Commit Graph

1368 Commits

Author SHA1 Message Date
Kairui Song
0cc3b85d0d module-setup.sh: Add "rd.neednet" parameter if network is needed
Upstream dracut now use network-manager module by default and since
upstream commit 3dcaa97, network-manager expects user to pass "rd.neednet"
to indicate network is required.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2020-05-28 16:26:06 +08:00
Kairui Song
cfd93e2b7e Revert "Add a hook to wait for kdump target in initqueue"
This reverts commit cee618593c.

Upstream dracut have provided a parameter for adding mandantory network
requirement by appending "rd.neednet" parameter, so we should use that
instead.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2020-05-28 16:26:00 +08:00
Lianbo Jiang
a81ec90ed8 kdump.sysconfig: Remove the option 'log_buf_len' from kdump command line
The option 'log_buf_len' in the kernel command line will make kernel
dynamically allocate memory (system ram) from memblock and always hold
the memory allocated. If the size of this option is misused such as
'log_buf_len=64M'. This may cause a short of memory for kdump kernel,
because the size of memory is usually limited in kdump kernel.

In order to avoid this problem, need to remove this option from the
kdump kernel command line.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-28 10:11:15 +08:00
Kairui Song
0094fb496d Release 2.0.20-13
Add support for using unmounted device as dump target, update docs, and
fix several known issue.

Signed-off-by: Kairui Song <kasong@redhat.com>
2020-05-22 19:29:19 +08:00
Kairui Song
73da3224be Fix an error in commit ca01cbd
Previous commit ca01cbd ('mkdumprd: generate usable kdump initramfs
even target is not mounted') applied a wrong version of patch, let me
just fix it.

Signed-off-by: Kairui Song <kasong@redhat.com>
2020-05-22 19:29:19 +08:00
Kairui Song
846e23a2d5 Update docs for the new noauto dump target support
Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:16:01 +08:00
Kairui Song
f2ffa3d340 kexec-kdump-howto.txt: Add some format to the document
When adding doc for the non-mounted dump target support, I found the
document are a bit uneasy to read due to lack of a proper format, this
commit should it make looks better.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:14:13 +08:00
Kairui Song
ca01cbdfd5 mkdumprd: generate usable kdump initramfs even target is not mounted
Currently kexec-tools always depend on dump target to be mounted, which
caused some inconvenience for setup.

So for user configured target, allow kdump to start and build initramfs
even if target is not mounted.

When a mounted user configured target is used, the behavior is not
changed.

When a unmounted user configured target is used, mkdumprd will look for
corresponding mount info in fstab, and a entry with noauto option is
founded, mkdumprd will try to mount it inplace with optoins specified
in fstab and do basic checks on the device, then umount it.

If there is no fstab entry, mkdumprd will try to mount it in temporary
path with defaults option, do same basic check and umount it.

If there is a fstab entry but "noauto" option is not used, then there
must be some reason that the target device is not mounted, mkdumprd will
error out.

When path based target is used, there is no behavior change.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:14:07 +08:00
Kairui Song
61e016939c User get_mount_info to replace findmnt calls
Use get_mount_info so that fstab is used as a failback when look for
mount info.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:14:02 +08:00
Kairui Song
be578f6382 kdump-lib.sh: add fstab failback helper for getting mount info
This allows look up mount info even if target is not mounted.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:13:57 +08:00
Kairui Song
70deeb474b Allow calling mkdumprd from kdumpctl even if targat not mounted
Ignore mount check in kdumpctl, mkdumprd will still fail building and
exit if target is not mounted.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:13:49 +08:00
Kairui Song
0624148414 Add a is_mounted helper
Use is_mounted helper instaed of calling findmnt directly or checking if
"mount" value is empty.

If findmnt looks for fstab as well, some non mounted entry will also
return value. Required to support non-mounted target.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-22 16:13:24 +08:00
Kairui Song
43ea36b3e8 Introduce get_kdump_mntpoint_from_target and fix duplicated /
User a helper to get the path to mount dump target in kdump kernel, and
fix duplicated '/' in the mount path problem.

Fixes: bz1785371
Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2020-05-22 16:13:02 +08:00
Kairui Song
539bff4083 Append both nofail and x-systemd.before to kdump mount target
By this point, there is still an unresolved vfs kernel issue that blocks
systemd from mounting the dump target properly from time to time. To
prevent systemd from failing by mounting the dump target, we can add
nofail option to the kdump mount point.

But adding nofail will wipe out default dependency of the mount point,
see commit 94a7b43, so systemd randomize the order of calling kdump.sh
and mounting the dump target and lead to unexpected behavior.
However we can use x-systemd.before to ensure the mount is done
in right order.

In dracut-kdump-capture.service, we have "After=initrd.target",
and look at dracut.bootup.7, systems start processing of fstab by
initrd-fs.target, so set "After=initrd.target" could ensure the mount
is ready before pre-pivot and kdump-capture service.

Now with both nofail and x-systemd.before=initrd.target, systemd
will try to mount the dump target before calling kdump, and even if the
mount failed, kdump.sh will still be called and try to mount again. See
dump_fs function, which will try to mount if the target is not mounted.
Kdump will only fail if both mount attemp fails.

Else if the kdump target mount failed or unstable, systemd will directly
jump to kdump failure action, and kdump fails.

This should improve the robustness in general with no other risk.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-15 17:17:27 +08:00
Kairui Song
33e79681d9 Fix the problem that kdump prints redundant /
In second kernel, kdump always prints redundant '/':

kdump: saving to /sysroot//var/crash/127.0.0.1-2020-03-12-21:32:54/

Just trim it.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
2020-05-11 14:22:22 +08:00
Kairui Song
b82c35c842 Partially Revert "Don't mount the dump target unless needed"
This partially reverts commit 6dee286467.

There are reports that NFSv3 is failing after this commit, and after
more debug, I found NFSv4 may not work properly if
"nfs4_disable_idmapping" is set to 0.

The cause of the failure is that kdump.sh runs after dracut's pre-pivot
and clean up hook, many dracut module will install hooks to kill some
running services, so if the dump target requires a service to be running
but it's killed, mount will fail.

Dracut ensures the configured mount points are ready before pre-pivot.
After pre-pivot, any further mounting operation may not work as expected.

Although there is no report of other type of dump target failure except
NFSv3, it's better to revert this, to avoid other potential risk, and wait
for a proper fix for that systemd/kernel issue.

Else, this may bring more trouble for further development.

But still keep the change in kdump-lib-initramfs.sh for better
robustness.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-11 14:22:22 +08:00
Hari Bathini
d624a0326f fadump: update fadump-howto.txt with some troubleshooting help
Add recommendations on how much memory is required for FADump. Also,
mention the optimizations applied to default initrd when FADump is
used and how to workaround it.

Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-05-11 14:08:14 +08:00
Lianbo Jiang
ce0305d4f9 Add a new option 'rd.znet_ifname' in order to use it in udev rules
In most cases, it always provides a persistent MAC address. But for
the s390 Arch, sometimes, kernel could run in the LPAR mode and it
doesn't provide a persistent MAC address, which caused the kdump
failure.

Currently, some rules rely on the persistent MAC address, for the
above case, which won't work in kdump kernel because non-persistent
MAC could not match with udev rules.

To fix this issue, need to add a new option 'rd.znet_ifname' in order
to provide extra parameters such as 'ifname' and 'subchannels' for
some rules, which ensures kdump can also work appropriately without
the persistent MAC. Please refer to the following commit in dracut:

872eb69936bd ("95znet: Add a rd.znet_ifname= option")

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-04-27 18:21:22 +08:00
Kazuhito Hagio
74081a2b64 Don't unmount the dump target just after saving vmcore
Since commit 6dee286467 ("Don't mount the dump target unless needed"),
dump_fs function unmounts the dump target just after saving vmcore.

This broke the condition that it's mounted when executing "kdump_post",
which had been stable since RHEL5, and a certain tool which uses the
kdump_post hook to save information of 2nd kernel to the dump target
started to fail.

As unmounting it is done by systemd-shutdown before reboot without
the umount command as below, so let's don't unmount it in dump_fs.

  systemd-shutdown[1]: Unmounting file systems.
  [547]: Remounting '/sysroot' read-only in with options '(null)'.
  EXT4-fs (dm-0): re-mounted. Opts: (null)
  [548]: Unmounting '/sysroot'.

Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-04-27 16:30:59 +08:00
Pingfan Liu
f33f30eb61 dracut-module-setup.sh: fix breakage in get_pcs_fence_kdump_nodes()
pcs cluster and cluster cib-upgrade may throw some information and disturb
the parsing. Mute them

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-04-20 11:24:46 +08:00
Pingfan Liu
6348398743 dracut-module-setup.sh: ensure cluster info is ready before query
There is a race issue between "pcs" and "kdumpctl restart"

-1. set up cluster
 # pcs cluster setup --start mycluster node1 node2
 # pcs stonith create kdump fence_kdump pcmk_reboot_action="off"
 # pcs stonith level add 1 node1 kdump
 # pcs stonith level add 1 node2 kdump

-2. Then here comes the command _immediately_ in kdumpctl
 # pcs cluster cib

But due to some pcs internal mechanism, "pcs cluster cib" can not
fetch the updated info in time.

Fix these issue by forcing the upgrade of cib.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-04-08 15:46:06 +08:00
Kairui Song
b5b252ae27 Release 2.0.20-12
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-04-02 01:48:46 +08:00
Kairui Song
3b09c4910d Remove adjust_bind_mount_path call
If user configured target is used, path should be used as the absolute
path within the dump target direct, and user should be fully aware of
the path structure within the target device. The adjust_bind_mount_path
call here make it very hard to control the behavior.

Especially, if it's a cross device bind mount, this will likely create a
invalid path in the target. And for atomic case, adjust_bind_mount_path call
here assumes user will always pass root device as the explicitly configured
dump target, which is not true.

If user configured target device is used, the path is always be the
absolute path inside of given target. If user don't know about the path
structure in the target device, then user should either use the path
based config, or carefully exam the target device before using it as a
dump target.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-30 22:06:46 +08:00
Kairui Song
bde4b7af3b No longer treat atomic/silverblue specially
This commit remove almost all special workaround for atomic, and treat
all bind mounts in any environment equally.

Use a helper get_bind_mount_directory_from_path to get the bind mount
source path of given path.

is_atomic function now only used to determine the right /boot path
for atomic/silverblue environment.

And remove get_mntpoint_from_path(), it's the only function that never
ignore bind mount, and it have no caller after this clean up.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-30 22:06:37 +08:00
Kairui Song
b5b0b90521 mkdumprd: Simplify handling of user specified target
For user specified target, the config value is used as the dump target,
and SAVE_PATH (path in kdump.conf) value is used as the dump path within
the dump target, no need to do anything extra with the path value.

Current code logic is not only complicated, it also wrongly generate
an redundantly long path in atomic/silverblue environment.

The right way is only check two things, and do nothing else:

 1. The path exists within the target;
 2. The target is large enough to hold to contain the vmcore.

Currently checking the target still requires it to be mounted so it will
error out if it's not mounted. Will implement some auto mount as next
step.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-30 22:06:28 +08:00
Kairui Song
fd7e7be483 mkdumprd: Use get_save_path instead of parsing config
get_save_path provides default value fail back and error check, no need
to repeat it again.

Also remove a redundant echo and grep in get_save_path

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-30 22:06:07 +08:00
Kairui Song
c1c7f004c8 Remove is_dump_target_configured
It's basically same with is_user_configured_dump_target and only have
one caller. And the name is confusing, the dump target is always
configured, it's either user configured or path based.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-30 22:05:31 +08:00
Pingfan Liu
3be5f74df0 dracut-module-setup.sh: improve get_alias()
In /etc/hosts, the alias name can come at the 2nd column, regardless of the
recommendation.

E.g. the following format is valid although not recommended
cat /etc/hosts
        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
        ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        192.168.22.21	fastvm-rhel-7-6-21	fastvm-rhel-7-6-21.localdomain
        192.168.22.22	fastvm-rhel-7-6-22	fastvm-rhel-7-6-22.localdomain

        192.168.22.21   node1_hb
        192.168.22.22   node2_hb

So filtering out both 2nd and 3rd column for matching.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-03-24 15:36:26 +08:00
Kairui Song
4b43ba063d Release 2.0.20-11
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-03-24 01:47:45 +08:00
Kairui Song
424ac0bf80 Fix a potential syntax error
Process substitution is not POSIX standard syntax, so if bash is configured
to strictly follow POSIC, this will fail.

Just use a POSIX friendly syntax instead.

Fixes: bz1708321

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-23 10:26:20 +08:00
Kairui Song
e78639b46f Use read_strip_comments to filter the installed kdump.conf
This help remove redundant spaces and tailing comment in installed
kdump.conf, currently installed kdump.conf always contain extra empty
lines.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-23 10:26:08 +08:00
Kairui Song
632c369ec2 kdumpctl: fix driver change detection on latest Fedora
Now modinfo will return "(builtin)" instead of empty string for builtin
module. Sync the code logic.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-03-23 10:24:57 +08:00
Kairui Song
2fbcdf41e3 kdumpctl: check hostonly-kernel-modules.txt for kernel module
Since Dracut commit a0d9ad6 loaded-kernel-modules is renamed to
hostonly-kernel-modules and contains all hostonly modules. So check
hostonly-kernel-modules instead for module change.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-03-18 15:11:43 +08:00
Kairui Song
c9c50f9a36 dracut-module-setup.sh: Ensure initrd.target.wants dir exists
Latest dracut release stopped creating
$systemdsystemunitdir/initrd.target.wants dir for us, so ensure it
exists before creating the symlink.

Signed-off-by: Kairui Song <kasong@redhat.com>
Tested-and-Reviewed-by: Bhupesh Sharma <bhsharma@redhat.com>
2020-03-18 15:10:59 +08:00
Bhupesh Sharma
760beb7e57 mkdumprd: Use DUMP_TARGET which printing error message during ssh
When building kdump initramfs for a SSH dump target, mkdumprd would
check whether it has the write permission on the SSH Server's
$DUMP_TARGET.

However $DUMP_TARGET is missing in the actual error message when the
user doesn't not have the write permission. For example:

 # kdumpctl restart
   kexec: unloaded kdump kernel
   Stopping kdump: [OK]
   Could not create temporary directory on :/home/bhsharma/test. Make
   sure user has write permission on destination
   mkdumprd: failed to make kdump initrd
   Starting kdump: [FAILED]

This patch using $1 value passed to mkdumprd, to print the
$DUMP_TARGET inside mkdir_save_path_ssh() function to
fix the issue.

Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-03-18 14:28:41 +08:00
HAGIO KAZUHITO(萩尾 一仁)
64d30f54b9 kdump-lib.sh: Fix is_user_configured_dump_target()
Currently, is_user_configured_dump_target() doesn't work as expected
due to lack of grep -E option.

As a result, kdump service with a ssh dump configuration can unnecessarily
fail to start due to the non-existence of a directory at where the path
option specifies on the local system:

  kdumpctl[9760]: Rebuilding /boot/initramfs-5.4.19-200.fc31.x86_64kdump.img
  kdumpctl[9760]: Dump path /var/crash/ssh does not exist.
  kdumpctl[9760]: mkdumprd: failed to make kdump initrd
  kdumpctl[9760]: Starting kdump: [FAILED]

Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-03-12 23:32:25 +08:00
Kazuhito Hagio
a1c28126ef mkdumprd: Use makedumpfile --check-params option
In order to check whether the specified makedumpfile parameters are
valid or not when generating initramfs, use the --check-params option,
which was recently added.

With the patch, kdumpctl can point out mistakes in core_collector
option and failed.  For example, if there is an practical mistake
that dump_level is -1:

  # cat /etc/kdump.conf
  core_collector makedumpfile -l --message-level 1 -d -1

  # kdumpctl start
  Detected change(s) in the following file(s):

    /etc/kdump.conf
  Rebuilding /boot/initramfs-5.4.19-200.fc31.x86_64kdump.img
  Dump_level(-1) is invalid.
  makedumpfile parameter check failed.
  mkdumprd: failed to make kdump initrd
  Starting kdump: [FAILED]

Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-03-12 23:32:22 +08:00
Kazuhito Hagio
476a2b50f6 makedumpfile: Introduce --check-params option
Backport from the upstream makedumpfile devel branch.

commit 989152e113bfcb4fbfbad6f3aed6f43be4455919
Author: Kazuhito Hagio <k-hagio-ab@nec.com>
Date:   Tue Feb 25 16:04:55 2020 -0500

    [PATCH] Introduce --check-params option

    Currently it's difficult to check whether a makedumpfile command-line
    is valid or not without an actual panic.  This is inefficient and if
    a wrong configuration is not tested, you will miss the vmcore when an
    actual panic occurs.

    In order for kdump facilities like kexec-tools to be able to check
    the specified command-line parameters in advance, introduce the
    --check-params option that only checks them and exits immediately.

    Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>

Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-03-12 23:32:18 +08:00
HAGIO KAZUHITO(萩尾 一仁)
b229a9773c Improves the early-kdump-howto.txt document in several points:
(1) explain early kdump a little clearer in "Introduction"
(2) move the notes out to a new "Notes" section for readability and
    add a note about need of reconfiguration after kernel update
(3) change journalctl -x option to -b option because -x is unnecessary
    and -b will make it very faster if persistent journal is available
(4) shorten the example messages for readability
(5) add a note to "Limitation" about the earliness of early kdump

Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Acked-by: Lianbo Jiang <lijiang@redhat.com>
2020-03-12 23:31:34 +08:00
Kairui Song
16d2e4274d Release 2.0.20-10
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-02-13 16:19:54 +08:00
s.morishima@fujitsu.com
a878ad0100 Add --force option to step 2 in early-kdump-howto.txt
For step2 in early-kdump-howto.txt, --force option of dracut
is necessary to rebuild system initramfs. Without --force option,
executing step2 fails because system initramfs already exists.

Signed-off-by: Shigeki Morishima <s.morishima@jp.fujitsu.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-02-13 14:17:18 +08:00
s.morishima@fujitsu.com
2af3537dfa Fix typo in early-kdump-howto.txt
Signed-off-by: Shigeki Morishima <s.morishima@jp.fujitsu.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-02-13 14:17:12 +08:00
Bhupesh Sharma
a01270b64e kexec-tools/module-setup: Ensure eth devices get IP address for VLAN
Currently while trying to save vmcore via vlan eth interface, the Kdump
kernel fails with network unreachable message.

This is because mkdumprd produces a vlan config that does not get
ip address for vlan on eth device.

Fix the same via this patch.

Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-02-13 14:13:59 +08:00
Hari Bathini
e3f2f926dd powerpc: enable the scripts to capture dump on POWERNV platform
With FADump support added on POWERNV paltform, enable the scripts to
capture /proc/vmcore. Also, if CONFIG_OPAL_CORE is enabled, OPAL core
is preserved and exported on POWERNV platform. So, offload OPAL core,
if it is available.

Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-02-06 22:13:06 +08:00
Lianbo Jiang
6a20bd5447 kdump-lib: switch to the kexec_file_load() syscall on x86_64 by default
UEFI Secure boot is a signature verification mechanism, designed to
prevent malicious code being loaded and executed at the early boot
stage. This makes sure that code executed is trusted by firmware.

Previously, with kexec_file_load() interface, kernel prevents unsigned
kernel image from being loaded if secure boot is enabled. So kdump will
detect whether secure boot is enabled firstly, then decide which interface
is chosen to execute, kexec_load() or kexec_file_load(). Otherwise unsigned
kernel loading will fail if secure boot enabled, and kexec_file_load() is
entered.

Now, the implementation of kexec_file_load() is adjusted in below commit.
With this change, if CONFIG_KEXEC_SIG_FORCE is not set, unsigned kernel
still has a chance to be allowed to load under some conditions.

commit 99d5cadfde2b ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG
and KEXEC_SIG_FORCE")

And in the current Fedora, the CONFIG_KEXEC_SIG_FORCE is not set, only the
CONFIG_KEXEC_SIG and CONFIG_BZIMAGE_VERIFY_SIG are set on x86_64 by default.
It's time to spread kexec_file_load() onto all systems of x86_64, including
Secure-boot platforms and legacy platforms. Please refer to the following
form.

.----------------------------------------------------------------------.
| .                    |     signed kernel     |    unsigned kernel    |
|    .      types      |-----------------------|-----------------------|
|       .              |Secure boot|  Legacy   |Secure boot|  Legacy   |
|          .           |-----------|-----------|-----------|-----------|
| options     .        | prev| now | prev| now |     |     | prev| now |
|                .     |(file|(file|(only|(file| prev| now |(only|(file|
|                    . |load)|load)|load)|load)|     |     |load)|load)|
|----------------------|-----|-----|-----|-----|-----|-----|-----|-----|
|KEXEC_SIG=y           |     |     |     |     |     |     |     |     |
|SIG_FORCE is not set  |succ |succ |succ |succ |  X  |  X  |succ |succ |
|BZIMAGE_VERIFY_SIG=y  |     |     |     |     |     |     |     |     |
|----------------------|-----|-----|-----|-----|-----|-----|-----|-----|
|KEXEC_SIG=y           |     |     |     |     |     |     |     |     |
|SIG_FORCE is not set  |     |     |     |     |     |     |     |     |
|BZIMAGE_VERIFY_SIG is |fail |fail |succ |fail |  X  |  X  |succ |fail |
|not set               |     |     |     |     |     |     |     |     |
|----------------------|-----|-----|-----|-----|-----|-----|-----|-----|
|KEXEC_SIG=y           |     |     |     |     |     |     |     |     |
|SIG_FORCE=y           |succ |succ |succ |fail |  X  |  X  |succ |fail |
|BZIMAGE_VERIFY_SIG=y  |     |     |     |     |     |     |     |     |
|----------------------|-----|-----|-----|-----|-----|-----|-----|-----|
|KEXEC_SIG=y           |     |     |     |     |     |     |     |     |
|SIG_FORCE=y           |     |     |     |     |     |     |     |     |
|BZIMAGE_VERIFY_SIG is |fail |fail |succ |fail |  X  |  X  |succ |fail |
|not set               |     |     |     |     |     |     |     |     |
|----------------------|-----|-----|-----|-----|-----|-----|-----|-----|
|KEXEC_SIG is not set  |     |     |     |     |     |     |     |     |
|SIG_FORCE is not set  |     |     |     |     |     |     |     |     |
|BZIMAGE_VERIFY_SIG is |fail |fail |succ |succ |  X  |  X  |succ |succ |
|not set               |     |     |     |     |     |     |     |     |
 ----------------------------------------------------------------------
Note:
[1] The 'X' indicates that the 1st kernel(unsigned) can not boot when the
    Secure boot is enabled.

Hence, in this patch, if on x86_64, let's use the kexec_file_load() only.
See if anything wrong happened in this case, in Fedora firstly for the
time being.

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
Acked-by: Kairui Song <kasong@redhat.com>
2020-02-06 21:57:14 +08:00
Kairui Song
1b89cc245f Release 2.0.20-9
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-01-29 14:44:16 +08:00
Kairui Song
47f2a819d5 Fix builing failure on Fedora 32
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-01-29 14:43:47 +08:00
Kairui Song
71d20dc825 Release 2.0.20-8
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-01-29 08:48:04 +08:00
Kairui Song
69b920db5d Update makedumpfile to 1.6.7
Signed-off-by: Kairui Song <kasong@redhat.com>
2020-01-29 08:47:42 +08:00
Kairui Song
cee618593c Add a hook to wait for kdump target in initqueue
The dracut initqueue may quit immediately and won't trigger any hook if
there is no "finished" hook still pending (finished hook will be deleted
once it return 0).

This issue start to appear with latest dracut, latest dracut use
network-manager to configure the network,
network-manager module only install "settled" hook, and we didn't
install any other hook. So NFS/SSH dump will fail. iSCSI dump works
because dracut iscsi module will install a "finished" hook to detect if
the iscsi target is up.

So for NFS/SSH we keep initqueue running until the host successfully get
a valid IP address, which means the network is ready.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Pingfan Liu <piliu@redhat.com>
2020-01-29 08:12:45 +08:00