Bug 1773347

Summary: [RHEL 7] Re-generate initramfs not only for the currently running kernel
Product: Red Hat Enterprise Linux 7 Reporter: Eugene Syromiatnikov <esyr>
Component: microcode_ctlAssignee: Eugene Syromiatnikov <esyr>
Status: CLOSED ERRATA QA Contact: Jeff Bastian <jbastian>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.8CC: efuller, jbastian, skozina
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: microcode_ctl-2.1-64.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1773338 Environment:
Last Closed: 2020-09-29 20:12:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1773338    
Bug Blocks: 1788592    

Description Eugene Syromiatnikov 2019-11-17 19:26:45 UTC 
+++ This bug was initially created as a clone of Bug #1773338 +++

Description of problem:

As of now dracut initramfs re-generation is called only for the currently running kernel (as a result of bug 1420180 resolution), which leads to stale microcode present in all other initramfs images, most notably, in initramfs images of kernels that were installed (just) before the new microcode_ctl package version. It won't be a problem if one can rely on late microcode update mechanism, but that is not the case (see bug 1710445 and especially comments 10, 12, and 13), so a solution for that is needed.

--- Additional comment from Eugene Syromiatnikov on 2019-11-17 19:07:28 UTC ---

The proposed solution is to re-generate initramfs for three[1] most recently installed[2] kernels that were installed after[3] the currently running kernel.

[1] This is the default "installonly_limit" value in /etc/yum.conf; there were reports of negative user experience (unacceptably long post-install hook execution times) on systems with unusually many kernels installed.
[2] In order to address situations like https://access.redhat.com/support/cases/#/case/01779274 where initramfs is re-generated for the kernels that are not installed (only modules directory is present), resulting in filled up /boot (it should have been addressed on dracut's side, but, well).
[3] In order to address situations like https://access.redhat.com/support/cases/#/case/01814106 where older kernels are rightfully treated as a fallback that can be used in cases where dracut generates botched initramfs images.
Comment 13 errata-xmlrpc 2020-09-29 20:12:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (microcode_ctl bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3968