Commit Graph

31 Commits

Author SHA1 Message Date
Dave Young
afff4dc8a3 kdumpctl: claim that kdump does not support secure boot when service start
Kdump does not support secure boot yet, so let's claim it is not supported
at the begginning of service start function.

In this patch for checking secure boot status I'm checking the efivars per
suggestion from pjones. see in code comments for the details.

Tested in Fedora 19 + qemu ovmf with secure boot enabled.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2014-02-17 12:50:00 +08:00
WANG Chao
590a0c21ab kdumpctl: rebuild kdump initramfs if cluster or fence_kdump config is changed.
If the system is configured fence kdump, we need to update kdump
initramfs if cluster or fence_kdump config is newer.

In RHEL7, cluster config is no longer keeping locally but stored
remotely. Fortunately we can use a pcs tool to retrieve the xml based
config and parse the last changed time from that.

/etc/sysconfig/fence_kdump is used to configure runtime arguments to
fence_kdump_send. So We have to pass the arguments to 2nd kernel.

When cluster config or /etc/sysconfig/fence_kdump is newer than local
kdump initramfs, we must rebuild initramfs to adapt changes in cluster.

For example:

Detected change(s) the following file(s):

  cluster-cib /etc/sysconfig/fence_kdump
Rebuilding /boot/initramfs-xxxkdump.img
[..]

Signed-off-by: WANG Chao <chaowang@redhat.com>
Tested-by: Zhi Zou <zzou@redhat.com>
Tested-by: Marek Grac <mgrac@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2014-01-29 16:20:06 +08:00
WANG Chao
59934ba188 kdumpctl: Avoid leaking fd to subshell
We only allow one instance of kdump service running at each time by
flock /var/lock/kdump which is opened as fd 9 in kdumpctl script.

However a leaking fd issue has been discovered by SELinux:

When executing a specific shell command (not the shell built-in but
provided by other packages, in this case - restorecon) in kdumpctl,
current shell will fork a new subshell for executing and
the subshell will inherit open fd 9 from parent shell. And SELinux
detects that subshell is holding the open fd and consider fd 9 is
leaked.

To avoid this kind of leaking, the most easy way seems to be breaking our
kdumpctl code out into two parts:
- A top level parent shell, which is only used to deal with the lock and
  invoking the subshell below.
- A 2nd tier level subshell, which is closing the inherited open fd at
  very first and doing the rest of the kdumpctl job. So that it isn't
  leaking fd to its subshell when executing like restorecon, etc.

To be easy to understand, the callgraph is roughly like below:
[..]
--> open(9)
--> flock(9)
--> fork
  --> close(9)      <-- we close 9 right here
  --> main()        <-- we're now doing the real job
  --> [..]
  --> fork()
    --> restorecon  <-- we don't leak fd 9 to child process
  --> [..]
--> [..]

As shown above, a wrapper main() is added as the 2nd tier level shell in
this kind of call model. So we can completely avoid leaking fd to
subshell.

Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-11-28 11:39:20 +08:00
Baoquan He
59e28ddf75 Strip inline comments from the kdump config file before use
From: Wade Mealing <wmealing@redhat.com>

The RHEL 5 release of mkdumprd allowed for comments in the kdump config
file as shown below:

net 192.168.1.1 # this is the comment part

This patch strips them out during processing, but leaves the configuration
file in original condition.

Signed-off-by: Wade Mealing <wmealing@redhat.com>
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-09-27 10:09:25 +08:00
WANG Chao
a6f03150e9 kdumpctl: Run multiple kdumpctl instances one by one in serial order
There will be a race condition if multiple kdumpctl instances are
running at the same time.

By introducing a global mutex lock, only one instance can acquire this
lock and run, others will be waiting for the lock in queue. Now each
kdump instance will be run in serial order and there won't any race
condition.

This is a patch backported from RHEL6.

Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2013-09-27 10:07:13 +08:00
WANG Chao
12b86202b5 kernel cmdline: Remove hugepage allocations
2nd kernel has very limited memory. Allocating huge pages will probably
trigger OOM. So let's remove hugepages and hugepagesz kernel parameters
for 2nd kernel when 1st kernel are using them.

If user wants huge pages cmdline in 2nd kernel, he/she can still specify
it through KERNEL_COMMANDLINE_APPEND in /etc/sysconfig/kdump.

This patch adds a new function remove_cmdline_param(). It takes a list
of kernel parameters as its arguments and remove them from given kernel
cmdline.

update:
1. Add description of remove_cmdline_param() per Vivek.
2. Remove_cmdline_param() will take kernel cmdline as $1, then strip it
   and print the result.

Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-08-02 14:55:44 +08:00
dyoung@redhat.com
aa15e6b6dc kdumpctl: add selinux relabel when service startup
Dracut root fs is always mounted, but it's not guaranteed to success
because we are in crash/kdump context. So selinux policy can not only
depends on chroot load_policy.

Per discussion with Vivek and Selinux people, relabel kdump files
when the service restart.

Currently only below cases are considerd:
1. target mounted in 1st kernel
2. target mounted as rw, if user mount it as 'ro' they will have to
   relabel the files by themselves.
3. save path is not masked, this means if /var/crash is mount to another
   disk which is different from dump target it will not visible to user
   so user need manually relabel them.
4. only local filesystem based targets.

Tested on F19 machine.
Tested local fs dump and network dump along with different save path
to address above mentioned cases.

Vivek: use function name is_dump_target_configured
       use getfattr -m "security.selinux" instead of ".*"
Daniel: use restorecon instead of chcon.
dyoung: keep minix in local fs list since it has not been deperacated yet.
Vivek: wrap is_dump_target_configured checking in function path_to_be_relabeled
dyoung: use awk instead of cut to print config value for different
        space delimeters
dyoung: mute df error message: `df $_mnt/$_path 2>/dev/null`

For nfs restorecon, since it will be in 3.11 kernel, we can add it when it's
ok in Fedora.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-06-13 11:28:25 +08:00
dyoung@redhat.com
fe96b47828 add dracut_args option to kdump.conf
mkdumprd call dracut to rebuilding kdump initrd, sometimes passing extra
dracut args is helpful. For example user can enable debug output with
--debug, --printsize to print roughly increased initramfs size by each module,
--omit-drivers to omit kernel modules, etc.

This patch enables dracut_args option for passing extra args to dracut.
Also it modifies add_dracut_arg() to treat a string with-in quote as single
string because for dracut options which has its own args, the args need to be
quoted and space seperated.

If add_dracut_arg() gets an string read from kdump.conf and if that string
contains double quotes, then while converting to positional parameters
those double quotes are not interpreted. Hence if /etc/kdump.conf contains
following.

dracut_args --add-drivers "driver1 driver2"

then add_dracut_args() sees following positional parameters

$1= --add-drivers
$2= "driver1
$3= driver2"

Notice, double quotes have been ignored and parameters have been broken
based on white space.

Modify add_dracut_arg() to look for parameters starting with " and
if one is found, it tries to merge all the next parameters till one
is found with ending double quote. Hence effectively simulating
following behavior.

$1= --add-drivers
$2= "driver1 driver2"

[v1->v2]: address quoted substring in dracut_args, also handle the leading
and ending spaces in substring.
[v2->v3]: fix dracut arguments seperator in kdump.conf.
[v3->v4]: improve changelog, thanks vivek.
[v4->v5]: make the manpage more verbose [vivek].

Tested with below dracut_args test cases:
1. dracut_args --add-drivers "pcspkr virtio_net" --omit-drivers "sdhci-pci hid-logitech-dj e1000"
2. dracut_args --add-drivers "   pcspkr virtio_net   " --omit-drivers "sdhci-pci hid-logitech-dj e1000"

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-04-27 10:44:48 +08:00
Dave Young
dc8e283ff5 Deprecate blacklist option
Current blacklist option is different from the option in rhel6. In current
implementation blacklist just means omit the driver, but it should really
be preventing it being loaded in initramfs.

To keep consistent, just make the option as deprecated. User is suggested
to user dracut kernel cmdline rd.driver.blacklist instead.

[v1->v2]: improve man page description, thanks Vivek.

Tested in kvm guest with rd.driver.blacklist in kdump sysconfig

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-04-02 10:26:39 +08:00
Dave Young
81735539b8 add function to check kdump config file
Add a function check_config to check kdump config file.
1. move multi dump target checking into this function
2. check invalid config options and obsolete config options
3. check null config value.

[v2->v3]: add detail doc about deprecated options in kdump.conf manpage.
[v3->v4]: print out the bad config option in case it is not valid.
[v4->v5]: improve documentation according to comments from Vivek.
[v5->v6]: s/Deprecated/Invalid for invalid config options.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Marc Milgram <mmilgram@redhat.com>
2013-03-14 10:40:13 +08:00
dyoung@redhat.com
69777ccff7 kdumpctl: rename function name check_config
check_config is actually checking the files timestamp and rebuilding initrd.
Rename it to check_rebuild instead thus check_config can be used for checking
config file valid or not.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-03-14 10:38:09 +08:00
Baoquan He
b4b0a27d8a Return to start() function when check_ssh_target failed
In old code, kdumpctl program exit directly when check_ssh_target failed
without printing "Starting kdump: FAILED". Then when manually invoke
"kdumpctl restart", only print "Stopping kdump: OK", but no "Starting
kdump: FAILED". That is unreasonable.

In this patch change check_ssh_target() to return when it failed. Then
check the returned value in start() function and print status if the
returned value is not 0.

Meanwhile change "space" to "tab" in function check_ssh_target(), make
those be consistent with the whole script file.

Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2013-02-27 11:21:04 +08:00
Baoquan He
c8ce08763f kdumpctl:print out the service status
In kdumpctl, some printings are incomplete, like "Starting kdump:" or
"Stopping kdump:". Now add the service status to the end of such kind
of printing.

Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2013-02-27 11:20:18 +08:00
Baoquan He
dd02c559ae Remove useless codes related to LOGGER in kdumpctl
In fedora, systemd take control of services. During bootup and manually
invoke "systemctl restart kdump.service", the standard Output/Error
are all redirected to journal/syslog. Then particular LOGGER is useless
in kdumpctl.

In this patch, remove codes related to LOGGER. But for noticing user,
trying to add substituted printing to Standard Output/Err.

Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2013-02-27 11:19:52 +08:00
dyoung@redhat.com
c616b97dfb get MEM_RESERVED from sysfs attribute
Resolves: bz866357

MEM_RESERVED is for checking if crash memory is reserved or not.
Originally it use /proc/iomem for x86, parsing /proc/cmdline for ppc.
This cause problems for crashkernel=auto, because it does not fit for
the regular expression of [0-9]\+[MmKkGg]@[0-9]\+[MmGgKk]

Fix this by use /sys/kernel/kexec_crash_size for all arches.
After the fix the code is more clear than before.

[v1->v2] vivek: add space between "crash kernel"; remove misleading warning.

Tested-by: Chao Wang <chaowang@redhat.com>
Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-11-16 14:14:35 +08:00
Dave Young
f3914a98a6 kdump option space checking improvement
We can use not only space but also tab as whitespace,
so s/\ /[[:blank:]] for checking the whitespace

The last commit is intend for checking multiple dump target,
and differentiate ssh and sshkey options. This issue is only
for ssh, so no need to add [[:blank:]] for other dump types to
create a very long code line.

[v1->v2]: use [[:blank:]] instead of [[:space:]]
see expanation in below doc:
http://en.wikipedia.org/wiki/Regular_expression#POSIX_character_classes
[:blank:] 	[ \t] 	Space and tab
[:space:]	[ \t\r\n\v\f] 	Whitespace characters

Tested the [:blank:] works well as [:space:]

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
CC: Cong Wang <amwang@redhat.com>
2012-11-16 14:06:26 +08:00
Dave Young
d17cf94ea9 kdumpctl: multi dump target checking fix
Resolves: bz867703

For both ssh and sshkey specified in kdump.conf, we will error out:
[..]
+ start
+ local nr
++ awk 'BEGIN{cnt=0} /^raw|^ssh|^nfs|^ext[234]|^xfs|^btrfs|^minix/{cnt++} END{print cnt}' /etc/kdump.conf
+ nr=2
+ '[' 2 -gt 1 ']'
+ echo -n 'Error: More than one dump targets specified'
Error: More than one dump targets specified+ echo

Fix this by Improving the patterns for multi dump targes checking
with one more space.

Thanks ChaoWang for catching this and providing the fix.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-11-05 16:55:15 +08:00
Dave Young
93e13c118b port force_rebuild kdump.conf option
Add force_rebuild option in kdump.conf

Some user need always force rebuild the dumprd, add an kdump.conf
option force_rebuild here. If force_rebuild is set to 1
kdump initrd will be rebuilt every time then the service starts.

Testing:
Tested below cases:
force_rebuild
force_rebuild 0
force_rebuild 1
force_rebuild 2

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-08-07 13:21:36 +08:00
Dave Young
b47c0915d2 refactor net option
Currently net options means either nfs or ssh dump.
Better to split these two into standalone options. That's more clear to user.

after the split, ssh dump need user specify "ssh user@host"
nfs dump need user specify "nfs host:nfsshare"

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-07-23 15:31:28 +08:00
Dave Young
f75f34b8a9 ssh propagate alert message fix
we now switched to systemd, 'service kdump propagate' does not work anymore.
update the alert message to use 'kdumpctl propagate'
vivek: update kexec-kdump-howto.txt as well.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-07-12 11:15:36 +08:00
Dave Young
e444daa5ac shell exit value fix
exit the saved $? instead of the wrong one after echo line
v1->v2: vivek, save the return value instead of exit 1

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-07-12 11:15:35 +08:00
Dave Young
4e4a173698 Add kdump_post and kdump_pre support
Original patch is from Amerigo, but it has changed a lot:
remove multi dump
refreshed with latest git for the dump instruction function restructure
fixed the behavior of do_kdump_pre, if kdump_pre fails it will reboot
update the docs
check the existance and executable of kdump_pre/post files,
also check the timestamp of them for rebuilding.

refresh patch,
Address comments from vivek:
s/hush/bash in docs
fix the copy-paste error in kdump post error message
s/reboot\/halt/reboot in kexec-kdump-howto.txt

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-06-14 09:57:30 +08:00
Dave Young
836815ff67 Port check_config from rhel6
Resolves: bz805778

Simply the logic and optimize the code

Move check_exist, check_executable, rebuild_initrd to functions

remove BOOTDIR which is not used

Note: There might be modules which are newer than last built initramfs,
we always rebuild the initramfs when extra_moduels= is specified.

Signed-off-by: Dave Young <dyoung@redhat.com>
2012-06-14 09:57:27 +08:00
Dave Young
d6cc7ff7dc makedumprd: remove -d
-d option is not implemented and unused, remove it from mkdumprd

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-06-06 16:24:23 +08:00
Dave Young
24eaa7da8f port raw dump from rhel6 [v7]
Resolves: bz805783

kdumpctl: save_raw if found vmcore
mkdumprd: checking available size of raw disk
dracut module: do the dumping

Note, add a dir /kdumpscripts for monitor_dd_progress and future
kdump scripts
[v1->v2]: monitor_dd_process become a script instead of a function
          add missed utils
          use pipe with dc
[v2->v3]: Don: fix dd_progress_file typo
          Vivek: move [ -f $conf_file ] earlier
                 don't split keyfile= and [ -f keyfile ]
                 move default core_collector earlier
                 move non-makedumpfile warnings to mkdumprd
                 make check available size a common function
          Amerigo: use less pipe for grep then awk print
                   use shell (( )) instead of dc
          use cut instead of awk
          no need install dc and awk
          make DD_BLKSIZE a variable
          don't add 0755 file in git, chmod in module-setup.sh
[v3->v4]: vivek: kdumpctl multi raw target handling
          monitor_dd_progress- fix wrong size calculation:
          the tail -1 of dd pregress file is in bytes instead of blocks
          only print the whole dd src file size for non-filtered case
          check [ -b raw target device ] before dump
[v4->v5]: vivek: move check [ -b $1 ] before monitor_dd_progress
          remove multi target function
[v5->v6]: vivek: only warning for raw dump of non-makedumpfile core_collector
[v6->v7]: kdumpctl should return 0 when there's no raw target

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-05-02 10:06:51 +08:00
Dave Young
b71fc17869 remove multi dump [v2]
remove multi dump

Resolves: bz816859

multi dump was not written as a failsafe dump. Also it was not really tested.
It introduced more complexity in the early phase of porting plenty of rhel6
functions, so we'd remove it and concentrate on the base functionalities.

[v1->v2]: vivek: better error message

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2012-05-02 10:06:47 +08:00
Chao Wang
f590d235e0 Handle net option for nfs in kdump.conf correctly
Resolve: bug 807521

The fix is easy.

Command sed should be called with option -n to remain slience when DUMP_TARGET
is a nfs server like 'nfs.server:/mnt/testarea/nfs'.

Then nfs function check_ssh_config will return 1 to not to config nfs like a
ssh dump

Signed-off-by: Chao Wang <chaowang@redhat.com>
2012-03-30 11:36:51 +08:00
Dave Young
ba0aa24316 Add ssh dump support
Add ssh dump support

changes including below items:
1. sshkey option
2. sshkey propagate
3. fix a bug of  _server ip calculation for dump target string
4. change the prefix of kdump hook from 93 to 01 to avoid dhclient and
   other cleanups happening before us
5. enable network with dracut cmdline rd.neednet=1 when there's network
   target config

[v1 - v2]:
Only check_ssh_target when there's ssh dump target in kdump config file

[v2 -> v3]
style fixes: trailing spaces and space before tab indent
remove set -x
simply check_ssh_target
use awk to get sshkey option value
change pivot hook order to 0000

Signed-off-by: Dave Young <dyoung@redhat.com>
2012-02-22 14:12:57 +08:00
Amerigo Wang
0ce85b362d kexec-tools: rename initrd to initramfs 2011-07-27 18:05:04 +08:00
Amerigo Wang
4a7c912848 kdumpctl: remove obsolete code 2011-07-25 18:04:32 +08:00
Neil Horman
10c91a1493 Removing sysvinit files 2011-07-06 15:25:34 -04:00