name $(get_root_fs_device))" - add_dracut_arg "--no-hostonly-default-device" + add_dracut_arg "--no-hostonly-default-device" + + if fips-mode-setup --is-enabled 2> /dev/null; then + add_dracut_arg --add-device "$(findmnt -n -o SOURCE --target /boot)" + fi fi echo "$dracut_args $@" | xargs dracut diff --git a/SOURCES/rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch b/SOURCES/rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch index a2e1e31..cf726db 100644 --- a/SOURCES/rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch +++ b/SOURCES/rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch @@ -12,10 +12,10 @@ Signed-off-by: Pingfan Liu makedumpfile.h | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) -diff --git a/makedumpfile-1.7.1/arch/arm64.c b/makedumpfile-1.7.1/arch/arm64.c +diff --git a/makedumpfile-1.7.2/arch/arm64.c b/makedumpfile-1.7.2/arch/arm64.c index 1072178..95beae6 100644 ---- a/makedumpfile-1.7.1/arch/arm64.c -+++ b/makedumpfile-1.7.1/arch/arm64.c +--- a/makedumpfile-1.7.2/arch/arm64.c ++++ b/makedumpfile-1.7.2/arch/arm64.c @@ -50,6 +50,7 @@ static int va_bits; static int vabits_actual; static int flipped_va; @@ -51,10 +51,10 @@ index 1072178..95beae6 100644 kimage_voffset = NUMBER(kimage_voffset); info->section_size_bits = SECTIONS_SIZE_BITS; -diff --git a/makedumpfile-1.7.1/makedumpfile.c b/makedumpfile-1.7.1/makedumpfile.c +diff --git a/makedumpfile-1.7.2/makedumpfile.c b/makedumpfile-1.7.2/makedumpfile.c index 3ad4443..018ea4c 100644 ---- a/makedumpfile-1.7.1/makedumpfile.c -+++ b/makedumpfile-1.7.1/makedumpfile.c +--- a/makedumpfile-1.7.2/makedumpfile.c ++++ b/makedumpfile-1.7.2/makedumpfile.c @@ -2417,6 +2417,7 @@ write_vmcoreinfo_data(void) WRITE_NUMBER("HUGETLB_PAGE_DTOR", HUGETLB_PAGE_DTOR); @@ -71,10 +71,10 @@ index 3ad4443..018ea4c 100644 READ_NUMBER("VA_BITS", VA_BITS); READ_NUMBER("TCR_EL1_T1SZ", TCR_EL1_T1SZ); READ_NUMBER_UNSIGNED("PHYS_OFFSET", PHYS_OFFSET); -diff --git a/makedumpfile-1.7.1/makedumpfile.h b/makedumpfile-1.7.1/makedumpfile.h +diff --git a/makedumpfile-1.7.2/makedumpfile.h b/makedumpfile-1.7.2/makedumpfile.h index e59239d..b6236dd 100644 ---- a/makedumpfile-1.7.1/makedumpfile.h -+++ b/makedumpfile-1.7.1/makedumpfile.h +--- a/makedumpfile-1.7.2/makedumpfile.h ++++ b/makedumpfile-1.7.2/makedumpfile.h @@ -2064,6 +2064,7 @@ struct number_table { long phys_base; long KERNEL_IMAGE_SIZE; diff --git a/SOURCES/supported-kdump-targets.txt b/SOURCES/supported-kdump-targets.txt index f540f59..ba20250 100644 --- a/SOURCES/supported-kdump-targets.txt +++ b/SOURCES/supported-kdump-targets.txt @@ -35,7 +35,8 @@ updating lists accordingly. Supported Dump targets ---------------------- storage: - LVM volume (no thinp) + LVM volume + Thin provisioning volume FC disks (qla2xxx, lpfc, bnx2fc, bfa) software initiator based iSCSI software RAID (mdraid) @@ -79,7 +80,6 @@ Unsupported Dump targets ------------------------ storage: BIOS RAID - Thin provisioning volume Software iSCSI with iBFT (bnx2i, cxgb3i, cxgb4i) Software iSCSI with hybrid (be2iscsi) FCoE diff --git a/SPECS/kexec-tools.spec b/SPECS/kexec-tools.spec index df0e907..c273d50 100644 --- a/SPECS/kexec-tools.spec +++ b/SPECS/kexec-tools.spec @@ -1,6 +1,6 @@ Name: kexec-tools -Version: 2.0.25 -Release: 5%{?dist} +Version: 2.0.26 +Release: 14%{?dist} License: GPLv2 Group: Applications/System Summary: The kexec/kdump userspace component @@ -13,7 +13,7 @@ Source4: kdump.sysconfig.i386 Source5: kdump.sysconfig.ppc64 Source7: mkdumprd Source8: gen-kdump-conf.sh -Source9: https://github.com/makedumpfile/makedumpfile/archive/1.7.1.tar.gz +Source9: https://github.com/makedumpfile/makedumpfile/archive/1.7.2.tar.gz Source10: kexec-kdump-howto.txt Source12: mkdumprd.8 Source13: 98-kexec.rules @@ -111,7 +111,7 @@ Patch602: rhelonly-kexec-tools-2.0.18-eppic-fix-issues-with-hardening-flags.patc # Patches 701 onward for makedumpfile Patch701: rhelonly-kexec-tools-2.0.20-makedumpfile-arm64-Add-support-for-ARMv8.2-LVA-52-bi.patch -Patch702: kexec-tools-2.0.24-makedumpfile-Avoid_false_positive_mem_section_validation_with_vmlinux.patch +Patch702: kexec-tools-2.0.26-makedumpfile-sadump-fix-failure-of-reading-memory-when-5-le.patch %description kexec-tools provides /usr/sbin/kexec binary that facilitates a new @@ -164,8 +164,8 @@ cp %{SOURCE31} . make %ifarch %{ix86} x86_64 ppc64 s390x ppc64le aarch64 make -C eppic/libeppic -make -C makedumpfile-1.7.1 LINKTYPE=dynamic USELZO=on USESNAPPY=on USEZSTD=on -make -C makedumpfile-1.7.1 LDFLAGS="$LDFLAGS -I../eppic/libeppic -L../eppic/libeppic" eppic_makedumpfile.so +make -C makedumpfile-1.7.2 LINKTYPE=dynamic USELZO=on USESNAPPY=on USEZSTD=on +make -C makedumpfile-1.7.2 LDFLAGS="$LDFLAGS -I../eppic/libeppic -L../eppic/libeppic" eppic_makedumpfile.so %endif %install @@ -226,13 +226,13 @@ install -m 755 -D %{SOURCE32} $RPM_BUILD_ROOT%{_prefix}/lib/kernel/install.d/60- %ifarch %{ix86} x86_64 ppc64 s390x ppc64le aarch64 -install -m 755 makedumpfile-1.7.1/makedumpfile $RPM_BUILD_ROOT/usr/sbin/makedumpfile -install -m 644 makedumpfile-1.7.1/makedumpfile.8 $RPM_BUILD_ROOT/%{_mandir}/man8/makedumpfile.8 -install -m 644 makedumpfile-1.7.1/makedumpfile.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/makedumpfile.conf.5 -install -m 644 makedumpfile-1.7.1/makedumpfile.conf $RPM_BUILD_ROOT/%{_sysconfdir}/makedumpfile.conf.sample -install -m 755 makedumpfile-1.7.1/eppic_makedumpfile.so $RPM_BUILD_ROOT/%{_libdir}/eppic_makedumpfile.so +install -m 755 makedumpfile-1.7.2/makedumpfile $RPM_BUILD_ROOT/usr/sbin/makedumpfile +install -m 644 makedumpfile-1.7.2/makedumpfile.8 $RPM_BUILD_ROOT/%{_mandir}/man8/makedumpfile.8 +install -m 644 makedumpfile-1.7.2/makedumpfile.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/makedumpfile.conf.5 +install -m 644 makedumpfile-1.7.2/makedumpfile.conf $RPM_BUILD_ROOT/%{_sysconfdir}/makedumpfile.conf.sample +install -m 755 makedumpfile-1.7.2/eppic_makedumpfile.so $RPM_BUILD_ROOT/%{_libdir}/eppic_makedumpfile.so mkdir -p $RPM_BUILD_ROOT/usr/share/makedumpfile/eppic_scripts/ -install -m 644 makedumpfile-1.7.1/eppic_scripts/* $RPM_BUILD_ROOT/usr/share/makedumpfile/eppic_scripts/ +install -m 644 makedumpfile-1.7.2/eppic_scripts/* $RPM_BUILD_ROOT/usr/share/makedumpfile/eppic_scripts/ %endif %define remove_dracut_prefix() %(echo -n %1|sed 's/.*dracut-//g') @@ -396,9 +396,58 @@ done %endif %changelog +* Wed Feb 21 2024 Pingfan Liu - 2.0.26-14 +- dracut-module-setup: Skip initrd-cleanup and initrd-parse-etc in kdump + +* Fri Feb 2 2024 Pingfan Liu - 2.0.26-13 +- dracut-module-setup.sh: also install the driver of physical NIC for Hyper-V VM with accelerated networking + +* Wed Nov 22 2023 Pingfan Liu - 2.0.26-12 +- kdumpctl: Only returns immediately after an error occurs in check_*_modified + +* Thu Nov 9 2023 Pingfan Liu - 2.0.26-11 +- powerpc: update kdumpctl to load kernel signing key for fadump +- powerpc: update kdumpctl to remove deletion of kernel signing key once loaded + +* Tue Sep 26 2023 Pingfan Liu - 2.0.26-10 +- Introduce a function to get reserved memory size + +* Tue Sep 19 2023 Pingfan Liu - 2.0.26-9 +- Add lvm thin provision to kdump supported-kdump-targets.txt + +* Thu Aug 10 2023 Pingfan Liu - 2.0.26-8 +- mkdumprd: Use the correct syntax to redirect the stderr to null +- mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS +- Add NICs that handle DNS queries to the allowlist + +* Wed Jul 12 2023 Pingfan Liu - 2.0.26-7 +- Revert "Revert "Append both nofail and x-systemd.before to kdump mount target" + +* Thu Jun 29 2023 Pingfan Liu - 2.0.26-6 +- dracut-module-setup.sh: skip installing driver for the loopback interface +- Reduce kdump memory consumption by only installing needed NIC drivers + +* Tue Jun 13 2023 Pingfan Liu - 2.0.26-5 +- Revert "Append both nofail and x-systemd.before to kdump mount target" + +* Wed May 31 2023 Pingfan Liu - 2.0.26-4 +- Only rename the virtual Azure Hyper-V network interface + +* Tue May 16 2023 Pingfan Liu - 2.0.26-3 +- Don't rename Azure Hyper-V network interface + +* Thu Apr 20 2023 Pingfan Liu - 2.0.26-2 +- sadump: fix failure of reading memory when 5-level paging is enabled + +* Tue Apr 4 2023 Pingfan Liu - 2.0.25-7 +- Rebase makedumpfile to 1.7.2 + +* Tue Mar 14 2023 Pingfan Liu - 2.0.25-6 +- sysconfig: add zfcp.allow_lun_scan to KDUMP_COMMANDLINE_REMOVE on s390 + * Wed Jan 18 2023 Pingfan Liu - 2.0.25-5 - dracut-module-setup: Fix invalid rd.znet command line entry - dracut-module-setup: Fix persistent nic name on s390 +- dracut-module-setup: Fix invalid rd.znet command line entry +- dracut-module-setup: Fix persistent nic name on s390 * Mon Jan 9 2023 Pingfan Liu - 2.0.25-4 - Don't check fs modified when dump target is lvm2 thinp