Hide Forgot
Created attachment 757183 [details] A patch to /sbin/mkdumprd Description of problem: "/sbin/mkdumprd" is not handling "blacklist <directory>" statement in "/etc/kdump.conf" properly when building "/boot/initrd-$(kernelversion)kdump.img". The list of the kernel modules under <directory> specified in "/etc/kdump.conf" gets into "<initrd>:/etc/blacklist-kdump.conf" but the modules are still loaded by insmod in "<initrd>:/init". Version-Release number of selected component (if applicable): Latest kexec-tools-2.0.0-258.el6 and earlier. Blacklisting modules functionality was added in Bug 596439 but blacklisting directory is not working as intended How reproducible: Any time, configure blacklisting of a directory and rebuild crashdump initrd. Steps to Reproduce: 1. Add "blacklist jbd2 kernel/net/ipv6" in "/etc/kdump.conf" 2. Rebuild crashdump initrd by "service kdump restart" Actual results: Check that "<initrd>:/etc/blacklist-kdump.conf" is fine, but "<initrd>:/init" still does insmod on the modules filtered out by directory (still file with filter-by-module-name): <no jbd2.ko, as intended, but...> echo "Loading ip6_tables.ko module" insmod /lib/modules/2.6.32-358.el6.x86_64/ip6_tables.ko echo "Loading ipv6.ko module" insmod /lib/modules/2.6.32-358.el6.x86_64/ipv6.ko Expected results: No modules filtered out by "blacklist <directory>" statement are insmod-ed in "<initrd>:/init". Additional info: I am proposing a simple patch to "/sbin/mkdumprd" script which just adds filtering-by-blacklist-directory to the code which builds "<initrd>:/init" file.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
(In reply to Vladis Dronov from comment #0) > Created attachment 757183 [details] > A patch to /sbin/mkdumprd > > Description of problem: > "/sbin/mkdumprd" is not handling "blacklist <directory>" statement in > "/etc/kdump.conf" properly when building > "/boot/initrd-$(kernelversion)kdump.img". > The list of the kernel modules under <directory> specified in > "/etc/kdump.conf" gets into "<initrd>:/etc/blacklist-kdump.conf" but the > modules are still loaded by insmod in "<initrd>:/init". > > > Version-Release number of selected component (if applicable): > Latest kexec-tools-2.0.0-258.el6 and earlier. Blacklisting modules > functionality was added in Bug 596439 but blacklisting directory is not > working as intended > > > How reproducible: > Any time, configure blacklisting of a directory and rebuild crashdump initrd. > > > Steps to Reproduce: > 1. Add "blacklist jbd2 kernel/net/ipv6" in "/etc/kdump.conf" > 2. Rebuild crashdump initrd by "service kdump restart" > > > Actual results: > Check that "<initrd>:/etc/blacklist-kdump.conf" is fine, but > "<initrd>:/init" still does insmod on the modules filtered out by directory > (still file with filter-by-module-name): > > <no jbd2.ko, as intended, but...> > echo "Loading ip6_tables.ko module" > insmod /lib/modules/2.6.32-358.el6.x86_64/ip6_tables.ko > echo "Loading ipv6.ko module" > insmod /lib/modules/2.6.32-358.el6.x86_64/ipv6.ko > > > Expected results: > No modules filtered out by "blacklist <directory>" statement are insmod-ed > in "<initrd>:/init". > > Additional info: > I am proposing a simple patch to "/sbin/mkdumprd" script which just adds > filtering-by-blacklist-directory to the code which builds "<initrd>:/init" > file. The blacklist only supports particular module in modprobe.conf manpage. And It only supports module in RHEL7 too. So keep same behavior with RHEL7, we can modify the kdump manpage about blacklist to claim it only supports module. And the rhel6 kdump code shows it only support module too.
Hello, Excuse me for not agreeing here. > The blacklist only supports particular module in modprobe.conf manpage. I'm not sure how 'blacklist' option in 'modprobe.conf' is related to 'blacklist' option in 'kdump.conf'. These are different entities, though have the same name. > And It only supports module in RHEL7 too. I'm not sure why RHEL6 should follow RHEL7 here, as 'kexec-tools' and dependant code (dracut) were rebased and reworked significantly in RHEL7. > we can modify the kdump manpage about blacklist to claim it only supports module. [man kdump.conf] says: blacklist <module|directory> A specific module or a directory can be specified. In the latter case, all modules found below the specified directory will be excluded. Well, yes, surely we can change the manpage to match the non-functional code behaviour instead of fixing the non-functional code, but I still would prefer fixing the code. > And the rhel6 kdump code shows it only support module too. I believe, RHEL6 kdump code shows there was an attempt to implement blacklisting by directory, but the piece of code implementing this was not complete. That's why exactly this BZ was raised and the patch proposed to fix this and to make the code to work correctly.
(In reply to Vladis Dronov from comment #4) > Hello, > Excuse me for not agreeing here. > > > The blacklist only supports particular module in modprobe.conf manpage. > I'm not sure how 'blacklist' option in 'modprobe.conf' is related to > 'blacklist' option in 'kdump.conf'. These are different entities, though > have the same name. RHEL7 installs the module by using command modprobe. In order to make the kexec-tools clear within the different RHLE versions, we need to make some behavior between them. Due to compliance behavior of RHEL7, we should not support the specified blocklist directory. > > > And It only supports module in RHEL7 too. > I'm not sure why RHEL6 should follow RHEL7 here, as 'kexec-tools' and > dependant code (dracut) were rebased and reworked significantly in RHEL7. > > > we can modify the kdump manpage about blacklist to claim it only supports module. > [man kdump.conf] says: > blacklist <module|directory> > A specific module or a directory can be specified. > In the latter case, all modules found below the > specified directory will be excluded. > Well, yes, surely we can change the manpage to match the non-functional code > behaviour instead of fixing the non-functional code, but I still would > prefer fixing the code. > > > And the rhel6 kdump code shows it only support module too. > I believe, RHEL6 kdump code shows there was an attempt to implement > blacklisting by directory, but the piece of code implementing this was not > complete. That's why exactly this BZ was raised and the patch proposed to > fix this and to make the code to work correctly. Maybe the kdump want to implement the specified blocklist blacklist at the first time. But the kdump code confuses to install the module in the initramfs, and there are lots of dead code need to be removed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1271.html