Commit Graph

1599 Commits

Author SHA1 Message Date
Tao Liu
91c802ff52 Fix incorrect permissions on kdump dmesg file
Also known as CVE-2021-20269. The kdump dmesg log files(kexec-dmesg.log,
vmcore-dmesg.txt) are generated by shell redirection, which take the
default umask value, making the files readable for group and others.

This patch chmod these files, making them only accessible to owner.

Signed-off-by: Tao Liu <ltao@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-03-23 16:39:18 +08:00
Tao Liu
00785873ef Fix incorrect vmcore permissions when dumped through ssh
Previously when dumping vmcore to a remote machine through ssh,
the files are created remotely and file permissions are taken
from the default umask value, which making the files accessible to
anyone on the remote machine.

This patch fixed the security issue by setting a customized umask value
before the file creation on the remote machine.

Signed-off-by: Tao Liu <ltao@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-03-23 16:10:43 +08:00
Sourabh Jain
6a2e820d87 Stop reloading kdump service on CPU hotplug event for FADump
As FADump does not require an explicit elfcorehdr update whenever there is CPU
hotplug event so let's stop kdump service reload for FADump when CPU hotplug
event is triggered.

A new label is added to handle CPU and memory hotplug events separately. The
updated CPU hotplug event handler make sure that kdump service should not be
reloaded when FADump is configured.

Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Reviewed-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
2021-03-10 16:24:42 +08:00
Zbigniew Jędrzejewski-Szmek
4b7ff283f5 Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:13:34 +01:00
Hari Bathini
da6f381b08 fadump: improve fadump-howto.txt about remote dump target setup
While fadump-howto.txt talks about what happens to network interface
name on setting up a remote dump target in FADump mode, it doesn't
explicitly specify the negative consequences of it. Make it explicit
and provide a recommendation to overcome the same.

Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-02-23 16:18:54 +08:00
Pingfan Liu
596fa0a07f kdumpctl: enable secure boot on ppc64le LPARs
On ppc64le LPAR, secure-boot is a little different from bare metal,
Where
  host secure boot: /ibm,secure-boot/os-secureboot-enforcing DT property exists
while
  guest secure boot: /ibm,secure-boot >= 2

Make kexec-tools adapt to LPAR

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-02-23 09:45:54 +08:00
Coiby Xu
2721f323a9 add dependency on ipcalc
ipcalc is needed for generating 45route-static.conf. However,
on newer Fedora, e.g. 34, dracut-network drops dependency on
dhcp-client which requires ipcalc. Make kexec-tools explicitly
depends on ipcalc.

Reported-by: Jie Li <jieli@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-02-09 17:52:50 +08:00
Kairui Song
7232f5bff2 Release 2.0.21-6
Signed-off-by: Kairui Song <kasong@redhat.com>
2021-02-08 23:22:14 +08:00
fj1508ic@fujitsu.com
f39000f524 Remove trace_buf_size and trace_event from the kernel bootparameters of the kdump kernel
The kdump kernel uses resources for ftrace because trace_buf_size, which
specifies the ring buffer size for ftrace, and trace_event, which specifies
a valid trace event, are not removed, but the kdump kernel does not require
ftrace.

trace_buf_size is ignored if the specified size is 0, so specify 1.

Signed-off-by: Hisashi Nagaoka <fj1508ic@fujitsu.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-02-05 16:06:14 +08:00
Pingfan Liu
18131894b6 kdump-lib.sh: introduce functions to return recommened mem size
There is requirement to decide the recommended memory size for the current
system. And the algorithm is based on /proc/iomem, so it can align with the
algorithm used by reserve_crashkernel() in kernel.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-02-05 16:06:14 +08:00
Fedora Release Engineering
7a0d2aaed5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 15:28:37 +00:00
Kairui Song
33108ef524 Release 2.0.21-4
Signed-off-by: Kairui Song <kasong@redhat.com>
2021-01-22 15:54:11 +08:00
Pingfan Liu
24bbe9c05e dracut-module-setup.sh: enable ForwardToConsole=yes in fadump mode
In fadump mode, it is also useful to observe kdump message through
console. Hence enable it.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-01-22 14:16:17 +08:00
Lianbo Jiang
9462a7d554 kdump.conf: add ipv6 example for nfs and ssh dump
At present, there is no ipv6 example for nfs and ssh dump, let's
add an example to the kdump.conf.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-21 15:36:27 +08:00
Lianbo Jiang
a571b0da9f fix kdump failure of saving vmcore with the scp + ipv6 method
Currently, kdump will fail to save vmcore when using the scp and ipv6.
The reason is that the scp requires IPv6 addresses to be enclosed in
square brackets, but ssh doesn’t require this.

Let's enclose the ipv6 address in square brackets for scp dump.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-21 15:03:20 +08:00
Kairui Song
550f1c4285 Release 2.0.21-3
Signed-off-by: Kairui Song <kasong@redhat.com>
2021-01-20 14:38:54 +08:00
Kairui Song
88f787e1f5 module-setup.sh: don't polute the namespace unnecessarily
Only source kdump libs when building a kdump initramfs.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2021-01-20 14:14:08 +08:00
Kairui Song
d49a5015d8 module-setup.sh: don't source $dracutfunctions
There is no need to source the file manually, dracut will always
prepare the dracut lib before calling a module-setup.sh

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2021-01-20 14:14:03 +08:00
Kairui Song
02202aa70f logger: source the logger file individually
Sourcing logger file in kdump-lib.sh will leak kdump helper to dracut,
because module-setup.sh will source kdump-lib.sh. This will make kdump's
function override dracut's ones, and lead to unexpected behaviours.

So include kdump-logger.sh individually and only source it where it really
needed. for module-setup.sh, simply use dracut's logger helper is good
enough so just source kdump-logger.sh in kdump only scripts.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2021-01-20 14:13:44 +08:00
Kairui Song
e8ef4db8ff Fix dump_fs mount point detection and fallback mount
Simplify the code and fix mount point detection. The code logic is now
much simpler: if $1 is not a mount point, call "mount --target $1" again
to try mount it. "mount --target" cmd itself can handle all the /etc/fstab
parsing job, so drop the buggy and complex bash code.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-14 01:39:02 +08:00
Kairui Song
7f1f8f229f Revert "Don's try to restart dracut-initqueue if it's already failed"
systemctl is-failed will not work after dracut isolated to the emergency
target, so this judgement is invalid. And the restart is basically
harmless, so just revert this commit.

This reverts commit ad6a93b00d.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-14 01:38:58 +08:00
Kairui Song
0843c70672 Revert "Append both nofail and x-systemd.before to kdump mount target"
That commit is trying to workaround a kernel VFS bug. Now,
the VFS issue should have been fixed in all recent releases, so
remove this workaround.

This reverts commit 539bff4083.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-14 01:38:48 +08:00
Lianbo Jiang
50b3b4cb93 Doc: Improve the kdump sysconfig document
Currently, the kdump sysconfig document is missed, let's add it to
the kexec-kdump-howto.txt as a document in order to help users better
understand these options in the /etc/sysconfig/kdump.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-01-12 16:46:44 +08:00
Kairui Song
85c3d6643d kdump.conf: Update doc about core_collector for ssh target
The current inline comment is a bit misleading, ssh dump target don't
need to use scp as core_collector, and when using scp as core_collector,
the vmcore could be huge.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2021-01-12 16:12:32 +08:00
Kairui Song
24c6b3027f Merge #4 Make dracut-squash a weak dep 2021-01-10 19:18:23 +00:00
Kairui Song
fc70351852 Fix a date error in the change log 2021-01-08 11:15:24 +08:00
Kairui Song
ae142da0a6 Release 2.0.20-2
Signed-off-by: Kairui Song <kasong@redhat.com>
2021-01-08 11:08:05 +08:00
Kairui Song
0e540f7328 makedumpfile: make use of 'uts_namespace.name' offset in VMCOREINFO
Backports:

commit 54aec3878b3f91341e6bc735eda158cca5c54ec9
Author: Alexander Egorenkov <egorenar@linux.ibm.com>
Date:   Fri Sep 18 13:55:56 2020 +0200

    [PATCH] make use of 'uts_namespace.name' offset in VMCOREINFO

    * Required for kernel 5.11

    The offset of the field 'init_uts_ns.name' has changed since
    kernel commit 9a56493f6942 ("uts: Use generic ns_common::count").
    Make use of the offset 'uts_namespace.name' if available in
    VMCOREINFO.

    Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>

Signed-off-by: Kairui Song <kasong@redhat.com>
2021-01-08 11:05:05 +08:00
Pingfan Liu
0bd0c5b9f1 kdumpctl: fix a variable expansion in check_fence_kdump_config()
Both $ipaddrs and $node can hold multiple strings, so use "" to brace them.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2021-01-06 13:28:46 +08:00
Tom Stellard
872d6b36de Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-05 22:46:03 +00:00
Lianbo Jiang
cd86148804 Save the final failure information to log file if saving vmcore failed
Currently, if saving vmcore failed, the final failure information won't
be saved to the kexec-dmesg.log, because the action of saving the log
occurs before the final log is printed, it has no chance to save the
log(marked it with the '^^^' below) to the log file(kexec-dmesg.log).
For example:

[1] console log:
[    3.589967] kdump[453]: saving vmcore-dmesg.txt to /sysroot//var/crash/127.0.0.1-2020-11-26-14:19:17/
[    3.627261] kdump[458]: saving vmcore-dmesg.txt complete
[    3.633923] kdump[460]: saving vmcore
[    3.661020] kdump[465]: saving vmcore failed
                           ^^^^^^^^^^^^^^^^^^^^
[2] kexec-dmesg.log:
Nov 26 14:19:17 kvm-06-guest25.hv2.lab.eng.bos.redhat.com kdump[453]: saving vmcore-dmesg.txt to /sysroot//var/crash/127.0.0.1-2020-11-26-14:19:17/
Nov 26 14:19:17 kvm-06-guest25.hv2.lab.eng.bos.redhat.com kdump[458]: saving vmcore-dmesg.txt complete
Nov 26 14:19:17 kvm-06-guest25.hv2.lab.eng.bos.redhat.com kdump[460]: saving vmcore

Let's improve it in order to avoid the loss of important information.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-12-29 17:40:26 +08:00
Kairui Song
7cb4be80cd Release 2.0.20-1
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-12-23 17:41:43 +08:00
Kairui Song
1d5d39f3d4 makedumpfile: printk: use committed/finalized state values
commit 44b073b7ec467aee0d7de381d455b8ace1199184
Author: John Ogness <john.ogness@linutronix.de>
Date:   Wed Nov 25 10:10:31 2020 +0106

    [PATCH 2/2] printk: use committed/finalized state values

    * Required for kernel 5.10

    The ringbuffer entries use 2 state values (committed and finalized)
    rather than a single flag to represent being available for reading.
    Copy the definitions and state lookup function directly from the
    kernel source and use the new states.

    Signed-off-by: John Ogness <john.ogness@linutronix.de>

Signed-off-by: Kairui Song <kasong@redhat.com>
2020-12-23 17:27:10 +08:00
Kairui Song
71e1c651dd makedumpfile: printk: add support for lockless ringbuffer
Backports:

commit c617ec63339222f3a44d73e36677a9acc8954ccd
Author: John Ogness <john.ogness@linutronix.de>
Date:   Thu Nov 19 02:41:21 2020 +0000

    [PATCH 1/2] printk: add support for lockless ringbuffer

    * Required for kernel 5.10

    Linux 5.10 introduces a new lockless ringbuffer. The new ringbuffer
    is structured completely different to the previous iterations.
    Add support for retrieving the ringbuffer from debug information
    and/or using vmcoreinfo. The new ringbuffer is detected based on
    the availability of the "prb" symbol.

    Signed-off-by: John Ogness <john.ogness@linutronix.de>
    Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>

Signed-off-by: Kairui Song <kasong@redhat.com>
2020-12-23 17:26:11 +08:00
Kairui Song
fa9797ec9d dracut-module-setup.sh: Use systemctl call to replace ln_r
systemctl -q --root "$initdir" add-wants X.target X.service is the
recommanded way to add service dependency, and it covers more corner
cases.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-12-15 10:13:08 +08:00
Lianbo Jiang
cd7264705d Doc: improve mkdumprd man page
Currently, when generating a kdump initramfs, mkdumprd will determine
how much disk space is available, if the dump target's available space
is not greater than the total system memory, mkdumprd will print a
warning to remind that there might not be enough space to save a vmcore.

Some users are complaining that mkdumprd overestimates the needed size.
But actually, the warning covers extreme scenarios such as the slab
explodes with non-zero data or a full vmcore, etc. Therefore, need to
prevent users from having minimum disk space for crash dump.

In view of this, add some descriptions to clarify it in mkdumprd man
page.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-12-11 14:05:08 +08:00
Kairui Song
ad6a93b00d Don's try to restart dracut-initqueue if it's already failed
If dracut-initqueue failed in kdump kernel and failure action
is set to dump_to_rootfs, there is no point try again to start the
initqueue. It will also slow down the dump process, and the initqueue
will most like still not work if first attemp failed.

So just try to start sysroot.mount, if it failed, there is no luck.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-12-09 16:06:48 +08:00
Pingfan Liu
eaf0e813a2 dracut-module-setup.sh: use auto6 for ipv6
The parameter either6 is introduced to dracut by
commit 67354eebbcd4c358b8194ba5fd1ab1cf7dbd42aa
Author: Pingfan Liu <piliu@redhat.com>
Date:   Tue Apr 24 16:41:21 2018 +0800

    40network: introduce ip=either6 option

But it turns out needless.

On a sensible ipv6 network environment, DHCPv6 can not work properly alone,
because DHCPv6 protocol has no info about the gateway.

An reasonalbe process of ipv6 address set up should look like
   host send: Router Solicitation
   router reply: Router Advertisements

"Router Advertisements" carries many info like gateway, and if it has
other-config flag set, it carries DNS info etc.  As for DHCPv6 address
allocation, it will only start if "Router Advertisements" has the 'managed'
flag set, which directs the host to start a stateful address allocation
from DHCPv6 server.

For more info:
rfc4861: Neighbor Discovery for IP version 6 (IPv6)
rfc5175: IPv6 Router Advertisement Flags Option

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-12-07 14:59:57 +08:00
Kairui Song
d5e39c9f7b Upload missing source file 2020-11-30 19:37:18 +08:00
Kairui Song
6be14c2bcd Release 2.0.20-21
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-11-30 17:02:40 +08:00
Kairui Song
7d861422fa Rebase makedumpfile to 1.6.8
makedumpfile have moved to Github, so update the upstream URLs.
2020-11-30 16:48:02 +08:00
Hari Bathini
7a77d5a267 fadump-howto: update about 'nocma' and 'off' options for 'fadump=' parameter
Along with 'on' option, 'fadump=' kernel parameter also supports
'nocma' & 'off' options. Update about these missing options in the
fadump-howto.txt document.

Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-11-30 15:29:11 +08:00
Pingfan Liu
6f9235887f module-setup.sh: enable vlan on team interface
Dracut has switch network-legacy to network-manager by default, which makes
vlan on team easy. So it can be enabled.

Testing network topology with two VMs.
VM1
            ens2-\         /----> VLAN8 (192.168.120.50)
                  ---> team0
            ens3-/     (192.168.122.10)

VM2
            ens2-\         /----> VLAN8 (192.168.120.100)
                  ---> team0
            ens3-/      (192.168.122.20)

Both of ens2/ens3 in VM1/VM2 are connected to virbr0.

During test, dump target is set as root@192.168.120.100:/var/crash
then crashing in VM1

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:27:00 +08:00
Kairui Song
9966b0a12e kdump-lib: Fix get_bind_mount_source to support btrfs and fstab
Currently get_bind_mount_source will not work on btrfs, that's because
this function relies on findmnt to detect bind mount.

For a bind mount, findmnt will return different value with "-v" option.

For example, we have /dev/sdc mounted on /mnt/source, and then bind
mount /mnt/source/sub/path to /mnt/bind:

$ findmnt /mnt/bind
  TARGET    SOURCE              FSTYPE OPTIONS
  /mnt/bind /dev/sdc[/sub/path] ext4   rw,relatime,seclabel

$ findmnt -v /mnt/bind
  TARGET    SOURCE   FSTYPE OPTIONS
  /mnt/bind /dev/sdc ext4   rw,relatime,seclabel

But findmnt also return similiar result for btrfs, on a fresh installed
Fedora 33:

$ findmnt /
  TARGET SOURCE           FSTYPE OPTIONS
  /      /dev/sdb7[/root] btrfs  rw,relatime,seclabel,ssd,space_cache,subvolid=256,subvol=/root

$ findmnt -v /
  TARGET SOURCE    FSTYPE OPTIONS
  /      /dev/sdb7 btrfs  rw,relatime,seclabel,ssd,space_cache,subvolid=256,subvol=/root

The [...] indicator will contain the subvol of btrfs as well. And if
it's bind mounted under btrfs, it will contain a mixup of btrfs subvol
and the actuall fsroot.

And also, if the bind mount source device is not mounted on /,
get_bind_mount_source will also not work.

So rewrite the get_bind_mount_source function, make it work in every
cases.

Tested with:
 - Silverblue's bind mount
 - Bind mount with source device mounted not under /
 - Btrfs
 - Bind mount and source device is Btrfs

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-11-30 15:26:53 +08:00
Kairui Song
08d9846eba Make get_mount_info work with bind mount
Remove the --real when calling findmnt.

The option is only useful in capture kernel, to avoid
`findmnt` returning the pseudo 'rootfs' for non mounted path.

example, when /kdumproot/mnt/ is not mounted:
kdump:/# findmnt --target /kdumproot/mnt
TARGET SOURCE FSTYPE OPTIONS
/      rootfs rootfs rw,size=61368k,nr_inodes=15342

kdump:/# findmnt --target /kdumproot/mnt
<return 1 and empty output>

But this function will make findmnt also return empty value for bind
mount. So remove it and add an extra if statement for second kernel.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-11-30 15:26:47 +08:00
Kairui Song
d551516f52 Set watchdog's pretimeout to zero in kdump kernel
Most watchdogs have a parameter pretimeout, if set to non-zero, it means
before the watchdog really reset the system, it will try to panic the
kernel first, so kdump could kick in, or, just print a panic stacktrace
and then kernel should reset it self.

If we are already in kdump kernel, this is not really helpful, only
increase kernel hanging chance. And it also make thing become complex
as some watchdog triggers the kernel panic in NMI context, which
could also hang the kernel in strange ways, and fail the watchdog it
self. So just disable this parameter.

Also for hpwdt, it have another parameter kdumptimeout, which is
just designed for first kernel. The default behaviour is the watchdog
will simply stop working if timeouted, trigger a panic, and leave the
kernel to kdump. Again, if we are already in kdump this is not helpful.
So also disable that.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:25:36 +08:00
Kairui Song
4464bcf8f3 kdump-lib.sh: Use a more generic helper to detect omitted dracut module
Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:25:26 +08:00
Kairui Song
647aa56b53 Fix the watchdog drivers detection code
Currently the watchdog detection code is broken already, it
get the list of active watchdog drivers, then check if they are
set in the /etc/cmdline.d/* as preload module. But after we
switched to use squash module, /etc/cmdline.d/* is not directly visible.

So just detect whether current needed driver is installed.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:25:19 +08:00
Kairui Song
320bd209fe Add a helper for detecting watchdog drivers
Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:25:13 +08:00
Kairui Song
276de0f810 Remove a redundant nfs check
In check_fs_modified, is_nfs_dump_target is already called, the dump
target can't be nfs. No need to check here.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-11-30 15:25:06 +08:00