Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

link-remap: Add --keep-link-remaps option #2028

Open
wants to merge 122 commits into
base: criu-dev
Choose a base branch
from

Commits on May 13, 2022

  1. Add flog to CRIU

    Change made through this commit:
    - Include copy of flog as a seperate tree.
    - Modify the makefile to add and compile flog code.
    
    Signed-off-by: prakritigoyal19 <[email protected]>
    prakritigoyal19 authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    6f8d543 View commit details
    Browse the repository at this point in the history
  2. flog: Missing varargs init or cleanup (VARARGS)

    CID 302713 (checkpoint-restore#1 of 1): Missing varargs init or cleanup (VARARGS)
     va_end was not called for argptr.
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    bf7b517 View commit details
    Browse the repository at this point in the history
  3. Run 'make indent' on 'flog/'

    Separate commit for easier criu-dev <-> master transfer.
    
    Acked-by: Mike Rapoport <[email protected]>
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    09348a2 View commit details
    Browse the repository at this point in the history
  4. flog: typo: mmaped -> mmapped

    It is mapped, not maped. Same applies for mmap I guess.
    
    Found by codespell, except it wants to change it to mapped,
    which will make it less specific.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    d355c36 View commit details
    Browse the repository at this point in the history
  5. flog: fix some codespell warnings

    Brought to you by
    
        codespell -w
    
    (using codespell v2.1.0).
    
    [v2: use "make indent" on the result]
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    6eafe4e View commit details
    Browse the repository at this point in the history
  6. cr-dump: do not report success to logs if post-dump script failed

    It can be confusing to see error from post-dump action script and non
    zero return from criu though at the same time see "Dumping finished
    successfully" in log. I believe it is logical to consider post-dump
    action script as a part of "dump" process so fail in it means that the
    whole dump failed.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    4795374 View commit details
    Browse the repository at this point in the history
  7. ci: Fix unsafe repository error

    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    03539d4 View commit details
    Browse the repository at this point in the history
  8. mem: Skip pre-dumping on hugetlb mappings

    As private hugetlb mappings are not pre-mapped, the content of them is restored
    in the the restorer which cannot use page_read->read_pages. As a result, we
    cannot recursively read the content of pre-dumped image in the parent directory
    and use preadv to read the content from the last dumped image only. Therefore,
    it may freeze while restoring when the content of mapping is in pre-dumped image
    in parent directory.
    
    We need to skip pre-dumping on hugetlb mappings to resolve the issue.
    
    Suggested-by: Alexander Mikhalitsyn <[email protected]>
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    df67400 View commit details
    Browse the repository at this point in the history
  9. Revert "ci: skip new hugetlb maps09/maps10 tests for pre-dump"

    This reverts commit 37ea8c5.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    2de7eea View commit details
    Browse the repository at this point in the history
  10. zdtm: skip zdtm/static/shm-hugetlb when hugetlb is not supported

    Reported-by: Mr. Jenkins (ppc64le)
    Signed-off-by: Alexander Mikhalitsyn <[email protected]>
    mihalicyn authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    a1fb2ec View commit details
    Browse the repository at this point in the history
  11. crit: Use same version as criu

    Name collision with an abandoned project named 'crit' in pypi causes pip
    to show crit (CRiu Image Tool) as outdated.  This patch updates crit to
    use the same version and license as criu.
    
    Fixes checkpoint-restore#1878
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    3c8aa30 View commit details
    Browse the repository at this point in the history
  12. page-pipe: fix limiting a pipe size

    But actually, 5a92f10 probably has to be reverted as a whole.
    PIPE_MAX_SIZE is the hard limit to avoid PAGE_ALLOC_COSTLY_ORDER
    allocations in the kernel. But F_SETPIPE_SZ rounds up a requested pipe
    size to a power-of-2 pages. It means that when we request PIPE_MAX_SIZE
    that isn't a power-of-2 number, we actually request a pipe size greater
    than PIPE_MAX_SIZE.
    
    Fixes: 5a92f10 ("page-pipe: Resize up to PIPE_MAX_SIZE")
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    be6d7ca View commit details
    Browse the repository at this point in the history
  13. page-xfer: use negative values for error codes

    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    d84e2e4 View commit details
    Browse the repository at this point in the history
  14. page-xfer: adjust a buffer to a pipe size

    Due to side effects of F_SETPIPE_SZ, the actual pipe size can be greater
    than PIPE_MAX_SIZE.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    6d879d5 View commit details
    Browse the repository at this point in the history
  15. pre-dump: call vmsplice with SPLICE_F_GIFT

    In this case, vmplice attaches pages without coping them.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    a6aae07 View commit details
    Browse the repository at this point in the history
  16. page-xfer: refactoring analyze_iov and fill_userbuf

    * handle unexpected errors of process_vm_readv
    * adjust riovs in analyze_iov
    * call handle_faulty_iov only if process_vm_readv returns EFAULT.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    574f396 View commit details
    Browse the repository at this point in the history
  17. ci: test the read mode of pre-dump

    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed May 13, 2022
    Configuration menu
    Copy the full SHA
    45641ab View commit details
    Browse the repository at this point in the history

Commits on May 16, 2022

  1. amdgpu/Makefile: Fix include path

    When building packages for CRIU the source directory might have a
    name different than 'criu'.
    
    Fixes: checkpoint-restore#1877
    
    Reported-by: @siris
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed May 16, 2022
    1 Configuration menu
    Copy the full SHA
    cd0ed7e View commit details
    Browse the repository at this point in the history

Commits on May 17, 2022

  1. amdgpu: Set PLUGINDIR to /usr/lib/criu

    Building the criu packages for Ubuntu/Debian fails with:
    
    	mkdir: cannot create directory '/var/lib/criu': Permission denied
    
    This patch updates PLUGINDIR with the value /usr/lib/criu
    
    Fixes: checkpoint-restore#1877
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed May 17, 2022
    Configuration menu
    Copy the full SHA
    2b3763f View commit details
    Browse the repository at this point in the history

Commits on Jun 8, 2022

  1. github: use git-clang-format instead of make indent

    This allows us to only detect bad formating in PR changes but not all
    the CRIU codebase.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch committed Jun 8, 2022
    Configuration menu
    Copy the full SHA
    98eda32 View commit details
    Browse the repository at this point in the history

Commits on Jun 13, 2022

  1. Fix the check for mnt namespace in criu-ns

    criu-ns script incorrectly compares the pidns fd with mntns fd.
    Also reversed the condition in is_my_namespace function to align it
    with the function name.
    
    Signed-off-by: Ashutosh Mehra <[email protected]>
    ashu-mehra authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    0db600d View commit details
    Browse the repository at this point in the history
  2. sk-unix: make add_fake_unix_queuers earier and rework find_queuer_for

    Before this patch, if we had a unixsk with incomming scm packets (with
    fds) and with the sender side fd closed, we got an error:
    
    Error (criu/sk-unix.c:1125): unix: Can't find sender for 0x1e
    
    First part of the problem is that unix_note_scm_rights() expects to see
    a "queuer" which would send scm packets to the unixsk, and there is no
    as the sender side is closed.
    
    Second part of the problem is that we already have "fake" queuers
    feature so that it already creates a unix socket pair and leaves other
    end open for later queuing packets. But function add_fake_unix_queuers()
    is called after unix_note_scm_rights() thus there is no chance to find
    queuer at the point of failure.
    
    Third part is that when we look for a queuer in find_queuer_for() we
    actually look for a socket for which we are a queuer and not for the
    socket which is a queuer for us, which is opposite to the name. For
    cases where both ends are alive both are queuers for each other so this
    was not important, but for our closed sender case it breaks.
    
    So let's reorder add_fake_unix_queuers() before unix_note_scm_rights()
    and make find_queuer_for() actually do what it's name implies.
    
    This situation is started to reproduce on Virtuozzo start/stop tests
    with the unixsk belonging to systemd, we suppose that this state where
    the sender fd side is closed happens rarely only on systemd start/stop,
    so we don't see it in regular suspend resume of long-living containers.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    baa4516 View commit details
    Browse the repository at this point in the history
  3. zdtm/scm: add scm09 test with closed sender fd

    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    8a147da View commit details
    Browse the repository at this point in the history
  4. mount-v2: split out restore_one_sharing helper

    This helper restores master_id and shared_id of first mount in the
    sharing group. It first copies sharing from either external source or
    internal parent sharing group and makes master_id from shared_id. Next
    it creates new shared_id when needed.
    
    All other mounts except first are just copied from the first one.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    ac27245 View commit details
    Browse the repository at this point in the history
  5. mount-v2: workaround for multiple external bindmounts with no common …

    …root
    
    It's a problem when while restoring sharing group we need to copy
    sharing between two mounts with non-intersecting roots, because kernel
    does not allow it.
    
    We have a case opencontainers/runc#3442, where
    runc adds different devtmpfs file-bindmounts to container and there is
    no fsroot mount in container for this devtmpfs, thus mount-v2 faces the
    above problem.
    
    Luckily for the case of external mounts which are in one sharing group
    and which have non-intersecting roots, these mounts likely only have
    external master with no sharing, so we can just copy sharing from
    external source and make it slave as a workaround.
    
    checkpoint-restore#1886
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    7e37618 View commit details
    Browse the repository at this point in the history
  6. zdtm: test multiple ext bindmounts with no common root and same master

    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    58a2d98 View commit details
    Browse the repository at this point in the history
  7. amdgpu: Add gitignore

    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Jun 13, 2022
    Configuration menu
    Copy the full SHA
    edb3b8f View commit details
    Browse the repository at this point in the history

Commits on Jun 14, 2022

  1. hugetlb: don't dump anonymous private hugetlb mapping using memfd app…

    …roach
    
    Currently, the content of anonymous private hugetlb mapping is dumped in 2
    different images: memfd approach and normal private mapping dumping. In memfd
    approach, we dump the content of the backing pseudo file (/anon_hugepage). This
    is incorrect and redundant since the mapping is private, the content of backing
    file may differ from the content of the mapping. With this commit, we remove the
    redundant memfd approach dump and only do the normal private mapping dump on
    anonymous hugetlb mapping.
    
    Run zdtm.py run -f h --keep-img always -t zdtm/static/maps09, du -h in the
    dumped image directory
    
    Before this commit
    	13M     test/dump/zdtm/static/maps09/55/1
    After this commit
    	8.5M    test/dump/zdtm/static/maps09/55/1
    
    The reduction in size is approximately 4MB which is the size of anonymous
    private hugetlb mapping in the test.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Jun 14, 2022
    Configuration menu
    Copy the full SHA
    fa6efbf View commit details
    Browse the repository at this point in the history

Commits on Jun 20, 2022

  1. util/mount-v2: fix resolve_mountpoint() to always return freeable poi…

    …nter
    
    Else we have a Segmentation fault in __move_mount_set_group() on
    xfree(source_mp) if resolve_mountpoint() returned statically allocated
    path.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 20, 2022
    Configuration menu
    Copy the full SHA
    dc160c0 View commit details
    Browse the repository at this point in the history
  2. zdtm: add mnt_root_ext test

    This test has one external mount [criumntns] /zdtm_root_ext.tmp ->
    [testmntns] /mnt_root_ext.test, and it specifically gives '--external
    mnt[MNT]:.zdtm_root_ext.tmp' option on restore without '/' to make
    dirname on it return static '.' path (see glibc dirname() code) and
    reproduce a segfault in resolve_mountpoint().
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 20, 2022
    Configuration menu
    Copy the full SHA
    f82b71c View commit details
    Browse the repository at this point in the history

Commits on Jun 21, 2022

  1. config: fail on --track-mem option if dirty tracking is not available

    Else we trigger BUG in task_reset_dirty_track():
      Error (criu/mem.c:45): BUG at criu/mem.c:45
    
    The check in kerndat_get_dirty_track() does not work right.
    
    checkpoint-restore#1917
    
    Reported-by: @mrc1119
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Jun 21, 2022
    Configuration menu
    Copy the full SHA
    28581f2 View commit details
    Browse the repository at this point in the history

Commits on Jun 22, 2022

  1. ci: Fix code indent

    This patch contains auto-generated changes from `make indent`
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and adrianreber committed Jun 22, 2022
    Configuration menu
    Copy the full SHA
    029ca22 View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2022

  1. infect: add SIGTSTP support

    Add SIGTSTP signal dump and restore. Add a corresponding field
    in the image, save it only if a task is in the stopped state.
    
    Restore task state by sending desired stop signal if it is present
    in the image. Fallback to SIGSTOP if it's absent.
    
    Signed-off-by: Yuriy Vasiliev <[email protected]>
    uravas authored and avagin committed Jul 2, 2022
    Configuration menu
    Copy the full SHA
    7968e71 View commit details
    Browse the repository at this point in the history
  2. zdtm: add tests for SIGTSTP

    stopped03 check that stopped by SIGTSTP tasks are restored correctly.
    stopped04 check that stopped by SIGSTOP tasks which have blocked SIGTSTP and
    have SIGTSTP pending are restored correctly.
    
    Signed-off-by: Yuriy Vasiliev <[email protected]>
    uravas authored and avagin committed Jul 2, 2022
    Configuration menu
    Copy the full SHA
    c8f9880 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2022

  1. config/files-reg: Add opt to skip file r/w/x check on restore

    A file's r/w/x changing between checkpoint and restore does
    not necessarily imply that something is wrong. For example,
    if a process opens a file having perms rw- for reading and
    we change the perms to r--, the process can be restored and
    will function as expected.
    
    Therefore, this patch adds an option
    
    --skip-file-rwx-check
    
    to disable this check on restore. File validation is unaffected
    and should still function as expected with respect to the content
    of files.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Jul 13, 2022
    Configuration menu
    Copy the full SHA
    290a998 View commit details
    Browse the repository at this point in the history
  2. Add --skip-file-rwx-check opt test

    Add a simple test using tail to check that processes can't be restored
    by default when the r/w/x mode of an open file changes, unless
    --skip-file-rwx-check is used.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Jul 13, 2022
    Configuration menu
    Copy the full SHA
    8f04c13 View commit details
    Browse the repository at this point in the history

Commits on Jul 19, 2022

  1. rseq: fix headers conflict on Mariner GNU/Linux

    1. For some reason, Marier distribution headers
    not correctly define __GLIBC_HAVE_KERNEL_RSEQ
    compile-time constant. It remains undefined,
    but in fact header files provides corresponding
    rseq types declaration which leads to conflict.
    
    2. Another issue, is that they use uint*_t types
    instead of __u* types as in original rseq.h.
    
    This leads to compile time issues like this:
    format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'uint64_t' {aka 'long unsigned int'}
    
    and we can't even replace %llx to %PRIx64 because it will break
    compilation on other distros (like Fedora) with analogical error:
    
    error: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘__u64’ {aka ‘long long unsigned int’}
    
    Let's use our-own struct rseq copy fully equal to the kernel one,
    it's safe because this structure is a part of Linux Kernel ABI.
    
    Fixes checkpoint-restore#1934
    
    Reported-by: Nikola Bojanic
    Signed-off-by: Alexander Mikhalitsyn <[email protected]>
    mihalicyn authored and avagin committed Jul 19, 2022
    Configuration menu
    Copy the full SHA
    1e6e826 View commit details
    Browse the repository at this point in the history
  2. x86/compel/fault-inject: fixup mxcsr for PTRACE_SETFPREGS

    Error from:
    ./test/zdtm.py run -t zdtm/static/fpu00 --fault 134 -f h --norst
    
    (00.003111) Dumping GP/FPU registers for 56
    (00.003121) Error (compel/arch/x86/src/lib/infect.c:310): Corrupting fpuregs for 56, seed 1651766595
    (00.003125) Error (compel/arch/x86/src/lib/infect.c:314): Can't set FPU registers for 56: Invalid argument
    (00.003129) Error (compel/src/lib/infect.c:688): Can't obtain regs for thread 56
    (00.003174) Error (criu/cr-dump.c:1564): Can't infect (pid: 56) with parasite
    
    See also:
    145e9e0d8c6 ("x86/fpu: Fail ptrace() requests that try to set invalid MXCSR values")
    torvalds/linux@145e9e0
    
    We decided to move from mxcsr cleaning up scheme and use mxcsr mask
    (0x0000ffbf) as kernel does. Thanks to Dmitry Safonov for pointing out.
    
    Tested-on: Intel(R) Xeon(R) CPU E3-1246 v3 @ 3.50GHz
    
    Reported-by: Mr. Jenkins
    Suggested-by: Dmitry Safonov <[email protected]>
    Signed-off-by: Alexander Mikhalitsyn <[email protected]>
    mihalicyn authored and avagin committed Jul 19, 2022
    Configuration menu
    Copy the full SHA
    90c0f08 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2022

  1. zdtm: Remove permission part check for skipping vsyscall vma

    Normally, vsyscall vma has VM_READ, VM_EXEC permission. However, when
    CONFIG_LEGACY_VSYSCALL_XONLY=y, that vma only has VM_EXEC. This commit removes
    the permission part when checking to skip vsyscall vma in x32 tests.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Jul 23, 2022
    Configuration menu
    Copy the full SHA
    ebe9db9 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2022

  1. vdso-compat: Increase the reserved buffer for compat vdso

    On Arch Linux with 5.18.3-zen1-1-zen kernel, the vdso's size is 3 pages which
    exceeds the current 2-page reserved buffer. This commit simply increases the
    reserved buffer size to 4 pages.
    
    Fixes: checkpoint-restore#1916
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Jul 26, 2022
    Configuration menu
    Copy the full SHA
    e15690b View commit details
    Browse the repository at this point in the history

Commits on Aug 4, 2022

  1. zdtm: make root mount private in criu mntns

    If root mount in criu mntns is slave, it would be slave of host mount
    where criu is stored, so if someone mounts something in subdir of
    {criu-dir}/test/ on host while tests are running this mount can
    influence the test as it appears on top of root mount in criu mntns.
    
    1) With mount-compat this mount can get into restored test mntns, which
    means wrong restore, as this mount was not there on dump.
    2) With mount-v2 this mount would just fail container restore, as root
    container mount is mounted non-recursively to protect from unexpected
    mounts appear after restore.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Aug 4, 2022
    Configuration menu
    Copy the full SHA
    973b4b6 View commit details
    Browse the repository at this point in the history
  2. zdtm/mnt_root_ext: don't allow propagation from test mntns to criu mntns

    This test specifically wants to create external bind-mount of "/" from
    criu mntns to test mntns, and it wants "/" in criu mntns to be a shared
    mount so that "external" mount in the test mntns is it's slave. This is
    to triger specific dirname() resolution which happens only when sharing
    restore is involved for external mounts, and only if rootfs is involved.
    
    But initially I missed that when we create external mount in test's
    temporary mntns it creates a propagation in criu mntns on top of root
    mount. This mount may influence other tests restore as child mount in
    root mount converts to locked child mount in criu service mntns (for uns
    flavour) and when criu would restore root container mount it would fail
    with EINVAL on non recursive bind with locked children.
    
    To fix this mess we just need to prohibit propagating from tests
    temporary mntns to criu mntns by making mounts slave.
    
    Fixes: checkpoint-restore#1941
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Aug 4, 2022
    Configuration menu
    Copy the full SHA
    0576f68 View commit details
    Browse the repository at this point in the history
  3. files-reg.c: modify the check of ghost_limit to support large sparse …

    …files
    
    files-reg.c checks whether the file size is larger than ghost_limit with st_size
    (in dump_ghost_remap), which can not deal with large ghost sparse file, since
    its actual file size is not the same as what st_size shows.
    
    Therefore, in this commit, I replace st_size with st_blocks, which shows the
    actual file size. (1 block = 512B), thus criu can deal with large ghost sparse
    file.
    
    Signed-off-by: Liang-Chun Chen <[email protected]>
    featherchen authored and avagin committed Aug 4, 2022
    Configuration menu
    Copy the full SHA
    2549276 View commit details
    Browse the repository at this point in the history
  4. unlink_largefile.desc: remove crfail, since criu now can support

    unlink_largefile test
    
    In the past, the unlink_largefile test should be fail on large ghost file.
    However, it used sparse file, it will pass in current criu, since the large
    ghost sparse file issue was fixed.
    
    So the crfail flag of this test should be removed.
    
    Signed-off-by: Liang-Chun Chen <[email protected]>
    featherchen authored and avagin committed Aug 4, 2022
    Configuration menu
    Copy the full SHA
    4cc4d1d View commit details
    Browse the repository at this point in the history
  5. zdtm: add two tests for large ghost sparse file

    ghost_holes_large00 is a test which creates a large ghost sparse file with 1GiB
    hole(pwrite can only handle 2GiB maximum on 32-bit system) and 8KiB data, criu
    should be able to handle this kind of situation.
    
    ghost_holes_large01 is a test which creates a large ghost sparse file with 1GiB
    hole and 2MiB data, since 2MiB is larger than the default ghost_limit(1MiB),
    criu should fail on this test.
    
    v2: fix overflow on 32-bit arch.
    
    Signed-off-by: Liang-Chun Chen <[email protected]>
    featherchen authored and avagin committed Aug 4, 2022
    Configuration menu
    Copy the full SHA
    d9009f6 View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2022

  1. MAINTAINERS: Add Radostin (myself) to maintainers

    I've been contributing to CRIU for sometime and I'm hoping that my
    familiarity with the project would be sufficient to self-nominate as a
    maintainer. I would like to help with code reviews, submitting patches,
    implementing new features, and maintaining the project in general.
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 5, 2022
    Configuration menu
    Copy the full SHA
    8a01859 View commit details
    Browse the repository at this point in the history
  2. ci: unset XDG_RUNTIME_DIR when invoking podman

    We need to pass environment variables from the CI environment to
    distinguish between CI environments. However, when `sudo -E` is
    used to run Podman it results in the XDG_RUNTIME_DIR environment
    variable being set incorrectly that prevents Podman from running.
    
    This patch fixes the following error in the GitHub Action virtual
    environment:
    
    	error running container: error from /usr/bin/crun creating
    	container for [/bin/sh -c /bin/prepare-for-fedora-rawhide.sh]:
    	sd-bus call: Connection reset by peer
    
    Fixes: checkpoint-restore#1942
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git committed Aug 5, 2022
    Configuration menu
    Copy the full SHA
    f32e626 View commit details
    Browse the repository at this point in the history
  3. criu: fix conflicting headers

    There are several changes in glibc 2.36 that make sys/mount.h header
    incompatible with kernel headers:
    
    https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
    
    This patch removes conflicting includes for `<linux/mount.h>` and
    updates the content of `criu/include/linux/mount.h` to match
    `/usr/include/sys/mount.h`. In addition, inline definitions sys_*()
    functions have been moved from "linux/mount.h" to "syscall.h" to
    avoid conflicts with `uapi/compel/plugins/std/syscall.h` and
    `<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced
    with local include to avoid conflicts with `<sys/mount.h>`.
    
    Fixes: checkpoint-restore#1949
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git committed Aug 5, 2022
    Configuration menu
    Copy the full SHA
    4c86d6a View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2022

  1. Revert "ci: Switch to non overlaysfs tests"

    This reverts commit 8bb05e3.
    
    The following bug has been fixed:
    https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1967924
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    6a1260a View commit details
    Browse the repository at this point in the history
  2. docker-test: use containerd installed from package

    In commits [1, 2] the version of containerd installed by default in the
    GitHub CI virtual environment was replaced with the latest release from
    GitHub as a workaround to a bug in containerd.  This bug has been fixed
    sometime ago and the current default version of containerd (1.6.6) does
    not require this workaround. However, with the latest release, the
    containerd binaries uploaded on GitHub have been built for Ubuntu 22.04
    [3]. Our tests are still running on Ubuntu 20.04 and this results in the
    following error:
    
    /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/containerd)
    /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /usr/bin/containerd)
    
    [1] checkpoint-restore@046cad8
    [2] checkpoint-restore@81a68ad
    [3] containerd/containerd@6b2dc9a37
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    557ab8c View commit details
    Browse the repository at this point in the history
  3. cr-check: fix check for apparmor stacking

    The feature check for AppArmor stacking was introduced in
    commit:
    	8723e3f
    	check: add a feature test for apparmor_stacking
    
    However, on systems that don't support AppArmour, this check always
    fails. As a result, `criu check --all` shows the following message:
    
    	Looks good but some kernel features are missing
    	which, depending on your process tree, may cause
    	dump or restore failure.
    
    Reported-by: André Rösti (@andrej)
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    5f801c4 View commit details
    Browse the repository at this point in the history
  4. cr-check: optimize check for apparmor stacking

    The result of check_aa_ns_dumping() is stored in kdat. Instead of doing
    the same check twice - once on kerndat_init(), and again in
    check_apparmor_stacking(), we can check the stored value.
    
    Suggested-by: Pavel Tikhomirov <[email protected]>
    Signed-off-by: Radostin Stoyanov <[email protected]>
    Snorch authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    ce1b705 View commit details
    Browse the repository at this point in the history
  5. cr-restore: rseq: dynamically handle *libc with rseq

    Before this patch we assumed that CRIU is compiled against
    the same GLibc as it runs with. But as we see from real
    world examples like checkpoint-restore#1935 it's not always true.
    
    The idea of this patch is to detect rseq configuration
    for the main CRIU process and use it to unregister
    rseq for all further child processes. It's correct,
    because we restore pstree using clone*() syscalls,
    don't use exec*() (!) syscalls, so rseq gets inherited
    in the kernel and rseq configuration remains the same
    for all children processes.
    
    This will prevent issues like this:
    checkpoint-restore#1935
    
    Suggested-by: Florian Weimer <[email protected]>
    Signed-off-by: Alexander Mikhalitsyn <[email protected]>
    mihalicyn authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    f0b0a64 View commit details
    Browse the repository at this point in the history
  6. cr-restore: rseq: use glibc-specific way to unregister only as fallback

    Let's use dynamic approach to detect built-in *libc rseq in all cases,
    and "old" static approach as a fallback path if the user kernel
    lacks support of ptrace_get_rseq_conf feature.
    
    Suggested-by: Florian Weimer <[email protected]>
    Signed-off-by: Alexander Mikhalitsyn <[email protected]>
    mihalicyn authored and avagin committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    db9781e View commit details
    Browse the repository at this point in the history

Commits on Aug 10, 2022

  1. Add Alexander Mikhalitsyn to maintainers

    Alex implemented a few complex features and maintain our CI system.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed Aug 10, 2022
    Configuration menu
    Copy the full SHA
    6206067 View commit details
    Browse the repository at this point in the history

Commits on Aug 12, 2022

  1. docker-test: handle race condition error

    There is a race condition in docker/containerd that causes docker to
    occasionally fail when starting a container from a checkpoint immediately
    after the checkpoint has been created.
    
    This problem is unrelated to criu and has been reported in
    moby/moby#42900
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 12, 2022
    Configuration menu
    Copy the full SHA
    58fa267 View commit details
    Browse the repository at this point in the history

Commits on Aug 14, 2022

  1. ci/cirrus: add CentOS Stream 9

    Mostly a copy-paste from the CentOS 8 task, with a few differences:
     - Use dnf instead of yum
     - Enable crb instead of powertools
     - Different way of installing EPEL
     - No need to switch to python3 as this is the default
     - junit_xml is now available as an rpm
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and rst0git committed Aug 14, 2022
    Configuration menu
    Copy the full SHA
    3019db3 View commit details
    Browse the repository at this point in the history
  2. ci/cirrus: centos 8 job nits

    1. Rename CentOS 8 to CentOS Stream 8 (which it is).
    
    2. Install junit_xml from the repo rather than via pip.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and rst0git committed Aug 14, 2022
    Configuration menu
    Copy the full SHA
    2410079 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2022

  1. compel: set TRACESYSGOOD to distinguish breakpoints from syscalls

    When delivering system call traps, set bit 7 in the  signal  number  (i.e.,
    deliver SIGTRAP|0x80).  This makes it easy for the tracer  to  distinguish
    normal traps from those caused by a system call.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    373281f View commit details
    Browse the repository at this point in the history
  2. compel: clear a breakpoint right after it's been triggered

    Breakpoints are used to stop as close as possible to a target system call.
    
    First, we don't need it after this point.
    Second, PTRACE_CONT can't pass through a breakpoint on arm64.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    40f5d9b View commit details
    Browse the repository at this point in the history
  3. compel: switch breakpoint functions to non-inline at arm64 platform

    Signed-off-by: fu.lin <[email protected]>
    Signed-off-by: Andrei Vagin <[email protected]>
    fu.lin authored and avagin committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    267c9bc View commit details
    Browse the repository at this point in the history
  4. breakpoint: implement hw breakpoint for arm64 platform

    The x86 implement hardware breakpoint to accelerate the tracing syscall
    procedure instead of `ptrace(PTRACE_SYSCALL)`. The arm64 has the same
    capability according to <<Learn the architecture: Armv8-A self-hosted
    debug>>[[1]].
    
    <<Arm Architecture Reference Manual for A-profile architecture>[[2]]
    illustrates the usage detailly:
    - D2.8 Breakpoint Instruction exceptions
    - D2.9 Breakpoint exceptions
    - D13.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers, n
    
    Note:
    [1]: https://developer.arm.com/documentation/102120/0100
    [2]: https://developer.arm.com/documentation/ddi0487/latest
    
    Signed-off-by: fu.lin <[email protected]>
    Signed-off-by: Andrei Vagin <[email protected]>
    fu.lin authored and avagin committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    cc8c6b4 View commit details
    Browse the repository at this point in the history
  5. breakpoint: enable breakpoints by default on amd64 and arm64

    Signed-off-by: fu.lin <[email protected]>
    Signed-off-by: Andrei Vagin <[email protected]>
    fu.lin authored and avagin committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    ec49f42 View commit details
    Browse the repository at this point in the history

Commits on Aug 23, 2022

  1. criu: fail migration if data was sent to an in-flight socket

    Before this change, CRIU would just lose that data upon migration. So
    it's better to fail migration in this case.
    
    To reproduce the bug one can:
    1. Create an AF_UNIX socket and call listen on it.
    2. Create a second AF_UNIX socket and call connect to the first one.
    3. Send the data to the second socket.
    4. Migrate.
    5. Call accept on the first socket and then read. There would be no data
       available.
    
    It should be even possible to close the second socket before migration.
    This would cause accept to hang because CRIU totally misses a closed
    in-flight socket.
    
    Signed-off-by: Michal Clapinski <[email protected]>
    mclapinski authored and avagin committed Aug 23, 2022
    Configuration menu
    Copy the full SHA
    6e35c59 View commit details
    Browse the repository at this point in the history
  2. zdtm: return 1 from pr_err, pr_perror, fail

    This allows to make test code more compact:
    if (ret == -1) {
    	pr_perror("XXX");
    	return 1;
    }
    vs
    if (ret == -1)
    	return pr_perror("XXX");
    
    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed Aug 23, 2022
    Configuration menu
    Copy the full SHA
    edb3e52 View commit details
    Browse the repository at this point in the history
  3. test/unix: check C/R of unix listen queues

    Check that CRIU handles non-empty listen queues properly.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    [[email protected]: update test_doc and test_author]
    Signed-off-by: Michal Clapinski <[email protected]>
    avagin committed Aug 23, 2022
    Configuration menu
    Copy the full SHA
    309e131 View commit details
    Browse the repository at this point in the history

Commits on Aug 28, 2022

  1. gitignore: Ignore top-evel build dir only

    The entry "build/" will ignore any directory named "build" at any level
    of the source tree, including our scripts/build directory. We only want
    to ignore the top-level build directory created by `make install`.
    
    As the git manpage suggests, entries with slashes at the start or in the
    middle will only match at the same level as the .gitignore, hence use
    build/** instead.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Aug 28, 2022
    Configuration menu
    Copy the full SHA
    3aafc55 View commit details
    Browse the repository at this point in the history
  2. ci: Rename openj9 Dockerfiles to hotspot

    We used to pull AdoptOpenJDK's OpenJ9 builds but switched to
    Eclipse Temurin, which uses the HotSpot VM instead of OpenJ9.
    Rename the corresponding Dockerfiles to hotspot.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Aug 28, 2022
    Configuration menu
    Copy the full SHA
    84a7269 View commit details
    Browse the repository at this point in the history
  3. ci: Add Dockerfile for openj9 on Ubuntu

    Semeru builds (which use OpenJ9 instead of HotSpot) are the successors
    of AdoptOpenJDK's OpenJ9 builds.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Aug 28, 2022
    Configuration menu
    Copy the full SHA
    8556d83 View commit details
    Browse the repository at this point in the history
  4. ci: Clean up and improve Java testing

    This patch changes top-level OpenJ9 filename and data references to Java
    to make them generic and launches tests against both HotSpot and OpenJ9
    JVMs.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Aug 28, 2022
    Configuration menu
    Copy the full SHA
    1ba1c39 View commit details
    Browse the repository at this point in the history

Commits on Aug 29, 2022

  1. mount: add definition for FSOPEN_CLOEXEC

    A recent change in glibc introduced `enum fsconfig_command` [1] and as a
    result the compilation of criu fails with the following errors
    
    In file included from criu/pie/util.c:3:
    /usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
      240 | enum fsconfig_command
          |      ^~~~~~~~~~~~~~~~
    In file included from /usr/include/sys/mount.h:32:
    criu/include/linux/mount.h:11:6: note: originally defined here
       11 | enum fsconfig_command {
          |      ^~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
      242 |   FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
          |   ^~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
       12 |         FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
          |         ^~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING'
      244 |   FSCONFIG_SET_STRING     = 1,    /* Set parameter, supplying a string value */
          |   ^~~~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command'
       14 |         FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
          |         ^~~~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY'
      246 |   FSCONFIG_SET_BINARY     = 2,    /* Set parameter, supplying a binary blob value */
          |   ^~~~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command'
       16 |         FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
          |         ^~~~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH'
      248 |   FSCONFIG_SET_PATH       = 3,    /* Set parameter, supplying an object by path */
          |   ^~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command'
       18 |         FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
          |         ^~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY'
      250 |   FSCONFIG_SET_PATH_EMPTY = 4,    /* Set parameter, supplying an object by (empty) path */
          |   ^~~~~~~~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command'
       20 |         FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
          |         ^~~~~~~~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD'
      252 |   FSCONFIG_SET_FD         = 5,    /* Set parameter, supplying an object by fd */
          |   ^~~~~~~~~~~~~~~
    criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command'
       22 |         FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
          |         ^~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE'
      254 |   FSCONFIG_CMD_CREATE     = 6,    /* Invoke superblock creation */
          |   ^~~~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command'
       24 |         FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
          |         ^~~~~~~~~~~~~~~~~~~
    /usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE'
      256 |   FSCONFIG_CMD_RECONFIGURE = 7,   /* Invoke superblock reconfiguration */
          |   ^~~~~~~~~~~~~~~~~~~~~~~~
    criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command'
       26 |         FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
    
    This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular,
    sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`.
    
    [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570
    
    Reported-by: Younes Manton (@ymanton)
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Aug 29, 2022
    Configuration menu
    Copy the full SHA
    517c094 View commit details
    Browse the repository at this point in the history

Commits on Aug 30, 2022

  1. criu-ns: capture controlling tty

    When we are restoring in new pidns we specifically do setsid() from
    criu-ns init so that sids of restored tasks are non-zero in this pidns
    and on next dump CRIU would not have problems with zero sids, see [1].
    
    But after this CRIU tries to inherit and setup a tty for the restored
    process, and it fails to set it's process group via TIOCSPGRP to be a
    foreground group for it's tty, because tty already is a controlling tty
    for other session (which we had before setsid).
    
    So to make it restore we need to reset tty to be a controlling tty of
    criu-ns init via TIOCSCTTY before calling criu.
    
    Else when restoring first time via criu-ns (from criu-ns dump) we get:
    
    Error (criu/tty.c:689): tty: Failed to set group 40816 on 0: Inappropriate ioctl for device
    
    checkpoint-restore#232 [1]
    
    v2: add why and what comment in code, set controlling tty only for
    --shell-job and fail if stdin is not a tty.
    
    Fixes: checkpoint-restore#1893
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    94bfff7 View commit details
    Browse the repository at this point in the history
  2. files-reg: skip failed mount lookup for shell-job's tty

    When we restore a shell-job we would inherit tty-s, so even if we don't
    have a right mount for it in container on dump, on restore it should
    just be right.
    
    Else when dumping second time via criu-ns we get:
    
    (00.005678) Error (criu/files-reg.c:1710): Can't lookup mount=29 for fd=0 path=/dev/pts/20
    
    Fixes: checkpoint-restore#1893
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    2666eec View commit details
    Browse the repository at this point in the history
  3. ci/gha/lint: install a recent shellcheck

    Instead of using shellcheck v0.7.2 from fedora repo,
    let's install the latest version (v0.8.0).
    
    This allows to remove some "shellcheck disable=..." annotations,
    and (I hope) better checking quality overall.
    
    While at it, remove findutils from dnf install as this package is
    already installed.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    c056f99 View commit details
    Browse the repository at this point in the history
  4. scripts/ci/apt-install: fix (not ignore) shellcheck warning

    It is ok to quote $@, as it expands to "$1" "$2" ...
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    01e643a View commit details
    Browse the repository at this point in the history
  5. scripts/ci/asan.sh: fix, not ignore, shellcheck warning

    We can use globstar bash feature instead of find in this case.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    527a4ce View commit details
    Browse the repository at this point in the history
  6. Fix, not ignore, shellcheck SC1091 warnings

    This is easy to fix (but we have to specify -x).
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    06e1cad View commit details
    Browse the repository at this point in the history
  7. scripts/ci/run-ci-tests: use bash arrays

    This is a preferred way of fixing SC2086 shellcheck warning.
    
    Note that since ZDTM_OPTS is passed as a string (via make or docker),
    we are converting it to an array using read -a.
    
    Remove all "shellcheck disable=SC2086" annotations.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    0fce00f View commit details
    Browse the repository at this point in the history
  8. scripts/ci: rm shellcheck disable annotations

    Those are no longer needed with shellcheck 0.8.0.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    72d27e9 View commit details
    Browse the repository at this point in the history
  9. scripts/protobuf-gen.sh: fix (not ignore) shellcheck warnings

    This basically replaces
    
    	for x in $(sed ...); do
    
    with
    
    	sed ... | while IFS= read -r x; do
    
    The only caveat is, sed program was amended to remove empty lines
    (there was one right above the PB_AUTOGEN_STOP).
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    ebe8770 View commit details
    Browse the repository at this point in the history
  10. test/others/crit/test.sh: use bash array

    In fact an array (aptly named array) is already used in run_test2,
    so let's just make it an array right from the start.
    
    While at it, remove ls invocation.
    
    Signed-off-by: Kir Kolyshkin <[email protected]>
    kolyshkin authored and avagin committed Aug 30, 2022
    Configuration menu
    Copy the full SHA
    6128eb6 View commit details
    Browse the repository at this point in the history

Commits on Sep 14, 2022

  1. seize: do not overwrite exit code from failpath

    Signed-off-by: Liu Hua <[email protected]>
    Liu Hua authored and avagin committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    58257cb View commit details
    Browse the repository at this point in the history

Commits on Oct 2, 2022

  1. compel: Add APIs to facilitate testing

    Starting the daemon is the first time we run code in the victim
    using the parasite stack.
    
    It's useful for testing to be able to infect the victim without starting
    the daemon so that we can inspect the victim's state, set up stack
    guards, and so on before stack-related corruption can happen.
    
    Add compel_infect_no_daemon() to infect the victim but not start the
    daemon and compel_start_daemon() to start the daemon after the victim
    is infected.
    
    Add compel_get_stack() to get the victim's main and thread parasite
    stacks.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Oct 2, 2022
    Configuration menu
    Copy the full SHA
    6e9a908 View commit details
    Browse the repository at this point in the history
  2. compel: Fix infect test to not override failures

    Signed-off-by: Younes Manton <[email protected]>
    
    return zero on chk success
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    
    Co-authored-by: Pavel Tikhomirov <[email protected]>
    2 people authored and avagin committed Oct 2, 2022
    Configuration menu
    Copy the full SHA
    50dda15 View commit details
    Browse the repository at this point in the history
  3. compel: Add test to check parasite stack setup

    Some ABIs allow functions to store data in caller frame, which
    means that we have to allocate an initial stack frame before
    executing code on the parasite stack.
    
    This test saves the contents of writable memory that follows the stack
    after the victim has been infected but before we start using the
    parasite stack. It later checks that the saved data matches the
    current contents of the two memory areas. This is done while the
    victim is halted so we expect a match unless executing parasite code
    caused memory corruption. The test doesn't detect cases where we
    corrupted memory by writing the same value.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Oct 2, 2022
    Configuration menu
    Copy the full SHA
    a7cbdcb View commit details
    Browse the repository at this point in the history
  4. compel: Fix ppc64le parasite stack layout

    The ppc64le ABI allows functions to store data in caller frames.
    When initializing the stack pointer prior to executing parasite code
    we need to pre-allocating the minimum sized stack frame before
    jumping to the parasite code.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Oct 2, 2022
    Configuration menu
    Copy the full SHA
    615763e View commit details
    Browse the repository at this point in the history
  5. ci: enable EPEL for CentOS 7

    python2-future, python2-junit_xml, python-flake8 and libbsd-devel are
    now provided from EPEL.
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and adrianreber committed Oct 2, 2022
    Configuration menu
    Copy the full SHA
    4cd295b View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2022

  1. non-root: add infrastructure to run as non-root

    The idea behind the rootless CRIU code is, that CRIU reads out its
    effective capabilities and stores that in the global opts structure.
    
    Different parts of CRIU can then, based on the existing capabilities,
    automatically enable or disable certain code paths.
    
    Currently at least CAP_CHECKPOINT_RESTORE is required. CRIU will not
    start without this capability.
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    294aedc View commit details
    Browse the repository at this point in the history
  2. non-root: add functions to work with capabilities

    This adds the function check_caps() which checks if CRIU is running
    with at least CAP_CHECKPOINT_RESTORE. That is the minimum capability
    CRIU needs to do a minimal checkpoint and restore from it.
    
    In addition helper functions are added to easily query for other
    capability for enhanced checkpoint/restore support.
    
    Co-authored-by: Younes Manton <[email protected]>
    Signed-off-by: Adrian Reber <[email protected]>
    Signed-off-by: Younes Manton <[email protected]>
    2 people authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    de70d2c View commit details
    Browse the repository at this point in the history
  3. non-root: enable non-root checkpoint/restore

    This commit enables checkpointing and restoring of applications as
    non-root.
    
    First goal was to enable checkpoint and restore of the env00 and
    pthread00 test case.
    
    This uses the information from opts.unprivileged and opts.cap_eff to
    skip certain code paths which do not work as non-root.
    
    Co-authored-by: Adrian Reber <[email protected]>
    Signed-off-by: Younes Manton <[email protected]>
    2 people authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    3b5f5c7 View commit details
    Browse the repository at this point in the history
  4. non-root: Introduce unprivileged mode to kerndat

    This patch modifies how kerndat is handled in unprivileged mode.
    
    Initialization and functionality that can only be done as root is
    made separate from common code. The kerndat file's location is
    defined as $XDG_RUNTIME_DIR/criu.kdat in unprivileged mode. Since
    we expect that directory to be on tmpfs we maintain the same behavior
    as the root-mode kerndat which lives in /run.
    
    Co-authored-by: Adrian Reber <[email protected]>
    Signed-off-by: Younes Manton <[email protected]>
    2 people authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    2cb3da2 View commit details
    Browse the repository at this point in the history
  5. Documentation: add details about --unprivileged

    This adds the non-root section and information about the parameter
    --unprivileged to the man page.
    
    Co-authored-by: Anna Singleton <[email protected]>
    Signed-off-by: Adrian Reber <[email protected]>
    Signed-off-by: Anna Singleton <[email protected]>
    2 people authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    1db95af View commit details
    Browse the repository at this point in the history
  6. non-root: extend zdtm.py to be able to run tests as non-root

    These are the minimal changes to make zdtm.py successfully run the
    env00 and pthread test case as non-root using the '--rootless' zdtm option.
    
    Co-authored-by: Younes Manton <[email protected]>
    Signed-off-by: Adrian Reber <[email protected]>
    Signed-off-by: Younes Manton <[email protected]>
    2 people authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    0add1b6 View commit details
    Browse the repository at this point in the history
  7. non-root: add non-root test case to cirrus runs

    Run env00 and pthread00 test as non-root as initial proof of concept.
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    8cf8fe8 View commit details
    Browse the repository at this point in the history
  8. cgroup: add a comment to restore_cgroup_prop about path argument requ…

    …irements
    
    In Virtuozzo we've faced out-of-bound access when calling this function
    on short path string, which corrupted other memory and lead to
    segmentation fault. So it may be useful to have this comment in code to
    avoid such a missuse of this function in future.
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    Snorch authored and avagin committed Oct 25, 2022
    Configuration menu
    Copy the full SHA
    18c6426 View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2022

  1. ipc_sysctl: Prioritize restoring IPC variables using non usernsd appr…

    …oach
    
    Since commit torvalds/linux@5563cabdde, user with
    enough capability can open IPC sysctl files and write to them. Therefore, we
    don't need to use usernsd process in the outside user namespace to help with
    that anymore. Furthermore, some later commits:
    torvalds/linux@1f5c135ee5,
    torvalds/linux@0889f44e28 bind the IPC namespace to
    the opened file descriptor of IPC sysctl at the open() time, the changed value
    does not depend on the IPC namespace of write() time anymore. This breaks the
    current usernsd approach.
    
    So, we prioritize opening/writing IPC sysctl files in the context of restored
    process directly without usernsd help. This approach succeeds in the newer
    kernel since the restored process has enough capabilities at this restore stage.
    With older kernel, the open() fails and we fallback to the usernsd approach.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    5bcde6f View commit details
    Browse the repository at this point in the history
  2. Switch aarch64 builds to Cirrus CI

    It seems like drone.io no longer provides free aarch64/armhf CI runs.
    
    This switches the aarch64 CI runs to Cirrus CI. armhf CI runs have been
    dropped for now as they are not directly supported.
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    83ed54b View commit details
    Browse the repository at this point in the history
  3. cgroup-v2: Checkpoint and restore some global properties

    This commit supports checkpoint/restore some new global properties in cgroup-v2
    
    	cgroup.subtree_control
    	cgroup.max.descendants
    	cgroup.max.depth
    	cgroup.freeze
    	cgroup.type
    
    Only cgroup.subtree_control, cgroup.type need some more code to handle.
    cgroup.subtree_control value needs to be set with "+", "-" prefix and
    cgroup.type can only be written with value "threaded" if we want to make this
    controller threaded. cgroup.type is a special property because this property
    must be restored before any processes can move into this controller.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    f5ad26c View commit details
    Browse the repository at this point in the history
  4. zdtm: Add write_value/read_value helpers into zdtm library

    Add write_value/read_value helpers to write/read buffer to/from files into zdmt
    library.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    1304415 View commit details
    Browse the repository at this point in the history
  5. zdtm: Add test to check global properties of cgroup-v2 are preserved

    Check that CRIU can checkpoint/restore global properties in cgroup-v2 properly.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    a8328c7 View commit details
    Browse the repository at this point in the history
  6. cgroup-v2: Dump cgroup controllers of every threads in a process

    Currently, we assume all threads in process are in the same cgroup controllers.
    However, with threaded controllers, threads in a process may be in different
    controllers. So we need to dump cgroup controllers of every threads in process
    and fixup the procfs cgroup parsing to parse from self/task/<tid>/cgroup.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    c3a5192 View commit details
    Browse the repository at this point in the history
  7. cgroup-v2: Restore threads in a process into correct threaded control…

    …lers
    
    As threads in a process may be in different threaded controllers, we need to
    move thoses threads to the correct controllers.
    
    Because the threads of a process are restored in later stage in restorer.c, we
    need to create a cgroupd service to help to move those threads into correct
    controllers when they are restored. We cannot use usernsd as the code in
    restorer does not know the address of outside function to pass to userns_call.
    However, this cgroupd service still reuses a lot of code from usernsd.
    
    The main logic is that restored threads receive the cg_set number they belong to
    before restorer stage in case their cg_set are different from main thread. When
    these threads are restored, they send the cg_set number and their thread ids
    through unix socket to cgroupd. cgroupd receives the cg_set number and thread
    ids and moves those threads into correct controllers. Thread ids are sent
    through SCM_CREDENTIALS of unix socket so they are translated into correct
    thread ids in the receiving end.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    da84213 View commit details
    Browse the repository at this point in the history
  8. zdtm: Check threads are restored into correct threaded controllers

    This test creates a process with 2 threads in different threaded controllers and
    check if CRIU restores these threads' cgroup controllers properly.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    030c5ab View commit details
    Browse the repository at this point in the history
  9. ci: Make cpuset move to cgroup-v2 hierarchy

    As cgroupv2_00, cgroupv2_01 need cpuset in cgroup-v2 hierarchy to check CRIU
    handle cgroup-v2 properly, umount cpuset in cgroup-v1 to make it move to
    cgroup-v2.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 2, 2022
    Configuration menu
    Copy the full SHA
    d3ed3e9 View commit details
    Browse the repository at this point in the history

Commits on Nov 8, 2022

  1. ci: Do not fail if latest epel repository definition is already insta…

    …lled
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and rst0git committed Nov 8, 2022
    Configuration menu
    Copy the full SHA
    f47f5c0 View commit details
    Browse the repository at this point in the history
  2. ci: move cgroup unmounting to run-ci-tests.sh

    A previous commit added a cgroup cpuset unmounting to
    scripts/ci/Makefile. We are sometimes running in a container without the
    necessary privileges to unmount certain cgroups.
    
    This commit moves the cgroup unmounting to a place in run-ci-tests.sh
    which already requires privileged access and does not break unprivileged
    build-only CI runs.
    
    Signed-off-by: Adrian Reber <[email protected]>
    adrianreber authored and rst0git committed Nov 8, 2022
    Configuration menu
    Copy the full SHA
    979c842 View commit details
    Browse the repository at this point in the history

Commits on Nov 11, 2022

  1. kerndat: Mark memfd_create(MFD_HUGETLB) unavailable when ENOSYS is re…

    …turned
    
    Some users on Raspberry Pi report that the kerndat checking for
    memfd_create(MFD_HUGETLB) support returns ENOSYS even when memfd_create
    syscall is available. We currently treat this error as unexpected and
    return error. This commit marks the memfd_create(MFD_HUGETLB) as
    unavailable when ENOSYS is returned.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 11, 2022
    Configuration menu
    Copy the full SHA
    614fb7d View commit details
    Browse the repository at this point in the history

Commits on Nov 12, 2022

  1. cgroup: Remove redundant code that handles zombie tasks

    Zombie tasks are dumped in dump_zombies() so it is redundant to handle them
    in dump_one_task().
    
    Deprecate cg_set in task_core_entry as this field must be per thread now.
    
    Signed-off-by: Bui Quang Minh <[email protected]>
    minhbq-99 authored and avagin committed Nov 12, 2022
    Configuration menu
    Copy the full SHA
    52435d7 View commit details
    Browse the repository at this point in the history

Commits on Nov 18, 2022

  1. Remove execute bit from source file

    Signed-off-by: Mathias Gibbens <[email protected]>
    Mathias Gibbens authored and rst0git committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    1c6517a View commit details
    Browse the repository at this point in the history

Commits on Nov 21, 2022

  1. amdgpu: define __nmk_dir if missing

    This patch adds a missing definition for `__nmk_dir` in the Makefile
    for the amdgpu plugin. This definition is required, for example, when
    building the `test_topology_remap` target:
    
    	make -C plugins/amdgpu/ test_topology_remap
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and avagin committed Nov 21, 2022
    Configuration menu
    Copy the full SHA
    7fee7d2 View commit details
    Browse the repository at this point in the history
  2. Fix warnings from -Wstrict-prototypes in clang 16.0.0

    While building on a machine that has a HOL clang compiler,
    I ran into warnings regarding the changed line.  It appears
    this warning is on by default because of anticipated changes
    to the C standard.
    
    Signed-off-by: Drew Wock <[email protected]>
    ajwock authored and avagin committed Nov 21, 2022
    Configuration menu
    Copy the full SHA
    6f3b81d View commit details
    Browse the repository at this point in the history

Commits on Nov 24, 2022

  1. ci/lint: install ShellCheck with dnf

    The way ShellCheck is installed was changed in commit c056f99
    (ci/gha/lint: install a recent shellcheck) to use the latest version
    v0.8.0 and remove some of the "shellcheck disable=..." annotations.
    Since then, Fedora 37 has been released and the ShellCheck package
    has been updated to v0.8.0.
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and adrianreber committed Nov 24, 2022
    Configuration menu
    Copy the full SHA
    b50d3d7 View commit details
    Browse the repository at this point in the history
  2. ci/alpine: remove symlink for /usr/bin/python

    The python3 package in Alpine has recently been updated to install
    symbolic link for /usr/bin/python.
    
    https://git.alpinelinux.org/aports/commit/main/python3?id=d91da210b1614eb75517d59b7f348fee01699f35
    
    This causes the following error in CI:
    
      Step 10/11 : RUN ln -s /usr/bin/python3 /usr/bin/python
       ---> Running in a5a94be9dc93
      ln: failed to create symbolic link '/usr/bin/python': File exists
      The command '/bin/sh -c ln -s /usr/bin/python3 /usr/bin/python' returned a non-zero code: 1
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and adrianreber committed Nov 24, 2022
    Configuration menu
    Copy the full SHA
    5b9f7a9 View commit details
    Browse the repository at this point in the history

Commits on Nov 25, 2022

  1. ci: fix make indent

    This patch fixes applies the changes required by clang-format v15.0.5
    for `make indent`.
    
    Signed-off-by: Radostin Stoyanov <[email protected]>
    rst0git authored and adrianreber committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    4f659d5 View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2022

  1. files-reg.c: fiemap algorithm for ghost file

    In order to reduce the frequency of using system call, based on
    https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/misc/create_inode.c#n519,
    I created a new algorithm of dumping chunk via fiemap.(copy_file_to_chunks_fiemap)
    
    Also, I added another BOOL_OPT for users to determine which algorithm they
    want to use. Moreover, for those filesystem not supporting fiemap, criu
    will fall back to the original algorithm(SEEK_HOLE/SEEK_DATA).
    
    v2: don't call copy_chunk_from_file on outstanding extent; rearange
    headers to workaround "redeclaration of ‘enum fsconfig_command’" problem
    
    Signed-off-by: Liang-Chun Chen <[email protected]>
    featherchen authored and avagin committed Nov 30, 2022
    Configuration menu
    Copy the full SHA
    7819a11 View commit details
    Browse the repository at this point in the history
  2. zdtm: add two tests for highly sparse ghost file

    ghost_multi_hole00 and ghost_multi_hole01 are tests which create a ghost file
    with a lot of holes, there are 4K data and 4K hole inside every 8K length.
    
    The only difference between them is ghost-fiemap option, 01 is a
    test for the fiemap dumping algorithm, and we want to test the
    behavior of EXTENT_MAX_COUNT part, so the file size should be 8M, thus there
    will be 1024 chunks in the ghost file.
    
    In some file system, such as xfs, we somehow can not easily create highly sparse
    file as in ext4 or btrfs, therefore we need `fallocate` to forcibly create holes.
    
    Signed-off-by: Liang-Chun Chen <[email protected]>
    featherchen authored and avagin committed Nov 30, 2022
    Configuration menu
    Copy the full SHA
    f4a91fc View commit details
    Browse the repository at this point in the history

Commits on Dec 3, 2022

  1. Fix typo in comment

    Signed-off-by: Shubham Verma <[email protected]>
    VermaSh authored and avagin committed Dec 3, 2022
    Configuration menu
    Copy the full SHA
    50db2be View commit details
    Browse the repository at this point in the history

Commits on Dec 12, 2022

  1. non-root: Rework socket bufs for unprivileged mode

    SO_SNDBUFFORCE/SO_RCVBUFFORCE require root or CAP_NET_ADMIN.
    We can use SO_SNDBUF/SO_RCVBUF in some cases and avoid
    needing elevated privileges.
    
    This patch renames sk_setbufs() to sk_setbufs_ns() and
    makes sk_setbufs() a general helper that sets socket
    send and receive buffer sizes. The helper tries to use
    SO_SNDBUFFORCE/SO_RCVBUFFORCE first and falls back to
    SO_SNDBUF/SO_RCVBUF if we're in unprivileged mode.
    
    The existing sk_setbufs_ns() which takes a pid parameter
    and is intended to be called via userns_call() is rewritten
    to call sk_setbufs().
    
    Existing code that sets buffer sizes via setsockopt() is
    modified to call sk_setbufs() instead.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Dec 12, 2022
    Configuration menu
    Copy the full SHA
    b3c7286 View commit details
    Browse the repository at this point in the history
  2. non-root: Don't dump socket option SO_MARK if 0

    Restoring SO_MARK requires root or CAP_NET_ADMIN. If the value
    is 0 we will avoid dumping it so that we don't need to do a
    privileged call on restore.
    
    Signed-off-by: Younes Manton <[email protected]>
    ymanton authored and avagin committed Dec 12, 2022
    Configuration menu
    Copy the full SHA
    318ff08 View commit details
    Browse the repository at this point in the history
  3. sockets: tiny style fix

    Signed-off-by: Andrei Vagin <[email protected]>
    avagin committed Dec 12, 2022
    Configuration menu
    Copy the full SHA
    6e11e7f View commit details
    Browse the repository at this point in the history

Commits on Dec 13, 2022

  1. test/javaTests: update org.testng:testng (Maven)

    TestNG is vulnerable to Path Traversal
    
    Fixes https://github.com/checkpoint-restore/criu/security/dependabot/1.
    
    Signed-off-by: Andrei Vagin <[email protected]>
    Signed-off-by: Radostin Stoyanov <[email protected]>
    avagin committed Dec 13, 2022
    Configuration menu
    Copy the full SHA
    008c2b9 View commit details
    Browse the repository at this point in the history

Commits on Dec 15, 2022

  1. link-remap: Add --keep-link-remaps option

    When specified, this option disables the automatic deletion of link-remaps on
    restore.  This allows checkpoints dumped with --link-remap to be restored
    multiple times (provided that other conditions for reuse are met).
    
    Signed-off-by: Drew Wock <[email protected]>
    ajwock committed Dec 15, 2022
    Configuration menu
    Copy the full SHA
    972ae4e View commit details
    Browse the repository at this point in the history