Add persisent device if FIPS is enabled #121
Conversation
Summary of ChangesHello @hvj7, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request resolves a critical issue in Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request modifies the mkdumprd script to add a disk to kdump initramfs by UUID instead of disk name when FIPS is enabled. This change addresses an issue where the disk name might change between the live system and kdump initramfs, causing kdump to fail. The script now retrieves the UUID of the /boot partition and uses it to add the disk to dracut arguments.
|
@gemini-code-assist The failed format check test doesn't seem to be related to the change being submitted. Can someone please look into it? |
|
Hello @hvj7, I understand your concern regarding the failed format check test. As an AI, I don't have the ability to investigate or resolve CI/CD pipeline issues directly. My function is to provide code reviews and summaries of pull requests. It's possible that the test failure is indeed unrelated to your changes, or it might be a transient issue with the CI system. You might want to reach out to a repository maintainer or check the CI/CD configuration files (e.g., |
@hvj7 Yes, the failed format check has nothing to do with your code. Sorry for the confusion! Btw I've proposed a fix in PR #111 |
|
Hi @hvj7, Thanks for creating this PR! If I understand the dracut commit c79fc8f correctly, it will make systemd wait infinitely for a device not specified by persistent names e.g. /dev/sda1. So I don't think it will cause a kdump failure. On the contrary, this dracut commit can address the failure when a block device needs more than 1min 30s to be activated. If I miss anything, please let me know. Thanks! |
|
@coiby the problem is that mkdumprd can add device as /dev/sda2 for example, but when crash is triggered and crash/kdump boot is started that exact device could already be /dev/sdb2, so there would be a loop waiting for non-existing device and timeout. I do not think kdump initramfs drops to rescue shell, i don't this so, but it fails to start correctly exactly because in that dracut commit now "indefinite" wait is enforce. |
Thanks for the explanation! I had a deeper look at the dracut commit c79fc8f and did a few experiments. Combined with what you described, here's my understanding about the problem,
Since the dracut commit c79fc8f allows users to use Btw, I'm yet to be familiar with udev to make the block device for /boot partition appear as a different name to reproduce the issue. I simply specify a non-existent block device by adding Btw, the dracut commit message of c79fc8f is a bit misleading. And systemctl will even print JobRunningTimeoutUSec for non-existent-device, |
Currently, dracut will wait finitely for a block device e.g. /dev/sda2 when users use "dracut --add-device /dev/sda2". However, /dev/sda2 is not a persistant name and it can show as a different name and kdump can fail [1] as dracut will wait forever for /dev/sda2. To avoid this problem, only wait infinitely for a block device with persistent name. [1] rhkdump/kdump-utils#121 Reported-by: Alex Burmashev <alexander.burmashev@oracle.com> Reported-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com> Fixes: c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") Signed-off-by: Coiby Xu <coxu@redhat.com>
Currently, dracut will wait finitely for a block device e.g. /dev/sda2 when users use "dracut --add-device /dev/sda2". However, /dev/sda2 is not a persistant name and it can show as a different name and kdump can fail [1] as dracut will wait forever for /dev/sda2. To avoid this problem, only wait infinitely for a block device with persistent name. [1] rhkdump/kdump-utils#121 Reported-by: Alex Burmashev <alexander.burmashev@oracle.com> Reported-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com> Fixes: c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") Signed-off-by: Coiby Xu <coxu@redhat.com>
|
Hi @hvj7 and @aburmash I've proposed a fix in dracut. So unless dracut developers reject it, I think it's better to fix in dracut. |
Currently, dracut will wait finitely for a block device e.g. /dev/sda2 when users use "dracut --add-device /dev/sda2". However, /dev/sda2 is not a persistant name and it can show as a different name and kdump can fail [1] as dracut will wait forever for /dev/sda2. Commit c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") already sets infinite timeout for the underlying persistent device. There is no need to also set infinite timeout for non-persistent device name. Removing the redundant wait can automatically resolve the case where a device name changes. [1] rhkdump/kdump-utils#121 Reported-by: Alex Burmashev <alexander.burmashev@oracle.com> Reported-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com> Fixes: c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") Signed-off-by: Coiby Xu <coxu@redhat.com>
Currently, dracut will wait finitely for a block device e.g. /dev/sda2 when users use "dracut --add-device /dev/sda2". However, /dev/sda2 is not a persistant name and it can show as a different name and kdump can fail [1] as dracut will wait forever for /dev/sda2. Commit c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") already sets infinite timeout for the underlying persistent device. There is no need to also set infinite timeout for non-persistent device name. Removing the redundant wait can automatically resolve the case where a device name changes. [1] rhkdump/kdump-utils#121 Reported-by: Alex Burmashev <alexander.burmashev@oracle.com> Reported-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com> Fixes: c79fc8f ("fix(dracut): rework timeout for devices added via --mount and --add-device") Signed-off-by: Coiby Xu <coxu@redhat.com>
|
Finally I understand what problem the dracut commit c79fc8f tries to resolve. Before that commit, with Meanwhile, I think there is a necessity to make a change in kdump-utils/mkdrump. Can you update the PR to re-use |
hvj7
force-pushed
the
uuidfixfips
branch
4 times, most recently
from
404b6f5 to
021e17a
Compare
|
Hi @coiby, |
Thanks for updating the PR! Yes, the change LGTM. We can assume mkdumprd can always source dracut-functions.sh successfully. Btw, the commit message needs some rephrasing accordingly. /packit build |
hvj7
force-pushed
the
uuidfixfips
branch
2 times, most recently
from
ed952ac to
404f95a
Compare
|
Please let me know if this commit message is fine @coiby |
Thanks for updating the commit message! Once the subject line gets updated as well, we are good to go:) /packit build |
Ah snap forgot about the subject line. Let me know if it's okay now. |
Thanks! I notice the static-analysis test fails because a |
|
Hi @coiby are there any further steps required by me or this will automatically be merged eventually? |
hvj7
changed the title
Hi @hvj7 the error about removing /packit build |
mkdumprd has a code to add a disk to kdump initramfs, in case FIPS is enabled and /boot is on a separate partition. This code used to work, since dracut was not force checking that added disk is in fact available. Since dracut commit c79fc8f dracut in fact checks for added device, and since disk name could have been changed between live system and kdump initramfs, kdump can fail. To resolve this problem we re-use get_persistent_dev from dracut-functions.sh which will be sourced by mkdrumpd to get persistent device name. Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com> Signed-off-by: Harshvardhan Jha <harshvardhan.j.jha@oracle.com>
|
Some tests are still failing unfortunately |
Don't worry. The other test failures have nothing to do with this PR and will be fixed later. The patch LGTM now! I'll merge the PR. Thanks for your contribution! |
3 participants
mkdumprd has a code to add a disk to kdump initramfs, in case FIPS is enabled and /boot is on a separate partition. This code used to work, since dracut was not force checking that added disk is in fact available. Since dracut commit c79fc8f dracut in fact checks for added device, and since disk name could have been changed between live system and kdump initramfs, kdump can fail. To resolve this problem add disk by UUID, not by disk name.