diff --git a/.gitignore b/.gitignore index 1d4f2ef..13a7635 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/eppic-d84c354.tar.gz +SOURCES/eppic-e8844d3.tar.gz SOURCES/kexec-tools-2.0.23.tar.xz SOURCES/makedumpfile-1.7.0.tar.gz diff --git a/.kexec-tools.metadata b/.kexec-tools.metadata index a33dae1..d05e81c 100644 --- a/.kexec-tools.metadata +++ b/.kexec-tools.metadata @@ -1,3 +1,3 @@ -b902add474c63fe34c4cdf2eba882d7f8675e04e SOURCES/eppic-d84c354.tar.gz +80ac3f5e77d3c79883edadf14428734db4720009 SOURCES/eppic-e8844d3.tar.gz c9213672bbc9d08d25f6b1ea0cd9056d2e1c5e73 SOURCES/kexec-tools-2.0.23.tar.xz a931a40b80df204be1b02bfb502921cc618810fd SOURCES/makedumpfile-1.7.0.tar.gz diff --git a/SOURCES/92-crashkernel.install b/SOURCES/92-crashkernel.install index 90678c8..78365ff 100755 --- a/SOURCES/92-crashkernel.install +++ b/SOURCES/92-crashkernel.install @@ -61,7 +61,7 @@ set_kernel_ck() { [[ -f /etc/zipl.conf ]] && zipl_arg="--zipl" grubby --args "$ck_cmdline" --update-kernel "$entry" $zipl_arg - [[ $zipl_arg ]] && zipl > /dev/null + [[ $zipl_arg ]] && zipl > /dev/null ||: } case "$COMMAND" in diff --git a/SOURCES/crashkernel-howto.txt b/SOURCES/crashkernel-howto.txt index 4abd090..20f50e0 100644 --- a/SOURCES/crashkernel-howto.txt +++ b/SOURCES/crashkernel-howto.txt @@ -13,7 +13,7 @@ kdump after you updated the `crashkernel=` value or changed the dump target. Default crashkernel value ========================= -Latest kernel packages includes a `crashkernel.default` file installed in kernel +Latest kernel packages include a `crashkernel.default` file installed in kernel modules folder, available as: /usr/lib/modules//crashkernel.default @@ -25,12 +25,12 @@ take this file as a reference for setting crashkernel value manually. New installed system ==================== -Anaconda is the OS installer which sets all the kernel boot cmdline on a new -installed system. If kdump is set enabled during Anaconda installation, Anaconda +Anaconda is the OS installer which sets all the kernel boot cmdline on a newly +installed system. If kdump is enabled during Anaconda installation, Anaconda will use the `crashkernel.default` file as the default `crashkernel=` value on -the new installed system. +the newly installed system. -Users can also override the value during Anaconda installation manually. +Users can override the value during Anaconda installation manually. Auto update of crashkernel boot parameter diff --git a/SOURCES/fadump-howto.txt b/SOURCES/fadump-howto.txt index 111586c..bc87644 100644 --- a/SOURCES/fadump-howto.txt +++ b/SOURCES/fadump-howto.txt @@ -224,12 +224,16 @@ Things to remember: dracut_args --add "network" 4) If FADump is configured to capture vmcore to a remote dump target using SSH - or NFS protocol, the network interface is renamed to kdump- - if is generic, for example, *eth#, or net#. This problem - occurs because the vmcore capture scripts in the initial RAM disk (initrd) - add the kdump- prefix to the network interface name to secure persistent - naming. As the same initrd is used for production kernel boot, the interface - name is changed for the production kernel too. + or NFS protocol, the corresponding network interface '' is + renamed to 'kdump-', if it is generic (like *eth# or net#). + It happens because vmcore capture scripts in the initial RAM disk (initrd) + add the 'kdump-' prefix to the network interface name to secure persistent + naming. And as capture kernel and production kernel use the same initrd in + case of FADump, the interface name is changed for the production kernel too. + This is likely to impact network configuration setup for production kernel. + So, it is recommended to use a non-generic name for a network interface, + before setting up FADump to capture vmcore to a remote dump target based on + that network interface, to avoid running into network configuration issues. Dump Triggering methods: diff --git a/SOURCES/kdump-lib.sh b/SOURCES/kdump-lib.sh index 09e2058..d7d28ee 100755 --- a/SOURCES/kdump-lib.sh +++ b/SOURCES/kdump-lib.sh @@ -560,11 +560,16 @@ is_secure_boot_enforced() local secure_boot_file setup_mode_file local secure_boot_byte setup_mode_byte - # On powerpc, os-secureboot-enforcing DT property indicates whether secureboot - # is enforced. Return success, if it is found. + # On powerpc, secure boot is enforced if: + # host secure boot: /ibm,secure-boot/os-secureboot-enforcing DT property exists + # guest secure boot: /ibm,secure-boot >= 2 if [[ -f /proc/device-tree/ibm,secureboot/os-secureboot-enforcing ]]; then return 0 fi + if [[ -f /proc/device-tree/ibm,secure-boot ]] && + [[ $(lsprop /proc/device-tree/ibm,secure-boot | tail -1) -ge 2 ]]; then + return 0 + fi # Detect secure boot on x86 and arm64 secure_boot_file=$(find /sys/firmware/efi/efivars -name "SecureBoot-*" 2> /dev/null) diff --git a/SOURCES/kdump-migrate-action.sh b/SOURCES/kdump-migrate-action.sh new file mode 100755 index 0000000..c516639 --- /dev/null +++ b/SOURCES/kdump-migrate-action.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +systemctl is-active kdump +if [ $? -ne 0 ]; then + exit 0 +fi + +/usr/lib/kdump/kdump-restart.sh diff --git a/SOURCES/kdump-restart.sh b/SOURCES/kdump-restart.sh new file mode 100644 index 0000000..a9ecfc1 --- /dev/null +++ b/SOURCES/kdump-restart.sh @@ -0,0 +1,8 @@ +#!/bin/bash +export PATH="$PATH:/usr/bin:/usr/sbin" + +exec >>/var/log/kdump-migration.log 2>&1 + +echo "kdump: Partition Migration detected. Rebuilding initramfs image to reload." +/usr/bin/kdumpctl rebuild +/usr/bin/kdumpctl reload diff --git a/SOURCES/kdump.conf.5 b/SOURCES/kdump.conf.5 index 2c5a2bc..6e6cafa 100644 --- a/SOURCES/kdump.conf.5 +++ b/SOURCES/kdump.conf.5 @@ -118,8 +118,11 @@ All files under /etc/kdump/post.d are collectively sorted and executed in lexical order, before binary or script specified kdump_post parameter is executed. .PP -Note that scripts written for use with this directive must use -the /bin/bash interpreter. +Note that scripts written for use with this directive must use the /bin/bash +interpreter. And since these scripts run in kdump enviroment, the reference to +the storage or network device in the scripts should adhere to the section +'Supported dump target types and requirements' in kexec-kdump-howto.txt. + .RE .B kdump_pre @@ -139,8 +142,11 @@ kdump_pre parameter is executed. Even if the binary or script in /etc/kdump/pre.d directory returns non 0 exit status, the processing is continued. .PP -Note that scripts written for this directive must use -the /bin/bash interpreter. +Note that scripts written for use with this directive must use the /bin/bash +interpreter. And since these scripts run in kdump enviroment, the reference to +the storage or network device in the scripts should adhere to the section +'Supported dump target types and requirements' in kexec-kdump-howto.txt. + .RE .B extra_bins diff --git a/SOURCES/kdump.sysconfig.aarch64 b/SOURCES/kdump.sysconfig.aarch64 index fedd3bc..67a2af7 100644 --- a/SOURCES/kdump.sysconfig.aarch64 +++ b/SOURCES/kdump.sysconfig.aarch64 @@ -28,7 +28,7 @@ KDUMP_COMMANDLINE_APPEND="irqpoll nr_cpus=1 reset_devices cgroup_disable=memory # # Example: # KEXEC_ARGS="--elf32-core-headers" -KEXEC_ARGS="" +KEXEC_ARGS="-s" #Where to find the boot image #KDUMP_BOOTDIR="/boot" diff --git a/SOURCES/kdump.sysconfig.ppc64le b/SOURCES/kdump.sysconfig.ppc64le index ebb22f6..270a2cf 100644 --- a/SOURCES/kdump.sysconfig.ppc64le +++ b/SOURCES/kdump.sysconfig.ppc64le @@ -28,7 +28,7 @@ KDUMP_COMMANDLINE_APPEND="irqpoll maxcpus=1 noirqdistrib reset_devices cgroup_di # # Example: # KEXEC_ARGS="--elf32-core-headers" -KEXEC_ARGS="--dt-no-old-root" +KEXEC_ARGS="--dt-no-old-root -s" #Where to find the boot image #KDUMP_BOOTDIR="/boot" diff --git a/SOURCES/kdumpctl b/SOURCES/kdumpctl index 7a529e6..89cf3d3 100755 --- a/SOURCES/kdumpctl +++ b/SOURCES/kdumpctl @@ -611,6 +611,34 @@ check_rebuild() return $? } +# On ppc64le LPARs, the keys trusted by firmware do not end up in +# .builtin_trusted_keys. So instead, add the key to the .ima keyring +function load_kdump_kernel_key() +{ + # this is only called inside is_secure_boot_enforced, + # no need to retest + + # this is only required if DT /ibm,secure-boot is a file. + # if it is a dir, we are on OpenPower and don't need this. + if ! [[ -f /proc/device-tree/ibm,secure-boot ]]; then + return + fi + + KDUMP_KEY_ID=$(keyctl padd asymmetric kernelkey-$RANDOM %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer") +} + +# remove a previously loaded key. There's no real security implication +# to leaving it around, we choose to do this because it makes it easier +# to be idempotent and so as to reduce the potential for confusion. +function remove_kdump_kernel_key() +{ + if [[ -z $KDUMP_KEY_ID ]]; then + return + fi + + keyctl unlink "$KDUMP_KEY_ID" %:.ima +} + # Load the kdump kernel specified in /etc/sysconfig/kdump # If none is specified, try to load a kdump kernel with the same version # as the currently running kernel. @@ -627,6 +655,7 @@ load_kdump() if is_secure_boot_enforced; then dinfo "Secure Boot is enabled. Using kexec file based syscall." KEXEC_ARGS="$KEXEC_ARGS -s" + load_kdump_kernel_key fi ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL" @@ -649,6 +678,8 @@ load_kdump() set +x exec 2>&12 12>&- + remove_kdump_kernel_key + if [[ $ret == 0 ]]; then dinfo "kexec: loaded kdump kernel" return 0 diff --git a/SOURCES/kexec-kdump-howto.txt b/SOURCES/kexec-kdump-howto.txt index 88af607..1aeffc7 100644 --- a/SOURCES/kexec-kdump-howto.txt +++ b/SOURCES/kexec-kdump-howto.txt @@ -621,6 +621,9 @@ If /etc/kdump/post.d directory exist, All files in the directory are collectively sorted and executed in lexical order, before binary or script specified kdump_post parameter is executed. +In these scripts, the reference to the storage or network device should adhere +to the section 'Supported dump target types and requirements' + Kdump Pre-Capture Executable ---------------------------- @@ -634,6 +637,9 @@ kdump_pre parameter is executed. Even if the binary or script in /etc/kdump/pre.d directory returns non 0 exit status, the processing is continued. +In these scripts, the reference to the storage or network device should adhere +to the section 'Supported dump target types and requirements' + Extra Binaries -------------- diff --git a/SOURCES/kexec-tools-2.0.20-eppic-Remove-duplicated-variable-declaration.patch b/SOURCES/kexec-tools-2.0.20-eppic-Remove-duplicated-variable-declaration.patch deleted file mode 100644 index 8d77b9b..0000000 --- a/SOURCES/kexec-tools-2.0.20-eppic-Remove-duplicated-variable-declaration.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2837fb1f5f8362976c188b30ebe50dc8b0377f64 Mon Sep 17 00:00:00 2001 -From: Kairui Song -Date: Wed, 29 Jan 2020 11:33:18 +0800 -Subject: [PATCH] Remove duplicated variable declaration - -When building on Fedora 32, following error is observed: - -... -/usr/bin/ld: ../eppic/libeppic/libeppic.a(eppic_stat.o):/builddir/build/BUILD/kexec-tools-2.0.20/eppic/libeppic/eppic.h:474: multiple definition of `lastv'; -../eppic/libeppic/libeppic.a(eppic_func.o):/builddir/build/BUILD/kexec-tools-2.0.20/eppic/libeppic/eppic.h:474: first defined here -... - -And apparently, the variable is wrongly declared multiple times. So -remove duplicated declaration. - -Signed-off-by: Kairui Song ---- - libeppic/eppic.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libeppic/eppic.h b/libeppic/eppic.h -index 5664583..836b475 100644 ---- a/eppic-d84c3541035d95077aa8571f5d5c3e07c6ef510b/libeppic/eppic.h -+++ b/eppic-d84c3541035d95077aa8571f5d5c3e07c6ef510b/libeppic/eppic.h -@@ -471,7 +471,7 @@ type_t *eppic_addstorage(type_t *t1, type_t *t2); - type_t *eppic_getvoidstruct(int ctype); - - extern int lineno, needvar, instruct, nomacs, eppic_legacy; --node_t *lastv; -+extern node_t *lastv; - - #define NULLNODE ((node_t*)0) - --- -2.24.1 - diff --git a/SOURCES/supported-kdump-targets.txt b/SOURCES/supported-kdump-targets.txt index f540f59..640fabc 100644 --- a/SOURCES/supported-kdump-targets.txt +++ b/SOURCES/supported-kdump-targets.txt @@ -39,7 +39,7 @@ storage: FC disks (qla2xxx, lpfc, bnx2fc, bfa) software initiator based iSCSI software RAID (mdraid) - hardware RAID (cciss, hpsa, megaraid_sas, mpt2sas, aacraid) + hardware RAID (smartpqi, hpsa, megaraid, mpt3sas, aacraid, mpi3mr) SCSI/SATA disks iSCSI HBA (all offload) hardware FCoE (qla2xxx, lpfc) @@ -47,16 +47,15 @@ storage: please read "Note on FCoE" section below) network: - Hardware using kernel modules: (tg3, igb, ixgbe, sfc, e1000e, bna, - cnic, netxen_nic, qlge, bnx2x, bnx, qlcnic, be2net, enic, - virtio-net, ixgbevf, igbvf) + Hardware using kernel modules: (igb, ixgbe, ice, i40e, e1000e, igc, + tg3, bnx2x, bnxt_en, qede, cxgb4, be2net, enic, sfc, mlx4_en, + mlx5_core, r8169, atlantic, nfp, ionic; nicvf (aarch64 only)) protocol: ipv4 bonding vlan bridge - team vlan tagged bonding - bridge over bond/team/vlan + bridge over bond/vlan hypervisor: kvm @@ -72,8 +71,10 @@ firmware: UEFI hypervisor: - VMWare ESXi 4.1 and 5.1 - Hyper-V 2012 R2 (RHEL Gen1 UP Guest only) + VMWare ESXi 4.x 5.x would not be tested/supported any more. + only support ESXi 6.6, 6.7, 7.0 + Hyper-V 2012 R2 (RHEL Gen1 UP Guest only), later version will + also be tested/supported Unsupported Dump targets ------------------------ @@ -114,15 +115,5 @@ issue, because some software FCoE requires more memory to work. In such case, you may need to increase the kdump reserved memory size in "crashkernel=" kernel parameter. -By default, RHEL systems have "crashkernel=auto" in kernel boot arguments. -The auto reserved memory size is designed to balance the coverage of use cases -and an acceptable memory overhead, so not every use case could fit in, software -FCoE is one of the case. - For hardware FCoE, kdump should work naturally as firmware will do the initialization job. The capture kernel and kdump tools will run just fine. - -Useful Links -============ -[1] RHEL6: Enabling kdump for full-virt (HVM) Xen DomU - (https://access.redhat.com/knowledge/solutions/92943) diff --git a/SPECS/kexec-tools.spec b/SPECS/kexec-tools.spec index 1b9a781..0cf39fc 100644 --- a/SPECS/kexec-tools.spec +++ b/SPECS/kexec-tools.spec @@ -1,11 +1,11 @@ -%global eppic_ver d84c3541035d95077aa8571f5d5c3e07c6ef510b +%global eppic_ver e8844d3793471163ae4a56d8f95897be9e5bd554 %global eppic_shortver %(c=%{eppic_ver}; echo ${c:0:7}) %global mkdf_ver 1.7.0 %global mkdf_shortver %(c=%{mkdf_ver}; echo ${c:0:7}) Name: kexec-tools Version: 2.0.23 -Release: 1%{?dist} +Release: 3%{?dist} License: GPLv2 Summary: The kexec/kdump userspace component @@ -42,7 +42,9 @@ Source31: kdump-logger.sh Source32: mkfadumprd Source33: 92-crashkernel.install Source34: crashkernel-howto.txt -Source35: supported-kdump-targets.txt +Source35: kdump-migrate-action.sh +Source36: kdump-restart.sh +Source37: supported-kdump-targets.txt ####################################### # These are sources for mkdumpramfs @@ -60,9 +62,10 @@ Source109: dracut-early-kdump-module-setup.sh Source200: dracut-fadump-init-fadump.sh Source201: dracut-fadump-module-setup.sh -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units +%ifarch ppc64 ppc64le +Requires(post): servicelog +Recommends: keyutils +%endif Requires(pre): coreutils sed zlib Requires: dracut >= 050 Requires: dracut-network >= 050 @@ -72,7 +75,7 @@ Recommends: grubby BuildRequires: make BuildRequires: zlib-devel elfutils-devel glib2-devel bzip2-devel ncurses-devel bison flex lzo-devel snappy-devel libzstd-devel BuildRequires: pkgconfig intltool gettext -BuildRequires: systemd-units +BuildRequires: systemd-rpm-macros BuildRequires: automake autoconf libtool %ifarch %{ix86} x86_64 ppc64 ppc s390x ppc64le Obsoletes: diskdumputils netdump kexec-tools-eppic @@ -106,7 +109,6 @@ Requires: systemd-udev%{?_isa} # # Patches 601 onward are generic patches # -Patch601: ./kexec-tools-2.0.20-eppic-Remove-duplicated-variable-declaration.patch %description kexec-tools provides /sbin/kexec binary that facilitates a new @@ -122,8 +124,6 @@ mkdir -p -m755 kcp tar -z -x -v -f %{SOURCE9} tar -z -x -v -f %{SOURCE19} -%patch601 -p1 - %ifarch ppc %define archdef ARCH=ppc %endif @@ -148,7 +148,7 @@ cp %{SOURCE21} . cp %{SOURCE26} . cp %{SOURCE27} . cp %{SOURCE34} . -cp %{SOURCE35} . +cp %{SOURCE37} . make %ifarch %{ix86} x86_64 ppc64 s390x ppc64le aarch64 @@ -195,6 +195,10 @@ install -m 644 %{SOURCE25} $RPM_BUILD_ROOT%{_mandir}/man8/kdumpctl.8 install -m 755 %{SOURCE20} $RPM_BUILD_ROOT%{_prefix}/lib/kdump/kdump-lib.sh install -m 755 %{SOURCE23} $RPM_BUILD_ROOT%{_prefix}/lib/kdump/kdump-lib-initramfs.sh install -m 755 %{SOURCE31} $RPM_BUILD_ROOT%{_prefix}/lib/kdump/kdump-logger.sh +%ifarch ppc64 ppc64le +install -m 755 %{SOURCE35} $RPM_BUILD_ROOT%{_prefix}/lib/kdump/kdump-migrate-action.sh +install -m 755 %{SOURCE36} $RPM_BUILD_ROOT%{_prefix}/lib/kdump/kdump-restart.sh +%endif %ifnarch s390x install -m 755 %{SOURCE28} $RPM_BUILD_ROOT%{_udevrulesdir}/../kdump-udev-throttler %endif @@ -260,6 +264,12 @@ mv $RPM_BUILD_ROOT/etc/kdump-adv-conf/kdump_dracut_modules/* $RPM_BUILD_ROOT/%{d %systemd_post kdump.service touch /etc/kdump.conf + +%ifarch ppc64 ppc64le +servicelog_notify --remove --command=/usr/lib/kdump/kdump-migrate-action.sh 2>/dev/null +servicelog_notify --add --command=/usr/lib/kdump/kdump-migrate-action.sh --match='refcode="#MIGRATE" and serviceable=0' --type=EVENT --method=pairs_stdin +%endif + # This portion of the script is temporary. Its only here # to fix up broken boxes that require special settings # in /etc/sysconfig/kdump. It will be removed when @@ -287,20 +297,11 @@ fi %systemd_postun_with_restart kdump.service %preun -# Package removal, not upgrade +%ifarch ppc64 ppc64le +servicelog_notify --remove --command=/usr/lib/kdump/kdump-migrate-action.sh +%endif %systemd_preun kdump.service -%triggerun -- kexec-tools < 2.0.2-3 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply kdump -# to migrate them to systemd targets -/usr/bin/systemd-sysv-convert --save kdump >/dev/null 2>&1 ||: - -# Run these because the SysV package being removed won't do them -/sbin/chkconfig --del kdump >/dev/null 2>&1 || : -/bin/systemctl try-restart kdump.service >/dev/null 2>&1 || : - - %triggerin -- kernel-kdump touch %{_sysconfdir}/kdump.conf @@ -377,6 +378,24 @@ done %endif %changelog +* Wed Dec 8 2021 Tao Liu - 2.0.23-3 +- Update eppic to latest upstream snapshot +- Update crashkernel-howto.txt +- Remove references to systemd-sysv-convert +- kdump/ppc64: suppress the error message "Could not find a registered notification tool" from servicelog_notify +- fadump: improve fadump-howto.txt about remote dump target setup +- Don't exit 1 from 92-crashkernel.install if zipl is absent (#1993505) +- Document/kexec-kdump-howto.txt: improve notes for kdump_pre and kdump_post scripts + +* Fri Dec 3 2021 Tao Liu - 2.0.23-2 +- kdump/ppc64: migration action registration clean up +- kdump/ppc64: rebuild initramfs image after migration +- Update supported-kdump-targets.txt +- add keyutils as a weak dependency for POWER +- kdumpctl: enable secure boot on ppc64le LPARs +- kdump.sysconfig: make kexec_file_load as default option on arm64 +- kdump.sysconfig: make kexec_file_load as default option on ppc64le + * Thu Nov 11 2021 Tao Liu - 2.0.23-1 - Enable zstd compression for makedumpfile in kexec-tools.spec - Update makedumpfile to 1.7.0