4.79. kexec-tools

BZ#772164

Kdump on Xen HVM guests is now enabled in Red Hat Enterprise Linux 5.7 as a Technology Preview. Performing a local dump to an emulated (IDE) disk using an Intel 64 Hypervisor with an Intel CPU is the only supported implementation. Note that the dump target must be specified in the /etc/kdump.conf file.

Security Fixes

CVE-2011-3588

Kdump used the SSH (Secure Shell) StrictHostKeyChecking=no option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.

CVE-2011-3589

The mkdumprd utility created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target.

CVE-2011-3590

The mkdumprd utility included unneeded sensitive files (such as all files from the /root/.ssh/ directory and the host's private SSH keys) in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions. Note: With this update, only the SSH client configuration, known hosts files, and the SSH key configured via the newly introduced sshkey option in /etc/kdump.conf are included in the initrd. The default is the key generated when running the service kdump propagate command, /root/.ssh/kdump_id_rsa.

Bug Fixes

BZ#678308

On certain hardware, the kexec kernel incorrectly attempted to use a reserved memory range, and failed to boot with an error. This update adapts the underlying source code to determine the size of a backup region dynamically. As a result, kexec no longer attempts to use the reserved memory range, and boots as expected.

BZ#682359

The mkdumprd utility lacked proper support for using VLAN devices over a bond interface. Consequently, the network could not be correctly set up in the kexec kernel and Kdump failed to capture a core dump. This update modifies mkdumprd so it now provides full support for configuring VLAN devices over a bond interface. Kdump now successfully dumps the vmcore file to a remote machine in such a scenario.

BZ#759006

A bug in the mkdumprd caused Kdump to be unable to bring up a network interface card (NIC) if a NIC configuration file, such as /etc/sysconfig/network-scripts/ifcfg-eth0, did not contain a default gateway. When sending the vmcore file over a network using the SSH or NFS protocol, any attempt to bring the NIC up failed with the following error:

ifup: option with empty value "gateway"

Copy to Clipboard Toggle word wrap

Consequently, the connection to the remote machine could not be established and Kdump failed to dump the vmcore file. With this update, mkdumprd performs a check whether the default gateway is specified and thus avoids adding an empty gateway into the /etc/kdump.conf file. The vmcore file is now successfully dumped to a remote machine.

BZ#760844

A bug in mkdumprd caused Kdump to be unable to bring up a bridge device when its slave device was renamed in the kexec kernel. When sending the vmcore file over a bridged network, any attempt to bring the bridge device up failed with a similar error:

ifup: Ignoring unknown interface eth2

Copy to Clipboard Toggle word wrap

Consequently, the connection to the remote machine could not be established and Kdump failed to dump the vmcore file. This update modifies mkdumprd to search for the correct slave device names in NIC configuration files instead of using the old names. Kdump over a bridged network now works as expected.

BZ#761048

Certain storage devices, such as HP Smart Array 5i controllers using the CCISS driver, are known to be non-resettable in the kexec kernel. Therefore, when such a device was selected as a dump target, any attempt to dump a core file on it caused the kexec kernel to become unresponsive. This update modifies mkdumprd to check whether the target device is resettable. If the target device is non-resettable, then Kdump will not start and the kexec kernel no longer hangs under these circumstances.

BZ#761336

The mkdumprd utility was unable to handle errors returned by the makedumpfile command if the command was piped with other commands. Therefore, when sending a core dump file over a network using the SSH protocol and makedumpfile failed, the system rebooted immediately instead of dropping to the shell. This update allows mkdumprd to catch return codes of piped commands so that Kdump now fails right after a makedumpfile failure and the system drops correctly to the shell.

BZ#765702

The mkdumprd utility did not properly handle renaming of NIC devices in the kexec kernel. Therefore, when sending a core dump using a VLAN device over a bond interface, Kdump displayed various error messages related to VLAN device names. This update modifies mkdumprd so it now works with VLAN device names correctly.

BZ#781907

The mkdumprd utility did not handle NFS unmount failures correctly. Therefore, when dumping a core over the NFS protocol and a test attempt to unmount an NFS export failed, mkdumprd removed all files from this NFS export. This update corrects mkdumprd so that it only removes empty NFS exports and no data loss occurs under these circumstances.

Enhancements

BZ#668706

The mkdumprd utility lacked support for the XFS file system, and therefore Kdump failed to capture the vmcore dump file on XFS file systems. This update backports support for the XFS file system from Red Hat Enterprise Linux 6 so Kdump now creates core dumps on XFS file systems as expected.

BZ#690678

This update adds a new option for the mkdumprd utility, blacklist. This option allows mkdumprd to prevent specified kernel modules from being loaded into the kexec kernel.

BZ#715531

With this update, the mkdumprd utility supports static route configuration so that Kdump is now able to dump the vmcore file to a remote machine over a network with static routing.

BZ#719384

The mkdumprd utility has been modified to recognize and support iSCSI devices so that iSCSI devices can now be specified as a dump target.

BZ#743217

Kdump on Xen HVM guests is now enabled in Red Hat Enterprise Linux 5.8 as a Technology Preview. Performing a local dump to an emulated (IDE) disk using an Intel 64 Hypervisor with an Intel CPU is the only supported implementation. Note that the dump target must be specified in the /etc/kdump.conf file.