Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let crashkernel load modules #3896

Merged
merged 2 commits into from
May 5, 2024
Merged

Let crashkernel load modules #3896

merged 2 commits into from
May 5, 2024

Conversation

rouming
Copy link
Contributor

@rouming rouming commented Apr 30, 2024
edited
Loading

This PR fixes the inability to collect kernel dumps for the /persist formatted as ZFS and consists of 2 commits:

  1. rootfs: move modprobe to the 000-mod-params initd script
    Let's have modules load in a proper place: /etc/init.d/000-mod-params
    scripts, which is responsible for loading modules and providing
    parameters.

    The other motivation is to have fine control over modules and for
    example do not load modules (except ZFS) for the crashkernel.

  2. 000-kexec: remove 'nomodule' parameter, allows crashkernel to load modules
    Patch removes 'nomodule' kernel parameter, which lets crashskernel
    to load modules. This is utterly needed for interacting with the /persist
    formatted as ZFS. ZFS is built separately out-of-tree as a module, so
    has to be loaded explicitly by the crashkernel.

    The majority of other modules are excluded from loading for the
    crashkernel, see the 000-mod-params script.

@rouming
rootfs: move modprobe to the 000-mod-params initd script
1065fc0 
Let's have modules load in a proper place: /etc/init.d/000-mod-params
scripts, which is responsible for loading modules and providing
parameters.

The other motivation is to have fine control over modules and for
example do not load modules (except ZFS) for the crashkernel.

Signed-off-by: Roman Penyaev <r.peniaev@gmail.com>
@rouming
000-kexec: remove 'nomodule' parameter, allows crashkernel to load mo…
36f0e90 
…dules

Patch removes 'nomodule' kernel parameter, which lets crashskernel
to load modules. This is utterly needed for interacting with the /persist
formatted as ZFS. ZFS is built separately out-of-tree as a module, so
has to be loaded explicitly by the crashkernel.

The majority of other modules are excluded from loading for the
crashkernel, see the 000-mod-params script.

Signed-off-by: Roman Penyaev <r.peniaev@gmail.com>
@rouming rouming force-pushed the let-crashkernel-load-modules branch from 8b7ee6f to 36f0e90 Compare April 30, 2024 07:19
@shjala
Copy link
Member

shjala commented May 2, 2024

This should be fine, enforced module signing should still apply to the crash kernel so nothing should be gain from for example somehow crashing the kernel for the intent of loading extra vulnerable modules to exploit and leak secrest (e.g. fscrypt key).

@shjala
Copy link
Member

shjala commented May 2, 2024
edited
Loading

[Just to keep a record]
Had a discussion with @rouming , there is possibility of this causing problem due to HW re-initialization or bloating memory. If this really cause problems, a run-time constructed blacklist can be passed to kexec, or have a whitelist. Second options is not available but there is a Fedora patch to have a whitelist for allowed-to-load kernel modules:
https://bugzilla.redhat.com/show_bug.cgi?id=560084

@rouming
Copy link
Contributor Author

rouming commented May 3, 2024

@rene regarding our offline discussion about the proper support of /etc/modules-load.d/, I heard you, and what you are suggesting is a good thing. But let's postpone your proposed changes for a while. This PR mainly tries to make crashkernel work on ZFS /persist, so intention is to fix this part.

@rene
Copy link
Contributor

rene commented May 3, 2024

@rene regarding our offline discussion about the proper support of /etc/modules-load.d/, I heard you, and what you are suggesting is a good thing. But let's postpone your proposed changes for a while. This PR mainly tries to make crashkernel work on ZFS /persist, so intention is to fix this part.

ok @rouming , understood, let's keep as it is as a workaround for now...

eriknordmark
eriknordmark approved these changes May 5, 2024
View reviewed changes
Copy link
Contributor

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eriknordmark eriknordmark merged commit a2e9de6 into lf-edge:master May 5, 2024
46 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriknordmark eriknordmark eriknordmark approved these changes

@zedi-pramodh zedi-pramodh Awaiting requested review from zedi-pramodh zedi-pramodh is a code owner

@christoph-zededa christoph-zededa Awaiting requested review from christoph-zededa

@jsfakian jsfakian Awaiting requested review from jsfakian

@shjala shjala Awaiting requested review from shjala

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rouming @shjala @rene @eriknordmark