import kexec-tools-2.0.26-14.el8_10.1

SOURCES/dracut-early-kdump.sh

@@ -49,11 +49,6 @@ early_kdump_load()
 
     EARLY_KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
 
-    if is_secure_boot_enforced; then
-        dinfo "Secure Boot is enabled. Using kexec file based syscall."
-        EARLY_KEXEC_ARGS="$EARLY_KEXEC_ARGS -s"
-    fi
-
     # Here, only output the messages, but do not save these messages
     # to a file because the target disk may not be mounted yet, the
     # earlykdump is too early.

SOURCES/dracut-module-setup.sh

@@ -363,6 +363,14 @@ _get_nic_driver() {
     ethtool -i "$1" | sed -n -E "s/driver: (.*)/\1/p"
 }
 
+_get_hpyerv_physical_driver() {
+    local _physical_nic
+
+    _physical_nic=$(find /sys/class/net/"$1"/ -name 'lower_*' | sed -En "s/\/.*lower_(.*)/\1/p")
+    [[ -n $_physical_nic ]] || return
+    _get_nic_driver "$_physical_nic"
+}
+
 kdump_install_nic_driver() {
     local _netif _driver _drivers
 
@@ -382,6 +390,11 @@ kdump_install_nic_driver() {
         elif [[ $_driver == "team" ]]; then
             # install the team mode drivers like team_mode_roundrobin.ko as well
             _driver='=drivers/net/team'
+        elif [[ $_driver == "hv_netvsc" ]]; then
+            # A Hyper-V VM may have accelerated networking
+            # https://learn.microsoft.com/en-us/azure/virtual-network/accelerated-networking-overview
+            # Install the driver of physical NIC as well
+            _drivers+=("$(_get_hpyerv_physical_driver "$_netif")")
         fi
 
         _drivers+=("$_driver")
@@ -1127,6 +1140,15 @@ install() {
       's/\(^[[:space:]]*reserved_memory[[:space:]]*=\)[[:space:]]*[[:digit:]]*/\1 1024/' \
       ${initdir}/etc/lvm/lvm.conf &>/dev/null
 
+    # Skip initrd-cleanup.service and initrd-parse-etc.service becasue we don't
+    # need to switch root. Instead of removing them, we use ConditionPathExists
+    # to check if /proc/vmcore exists to determine if we are in kdump.
+    sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
+        "${initdir}/${systemdsystemunitdir}/initrd-cleanup.service" &> /dev/null
+
+    sed -i '/\[Unit\]/a ConditionPathExists=!\/proc\/vmcore' \
+        "${initdir}/${systemdsystemunitdir}/initrd-parse-etc.service" &> /dev/null
+
     # Save more memory by dropping switch root capability
     dracut_no_switch_root
 }

SOURCES/kdump-lib.sh

@@ -529,11 +529,24 @@ get_dracut_args_target()
     echo $1 | grep "\-\-mount" | sed "s/.*--mount .\(.*\)/\1/" | cut -d' ' -f1
 }
 
+get_reserved_mem_size()
+{
+	local reserved_mem_size=0
+
+	if is_fadump_capable; then
+		reserved_mem_size=$(< /sys/kernel/fadump/mem_reserved)
+	else
+		reserved_mem_size=$(< /sys/kernel/kexec_crash_size)
+	fi
+
+	echo "$reserved_mem_size"
+}
+
 check_crash_mem_reserved()
 {
     local mem_reserved
 
-    mem_reserved=$(cat /sys/kernel/kexec_crash_size)
+    mem_reserved=$(get_reserved_mem_size)
     if [ $mem_reserved -eq 0 ]; then
         derror "No memory reserved for crash kernel"
         return 1
@@ -700,6 +713,15 @@ prepare_kexec_args()
             fi
         fi
     fi
+
+    # For secureboot enabled machines, use new kexec file based syscall.
+    # Old syscall will always fail as it does not have capability to do
+    # kernel signature verification.
+    if is_secure_boot_enforced; then
+        dinfo "Secure Boot is enabled. Using kexec file based syscall."
+        kexec_args="$kexec_args -s"
+    fi
+
     echo $kexec_args
 }
 

SOURCES/kdumpctl

@@ -538,28 +538,22 @@ check_fs_modified()
 check_system_modified()
 {
 	local ret
+	local CONF_ERROR=2
+	local CONF_MODIFY=1
+	local CONF_NO_MODIFY=0
+	local conf_status=$CONF_NO_MODIFY
 
 	[[ -f $TARGET_INITRD ]] || return 1
 
-	check_files_modified
-	ret=$?
-	if [ $ret -ne 0 ]; then
-		return $ret
-	fi
-
-	check_fs_modified
-	ret=$?
-	if [ $ret -ne 0 ]; then
-		return $ret
-	fi
-
-	check_drivers_modified
-	ret=$?
-	if [ $ret -ne 0 ]; then
-		return $ret
-	fi
+	for _func in check_files_modified check_fs_modified check_drivers_modified; do
+		$_func
+		ret=$?
+		# return immediately if an error occurred.
+		[[ $ret -eq "$CONF_ERROR" ]] && return "$ret"
+		[[ $ret -eq "$CONF_MODIFY" ]] && { conf_status="$CONF_MODIFY"; }
+	done
 
-	return 0
+	return $conf_status
 }
 
 check_rebuild()
@@ -653,20 +647,7 @@ function load_kdump_kernel_key()
                 return
         fi
 
-        KDUMP_KEY_ID=$(cat /usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer |
-                        keyctl padd asymmetric kernelkey-$RANDOM %:.ima)
-}
-
-# remove a previously loaded key. There's no real security implication
-# to leaving it around, we choose to do this because it makes it easier
-# to be idempotent and so as to reduce the potential for confusion.
-function remove_kdump_kernel_key()
-{
-	if [ -z "$KDUMP_KEY_ID" ]; then
-		return
-	fi
-
-	keyctl unlink $KDUMP_KEY_ID %:.ima
+	keyctl padd asymmetric "" %:.ima < "/usr/share/doc/kernel-keys/$KDUMP_KERNELVER/kernel-signing-ppc.cer"
 }
 
 # Load the kdump kernel specified in /etc/sysconfig/kdump
@@ -679,15 +660,6 @@ load_kdump()
 	KEXEC_ARGS=$(prepare_kexec_args "${KEXEC_ARGS}")
 	KDUMP_COMMANDLINE=$(prepare_cmdline "${KDUMP_COMMANDLINE}" "${KDUMP_COMMANDLINE_REMOVE}" "${KDUMP_COMMANDLINE_APPEND}")
 
-	# For secureboot enabled machines, use new kexec file based syscall.
-	# Old syscall will always fail as it does not have capability to
-	# to kernel signature verification.
-	if is_secure_boot_enforced; then
-		dinfo "Secure Boot is enabled. Using kexec file based syscall."
-		KEXEC_ARGS="$KEXEC_ARGS -s"
-		load_kdump_kernel_key
-	fi
-
 	ddebug "$KEXEC $KEXEC_ARGS $standard_kexec_args --command-line=$KDUMP_COMMANDLINE --initrd=$TARGET_INITRD $KDUMP_KERNEL"
 
 	# The '12' represents an intermediate temporary file descriptor
@@ -708,9 +680,7 @@ load_kdump()
 	set +x
 	exec 2>&12 12>&-
 
-	remove_kdump_kernel_key
-
-	if [ $ret == 0 ]; then
+	if [[ $ret == 0 ]]; then
 		dinfo "kexec: loaded kdump kernel"
 		return 0
 	else
@@ -848,7 +818,7 @@ propagate_ssh_key()
 
 show_reserved_mem()
 {
-    local mem=$(cat /sys/kernel/kexec_crash_size)
+    local mem=$(get_reserved_mem_size)
     local mem_mb=$(expr $mem / 1024 / 1024)
 
     dinfo "Reserved "$mem_mb"MB memory for crash kernel"
@@ -1009,7 +979,13 @@ start_fadump()
 
 start_dump()
 {
-	if [ $DEFAULT_DUMP_MODE == "fadump" ]; then
+	# On secure boot enabled Power systems, load kernel signing key on .ima for signature
+	# verification using kexec file based syscall.
+	if [[ "$(uname -m)" == ppc64le ]] && is_secure_boot_enforced; then
+		load_kdump_kernel_key
+	fi
+
+	if [[ $DEFAULT_DUMP_MODE == "fadump" ]]; then
 		start_fadump
 	else
 		load_kdump
@@ -1270,7 +1246,7 @@ do_estimate() {
 	# The default value when using crashkernel=auto
 	baseline_size=$((baseline * size_mb))
 	# Current reserved crashkernel size
-	reserved_size=$(cat /sys/kernel/kexec_crash_size)
+	reserved_size=$(get_reserved_mem_size)
 	# A pre-estimated value for userspace usage and kernel
 	# runtime allocation, 64M should good for most cases
 	runtime_size=$((64 * size_mb))

SOURCES/mkdumprd

@@ -240,7 +240,7 @@ check_user_configured_target()
 # $1: core_collector config value
 verify_core_collector() {
     local _cmd="${1%% *}"
-    local _params="${1#* }"
+    local _params="${1#${_cmd}}"
 
     if [ "$_cmd" != "makedumpfile" ]; then
         if is_raw_dump_target; then

SOURCES/supported-kdump-targets.txt

@@ -35,7 +35,8 @@ updating lists accordingly.
 Supported Dump targets
 ----------------------
 storage:
-        LVM volume (no thinp)
+        LVM volume
+        Thin provisioning volume
         FC disks (qla2xxx, lpfc, bnx2fc, bfa)
         software initiator based iSCSI
         software RAID (mdraid)
@@ -79,7 +80,6 @@ Unsupported Dump targets
 ------------------------
 storage:
         BIOS RAID
-        Thin provisioning volume
         Software iSCSI with iBFT (bnx2i, cxgb3i, cxgb4i)
         Software iSCSI with hybrid (be2iscsi)
         FCoE

SPECS/kexec-tools.spec

@@ -1,6 +1,6 @@
 Name: kexec-tools
 Version: 2.0.26
-Release: 8%{?dist}
+Release: 14%{?dist}.1
 License: GPLv2
 Group: Applications/System
 Summary: The kexec/kdump userspace component
@@ -396,6 +396,28 @@ done
 %endif
 
 %changelog
+* Tue Jun 18 2024 Pingfan Liu <piliu@redhat.com> - 2.0.26-14.1
+- mkdumprd: Fix makedumpfile parameter check
+
+* Wed Feb 21 2024 Pingfan Liu <piliu@redhat.com> - 2.0.26-14
+- dracut-module-setup: Skip initrd-cleanup and initrd-parse-etc in kdump
+
+* Fri Feb  2 2024 Pingfan Liu <piliu@redhat.com> - 2.0.26-13
+- dracut-module-setup.sh: also install the driver of physical NIC for Hyper-V VM with accelerated networking
+
+* Wed Nov 22 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-12
+- kdumpctl: Only returns immediately after an error occurs in check_*_modified
+
+* Thu Nov  9 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-11
+- powerpc: update kdumpctl to load kernel signing key for fadump
+- powerpc: update kdumpctl to remove deletion of kernel signing key once loaded
+
+* Tue Sep 26 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-10
+- Introduce a function to get reserved memory size
+
+* Tue Sep 19 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-9
+- Add lvm thin provision to kdump supported-kdump-targets.txt
+
 * Thu Aug 10 2023 Pingfan Liu <piliu@redhat.com> - 2.0.26-8
 - mkdumprd: Use the correct syntax to redirect the stderr to null
 - mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS