From 9ede522d29afe0677fd247008685d58fe6eb874bae5ba9214aabb435e14bcbb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Tesa=C5=99=C3=ADk?= Date: Tue, 27 Feb 2018 11:54:29 +0000 Subject: [PATCH] Accepting request 580573 from home:ptesarik:branches:Kernel:kdump - kdump-no-crashkernel-in-Xen-PV-DomU.patch: Do not reserve crashkernel on Xen PV DomU (bsc#989792). - kdump-nokaslr.patch: Add 'nokaslr' to the kdump kernel command line (bsc#1075937). OBS-URL: https://build.opensuse.org/request/show/580573 OBS-URL: https://build.opensuse.org/package/show/Kernel:kdump/kdump?expand=0&rev=156 --- kdump-no-crashkernel-in-Xen-PV-DomU.patch | 144 ++++++++++++++++++++++ kdump-nokaslr.patch | 31 +++++ kdump.changes | 12 ++ kdump.spec | 4 + 4 files changed, 191 insertions(+) create mode 100644 kdump-no-crashkernel-in-Xen-PV-DomU.patch create mode 100644 kdump-nokaslr.patch diff --git a/kdump-no-crashkernel-in-Xen-PV-DomU.patch b/kdump-no-crashkernel-in-Xen-PV-DomU.patch new file mode 100644 index 0000000..744e645 --- /dev/null +++ b/kdump-no-crashkernel-in-Xen-PV-DomU.patch @@ -0,0 +1,144 @@ +From: Petr Tesarik +Date: Tue, 27 Feb 2018 11:21:31 +0100 +Subject: Do not reserve crashkernel on Xen PV DomU +References: bsc#989792 +Upstream: merged +Git-commit: 17b818de6320cb908f26612303d8981bf1467605 + +When a Xen PV DomU crashes, it canot kexec a panic kernel, because +the kexec code is not paravirtualized. Do not try to reserve any +crashkernel memory on such systems. + +Signed-off-by: Petr Tesarik +--- + kdumptool/calibrate.cc | 112 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 112 insertions(+) + +--- a/kdumptool/calibrate.cc ++++ b/kdumptool/calibrate.cc +@@ -290,6 +290,102 @@ unsigned long SystemCPU::count(const cha + } + + //}}} ++//{{{ HyperInfo ---------------------------------------------------------------- ++ ++class HyperInfo { ++ ++ public: ++ /** ++ * Initialize a new HyperInfo object. ++ * ++ * @param[in] procdir Mount point for procfs ++ * @param[in] sysdir Mount point for sysfs ++ */ ++ HyperInfo(const char *procdir = "/proc", const char *sysdir = "/sys"); ++ ++ protected: ++ std::string m_type, m_guest_type, m_guest_variant; ++ ++ private: ++ /** ++ * Read a file under a base directory into a string. ++ */ ++ void read_str(std::string &str, const FilePath &basedir, ++ const char *attr); ++ ++ public: ++ /** ++ * Get hypervisor type. ++ */ ++ const std::string& type(void) const ++ { return m_type; } ++ ++ /** ++ * Get hypervisor guest type. ++ */ ++ const std::string& guest_type(void) const ++ { return m_guest_type; } ++ ++ /** ++ * Get hypervisor guest variant (Dom0 or DomU). ++ */ ++ const std::string& guest_variant(void) const ++ { return m_guest_variant; } ++}; ++ ++// ----------------------------------------------------------------------------- ++HyperInfo::HyperInfo(const char *procdir, const char *sysdir) ++{ ++ FilePath basedir(sysdir); ++ basedir.appendPath("hypervisor"); ++ ++ read_str(m_type, basedir, "type"); ++ read_str(m_guest_type, basedir, "guest_type"); ++ ++ if (m_type == "xen") { ++ std::string caps; ++ std::string::size_type pos, next, len; ++ ++ basedir = procdir; ++ basedir.appendPath("xen"); ++ read_str(caps, basedir, "capabilities"); ++ ++ m_guest_variant = "DomU"; ++ pos = 0; ++ while (pos != std::string::npos) { ++ len = next = caps.find(',', pos); ++ if (next != std::string::npos) { ++ ++next; ++ len -= pos; ++ } ++ if (caps.compare(pos, len, "control_d") == 0) { ++ m_guest_variant = "Dom0"; ++ break; ++ } ++ pos = next; ++ } ++ } ++} ++ ++// ----------------------------------------------------------------------------- ++void HyperInfo::read_str(std::string &str, const FilePath &basedir, ++ const char *attr) ++{ ++ FilePath fp(basedir); ++ std::ifstream f; ++ ++ fp.appendPath(attr); ++ f.open(fp.c_str()); ++ if (!f) ++ return; ++ ++ getline(f, str); ++ f.close(); ++ if (f.bad()) ++ throw KError(fp + ": Read failed"); ++} ++ ++//}}} + //{{{ Framebuffer -------------------------------------------------------------- + + class Framebuffer { +@@ -852,6 +948,22 @@ void Calibrate::execute() + { + Debug::debug()->trace("Calibrate::execute()"); + ++ HyperInfo hyper; ++ Debug::debug()->dbg("Hypervisor type: %s", hyper.type().c_str()); ++ Debug::debug()->dbg("Guest type: %s", hyper.guest_type().c_str()); ++ Debug::debug()->dbg("Guest variant: %s", hyper.guest_variant().c_str()); ++ if (hyper.type() == "xen" && hyper.guest_type() == "PV" && ++ hyper.guest_variant() == "DomU") { ++ cout << "Total: 0" << endl; ++ cout << "Low: 0" << endl; ++ cout << "High: 0" << endl; ++ cout << "MinLow: 0" << endl; ++ cout << "MaxLow: 0" << endl; ++ cout << "MinHigh: 0 " << endl; ++ cout << "MaxHigh: 0 " << endl; ++ return; ++ } ++ + MemMap mm; + unsigned long required, prev; + unsigned long pagesize = sysconf(_SC_PAGESIZE); diff --git a/kdump-nokaslr.patch b/kdump-nokaslr.patch new file mode 100644 index 0000000..d3e580f --- /dev/null +++ b/kdump-nokaslr.patch @@ -0,0 +1,31 @@ +From: Petr Tesarik +Date: Tue, 27 Feb 2018 09:57:04 +0100 +Subject: Add 'nokaslr' to the kdump kernel command line +References: bsc#1075937 +Upstream: merged +Git-commit: 0724bcc8220bf2bd4a3598185dcd5ec7e9e5fe47 + +The kASLR algorithm may decide to place the kernel into low memory, +which does not leave enough space for SWIOTLB, and dumping fails +later on. Since the kdump environment does not run any exploitable +services, kASLR can be safely disabled. + +Note that kexec already avoids the low memory reservation when +finding a suitable location for the kernel, initrd and other data. + +Signed-off-by: Petr Tesarik +--- + init/load.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/init/load.sh ++++ b/init/load.sh +@@ -72,7 +72,7 @@ function build_kdump_commandline() + nr_cpus=$(cpus_param "$kdump_kernel")=${KDUMP_CPUS:-1} + fi + # Use deadline for saving the memory footprint +- commandline="$commandline elevator=deadline sysrq=yes reset_devices acpi_no_memhotplug cgroup_disable=memory" ++ commandline="$commandline elevator=deadline sysrq=yes reset_devices acpi_no_memhotplug cgroup_disable=memory nokaslr" + commandline="$commandline irqpoll ${nr_cpus}" + commandline="$commandline root=kdump rootflags=bind rd.udev.children-max=8" + case $(uname -i) in diff --git a/kdump.changes b/kdump.changes index 79d91af..ebfc1c0 100644 --- a/kdump.changes +++ b/kdump.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Feb 27 10:26:57 UTC 2018 - ptesarik@suse.com + +- kdump-no-crashkernel-in-Xen-PV-DomU.patch: Do not reserve + crashkernel on Xen PV DomU (bsc#989792). + +------------------------------------------------------------------- +Tue Feb 27 09:06:17 UTC 2018 - ptesarik@suse.com + +- kdump-nokaslr.patch: Add 'nokaslr' to the kdump kernel command + line (bsc#1075937). + ------------------------------------------------------------------- Fri Feb 23 08:07:59 UTC 2018 - ptesarik@suse.com diff --git a/kdump.spec b/kdump.spec index f88a119..58f67e9 100644 --- a/kdump.spec +++ b/kdump.spec @@ -88,6 +88,8 @@ Patch38: %{name}-nsswitch.conf-filtering.patch Patch39: %{name}-calibrate-do-not-add-KDUMP_PHYS_LOAD-to-RAM.patch Patch40: %{name}-bootloader-filter-out-KDUMPTOOL_FLAGS.patch Patch41: %{name}-always-kexec_load-if-kexec_file_load-fails.patch +Patch42: %{name}-nokaslr.patch +Patch43: %{name}-no-crashkernel-in-Xen-PV-DomU.patch BuildRequires: asciidoc BuildRequires: cmake BuildRequires: gcc-c++ @@ -191,6 +193,8 @@ cp %{S:1} tests/data/ %patch39 -p1 %patch40 -p1 %patch41 -p1 +%patch42 -p1 +%patch43 -p1 %build export CFLAGS="%{optflags}"