diff --git a/kdump-always-pass-kernelver-to-dracut.patch b/kdump-always-pass-kernelver-to-dracut.patch new file mode 100644 index 0000000..05ad96d --- /dev/null +++ b/kdump-always-pass-kernelver-to-dracut.patch @@ -0,0 +1,30 @@ +From: Petr Tesarik +Subject: Always pass kernel version to dracut +References: bsc#900418 +Upstream: v0.8.17 +Git-commit: 950e82a515a2e5ea9386e54b51eb60edc09a758e + +Dracut does not take a kernel image as its argument, but rather the kernel +version, but the KERNELVERSION variable is set only if the kernel version +is explicitly given on the mkdumprd command line. + +Signed-off-by: Petr Tesarik + +--- + init/mkdumprd | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/init/mkdumprd ++++ b/init/mkdumprd +@@ -123,6 +123,11 @@ function run_dracut() + DRACUT_ARGS="--force --hostonly --omit 'plymouth resume usrmount'" + DRACUT_ARGS="$DRACUT_ARGS --compress='xz -0 --check=crc32'" + ++ if [ -z "$KERNELVERSION" ] ++ then ++ KERNELVERSION=$(get_kernel_version "$KERNEL") ++ fi ++ + # add mount points + kdump_get_mountpoints || return 1 + i=0 diff --git a/kdump-bind-mount-sysroot.patch b/kdump-bind-mount-sysroot.patch new file mode 100644 index 0000000..d36e194 --- /dev/null +++ b/kdump-bind-mount-sysroot.patch @@ -0,0 +1,43 @@ +From: Petr Tesarik +Subject: Convert sysroot to a bind mount in kdump initrd +References: bsc#976864 +Upstream: v0.8.17 +Git-commit: a532a27d0bb7f69fbf89527fb02e8434fdafa147 + +In SLES 12 SP2, systemd-fstab-generator no longer ignores non-device +root mounts, so it tries to run an actual mount command for root=kdump. +This fails, of course, because "kdump" is not mountable. + +To solve this, pass "rootflags=bind" to the panic kernel, so systemd +can create a (bogus) bind mount and be happy. + +See also kdump-root-parameter.patch. + +Signed-off-by: Petr Tesarik +--- + init/load.sh | 2 +- + init/module-setup.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/init/load.sh ++++ b/init/load.sh +@@ -71,7 +71,7 @@ function build_kdump_commandline() + # Use deadline for saving the memory footprint + commandline="$commandline elevator=deadline sysrq=yes reset_devices acpi_no_memhotplug cgroup_disable=memory" + commandline="$commandline irqpoll ${nr_cpus}=${KDUMP_CPUS:-1}" +- commandline="$commandline root=kdump rd.udev.children-max=8" ++ commandline="$commandline root=kdump rootflags=bind rd.udev.children-max=8" + case $(uname -i) in + i?86|x86_64) + local boot_apicid=$( +--- a/init/module-setup.sh ++++ b/init/module-setup.sh +@@ -123,7 +123,7 @@ kdump_gen_mount_units() { + echo "${line[@]}" >> "$fstab" + done + +- echo "root=kdump" > "$initdir/proc/cmdline" ++ echo > "$initdir/proc/cmdline" + inst_binary -l \ + "$systemdutildir/system-generators/systemd-fstab-generator" \ + "/tmp/systemd-fstab-generator" diff --git a/kdump-no-xen-secondary-kernel.patch b/kdump-no-xen-secondary-kernel.patch new file mode 100644 index 0000000..a4ffdee --- /dev/null +++ b/kdump-no-xen-secondary-kernel.patch @@ -0,0 +1,74 @@ +From: Petr Tesarik +Subject: Avoid Xen kernels as kdump kernel +References: bsc#900418, bsc#974270 +Upstream: v0.8.17 +Git-commit: 5b3a612f79f8a4935cee162e3bc2f72e996f628e + +Since Xen kernels cannot run on bare metal, they must be avoided +as a secondary kernel. + +Signed-off-by: Petr Tesarik + +--- + kdumptool/findkernel.cc | 29 ++++++++++++++++++++++++----- + 1 file changed, 24 insertions(+), 5 deletions(-) + +--- a/kdumptool/findkernel.cc ++++ b/kdumptool/findkernel.cc +@@ -130,14 +130,33 @@ bool FindKernel::suitableForKdump(const + } + } + ++ Kconfig *kconfig = kt.retrieveKernelConfig(); ++ KconfigValue kv; ++ bool isxen; ++ ++ // Avoid Xenlinux kernels, because they do not run on bare metal ++ kv = kconfig->get("CONFIG_X86_64_XEN"); ++ isxen = (kv.getType() == KconfigValue::T_TRISTATE && ++ kv.getTristateValue() == KconfigValue::ON); ++ if (!isxen) { ++ kv = kconfig->get("CONFIG_X86_XEN"); ++ isxen = (kv.getType() == KconfigValue::T_TRISTATE && ++ kv.getTristateValue() == KconfigValue::ON); ++ } ++ if (isxen) { ++ Debug::debug()->dbg("%s is a Xen kernel. Avoid.", ++ kernelImage.c_str()); ++ delete kconfig; ++ return false; ++ } ++ + if (strict) { + string arch = Util::getArch(); +- Kconfig *kconfig = kt.retrieveKernelConfig(); + + // avoid large number of CPUs on x86 since that increases + // memory size constraints of the capture kernel + if (arch == "i386" || arch == "x86_64") { +- KconfigValue kv = kconfig->get("CONFIG_NR_CPUS"); ++ kv = kconfig->get("CONFIG_NR_CPUS"); + if (kv.getType() == KconfigValue::T_INTEGER && + kv.getIntValue() > MAXCPUS_KDUMP) { + Debug::debug()->dbg("NR_CPUS of %s is %d >= %d. Avoid.", +@@ -148,17 +167,17 @@ bool FindKernel::suitableForKdump(const + } + + // avoid realtime kernels +- KconfigValue kv = kconfig->get("CONFIG_PREEMPT_RT"); ++ kv = kconfig->get("CONFIG_PREEMPT_RT"); + if (kv.getType() != KconfigValue::T_INVALID) { + Debug::debug()->dbg("%s is realtime kernel. Avoid.", + kernelImage.c_str()); + delete kconfig; + return false; + } +- +- delete kconfig; + } + ++ delete kconfig; ++ + return true; + } + diff --git a/kdump-pre-generate-mount-units.patch b/kdump-pre-generate-mount-units.patch new file mode 100644 index 0000000..8dbcd9d --- /dev/null +++ b/kdump-pre-generate-mount-units.patch @@ -0,0 +1,74 @@ +From: Petr Tesarik +Subject: Pre-generate kdump mount units +References: bsc#942895 +Upstream: v0.8.17 +Git-commit: a7e47cdf9cb7db385bc30fce59abce1dc2b5cc11 + +SUSE version of dracut intentionally modifies the initrd to run +systemd-fstab-generator only after the root filesystem is mounted. +This breaks kdump-save.service, because mount units for /kdump/* +do not yet exist when kdump needs them. + +Solve this by pre-generating the required mount units in the primary +system, so kdump no longer depends on running the fstab generator in +initrd context. + +Note that I had to write a temporary /etc/fstab, because dracut +creates this file only after all modules have been processed. + +Signed-off-by: Petr Tesarik +--- + init/module-setup.sh | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +--- a/init/module-setup.sh ++++ b/init/module-setup.sh +@@ -108,6 +108,39 @@ kdump_cmdline_ip() { + esac + } + ++kdump_gen_mount_units() { ++ local line ++ local fstab="$initdir/etc/fstab" ++ ++ [ -e "$fstab" ] && mv "$fstab" "$fstab.kdumpsave" ++ for line in "${fstab_lines[@]}" ++ do ++ line=($line) ++ [ "${line[1]#/kdump}" = "${line[1]}" ] && continue ++ [ -z "${line[3]}" ] && line[3]="defaults" ++ [ -z "${line[4]}" ] && line[4]="0" ++ [ -z "${line[5]}" ] && line[5]="2" ++ echo "${line[@]}" >> "$fstab" ++ done ++ ++ echo "root=kdump" > "$initdir/proc/cmdline" ++ inst_binary -l \ ++ "$systemdutildir/system-generators/systemd-fstab-generator" \ ++ "/tmp/systemd-fstab-generator" ++ chroot "$initdir" "/tmp/systemd-fstab-generator" \ ++ "$systemdsystemunitdir" \ ++ "$systemdsystemunitdir" \ ++ "$systemdsystemunitdir" ++ rm -f "$initdir/tmp/systemd-fstab-generator" ++ rm -f "$initdir/proc/cmdline" ++ ++ if [ -e "$fstab.kdumpsave" ]; then ++ mv "$fstab.kdumpsave" "$fstab" ++ else ++ rm "$fstab" ++ fi ++} ++ + cmdline() { + kdump_cmdline_ip + } +@@ -155,6 +188,8 @@ install() { + "$initdir/$systemdsystemunitdir"/kdump-save.service + ln_r "$systemdsystemunitdir"/kdump-save.service \ + "$systemdsystemunitdir"/initrd.target.wants/kdump-save.service ++ ++ kdump_gen_mount_units + else + [ "$KDUMP_FADUMP" != yes ] && \ + inst_hook mount 30 "$moddir/mount-kdump.sh" diff --git a/kdump-x86_64-kexec-file-syscall.patch b/kdump-x86_64-kexec-file-syscall.patch new file mode 100644 index 0000000..8f09652 --- /dev/null +++ b/kdump-x86_64-kexec-file-syscall.patch @@ -0,0 +1,29 @@ +From: Joey Lee +Subject: Use 'kexec -s' on x86_64 +References: FATE#315018, bsc#884453 +Upstream: v0.8.17 +Git-commit: 48162b5fc73d733ce57a27e4f6df7e46cae66684 + +The kexec(2) system call is disabled if booted with Secure Boot. Tell +kexec (the utility) to use kexec_file(2) instead on x86_64. + +Signed-off-by: Joey Lee + +--- + init/load.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/init/load.sh ++++ b/init/load.sh +@@ -135,6 +135,11 @@ function build_kexec_options() + options="$options --noio" + fi + ++ # add -s on x86_64 for signature verification of kernel ++ if [ "$(uname -i)" = "x86_64" ] ; then ++ options="$options -s" ++ fi ++ + echo "$options" + } + diff --git a/kdump.changes b/kdump.changes index c77b25b..3d27463 100644 --- a/kdump.changes +++ b/kdump.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed May 17 13:31:11 UTC 2017 - ptesarik@suse.com + +- kdump-x86_64-kexec-file-syscall.patch: add -s on x86_64 for + signature verification of kernel. (fate#315018, bsc#884453) + +------------------------------------------------------------------- +Wed May 17 13:18:23 UTC 2017 - ptesarik@suse.com + +- kdump-bind-mount-sysroot.patch: Convert sysroot to a bind mount + in kdump initrd (bsc#976864). +- kdump-pre-generate-mount-units.patch: Pre-generate kdump mount + units (bsc#942895). +- kdump-always-pass-kernelver-to-dracut.patch: Always pass kernel + version to dracut (bsc#900418). +- kdump-no-xen-secondary-kernel.patch: Avoid Xenlinux (aka + traditional, Xenified or SUSE) kernels as kdump kernel + (bsc#900418, bsc#974270). + ------------------------------------------------------------------- Tue May 16 11:31:53 UTC 2017 - ptesarik@suse.com @@ -26,6 +45,22 @@ Wed Oct 5 10:55:39 UTC 2016 - ptesarik@suse.com Wed Oct 5 07:53:00 UTC 2016 - ptesarik@suse.com - Update to 0.8.16 + o Improve systemd integration (FATE#319020, bsc#900134, + bsc#909515, bsc#936363, bsc#936475, bsc#936489, bsc#942895, + bsc#943902, bsc#944606, bsc#947825, bsc#948913). + o Use OpenSSH for SSH and SFTP (FATE#318874, bsc#917747). + o Improve 'kdumptool calibrate' (FATE#318842, bsc#882082, + bsc#947539, bsc#952141, bsc#953732). + o Improve network initialization (bsc#943214, bsc#944201, + bsc#980328). + o Fix FADUMP with systemd (bsc#917846, bsc#923790, bsc#944699). + o Fix saving to XFS (bsc#964206). + o Use full path to dracut (bsc#989972, bsc#990200, + CVE-2016-5759). + o Documentation updates (bsc#987862, bsc#997104). + o Various smaller fixes (bsc#905690, bsc#927451, bsc#932339, + bsc#934581, bsc#941088, bsc#946242, bsc#948956, bsc#951844, + bsc#952149, bsc#970708, bsc#973213, bsc#984799, bsc#986081). - Drop patches now in mainline: o 0001-multipath-Write-proper-regex-into-multipath-conf.patch o kdump-add-IPv6-KDUMP_NETCONFIG-modes.patch diff --git a/kdump.spec b/kdump.spec index 98ac342..f0d90d2 100644 --- a/kdump.spec +++ b/kdump.spec @@ -44,6 +44,11 @@ Source2: %{name}-rpmlintrc Patch1: %{name}-cmake-compat.patch Patch2: %{name}-KDUMP_SSH_IDENTITY.patch Patch3: %{name}-KDUMP_SSH_IDENTITY-cfg.patch +Patch4: %{name}-no-xen-secondary-kernel.patch +Patch5: %{name}-always-pass-kernelver-to-dracut.patch +Patch6: %{name}-pre-generate-mount-units.patch +Patch7: %{name}-bind-mount-sysroot.patch +Patch8: %{name}-x86_64-kexec-file-syscall.patch BuildRequires: asciidoc BuildRequires: cmake BuildRequires: gcc-c++ @@ -106,6 +111,11 @@ after a crash dump has occured. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build export CFLAGS="%{optflags}"