rpms/kexec-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4fa17b2ee4
kexec-tools/kdumpctl
Nayna Jain 4fa17b2ee4 powerpc: update kdumpctl to load kernel signing key for fadump 
On secure boot enabled systems with static keys, kexec with kexec_file_load(-s)
fails as "Permission Denied" when fadump is enabled.

Similar to kdump, load kernel signing key for fadump as well.

Reported-by: Sachin P Bappalige <sachinpb@linux.vnet.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2023-10-10 08:42:01 +08:00

1752 lines
43 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
KEXEC=/sbin/kexec
KDUMP_KERNELVER=""
KDUMP_KERNEL=""
KDUMP_COMMANDLINE=""
KEXEC_ARGS=""
KDUMP_LOG_PATH="/var/log"
MKDUMPRD="/sbin/mkdumprd -f"
MKFADUMPRD="/sbin/mkfadumprd"
DRACUT_MODULES_FILE="/usr/lib/dracut/modules.txt"
DEFAULT_INITRD=""
DEFAULT_INITRD_BAK=""
INITRD_CHECKSUM_LOCATION=""
KDUMP_INITRD=""
TARGET_INITRD=""
#kdump shall be the default dump mode
DEFAULT_DUMP_MODE="kdump"
standard_kexec_args="-d -p"
# Some default values in case /etc/sysconfig/kdump doesn't include
KDUMP_COMMANDLINE_REMOVE="hugepages hugepagesz slub_debug"
declare -A OPT
if [[ -f /etc/sysconfig/kdump ]]; then
. /etc/sysconfig/kdump
fi
[[ $dracutbasedir ]] || dracutbasedir=/usr/lib/dracut
# shellcheck source=/dev/null
. "$dracutbasedir"/dracut-functions.sh
if [[ ${__SOURCED__:+x} ]]; then
KDUMP_LIB_PATH=.
else
KDUMP_LIB_PATH=/lib/kdump
fi
# shellcheck source=./kdump-lib.sh
. $KDUMP_LIB_PATH/kdump-lib.sh
# shellcheck source=./kdump-logger.sh
. $KDUMP_LIB_PATH/kdump-logger.sh
#initiate the kdump logger
if ! dlog_init; then
echo "failed to initiate the kdump logger."
exit 1
fi
KDUMP_TMPDIR=$(mktemp --tmpdir -d kdump.XXXX)
trap '
ret=$?;
rm -rf "$KDUMP_TMPDIR"
exit $ret;
' EXIT
_get_dracut_arg()
{
local shortopt longopt n tmp
local -a _opt _ret
shortopt=$1; shift
longopt=$1; shift
n=0
if [[ -n $shortopt ]]; then
_opt+=(-o "${shortopt#-}:")
else
# getopt requires the -o/--option to be set.
_opt+=(-o "")
fi
[[ -n $longopt ]] && _opt+=(--long "${longopt#--}:")
# make sure bash didn't break quoting
eval set -- "$*"
tmp=$(
unset POSIXLY_CORRECT
getopt -q "${_opt[@]}" -- "$@"
)
eval set -- "$tmp"
while :; do
case $1 in
"$shortopt"|"$longopt")
_ret+=("$2"); shift
n=$((n+1))
;;
--|*)
break
;;
esac
shift
done
echo "${_ret[@]}"
return $n
}
is_dracut_mod_omitted()
{
local mod omitted
mod=$1
omitted=$(_get_dracut_arg -o --omit "${OPT[dracut_args]}")
[[ " $omitted " == *" $mod "* ]]
}
single_instance_lock()
{
local rc timeout=5 lockfile
if [[ -d /run/lock ]]; then
lockfile=/run/lock/kdump
else
# when updating package using virt-customize, /run/lock doesn't exist
lockfile=/tmp/kdump.lock
fi
if ! exec 9> $lockfile; then
derror "Create file lock failed"
exit 1
fi
flock -n 9
rc=$?
while [[ $rc -ne 0 ]]; do
dinfo "Another app is currently holding the kdump lock; waiting for it to exit..."
flock -w $timeout 9
rc=$?
done
}
determine_dump_mode()
{
# Check if firmware-assisted dump is enabled
# if yes, set the dump mode as fadump
if is_fadump_capable; then
dinfo "Dump mode is fadump"
DEFAULT_DUMP_MODE="fadump"
fi
ddebug "DEFAULT_DUMP_MODE=$DEFAULT_DUMP_MODE"
}
rebuild_fadump_initrd()
{
if ! $MKFADUMPRD "$DEFAULT_INITRD_BAK" "$TARGET_INITRD" --kver "$KDUMP_KERNELVER"; then
derror "mkfadumprd: failed to make fadump initrd"
return 1
fi
sync -f "$TARGET_INITRD"
return 0
}
check_earlykdump_is_enabled()
{
grep -q -w "rd.earlykdump" /proc/cmdline
}
rebuild_kdump_initrd()
{
ddebug "rebuild kdump initrd: $MKDUMPRD $TARGET_INITRD $KDUMP_KERNELVER"
if ! $MKDUMPRD "$TARGET_INITRD" "$KDUMP_KERNELVER"; then
derror "mkdumprd: failed to make kdump initrd"
return 1
fi
if check_earlykdump_is_enabled; then
dwarn "Tips: If early kdump is enabled, also require rebuilding the system initramfs to make the changes take effect for early kdump."
fi
sync -f "$TARGET_INITRD"
return 0
}
rebuild_initrd()
{
dinfo "Rebuilding $TARGET_INITRD"
if [[ ! -w $(dirname "$TARGET_INITRD") ]]; then
derror "$(dirname "$TARGET_INITRD") does not have write permission. Cannot rebuild $TARGET_INITRD"
return 1
fi
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
rebuild_fadump_initrd
else
rebuild_kdump_initrd
fi
}
#$1: the files to be checked with IFS=' '
check_exist()
{
for file in $1; do
if [[ ! -e $file ]]; then
derror "Error: $file not found."
return 1
fi
done
}
#$1: the files to be checked with IFS=' '
check_executable()
{
for file in $1; do
if [[ ! -x $file ]]; then
derror "Error: $file is not executable."
return 1
fi
done
}
backup_default_initrd()
{
ddebug "backup default initrd: $DEFAULT_INITRD"
if [[ ! -f $DEFAULT_INITRD ]]; then
return
fi
if [[ ! -e $DEFAULT_INITRD_BAK ]]; then
dinfo "Backing up $DEFAULT_INITRD before rebuild."
# save checksum to verify before restoring
sha1sum "$DEFAULT_INITRD" > "$INITRD_CHECKSUM_LOCATION"
if ! cp "$DEFAULT_INITRD" "$DEFAULT_INITRD_BAK"; then
dwarn "WARNING: failed to backup $DEFAULT_INITRD."
rm -f -- "$INITRD_CHECKSUM_LOCATION"
rm -f -- "$DEFAULT_INITRD_BAK"
fi
fi
}
restore_default_initrd()
{
ddebug "restore default initrd: $DEFAULT_INITRD"
if [[ ! -f $DEFAULT_INITRD ]]; then
return
fi
# If a backup initrd exists, we must be switching back from
# fadump to kdump. Restore the original default initrd.
if [[ -f $DEFAULT_INITRD_BAK ]] && [[ -f $INITRD_CHECKSUM_LOCATION ]]; then
# verify checksum before restoring
backup_checksum=$(sha1sum "$DEFAULT_INITRD_BAK" | awk '{ print $1 }')
default_checksum=$(awk '{ print $1 }' "$INITRD_CHECKSUM_LOCATION")
if [[ $default_checksum != "$backup_checksum" ]]; then
dwarn "WARNING: checksum mismatch! Can't restore original initrd.."
else
rm -f "$INITRD_CHECKSUM_LOCATION"
if mv "$DEFAULT_INITRD_BAK" "$DEFAULT_INITRD"; then
derror "Restoring original initrd as fadump mode is disabled."
sync -f "$DEFAULT_INITRD"
fi
fi
fi
}
_set_config()
{
local opt=$1
local val=$2
if [[ -z $val ]]; then
derror "Invalid kdump config value for option '$opt'"
return 1
fi
if [[ -n ${OPT[$opt]} ]]; then
if [[ $opt == _target ]] || [[ $opt == _fstype ]]; then
derror "More than one dump targets specified"
else
derror "Duplicated kdump config value of option $opt"
fi
return 1
fi
OPT[$opt]="$val"
}
parse_config()
{
while read -r config_opt config_val; do
case "$config_opt" in
dracut_args)
if [[ $config_val == *--mount* ]]; then
if [[ $(echo "$config_val" | grep -o -- "--mount" | wc -l) -ne 1 ]]; then
derror 'Multiple mount targets specified in one "dracut_args".'
return 1
fi
_set_config _fstype "$(get_dracut_args_fstype "$config_val")" || return 1
_set_config _target "$(get_dracut_args_target "$config_val")" || return 1
fi
;;
raw)
if [[ -d "/proc/device-tree/ibm,opal/dump" ]]; then
dwarn "WARNING: Won't capture opalcore when 'raw' dump target is used."
fi
_set_config _fstype "$config_opt" || return 1
config_opt=_target
;;
ext[234] | minix | btrfs | xfs | nfs | ssh | virtiofs)
_set_config _fstype "$config_opt" || return 1
config_opt=_target
;;
sshkey)
if [[ -z $config_val ]]; then
derror "Invalid kdump config value for option '$config_opt'"
return 1
elif [[ -f $config_val ]]; then
config_val=$(/usr/bin/readlink -m "$config_val")
else
dwarn "WARNING: '$config_val' doesn't exist, using default value '$DEFAULT_SSHKEY'"
config_val=$DEFAULT_SSHKEY
fi
;;
default)
dwarn "WARNING: Option 'default' was renamed 'failure_action' and will be removed in the future."
dwarn "Please update $KDUMP_CONFIG_FILE to use option 'failure_action' instead."
_set_config failure_action "$config_val" || return 1
;;
path | core_collector | kdump_post | kdump_pre | extra_bins | extra_modules | failure_action | final_action | force_rebuild | force_no_rebuild | fence_kdump_args | fence_kdump_nodes | auto_reset_crashkernel) ;;
net | options | link_delay | disk_timeout | debug_mem_level | blacklist)
derror "Deprecated kdump config option: $config_opt. Refer to kdump.conf manpage for alternatives."
return 1
;;
'')
continue
;;
*)
derror "Invalid kdump config option $config_opt"
return 1
;;
esac
_set_config "$config_opt" "$config_val" || return 1
done <<< "$(kdump_read_conf)"
OPT[path]=${OPT[path]:-$DEFAULT_PATH}
OPT[sshkey]=${OPT[sshkey]:-$DEFAULT_SSHKEY}
check_failure_action_config || return 1
check_final_action_config || return 1
check_fence_kdump_config || return 1
check_ssh_config || return 1
return 0
}
# get_pcs_cluster_modified_files <image timestamp>
# return list of modified file for fence_kdump modified in Pacemaker cluster
get_pcs_cluster_modified_files()
{
local time_stamp
local modified_files
local image_time
is_generic_fence_kdump && return 1
is_pcs_fence_kdump || return 1
image_time=$1
time_stamp=$(pcs cluster cib | xmllint --xpath 'string(/cib/@cib-last-written)' - | xargs -0 date +%s --date)
if [[ -n $time_stamp ]] && [[ $time_stamp -gt $image_time ]]; then
modified_files="cluster-cib"
fi
if [[ -f $FENCE_KDUMP_CONFIG_FILE ]]; then
time_stamp=$(stat -c "%Y" "$FENCE_KDUMP_CONFIG_FILE")
if [[ $time_stamp -gt $image_time ]]; then
modified_files="$modified_files $FENCE_KDUMP_CONFIG_FILE"
fi
fi
echo "$modified_files"
}
setup_initrd()
{
if ! prepare_kdump_bootinfo; then
derror "failed to prepare for kdump bootinfo."
return 1
fi
DEFAULT_INITRD_BAK="$KDUMP_BOOTDIR/.$(basename "$DEFAULT_INITRD").default"
INITRD_CHECKSUM_LOCATION="$DEFAULT_INITRD_BAK.checksum"
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
TARGET_INITRD="$DEFAULT_INITRD"
# backup initrd for reference before replacing it
# with fadump aware initrd
backup_default_initrd
else
TARGET_INITRD="$KDUMP_INITRD"
# check if a backup of default initrd exists. If yes,
# it signifies a switch from fadump mode. So, restore
# the backed up default initrd.
restore_default_initrd
fi
}
check_files_modified()
{
local modified_files=""
local image_time
image_time=$(stat -c "%Y" "$TARGET_INITRD" 2> /dev/null)
#also rebuild when Pacemaker cluster conf is changed and fence kdump is enabled.
modified_files=$(get_pcs_cluster_modified_files "$image_time")
EXTRA_BINS=${OPT[kdump_post]}
CHECK_FILES=${OPT[kdump_pre]}
HOOKS="/etc/kdump/post.d/ /etc/kdump/pre.d/"
if [[ -d /etc/kdump/post.d ]]; then
for file in /etc/kdump/post.d/*; do
if [[ -x $file ]]; then
POST_FILES="$POST_FILES $file"
fi
done
fi
if [[ -d /etc/kdump/pre.d ]]; then
for file in /etc/kdump/pre.d/*; do
if [[ -x $file ]]; then
PRE_FILES="$PRE_FILES $file"
fi
done
fi
HOOKS="$HOOKS $POST_FILES $PRE_FILES"
CORE_COLLECTOR=$(echo "${OPT[core_collector]}" | awk '{print $1}')
CORE_COLLECTOR=$(type -P "$CORE_COLLECTOR")
# POST_FILES and PRE_FILES are already checked against executable, need not to check again.
EXTRA_BINS="$EXTRA_BINS $CHECK_FILES"
CHECK_FILES=${OPT[extra_bins]}
EXTRA_BINS="$EXTRA_BINS $CHECK_FILES"
files="$KDUMP_CONFIG_FILE $KDUMP_KERNEL $EXTRA_BINS $CORE_COLLECTOR"
[[ -e /etc/fstab ]] && files="$files /etc/fstab"
# Check for any updated extra module
EXTRA_MODULES="${OPT[extra_modules]}"
if [[ -n $EXTRA_MODULES ]]; then
if [[ -e /lib/modules/$KDUMP_KERNELVER/modules.dep ]]; then
files="$files /lib/modules/$KDUMP_KERNELVER/modules.dep"
fi
for _module in $EXTRA_MODULES; do
if _module_file="$(modinfo --set-version "$KDUMP_KERNELVER" --filename "$_module" 2> /dev/null)"; then
files="$files $_module_file"
for _dep_modules in $(modinfo -F depends "$_module" | tr ',' ' '); do
files="$files $(modinfo --set-version "$KDUMP_KERNELVER" --filename "$_dep_modules" 2> /dev/null)"
done
else
# If it's not a module nor builtin, give an error
if ! (modprobe --set-version "$KDUMP_KERNELVER" --dry-run "$_module" &> /dev/null); then
dwarn "Module $_module not found"
fi
fi
done
fi
# HOOKS is mandatory and need to check the modification time
files="$files $HOOKS"
is_lvm2_thinp_dump_target && files="$files $LVM_CONF"
check_exist "$files" && check_executable "$EXTRA_BINS" || return 2
for file in $files; do
if [[ -e $file ]]; then
time_stamp=$(stat -c "%Y" "$file")
if [[ $time_stamp -gt $image_time ]]; then
modified_files="$modified_files $file"
fi
if [[ -L $file ]]; then
file=$(readlink -m "$file")
time_stamp=$(stat -c "%Y" "$file")
if [[ $time_stamp -gt $image_time ]]; then
modified_files="$modified_files $file"
fi
fi
else
dwarn "$file doesn't exist"
fi
done
if [[ -n $modified_files ]]; then
dinfo "Detected change(s) in the following file(s): $modified_files"
return 1
fi
return 0
}
check_drivers_modified()
{
local _target _new_drivers _old_drivers _module_name _module_filename
# If it's dump target is on block device, detect the block driver
_target=$(get_block_dump_target)
if [[ -n $_target ]]; then
# shellcheck disable=SC2317
_record_block_drivers()
{
local _drivers
_drivers=$(udevadm info -a "/dev/block/$1" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p')
for _driver in $_drivers; do
if ! [[ " $_new_drivers " == *" $_driver "* ]]; then
_new_drivers="$_new_drivers $_driver"
fi
done
ddebug "MAJ:MIN=$1 drivers='$_drivers'"
}
check_block_and_slaves_all _record_block_drivers "$(get_maj_min "$_target")"
fi
# Include watchdog drivers if watchdog module is not omitted
is_dracut_mod_omitted watchdog || _new_drivers+=" $(get_watchdog_drvs)"
[[ -z $_new_drivers ]] && return 0
if is_fadump_capable; then
_old_drivers="$(lsinitrd "$TARGET_INITRD" -f /usr/lib/dracut/fadump-kernel-modules.txt | tr '\n' ' ')"
else
_old_drivers="$(lsinitrd "$TARGET_INITRD" -f /usr/lib/dracut/hostonly-kernel-modules.txt | tr '\n' ' ')"
fi
ddebug "Modules required for kdump: '$_new_drivers'"
ddebug "Modules included in old initramfs: '$_old_drivers'"
for _driver in $_new_drivers; do
# Skip deprecated/invalid driver name or built-in module
_module_name=$(modinfo --set-version "$KDUMP_KERNELVER" -F name "$_driver" 2> /dev/null)
_module_filename=$(modinfo --set-version "$KDUMP_KERNELVER" -n "$_driver" 2> /dev/null)
if [[ -z $_module_name ]] || [[ -z $_module_filename ]] || [[ $_module_filename == *"(builtin)"* ]]; then
continue
fi
if ! [[ " $_old_drivers " == *" $_module_name "* ]]; then
dinfo "Detected change in block device driver, new loaded module: $_module_name"
return 1
fi
done
}
check_fs_modified()
{
local _old_dev _old_mntpoint _old_fstype
local _new_dev _new_mntpoint _new_fstype
local _target _dracut_args
# No need to check in case of mount target specified via "dracut_args".
if is_mount_in_dracut_args; then
return 0
fi
# No need to check in case of raw target.
# Currently we do not check also if ssh/nfs/virtiofs/thinp target is specified
if is_ssh_dump_target || is_nfs_dump_target || is_raw_dump_target ||
is_virtiofs_dump_target || is_lvm2_thinp_dump_target; then
return 0
fi
_target=$(get_block_dump_target)
_new_fstype=$(get_fs_type_from_target "$_target")
if [[ -z $_target ]] || [[ -z $_new_fstype ]]; then
derror "Dump target is invalid"
return 2
fi
ddebug "_target=$_target _new_fstype=$_new_fstype"
_new_dev=$(kdump_get_persistent_dev "$_target")
if [[ -z $_new_dev ]]; then
perror "Get persistent device name failed"
return 2
fi
_new_mntpoint="$(get_kdump_mntpoint_from_target "$_target")"
_dracut_args=$(lsinitrd "$TARGET_INITRD" -f usr/lib/dracut/build-parameter.txt)
if [[ -z $_dracut_args ]]; then
dwarn "Warning: No dracut arguments found in initrd"
return 0
fi
# if --mount argument present then match old and new target, mount
# point and file system. If any of them mismatches then rebuild
if echo "$_dracut_args" | grep -q -- "--mount"; then
# shellcheck disable=SC2046
set -- $(echo "$_dracut_args" | awk -F "--mount '" '{print $2}' | cut -d' ' -f1,2,3)
_old_dev=$1
_old_mntpoint=$2
_old_fstype=$3
[[ $_new_dev == "$_old_dev" && $_new_mntpoint == "$_old_mntpoint" && $_new_fstype == "$_old_fstype" ]] && return 0
# otherwise rebuild if target device is not a root device
else
[[ $_target == "$(get_root_fs_device)" ]] && return 0
fi
dinfo "Detected change in File System"
return 1
}
# returns 0 if system is not modified
# returns 1 if system is modified
# returns 2 if an error occurred
is_system_modified()
{
local ret
[[ -f $TARGET_INITRD ]] || return 1
# in case of fadump mode, check whether the default/target initrd is
# already built with dump capture capability
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
if ! lsinitrd -f $DRACUT_MODULES_FILE "$TARGET_INITRD" | grep -q -e ^kdumpbase$ -e ^zz-fadumpinit$; then
dinfo "Rebuild $TARGET_INITRD with dump capture support"
return 1
fi
fi
check_files_modified || return
check_fs_modified || return
check_drivers_modified
}
# need_initrd_rebuild - check whether the initrd needs to be rebuild
# Returns:
# 0 if does not need to be rebuild
# 1 if it needs to be rebuild
# 2 if an error occurred
need_initrd_rebuild()
{
local force_rebuild force_no_rebuild
force_no_rebuild=${OPT[force_no_rebuild]:-0}
if [[ $force_no_rebuild != "0" ]] && [[ $force_no_rebuild != "1" ]]; then
derror "Error: force_no_rebuild value is invalid"
return 2
fi
force_rebuild=${OPT[force_rebuild]:-0}
if [[ $force_rebuild != "0" ]] && [[ $force_rebuild != "1" ]]; then
derror "Error: force_rebuild value is invalid"
return 2
fi
if [[ $force_no_rebuild == "1" && $force_rebuild == "1" ]]; then
derror "Error: force_rebuild and force_no_rebuild are enabled simultaneously in kdump.conf"
return 2
fi
if [[ $force_no_rebuild == "1" ]]; then
return 0
fi
if [[ $force_rebuild == "1" ]]; then
dinfo "Force rebuild $TARGET_INITRD"
return 1
fi
if [[ ! -f $TARGET_INITRD ]]; then
dinfo "No kdump initial ramdisk found."
return 1
fi
is_system_modified
}
# On ppc64le LPARs, the keys trusted by firmware do not end up in
# .builtin_trusted_keys. So instead, add the key to the .ima keyring
function load_kdump_kernel_key()
{
# this is only called inside is_secure_boot_enforced,
# no need to retest
# this is only required if DT /ibm,secure-boot is a file.
# if it is a dir, we are on OpenPower and don't need this.
if ! [[ -f /proc/device-tree/ibm,secure-boot ]]; then
return
fi
keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer"
}
# Load the kdump kernel specified in /etc/sysconfig/kdump
# If none is specified, try to load a kdump kernel with the same version
# as the currently running kernel.
load_kdump()
{
local ret uki
KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
KDUMP_COMMANDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}")
if is_uki "$KDUMP_KERNEL"; then
uki=$KDUMP_KERNEL
KDUMP_KERNEL=$KDUMP_TMPDIR/vmlinuz
objcopy -O binary --only-section .linux "$uki" "$KDUMP_KERNEL"
sync -f "$KDUMP_KERNEL"
# Make sure the temp file has the correct SELinux label.
# Otherwise starting the kdump.service will fail.
chcon -t boot_t "$KDUMP_KERNEL"
fi
ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL"
# The '12' represents an intermediate temporary file descriptor
# to store the standard error file descriptor '2', and later
# restore the error file descriptor with the file descriptor '12'
# and release it.
exec 12>&2
exec 2>> $KDUMP_LOG_PATH/kdump.log
chmod 600 $KDUMP_LOG_PATH/kdump.log
PS4='+ $(date "+%Y-%m-%d %H:%M:%S") ${BASH_SOURCE}@${LINENO}: '
set -x
# shellcheck disable=SC2086
$KEXEC $KEXEC_ARGS $standard_kexec_args \
--command-line="$KDUMP_COMMANDLINE" \
--initrd="$TARGET_INITRD" "$KDUMP_KERNEL"
ret=$?
set +x
exec 2>&12 12>&-
if [[ $ret == 0 ]]; then
dinfo "kexec: loaded kdump kernel"
return 0
else
derror "kexec: failed to load kdump kernel"
return 1
fi
}
check_ssh_config()
{
local target
[[ "${OPT[_fstype]}" == ssh ]] || return 0
target=$(ssh -G "${OPT[_target]}" | sed -n -e "s/^hostname[[:space:]]\+\([^[:space:]]*\).*$/\1/p")
[[ ${OPT[_target]} =~ .*@.* ]] || return 1
if [[ ${OPT[_target]#*@} != "$target" ]]; then
derror "Invalid ssh destination ${OPT[_target]} provided."
return 1
fi
return 0
}
# ipv6 host address may takes a long time to be ready.
# Instead of checking against ipv6 address, we just check the network reachable
# by the return val of 'ssh'
check_and_wait_network_ready()
{
local start_time
local warn_once=1
local cur
local diff
local retval
local errmsg
[[ "${OPT[_fstype]}" == ssh ]] || return 0
start_time=$(date +%s)
while true; do
errmsg=$(ssh -i "${OPT[sshkey]}" -o BatchMode=yes "${OPT[_target]}" mkdir -p "${OPT[path]}" 2>&1)
retval=$?
# ssh exits with the exit status of the remote command or with 255 if an error occurred
if [[ $retval -eq 0 ]]; then
return 0
elif [[ $retval -ne 255 ]]; then
derror "Could not create ${OPT[_target]}:${OPT[path]}, you should check the privilege on server side"
return 1
fi
# if server removes the authorized_keys or, no /root/.ssh/kdump_id_rsa
ddebug "$errmsg"
if echo "$errmsg" | grep -q "Permission denied\|No such file or directory\|Host key verification failed"; then
derror "Could not create ${OPT[_target]}:${OPT[path]}, you probably need to run \"kdumpctl propagate\""
return 1
fi
if [[ $warn_once -eq 1 ]]; then
dwarn "Network dump target is not usable, waiting for it to be ready..."
warn_once=0
fi
cur=$(date +%s)
diff=$((cur - start_time))
# time out after 180s
if [[ $diff -gt 180 ]]; then
break
fi
sleep 1
done
dinfo "Could not create ${OPT[_target]}:${OPT[path]}, ipaddr is not ready yet. You should check network connection"
return 1
}
propagate_ssh_key()
{
local SSH_USER SSH_SERVER
parse_config || return 1
if [[ ${OPT[_fstype]} != ssh ]] ; then
derror "No ssh destination defined in $KDUMP_CONFIG_FILE."
derror "Please verify that $KDUMP_CONFIG_FILE contains 'ssh <user>@<host>' and that it is properly formatted."
exit 1
fi
local KEYFILE=${OPT[sshkey]}
#Check to see if we already created key, if not, create it.
if [[ -f $KEYFILE ]]; then
dinfo "Using existing keys..."
else
dinfo "Generating new ssh keys... "
/usr/bin/ssh-keygen -t rsa -f "$KEYFILE" -N "" &> /dev/null
dinfo "done."
fi
SSH_USER=${OPT[_target]%@*}
SSH_SERVER=${OPT[_target]#*@}
if ssh-copy-id -i "$KEYFILE" "${OPT[_target]}"; then
dinfo "$KEYFILE has been added to ~$SSH_USER/.ssh/authorized_keys on $SSH_SERVER"
return 0
else
derror "Failed to propagate ssh key, could not transfer $KEYFILE to $SSH_SERVER"
exit 1
fi
}
show_reserved_mem()
{
local mem
local mem_mb
mem=$(get_reserved_mem_size)
mem_mb=$((mem / 1024 / 1024))
dinfo "Reserved ${mem_mb}MB memory for crash kernel"
}
save_raw()
{
local raw_target
[[ ${OPT[_fstype]} == raw ]] || return 0
raw_target=${OPT[_target]}
[[ -b $raw_target ]] || {
derror "raw partition $raw_target not found"
return 1
}
check_fs=$(lsblk --nodeps -npo FSTYPE "$raw_target")
if [[ $(echo "$check_fs" | wc -w) -ne 0 ]]; then
dwarn "Warning: Detected '$check_fs' signature on $raw_target, data loss is expected."
return 0
fi
coredir="${OPT[path]}/$(date +"%Y-%m-%d-%H:%M")"
mkdir -p "$coredir"
[[ -d $coredir ]] || {
derror "failed to create $coredir"
return 1
}
if makedumpfile -R "$coredir/vmcore" < "$raw_target" > /dev/null 2>&1; then
# dump found
dinfo "Dump saved to $coredir/vmcore"
# wipe makedumpfile header
dd if=/dev/zero of="$raw_target" bs=1b count=1 2> /dev/null
else
rm -rf "$coredir"
fi
return 0
}
is_local_target()
{
[[ ${OPT[_fstype]} =~ ^ext[234]|^xfs|^btrfs|^minix ]]
}
path_to_be_relabeled()
{
local _path _mnt="/" _rmnt
if is_user_configured_dump_target; then
if is_mount_in_dracut_args; then
return
fi
if is_local_target; then
_mnt=$(get_mntpoint_from_target "${OPT[_target]}")
if ! is_mounted "$_mnt"; then
return
fi
else
return
fi
fi
_path=$(get_save_path)
# if $_path is masked by other mount, we will not relabel it.
_rmnt=$(df "$_mnt/$_path" 2> /dev/null | tail -1 | awk '{ print $NF }')
if [[ $_rmnt == "$_mnt" ]]; then
echo "$_mnt/$_path"
fi
}
selinux_relabel()
{
local _path _i _attr
_path=$(path_to_be_relabeled)
if [[ -z $_path ]] || ! [[ -d $_path ]]; then
return
fi
while IFS= read -r -d '' _i; do
_attr=$(getfattr -m "security.selinux" "$_i" 2> /dev/null)
if [[ -z $_attr ]]; then
restorecon "$_i"
fi
done < <(find "$_path" -print0)
}
check_fence_kdump_config()
{
local hostname
local ipaddrs
local nodes
hostname=$(hostname)
ipaddrs=$(hostname -I)
nodes=${OPT[fence_kdump_nodes]}
for node in $nodes; do
if [[ $node == "$hostname" ]]; then
derror "Option fence_kdump_nodes cannot contain $hostname"
return 1
fi
# node can be ipaddr
if echo "$ipaddrs " | grep -q "$node "; then
derror "Option fence_kdump_nodes cannot contain $node"
return 1
fi
done
return 0
}
check_dump_feasibility()
{
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
return 0
fi
check_kdump_feasibility
}
start_fadump()
{
echo 1 > "$FADUMP_REGISTER_SYS_NODE"
if ! is_kernel_loaded "fadump"; then
derror "fadump: failed to register"
return 1
fi
dinfo "fadump: registered successfully"
return 0
}
start_dump()
{
# On secure boot enabled Power systems, load kernel signing key on .ima for signature
# verification using kexec file based syscall.
if [[ "$(uname -m)" == ppc64le ]] && is_secure_boot_enforced; then
load_kdump_kernel_key
fi
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
start_fadump
else
load_kdump
fi
}
check_failure_action_config()
{
case "${OPT[failure_action]}" in
"" | reboot | halt | poweroff | shell | dump_to_rootfs)
return 0
;;
*)
dinfo $"Usage kdump.conf: failure_action {reboot|halt|poweroff|shell|dump_to_rootfs}"
return 1
;;
esac
}
check_final_action_config()
{
case "${OPT[final_action]}" in
"" | reboot | halt | poweroff)
return 0
;;
*)
dinfo $"Usage kdump.conf: final_action {reboot|halt|poweroff}"
return 1
;;
esac
}
start()
{
check_dump_feasibility || return
parse_config || return
if sestatus 2> /dev/null | grep -q "SELinux status.*enabled"; then
selinux_relabel
fi
save_raw || return
if [[ $DEFAULT_DUMP_MODE == "kdump" ]] && is_kernel_loaded "kdump"; then
dwarn "Kdump already running: [WARNING]"
return 0
fi
check_and_wait_network_ready || return
setup_initrd || return
need_initrd_rebuild
case "$?" in
0)
# Nothing to do
;;
1)
rebuild_initrd || return
;;
*)
return
;;
esac
start_dump || return
dinfo "Starting kdump: [OK]"
return 0
}
reload()
{
if ! is_kernel_loaded "$DEFAULT_DUMP_MODE"; then
dwarn "Kdump was not running: [WARNING]"
fi
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
reload_fadump
return
else
if ! stop_kdump; then
derror "Stopping kdump: [FAILED]"
return 1
fi
fi
dinfo "Stopping kdump: [OK]"
if ! setup_initrd; then
derror "Starting kdump: [FAILED]"
return 1
fi
if ! start_dump; then
derror "Starting kdump: [FAILED]"
return 1
fi
dinfo "Starting kdump: [OK]"
}
stop_fadump()
{
echo 0 > "$FADUMP_REGISTER_SYS_NODE"
if is_kernel_loaded "fadump"; then
derror "fadump: failed to unregister"
return 1
fi
dinfo "fadump: unregistered successfully"
return 0
}
stop_kdump()
{
if is_secure_boot_enforced; then
$KEXEC -s -p -u
else
$KEXEC -p -u
fi
# shellcheck disable=SC2181
if [[ $? != 0 ]]; then
derror "kexec: failed to unload kdump kernel"
return 1
fi
dinfo "kexec: unloaded kdump kernel"
return 0
}
reload_fadump()
{
if echo 1 > "$FADUMP_REGISTER_SYS_NODE"; then
dinfo "fadump: re-registered successfully"
return 0
else
# FADump could fail on older kernel where re-register
# support is not enabled. Try stop/start from userspace
# to handle such scenario.
if stop_fadump; then
start_fadump
return
fi
fi
return 1
}
stop()
{
if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
stop_fadump || return
else
stop_kdump || return
fi
dinfo "Stopping kdump: [OK]"
return 0
}
rebuild()
{
parse_config || return 1
check_and_wait_network_ready || return 1
setup_initrd || return 1
rebuild_initrd
}
check_vmlinux()
{
# Use readelf to check if it's a valid ELF
readelf -h "$1" &> /dev/null || return 1
}
get_vmlinux_size()
{
local size=0 _msize
while read -r _msize; do
size=$((size + _msize))
done <<< "$(readelf -l -W "$1" | awk '/^ LOAD/{print $6}' 2> /dev/stderr)"
echo $size
}
try_decompress()
{
# The obscure use of the "tr" filter is to work around older versions of
# "grep" that report the byte offset of the line instead of the pattern.
# Try to find the header ($1) and decompress from here
for pos in $(tr "$1\n$2" "\n$2=" < "$4" | grep -abo "^$2"); do
if ! type -P "$3" > /dev/null; then
ddebug "Signiature detected but '$3' is missing, skip this decompressor"
break
fi
pos=${pos%%:*}
tail "-c+$pos" "$img" | $3 > "$5" 2> /dev/null
if check_vmlinux "$5"; then
ddebug "Kernel is extracted with '$3'"
return 0
fi
done
return 1
}
# Borrowed from linux/scripts/extract-vmlinux
get_kernel_size()
{
# Prepare temp files:
local tmp img=$1
tmp="$KDUMP_TMPDIR/vmlinux"
# Try to check if it's a vmlinux already
check_vmlinux "$img" && get_vmlinux_size "$img" && return 0
# That didn't work, so retry after decompression.
try_decompress '\037\213\010' xy gunzip "$img" "$tmp" ||
try_decompress '\3757zXZ\000' abcde unxz "$img" "$tmp" ||
try_decompress 'BZh' xy bunzip2 "$img" "$tmp" ||
try_decompress '\135\0\0\0' xxx unlzma "$img" "$tmp" ||
try_decompress '\211\114\132' xy 'lzop -d' "$img" "$tmp" ||
try_decompress '\002!L\030' xxx 'lz4 -d' "$img" "$tmp" ||
try_decompress '(\265/\375' xxx unzstd "$img" "$tmp"
# Finally check for uncompressed images or objects:
[[ $? -eq 0 ]] && get_vmlinux_size "$tmp" && return 0
# Fallback to use iomem
local _size=0 _seg
while read -r _seg; do
_size=$((_size + 0x${_seg#*-} - 0x${_seg%-*}))
done <<< "$(grep -E "Kernel (code|rodata|data|bss)" /proc/iomem | cut -d ":" -f 1)"
echo $_size
}
do_estimate()
{
local kdump_mods
local -A large_mods
local baseline
local kernel_size mod_size initrd_size baseline_size runtime_size reserved_size estimated_size recommended_size _cryptsetup_overhead
local size_mb=$((1024 * 1024))
setup_initrd
is_system_modified
case "$?" in
0)
# Nothing to do
;;
1)
rebuild_initrd || return
;;
*)
return
;;
esac
kdump_mods="$(lsinitrd "$TARGET_INITRD" -f /usr/lib/dracut/hostonly-kernel-modules.txt | tr '\n' ' ')"
baseline=$(kdump_get_arch_recommend_size)
if [[ ${baseline: -1} == "M" ]]; then
baseline=${baseline%M}
elif [[ ${baseline: -1} == "G" ]]; then
baseline=$((${baseline%G} * 1024))
elif [[ ${baseline: -1} == "T" ]]; then
baseline=$((${baseline%Y} * 1048576))
fi
# The default pre-reserved crashkernel value
baseline_size=$((baseline * size_mb))
# Current reserved crashkernel size
reserved_size=$(get_reserved_mem_size)
# A pre-estimated value for userspace usage and kernel
# runtime allocation, 64M should good for most cases
runtime_size=$((64 * size_mb))
# Kernel image size
kernel_size=$(get_kernel_size "$KDUMP_KERNEL")
# Kdump initramfs size
initrd_size=$(du -b "$TARGET_INITRD" | awk '{print $1}')
# Kernel modules static size after loaded
mod_size=0
while read -r _name _size _; do
if [[ " $kdump_mods " != *" $_name "* ]]; then
continue
fi
mod_size=$((mod_size + _size))
# Mark module with static size larger than 2M as large module
if [[ $((_size / size_mb)) -ge 1 ]]; then
large_mods[$_name]=$_size
fi
done <<< "$(< /proc/modules)"
# Extra memory usage required for LUKS2 decryption
crypt_size=0
for _dev in $(get_all_kdump_crypt_dev); do
_crypt_info=$(cryptsetup luksDump "/dev/block/$_dev")
[[ $(echo "$_crypt_info" | sed -n "s/^Version:\s*\(.*\)/\1/p") == "2" ]] || continue
for _mem in $(echo "$_crypt_info" | sed -n "s/\sMemory:\s*\(.*\)/\1/p" | sort -n -r); do
crypt_size=$((crypt_size + _mem * 1024))
break
done
done
if [[ $crypt_size -ne 0 ]]; then
if [[ $(uname -m) == aarch64 ]]; then
_cryptsetup_overhead=50
else
_cryptsetup_overhead=20
fi
crypt_size=$((crypt_size + _cryptsetup_overhead * size_mb))
echo -e "Encrypted kdump target requires extra memory, assuming using the keyslot with maximum memory requirement\n"
fi
estimated_size=$((kernel_size + mod_size + initrd_size + runtime_size + crypt_size))
if [[ $baseline_size -gt $estimated_size ]]; then
recommended_size=$baseline_size
else
recommended_size=$estimated_size
fi
echo "Reserved crashkernel: $((reserved_size / size_mb))M"
echo "Recommended crashkernel: $((recommended_size / size_mb))M"
echo
echo "Kernel image size: $((kernel_size / size_mb))M"
echo "Kernel modules size: $((mod_size / size_mb))M"
echo "Initramfs size: $((initrd_size / size_mb))M"
echo "Runtime reservation: $((runtime_size / size_mb))M"
[[ $crypt_size -ne 0 ]] &&
echo "LUKS required size: $((crypt_size / size_mb))M"
echo -n "Large modules:"
if [[ ${#large_mods[@]} -eq 0 ]]; then
echo " <none>"
else
echo ""
for _mod in "${!large_mods[@]}"; do
echo " $_mod: ${large_mods[$_mod]}"
done
fi
if [[ $reserved_size -lt $recommended_size ]]; then
echo "WARNING: Current crashkernel size is lower than recommended size $((recommended_size / size_mb))M."
fi
}
get_default_crashkernel()
{
local _dump_mode=$1
kdump_get_arch_recommend_crashkernel "$_dump_mode"
}
# Read kernel cmdline parameter for a specific kernel
# $1: kernel path, DEFAULT or kernel path, ALL not accepted
# $2: kernel cmldine parameter
get_grub_kernel_boot_parameter()
{
local _kernel_path=$1 _para=$2
[[ $_kernel_path == ALL ]] && derror "kernel_path=ALL invalid for get_grub_kernel_boot_parameter" && return 1
grubby --info="$_kernel_path" | sed -En -e "/^args=.*$/{s/^.*(\s|\")${_para}=(\S*).*\"$/\2/p;q}"
}
# get dump mode by fadump value
# return
# - fadump, if fadump=on or fadump=nocma
# - kdump, if fadump=off or empty fadump, return kdump
# - error if otherwise
get_dump_mode_by_fadump_val()
{
local _fadump_val=$1
if [[ -z $_fadump_val ]] || [[ $_fadump_val == off ]]; then
echo -n kdump
elif [[ $_fadump_val == on ]] || [[ $_fadump_val == nocma ]]; then
echo -n fadump
else
derror "invalid fadump=$_fadump_val"
return 1
fi
}
# get dump mode of a specific kernel
# based on its fadump kernel cmdline parameter
get_dump_mode_by_kernel()
{
local _kernel_path=$1 _fadump_val _dump_mode
_fadump_val=$(get_grub_kernel_boot_parameter "$_kernel_path" fadump)
if _dump_mode=$(get_dump_mode_by_fadump_val "$_fadump_val"); then
echo -n "$_dump_mode"
else
derror "failed to get dump mode for kernel $_kernel_path"
exit
fi
}
_filter_grubby_kernel_str()
{
local _grubby_kernel_str=$1
echo -n "$_grubby_kernel_str" | sed -n -e 's/^kernel="\(.*\)"/\1/p'
}
_find_kernel_path_by_release()
{
local _release="$1" _grubby_kernel_str _kernel_path
# Insert '/' before '+' to cope with grep's EREs
_release=${_release//+/\\+}
_grubby_kernel_str=$(grubby --info ALL | grep -E "^kernel=.*$_release(\/\w+)?\"$")
_kernel_path=$(_filter_grubby_kernel_str "$_grubby_kernel_str")
if [[ -z $_kernel_path ]]; then
ddebug "kernel $_release doesn't exist"
return 1
fi
echo -n "$_kernel_path"
}
_update_kernel_cmdline()
{
local _kernel _param _old _new
_kernel="$1"
_param="$2"
_old="$3"
_new="$4"
# _new = "" removes a _param, so _new = _old = "" is fine
[[ -n "$_new" ]] && [[ "$_old" == "$_new" ]] && return 1
if is_ostree; then
if [[ -z "$_new" ]]; then
rpm-ostree kargs --delete="$_param=$_old"
elif [[ -n "$_old" ]]; then
rpm-ostree kargs --replace="$_param=$_new"
else
rpm-ostree kargs --append="$_param=$_new"
fi
elif has_command grubby; then
if [[ -n "$_new" ]]; then
grubby --update-kernel "$_kernel" --args "$_param=$_new"
else
grubby --update-kernel "$_kernel" --remove-args "$_param"
fi
else
derror "Unable to update kernel command line"
exit 1
fi
# Don't use "[[ CONDITION ]] && COMMAND" which returns 1 under false CONDITION
if [[ -f /etc/zipl.conf ]]; then
zipl > /dev/null
fi
}
_valid_grubby_kernel_path()
{
[[ -n "$1" ]] && grubby --info="$1" > /dev/null 2>&1
}
# return all the kernel paths given a grubby kernel-path
#
# $1: kernel path accepted by grubby, e.g. DEFAULT, ALL,
# /boot/vmlinuz-`uname -r`
# return: kernel paths separated by space
_get_all_kernels_from_grubby()
{
local _kernels _line _kernel_path _grubby_kernel_path=$1
for _line in $(grubby --info "$_grubby_kernel_path" | grep "^kernel="); do
_kernel_path=$(_filter_grubby_kernel_str "$_line")
_kernels="$_kernels $_kernel_path"
done
echo -n "$_kernels"
}
reset_crashkernel()
{
local _opt _val _reboot _grubby_kernel_path _kernel _kernels
local _dump_mode _new_dump_mode
local _has_changed _needs_reboot
local _old_ck _new_ck
local _old_fadump _new_fadump
for _opt in "$@"; do
case "$_opt" in
--fadump=*)
if [[ $(uname -m) != ppc64le ]]; then
derror "Option --fadump only valid on PPC"
exit 1
fi
_new_fadump=${_opt#*=}
if ! _dump_mode=$(get_dump_mode_by_fadump_val $_new_fadump); then
derror "failed to determine dump mode"
exit
fi
[[ "$_new_fadump" == off ]] && _new_fadump=""
;;
--kernel=*)
_val=${_opt#*=}
if ! _valid_grubby_kernel_path $_val; then
derror "Invalid $_opt, please specify a valid kernel path, ALL or DEFAULT"
exit
fi
_grubby_kernel_path=$_val
;;
--reboot)
_reboot=yes
;;
*)
derror "$_opt not recognized"
exit 1
;;
esac
done
# 1. OSTree systems use "rpm-ostree kargs" instead of grubby to manage kernel command
# line. --kernel=ALL doesn't make sense for OStree.
# 2. We don't have any OSTree POWER systems so the dump mode is always kdump.
# 3. "rpm-ostree kargs" would prompt the user to reboot the system after
# modifying the kernel command line so there is no need for kexec-tools
# to repeat it.
if is_ostree; then
_old_ck=$(rpm-ostree kargs | sed -n -E 's/.*(^|\s)crashkernel=(\S*).*/\2/p')
_new_ck=$(kdump_get_arch_recommend_crashkernel kdump)
if _update_kernel_cmdline "" crashkernel "$_old_ck" "$_new_ck"; then
[[ $_reboot == yes ]] && systemctl reboot
fi
return
fi
[[ $(uname -m) != ppc64le ]] && _dump_mode=kdump
# If kernel-path not specified, either
# - use KDUMP_KERNELVER if it's defined
# - use current running kernel
if [[ -z $_grubby_kernel_path ]]; then
[[ -n $KDUMP_KERNELVER ]] || KDUMP_KERNELVER=$(uname -r)
if ! _kernels=$(_find_kernel_path_by_release "$KDUMP_KERNELVER"); then
derror "no kernel for version $KDUMP_KERNELVER found"
exit 1
fi
else
_kernels=$(_get_all_kernels_from_grubby "$_grubby_kernel_path")
fi
for _kernel in $_kernels; do
_has_changed=""
if [[ -z $_dump_mode ]]; then
_new_dump_mode=$(get_dump_mode_by_kernel "$_kernel")
_new_fadump=$(get_grub_kernel_boot_parameter "$_kernel" fadump)
else
_new_dump_mode=$_dump_mode
fi
_old_ck=$(get_grub_kernel_boot_parameter "$_kernel" crashkernel)
_new_ck=$(kdump_get_arch_recommend_crashkernel "$_new_dump_mode")
_old_fadump=$(get_grub_kernel_boot_parameter "$_kernel" fadump)
if _update_kernel_cmdline "$_kernel" fadump "$_old_fadump" "$_new_fadump"; then
_has_changed="Updated fadump=$_new_fadump"
fi
if _update_kernel_cmdline "$_kernel" crashkernel "$_old_ck" "$_new_ck"; then
_has_changed="Updated crashkernel=$_new_ck"
fi
if [[ -n "$_has_changed" ]]; then
_needs_reboot=1
dwarn "$_has_changed for kernel=$_kernel. Please reboot the system for the change to take effect."
fi
done
if [[ $_reboot == yes && $_needs_reboot == 1 ]]; then
systemctl reboot
fi
}
GRUB_CFG=/boot/grub2/grub.cfg
_is_bootloader_installed()
{
if [[ $(uname -m) == s390x ]]; then
test -f /etc/zipl.conf
else
test -f "$GRUB_CFG"
fi
}
_update_crashkernel()
{
local _kernel _kver _dump_mode _msg
local _old_ck _new_ck
_kernel=$1
_dump_mode=$(get_dump_mode_by_kernel "$_kernel")
_old_ck=$(get_grub_kernel_boot_parameter "$_kernel" crashkernel)
_kver=$(parse_kver_from_path "$_kernel")
# The second argument is for the case of aarch64, where installing a 64k variant on a 4k kernel, or vice versa
_new_ck=$(kdump_get_arch_recommend_crashkernel "$_dump_mode" "$_kver")
if _update_kernel_cmdline "$_kernel" crashkernel "$_old_ck" "$_new_ck"; then
_msg="For kernel=$_kernel, crashkernel=$_new_ck now. Please reboot the system for the change to take effect."
_msg+=" Note if you don't want kexec-tools to manage the crashkernel kernel parameter, please set auto_reset_crashkernel=no in /etc/kdump.conf."
dinfo "$_msg"
fi
}
# shellcheck disable=SC2154 # false positive when dereferencing an array
reset_crashkernel_after_update()
{
local _kernel
if ! _is_bootloader_installed; then
return
fi
for _kernel in $(_get_all_kernels_from_grubby ALL); do
_update_crashkernel "$_kernel"
done
}
# read the value of an environ variable from given environ file path
#
# The environment variable entries in /proc/[pid]/environ are separated
# by null bytes instead of by spaces.
#
# $1: environment variable
# $2: environ file path
read_proc_environ_var()
{
local _var=$1 _environ_path=$2
sed -n -E "s/.*(^|\x00)${_var}=([^\x00]*).*/\2/p" < "$_environ_path"
}
_OSBUILD_ENVIRON_PATH='/proc/1/environ'
_is_osbuild()
{
[[ $(read_proc_environ_var container "$_OSBUILD_ENVIRON_PATH") == bwrap-osbuild ]]
}
reset_crashkernel_for_installed_kernel()
{
local _installed_kernel
# During package install, only try to reset crashkernel for osbuild
# thus to avoid calling grubby when installing os via anaconda
if ! _is_bootloader_installed && ! _is_osbuild; then
return
fi
if ! _installed_kernel=$(_find_kernel_path_by_release "$1"); then
exit 1
fi
if _is_osbuild; then
if ! grep -qs crashkernel= /etc/kernel/cmdline; then
reset_crashkernel "--kernel=$_installed_kernel"
fi
return
fi
_update_crashkernel "$_installed_kernel"
}
main()
{
# Determine if the dump mode is kdump or fadump
determine_dump_mode
case "$1" in
start)
if ! start; then
derror "Starting kdump: [FAILED]"
exit 1
fi
;;
stop)
if ! stop; then
derror "Stopping kdump: [FAILED]"
exit 1
fi
;;
status)
EXIT_CODE=0
is_kernel_loaded "$DEFAULT_DUMP_MODE"
case "$?" in
0)
dinfo "Kdump is operational"
EXIT_CODE=0
;;
1)
dinfo "Kdump is not operational"
EXIT_CODE=3
;;
esac
exit $EXIT_CODE
;;
reload)
reload
;;
restart)
if ! stop; then
derror "Stopping kdump: [FAILED]"
exit 1
fi
if ! start; then
derror "Starting kdump: [FAILED]"
exit 1
fi
;;
rebuild)
rebuild
;;
propagate)
propagate_ssh_key
;;
showmem)
show_reserved_mem
;;
estimate)
do_estimate
;;
get-default-crashkernel)
get_default_crashkernel "$2"
;;
reset-crashkernel)
shift
reset_crashkernel "$@"
;;
_reset-crashkernel-after-update)
if [[ $(kdump_get_conf_val auto_reset_crashkernel) != no ]]; then
reset_crashkernel_after_update
fi
;;
_reset-crashkernel-for-installed_kernel)
if [[ $(kdump_get_conf_val auto_reset_crashkernel) != no ]]; then
reset_crashkernel_for_installed_kernel "$2"
fi
;;
*)
dinfo $"Usage: $0 {estimate|start|stop|status|restart|reload|rebuild|reset-crashkernel|propagate|showmem}"
exit 1
;;
esac
}
if [[ ${__SOURCED__:+x} ]]; then
return
fi
if [[ ! -f $KDUMP_CONFIG_FILE ]]; then
derror "Error: No kdump config file found!"
exit 1
fi
# Other kdumpctl instances will block in queue, until this one exits
single_instance_lock
# To avoid fd 9 leaking, we invoke a subshell, close fd 9 and call main.
# So that fd isn't leaking when main is invoking a subshell.
(
exec 9<&-
main "$@"
)
Reference in New Issue View Git Blame Copy Permalink