-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
link-remap: Add --keep-link-remaps option #2028
base: criu-dev
Are you sure you want to change the base?
Commits on May 13, 2022
-
Change made through this commit: - Include copy of flog as a seperate tree. - Modify the makefile to add and compile flog code. Signed-off-by: prakritigoyal19 <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6f8d543 - Browse repository at this point
Copy the full SHA 6f8d543View commit details -
flog: Missing varargs init or cleanup (VARARGS)
CID 302713 (checkpoint-restore#1 of 1): Missing varargs init or cleanup (VARARGS) va_end was not called for argptr. Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bf7b517 - Browse repository at this point
Copy the full SHA bf7b517View commit details -
Separate commit for easier criu-dev <-> master transfer. Acked-by: Mike Rapoport <[email protected]> Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 09348a2 - Browse repository at this point
Copy the full SHA 09348a2View commit details -
It is mapped, not maped. Same applies for mmap I guess. Found by codespell, except it wants to change it to mapped, which will make it less specific. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d355c36 - Browse repository at this point
Copy the full SHA d355c36View commit details -
flog: fix some codespell warnings
Brought to you by codespell -w (using codespell v2.1.0). [v2: use "make indent" on the result] Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6eafe4e - Browse repository at this point
Copy the full SHA 6eafe4eView commit details -
cr-dump: do not report success to logs if post-dump script failed
It can be confusing to see error from post-dump action script and non zero return from criu though at the same time see "Dumping finished successfully" in log. I believe it is logical to consider post-dump action script as a part of "dump" process so fail in it means that the whole dump failed. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4795374 - Browse repository at this point
Copy the full SHA 4795374View commit details -
ci: Fix unsafe repository error
Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 03539d4 - Browse repository at this point
Copy the full SHA 03539d4View commit details -
mem: Skip pre-dumping on hugetlb mappings
As private hugetlb mappings are not pre-mapped, the content of them is restored in the the restorer which cannot use page_read->read_pages. As a result, we cannot recursively read the content of pre-dumped image in the parent directory and use preadv to read the content from the last dumped image only. Therefore, it may freeze while restoring when the content of mapping is in pre-dumped image in parent directory. We need to skip pre-dumping on hugetlb mappings to resolve the issue. Suggested-by: Alexander Mikhalitsyn <[email protected]> Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for df67400 - Browse repository at this point
Copy the full SHA df67400View commit details -
Revert "ci: skip new hugetlb maps09/maps10 tests for pre-dump"
This reverts commit 37ea8c5. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2de7eea - Browse repository at this point
Copy the full SHA 2de7eeaView commit details -
zdtm: skip zdtm/static/shm-hugetlb when hugetlb is not supported
Reported-by: Mr. Jenkins (ppc64le) Signed-off-by: Alexander Mikhalitsyn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a1fb2ec - Browse repository at this point
Copy the full SHA a1fb2ecView commit details -
crit: Use same version as criu
Name collision with an abandoned project named 'crit' in pypi causes pip to show crit (CRiu Image Tool) as outdated. This patch updates crit to use the same version and license as criu. Fixes checkpoint-restore#1878 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3c8aa30 - Browse repository at this point
Copy the full SHA 3c8aa30View commit details -
page-pipe: fix limiting a pipe size
But actually, 5a92f10 probably has to be reverted as a whole. PIPE_MAX_SIZE is the hard limit to avoid PAGE_ALLOC_COSTLY_ORDER allocations in the kernel. But F_SETPIPE_SZ rounds up a requested pipe size to a power-of-2 pages. It means that when we request PIPE_MAX_SIZE that isn't a power-of-2 number, we actually request a pipe size greater than PIPE_MAX_SIZE. Fixes: 5a92f10 ("page-pipe: Resize up to PIPE_MAX_SIZE") Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for be6d7ca - Browse repository at this point
Copy the full SHA be6d7caView commit details -
page-xfer: use negative values for error codes
Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d84e2e4 - Browse repository at this point
Copy the full SHA d84e2e4View commit details -
page-xfer: adjust a buffer to a pipe size
Due to side effects of F_SETPIPE_SZ, the actual pipe size can be greater than PIPE_MAX_SIZE. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6d879d5 - Browse repository at this point
Copy the full SHA 6d879d5View commit details -
pre-dump: call vmsplice with SPLICE_F_GIFT
In this case, vmplice attaches pages without coping them. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a6aae07 - Browse repository at this point
Copy the full SHA a6aae07View commit details -
page-xfer: refactoring analyze_iov and fill_userbuf
* handle unexpected errors of process_vm_readv * adjust riovs in analyze_iov * call handle_faulty_iov only if process_vm_readv returns EFAULT. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 574f396 - Browse repository at this point
Copy the full SHA 574f396View commit details -
ci: test the read mode of pre-dump
Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 45641ab - Browse repository at this point
Copy the full SHA 45641abView commit details
Commits on May 16, 2022
-
amdgpu/Makefile: Fix include path
When building packages for CRIU the source directory might have a name different than 'criu'. Fixes: checkpoint-restore#1877 Reported-by: @siris Signed-off-by: Radostin Stoyanov <[email protected]>
1Configuration menu - View commit details
-
Copy full SHA for cd0ed7e - Browse repository at this point
Copy the full SHA cd0ed7eView commit details
Commits on May 17, 2022
-
amdgpu: Set PLUGINDIR to /usr/lib/criu
Building the criu packages for Ubuntu/Debian fails with: mkdir: cannot create directory '/var/lib/criu': Permission denied This patch updates PLUGINDIR with the value /usr/lib/criu Fixes: checkpoint-restore#1877 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2b3763f - Browse repository at this point
Copy the full SHA 2b3763fView commit details
Commits on Jun 8, 2022
-
github: use git-clang-format instead of make indent
This allows us to only detect bad formating in PR changes but not all the CRIU codebase. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 98eda32 - Browse repository at this point
Copy the full SHA 98eda32View commit details
Commits on Jun 13, 2022
-
Fix the check for mnt namespace in criu-ns
criu-ns script incorrectly compares the pidns fd with mntns fd. Also reversed the condition in is_my_namespace function to align it with the function name. Signed-off-by: Ashutosh Mehra <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0db600d - Browse repository at this point
Copy the full SHA 0db600dView commit details -
sk-unix: make add_fake_unix_queuers earier and rework find_queuer_for
Before this patch, if we had a unixsk with incomming scm packets (with fds) and with the sender side fd closed, we got an error: Error (criu/sk-unix.c:1125): unix: Can't find sender for 0x1e First part of the problem is that unix_note_scm_rights() expects to see a "queuer" which would send scm packets to the unixsk, and there is no as the sender side is closed. Second part of the problem is that we already have "fake" queuers feature so that it already creates a unix socket pair and leaves other end open for later queuing packets. But function add_fake_unix_queuers() is called after unix_note_scm_rights() thus there is no chance to find queuer at the point of failure. Third part is that when we look for a queuer in find_queuer_for() we actually look for a socket for which we are a queuer and not for the socket which is a queuer for us, which is opposite to the name. For cases where both ends are alive both are queuers for each other so this was not important, but for our closed sender case it breaks. So let's reorder add_fake_unix_queuers() before unix_note_scm_rights() and make find_queuer_for() actually do what it's name implies. This situation is started to reproduce on Virtuozzo start/stop tests with the unixsk belonging to systemd, we suppose that this state where the sender fd side is closed happens rarely only on systemd start/stop, so we don't see it in regular suspend resume of long-living containers. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for baa4516 - Browse repository at this point
Copy the full SHA baa4516View commit details -
zdtm/scm: add scm09 test with closed sender fd
Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a147da - Browse repository at this point
Copy the full SHA 8a147daView commit details -
mount-v2: split out restore_one_sharing helper
This helper restores master_id and shared_id of first mount in the sharing group. It first copies sharing from either external source or internal parent sharing group and makes master_id from shared_id. Next it creates new shared_id when needed. All other mounts except first are just copied from the first one. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ac27245 - Browse repository at this point
Copy the full SHA ac27245View commit details -
mount-v2: workaround for multiple external bindmounts with no common …
…root It's a problem when while restoring sharing group we need to copy sharing between two mounts with non-intersecting roots, because kernel does not allow it. We have a case opencontainers/runc#3442, where runc adds different devtmpfs file-bindmounts to container and there is no fsroot mount in container for this devtmpfs, thus mount-v2 faces the above problem. Luckily for the case of external mounts which are in one sharing group and which have non-intersecting roots, these mounts likely only have external master with no sharing, so we can just copy sharing from external source and make it slave as a workaround. checkpoint-restore#1886 Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7e37618 - Browse repository at this point
Copy the full SHA 7e37618View commit details -
zdtm: test multiple ext bindmounts with no common root and same master
Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 58a2d98 - Browse repository at this point
Copy the full SHA 58a2d98View commit details -
Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for edb3b8f - Browse repository at this point
Copy the full SHA edb3b8fView commit details
Commits on Jun 14, 2022
-
hugetlb: don't dump anonymous private hugetlb mapping using memfd app…
…roach Currently, the content of anonymous private hugetlb mapping is dumped in 2 different images: memfd approach and normal private mapping dumping. In memfd approach, we dump the content of the backing pseudo file (/anon_hugepage). This is incorrect and redundant since the mapping is private, the content of backing file may differ from the content of the mapping. With this commit, we remove the redundant memfd approach dump and only do the normal private mapping dump on anonymous hugetlb mapping. Run zdtm.py run -f h --keep-img always -t zdtm/static/maps09, du -h in the dumped image directory Before this commit 13M test/dump/zdtm/static/maps09/55/1 After this commit 8.5M test/dump/zdtm/static/maps09/55/1 The reduction in size is approximately 4MB which is the size of anonymous private hugetlb mapping in the test. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fa6efbf - Browse repository at this point
Copy the full SHA fa6efbfView commit details
Commits on Jun 20, 2022
-
util/mount-v2: fix resolve_mountpoint() to always return freeable poi…
…nter Else we have a Segmentation fault in __move_mount_set_group() on xfree(source_mp) if resolve_mountpoint() returned statically allocated path. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc160c0 - Browse repository at this point
Copy the full SHA dc160c0View commit details -
This test has one external mount [criumntns] /zdtm_root_ext.tmp -> [testmntns] /mnt_root_ext.test, and it specifically gives '--external mnt[MNT]:.zdtm_root_ext.tmp' option on restore without '/' to make dirname on it return static '.' path (see glibc dirname() code) and reproduce a segfault in resolve_mountpoint(). Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f82b71c - Browse repository at this point
Copy the full SHA f82b71cView commit details
Commits on Jun 21, 2022
-
config: fail on --track-mem option if dirty tracking is not available
Else we trigger BUG in task_reset_dirty_track(): Error (criu/mem.c:45): BUG at criu/mem.c:45 The check in kerndat_get_dirty_track() does not work right. checkpoint-restore#1917 Reported-by: @mrc1119 Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 28581f2 - Browse repository at this point
Copy the full SHA 28581f2View commit details
Commits on Jun 22, 2022
-
This patch contains auto-generated changes from `make indent` Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 029ca22 - Browse repository at this point
Copy the full SHA 029ca22View commit details
Commits on Jul 2, 2022
-
Add SIGTSTP signal dump and restore. Add a corresponding field in the image, save it only if a task is in the stopped state. Restore task state by sending desired stop signal if it is present in the image. Fallback to SIGSTOP if it's absent. Signed-off-by: Yuriy Vasiliev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7968e71 - Browse repository at this point
Copy the full SHA 7968e71View commit details -
stopped03 check that stopped by SIGTSTP tasks are restored correctly. stopped04 check that stopped by SIGSTOP tasks which have blocked SIGTSTP and have SIGTSTP pending are restored correctly. Signed-off-by: Yuriy Vasiliev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c8f9880 - Browse repository at this point
Copy the full SHA c8f9880View commit details
Commits on Jul 13, 2022
-
config/files-reg: Add opt to skip file r/w/x check on restore
A file's r/w/x changing between checkpoint and restore does not necessarily imply that something is wrong. For example, if a process opens a file having perms rw- for reading and we change the perms to r--, the process can be restored and will function as expected. Therefore, this patch adds an option --skip-file-rwx-check to disable this check on restore. File validation is unaffected and should still function as expected with respect to the content of files. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 290a998 - Browse repository at this point
Copy the full SHA 290a998View commit details -
Add --skip-file-rwx-check opt test
Add a simple test using tail to check that processes can't be restored by default when the r/w/x mode of an open file changes, unless --skip-file-rwx-check is used. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8f04c13 - Browse repository at this point
Copy the full SHA 8f04c13View commit details
Commits on Jul 19, 2022
-
rseq: fix headers conflict on Mariner GNU/Linux
1. For some reason, Marier distribution headers not correctly define __GLIBC_HAVE_KERNEL_RSEQ compile-time constant. It remains undefined, but in fact header files provides corresponding rseq types declaration which leads to conflict. 2. Another issue, is that they use uint*_t types instead of __u* types as in original rseq.h. This leads to compile time issues like this: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'uint64_t' {aka 'long unsigned int'} and we can't even replace %llx to %PRIx64 because it will break compilation on other distros (like Fedora) with analogical error: error: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘__u64’ {aka ‘long long unsigned int’} Let's use our-own struct rseq copy fully equal to the kernel one, it's safe because this structure is a part of Linux Kernel ABI. Fixes checkpoint-restore#1934 Reported-by: Nikola Bojanic Signed-off-by: Alexander Mikhalitsyn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1e6e826 - Browse repository at this point
Copy the full SHA 1e6e826View commit details -
x86/compel/fault-inject: fixup mxcsr for PTRACE_SETFPREGS
Error from: ./test/zdtm.py run -t zdtm/static/fpu00 --fault 134 -f h --norst (00.003111) Dumping GP/FPU registers for 56 (00.003121) Error (compel/arch/x86/src/lib/infect.c:310): Corrupting fpuregs for 56, seed 1651766595 (00.003125) Error (compel/arch/x86/src/lib/infect.c:314): Can't set FPU registers for 56: Invalid argument (00.003129) Error (compel/src/lib/infect.c:688): Can't obtain regs for thread 56 (00.003174) Error (criu/cr-dump.c:1564): Can't infect (pid: 56) with parasite See also: 145e9e0d8c6 ("x86/fpu: Fail ptrace() requests that try to set invalid MXCSR values") torvalds/linux@145e9e0 We decided to move from mxcsr cleaning up scheme and use mxcsr mask (0x0000ffbf) as kernel does. Thanks to Dmitry Safonov for pointing out. Tested-on: Intel(R) Xeon(R) CPU E3-1246 v3 @ 3.50GHz Reported-by: Mr. Jenkins Suggested-by: Dmitry Safonov <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 90c0f08 - Browse repository at this point
Copy the full SHA 90c0f08View commit details
Commits on Jul 23, 2022
-
zdtm: Remove permission part check for skipping vsyscall vma
Normally, vsyscall vma has VM_READ, VM_EXEC permission. However, when CONFIG_LEGACY_VSYSCALL_XONLY=y, that vma only has VM_EXEC. This commit removes the permission part when checking to skip vsyscall vma in x32 tests. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ebe9db9 - Browse repository at this point
Copy the full SHA ebe9db9View commit details
Commits on Jul 26, 2022
-
vdso-compat: Increase the reserved buffer for compat vdso
On Arch Linux with 5.18.3-zen1-1-zen kernel, the vdso's size is 3 pages which exceeds the current 2-page reserved buffer. This commit simply increases the reserved buffer size to 4 pages. Fixes: checkpoint-restore#1916 Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e15690b - Browse repository at this point
Copy the full SHA e15690bView commit details
Commits on Aug 4, 2022
-
zdtm: make root mount private in criu mntns
If root mount in criu mntns is slave, it would be slave of host mount where criu is stored, so if someone mounts something in subdir of {criu-dir}/test/ on host while tests are running this mount can influence the test as it appears on top of root mount in criu mntns. 1) With mount-compat this mount can get into restored test mntns, which means wrong restore, as this mount was not there on dump. 2) With mount-v2 this mount would just fail container restore, as root container mount is mounted non-recursively to protect from unexpected mounts appear after restore. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 973b4b6 - Browse repository at this point
Copy the full SHA 973b4b6View commit details -
zdtm/mnt_root_ext: don't allow propagation from test mntns to criu mntns
This test specifically wants to create external bind-mount of "/" from criu mntns to test mntns, and it wants "/" in criu mntns to be a shared mount so that "external" mount in the test mntns is it's slave. This is to triger specific dirname() resolution which happens only when sharing restore is involved for external mounts, and only if rootfs is involved. But initially I missed that when we create external mount in test's temporary mntns it creates a propagation in criu mntns on top of root mount. This mount may influence other tests restore as child mount in root mount converts to locked child mount in criu service mntns (for uns flavour) and when criu would restore root container mount it would fail with EINVAL on non recursive bind with locked children. To fix this mess we just need to prohibit propagating from tests temporary mntns to criu mntns by making mounts slave. Fixes: checkpoint-restore#1941 Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0576f68 - Browse repository at this point
Copy the full SHA 0576f68View commit details -
files-reg.c: modify the check of ghost_limit to support large sparse …
…files files-reg.c checks whether the file size is larger than ghost_limit with st_size (in dump_ghost_remap), which can not deal with large ghost sparse file, since its actual file size is not the same as what st_size shows. Therefore, in this commit, I replace st_size with st_blocks, which shows the actual file size. (1 block = 512B), thus criu can deal with large ghost sparse file. Signed-off-by: Liang-Chun Chen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2549276 - Browse repository at this point
Copy the full SHA 2549276View commit details -
unlink_largefile.desc: remove crfail, since criu now can support
unlink_largefile test In the past, the unlink_largefile test should be fail on large ghost file. However, it used sparse file, it will pass in current criu, since the large ghost sparse file issue was fixed. So the crfail flag of this test should be removed. Signed-off-by: Liang-Chun Chen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4cc4d1d - Browse repository at this point
Copy the full SHA 4cc4d1dView commit details -
zdtm: add two tests for large ghost sparse file
ghost_holes_large00 is a test which creates a large ghost sparse file with 1GiB hole(pwrite can only handle 2GiB maximum on 32-bit system) and 8KiB data, criu should be able to handle this kind of situation. ghost_holes_large01 is a test which creates a large ghost sparse file with 1GiB hole and 2MiB data, since 2MiB is larger than the default ghost_limit(1MiB), criu should fail on this test. v2: fix overflow on 32-bit arch. Signed-off-by: Liang-Chun Chen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d9009f6 - Browse repository at this point
Copy the full SHA d9009f6View commit details
Commits on Aug 5, 2022
-
MAINTAINERS: Add Radostin (myself) to maintainers
I've been contributing to CRIU for sometime and I'm hoping that my familiarity with the project would be sufficient to self-nominate as a maintainer. I would like to help with code reviews, submitting patches, implementing new features, and maintaining the project in general. Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a01859 - Browse repository at this point
Copy the full SHA 8a01859View commit details -
ci: unset XDG_RUNTIME_DIR when invoking podman
We need to pass environment variables from the CI environment to distinguish between CI environments. However, when `sudo -E` is used to run Podman it results in the XDG_RUNTIME_DIR environment variable being set incorrectly that prevents Podman from running. This patch fixes the following error in the GitHub Action virtual environment: error running container: error from /usr/bin/crun creating container for [/bin/sh -c /bin/prepare-for-fedora-rawhide.sh]: sd-bus call: Connection reset by peer Fixes: checkpoint-restore#1942 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f32e626 - Browse repository at this point
Copy the full SHA f32e626View commit details -
There are several changes in glibc 2.36 that make sys/mount.h header incompatible with kernel headers: https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E This patch removes conflicting includes for `<linux/mount.h>` and updates the content of `criu/include/linux/mount.h` to match `/usr/include/sys/mount.h`. In addition, inline definitions sys_*() functions have been moved from "linux/mount.h" to "syscall.h" to avoid conflicts with `uapi/compel/plugins/std/syscall.h` and `<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced with local include to avoid conflicts with `<sys/mount.h>`. Fixes: checkpoint-restore#1949 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4c86d6a - Browse repository at this point
Copy the full SHA 4c86d6aView commit details
Commits on Aug 8, 2022
-
Revert "ci: Switch to non overlaysfs tests"
This reverts commit 8bb05e3. The following bug has been fixed: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1967924 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6a1260a - Browse repository at this point
Copy the full SHA 6a1260aView commit details -
docker-test: use containerd installed from package
In commits [1, 2] the version of containerd installed by default in the GitHub CI virtual environment was replaced with the latest release from GitHub as a workaround to a bug in containerd. This bug has been fixed sometime ago and the current default version of containerd (1.6.6) does not require this workaround. However, with the latest release, the containerd binaries uploaded on GitHub have been built for Ubuntu 22.04 [3]. Our tests are still running on Ubuntu 20.04 and this results in the following error: /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/containerd) /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /usr/bin/containerd) [1] checkpoint-restore@046cad8 [2] checkpoint-restore@81a68ad [3] containerd/containerd@6b2dc9a37 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 557ab8c - Browse repository at this point
Copy the full SHA 557ab8cView commit details -
cr-check: fix check for apparmor stacking
The feature check for AppArmor stacking was introduced in commit: 8723e3f check: add a feature test for apparmor_stacking However, on systems that don't support AppArmour, this check always fails. As a result, `criu check --all` shows the following message: Looks good but some kernel features are missing which, depending on your process tree, may cause dump or restore failure. Reported-by: André Rösti (@andrej) Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5f801c4 - Browse repository at this point
Copy the full SHA 5f801c4View commit details -
cr-check: optimize check for apparmor stacking
The result of check_aa_ns_dumping() is stored in kdat. Instead of doing the same check twice - once on kerndat_init(), and again in check_apparmor_stacking(), we can check the stored value. Suggested-by: Pavel Tikhomirov <[email protected]> Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ce1b705 - Browse repository at this point
Copy the full SHA ce1b705View commit details -
cr-restore: rseq: dynamically handle *libc with rseq
Before this patch we assumed that CRIU is compiled against the same GLibc as it runs with. But as we see from real world examples like checkpoint-restore#1935 it's not always true. The idea of this patch is to detect rseq configuration for the main CRIU process and use it to unregister rseq for all further child processes. It's correct, because we restore pstree using clone*() syscalls, don't use exec*() (!) syscalls, so rseq gets inherited in the kernel and rseq configuration remains the same for all children processes. This will prevent issues like this: checkpoint-restore#1935 Suggested-by: Florian Weimer <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f0b0a64 - Browse repository at this point
Copy the full SHA f0b0a64View commit details -
cr-restore: rseq: use glibc-specific way to unregister only as fallback
Let's use dynamic approach to detect built-in *libc rseq in all cases, and "old" static approach as a fallback path if the user kernel lacks support of ptrace_get_rseq_conf feature. Suggested-by: Florian Weimer <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for db9781e - Browse repository at this point
Copy the full SHA db9781eView commit details
Commits on Aug 10, 2022
-
Add Alexander Mikhalitsyn to maintainers
Alex implemented a few complex features and maintain our CI system. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6206067 - Browse repository at this point
Copy the full SHA 6206067View commit details
Commits on Aug 12, 2022
-
docker-test: handle race condition error
There is a race condition in docker/containerd that causes docker to occasionally fail when starting a container from a checkpoint immediately after the checkpoint has been created. This problem is unrelated to criu and has been reported in moby/moby#42900 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 58fa267 - Browse repository at this point
Copy the full SHA 58fa267View commit details
Commits on Aug 14, 2022
-
ci/cirrus: add CentOS Stream 9
Mostly a copy-paste from the CentOS 8 task, with a few differences: - Use dnf instead of yum - Enable crb instead of powertools - Different way of installing EPEL - No need to switch to python3 as this is the default - junit_xml is now available as an rpm Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3019db3 - Browse repository at this point
Copy the full SHA 3019db3View commit details -
1. Rename CentOS 8 to CentOS Stream 8 (which it is). 2. Install junit_xml from the repo rather than via pip. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2410079 - Browse repository at this point
Copy the full SHA 2410079View commit details
Commits on Aug 15, 2022
-
compel: set TRACESYSGOOD to distinguish breakpoints from syscalls
When delivering system call traps, set bit 7 in the signal number (i.e., deliver SIGTRAP|0x80). This makes it easy for the tracer to distinguish normal traps from those caused by a system call. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 373281f - Browse repository at this point
Copy the full SHA 373281fView commit details -
compel: clear a breakpoint right after it's been triggered
Breakpoints are used to stop as close as possible to a target system call. First, we don't need it after this point. Second, PTRACE_CONT can't pass through a breakpoint on arm64. Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40f5d9b - Browse repository at this point
Copy the full SHA 40f5d9bView commit details -
compel: switch breakpoint functions to non-inline at arm64 platform
Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 267c9bc - Browse repository at this point
Copy the full SHA 267c9bcView commit details -
breakpoint: implement hw breakpoint for arm64 platform
The x86 implement hardware breakpoint to accelerate the tracing syscall procedure instead of `ptrace(PTRACE_SYSCALL)`. The arm64 has the same capability according to <<Learn the architecture: Armv8-A self-hosted debug>>[[1]]. <<Arm Architecture Reference Manual for A-profile architecture>[[2]] illustrates the usage detailly: - D2.8 Breakpoint Instruction exceptions - D2.9 Breakpoint exceptions - D13.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers, n Note: [1]: https://developer.arm.com/documentation/102120/0100 [2]: https://developer.arm.com/documentation/ddi0487/latest Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cc8c6b4 - Browse repository at this point
Copy the full SHA cc8c6b4View commit details -
breakpoint: enable breakpoints by default on amd64 and arm64
Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ec49f42 - Browse repository at this point
Copy the full SHA ec49f42View commit details
Commits on Aug 23, 2022
-
criu: fail migration if data was sent to an in-flight socket
Before this change, CRIU would just lose that data upon migration. So it's better to fail migration in this case. To reproduce the bug one can: 1. Create an AF_UNIX socket and call listen on it. 2. Create a second AF_UNIX socket and call connect to the first one. 3. Send the data to the second socket. 4. Migrate. 5. Call accept on the first socket and then read. There would be no data available. It should be even possible to close the second socket before migration. This would cause accept to hang because CRIU totally misses a closed in-flight socket. Signed-off-by: Michal Clapinski <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e35c59 - Browse repository at this point
Copy the full SHA 6e35c59View commit details -
zdtm: return 1 from pr_err, pr_perror, fail
This allows to make test code more compact: if (ret == -1) { pr_perror("XXX"); return 1; } vs if (ret == -1) return pr_perror("XXX"); Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for edb3e52 - Browse repository at this point
Copy the full SHA edb3e52View commit details -
test/unix: check C/R of unix listen queues
Check that CRIU handles non-empty listen queues properly. Signed-off-by: Andrei Vagin <[email protected]> [[email protected]: update test_doc and test_author] Signed-off-by: Michal Clapinski <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 309e131 - Browse repository at this point
Copy the full SHA 309e131View commit details
Commits on Aug 28, 2022
-
gitignore: Ignore top-evel build dir only
The entry "build/" will ignore any directory named "build" at any level of the source tree, including our scripts/build directory. We only want to ignore the top-level build directory created by `make install`. As the git manpage suggests, entries with slashes at the start or in the middle will only match at the same level as the .gitignore, hence use build/** instead. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3aafc55 - Browse repository at this point
Copy the full SHA 3aafc55View commit details -
ci: Rename openj9 Dockerfiles to hotspot
We used to pull AdoptOpenJDK's OpenJ9 builds but switched to Eclipse Temurin, which uses the HotSpot VM instead of OpenJ9. Rename the corresponding Dockerfiles to hotspot. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 84a7269 - Browse repository at this point
Copy the full SHA 84a7269View commit details -
ci: Add Dockerfile for openj9 on Ubuntu
Semeru builds (which use OpenJ9 instead of HotSpot) are the successors of AdoptOpenJDK's OpenJ9 builds. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8556d83 - Browse repository at this point
Copy the full SHA 8556d83View commit details -
ci: Clean up and improve Java testing
This patch changes top-level OpenJ9 filename and data references to Java to make them generic and launches tests against both HotSpot and OpenJ9 JVMs. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1ba1c39 - Browse repository at this point
Copy the full SHA 1ba1c39View commit details
Commits on Aug 29, 2022
-
mount: add definition for FSOPEN_CLOEXEC
A recent change in glibc introduced `enum fsconfig_command` [1] and as a result the compilation of criu fails with the following errors In file included from criu/pie/util.c:3: /usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command' 240 | enum fsconfig_command | ^~~~~~~~~~~~~~~~ In file included from /usr/include/sys/mount.h:32: criu/include/linux/mount.h:11:6: note: originally defined here 11 | enum fsconfig_command { | ^~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG' 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */ | ^~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command' 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */ | ^~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING' 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command' 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY' 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command' 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH' 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */ | ^~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command' 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */ | ^~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY' 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */ | ^~~~~~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command' 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */ | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD' 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */ | ^~~~~~~~~~~~~~~ criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command' 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */ | ^~~~~~~~~~~~~~~ /usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE' 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command' 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE' 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */ | ^~~~~~~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command' 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */ This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular, sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`. [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570 Reported-by: Younes Manton (@ymanton) Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 517c094 - Browse repository at this point
Copy the full SHA 517c094View commit details
Commits on Aug 30, 2022
-
criu-ns: capture controlling tty
When we are restoring in new pidns we specifically do setsid() from criu-ns init so that sids of restored tasks are non-zero in this pidns and on next dump CRIU would not have problems with zero sids, see [1]. But after this CRIU tries to inherit and setup a tty for the restored process, and it fails to set it's process group via TIOCSPGRP to be a foreground group for it's tty, because tty already is a controlling tty for other session (which we had before setsid). So to make it restore we need to reset tty to be a controlling tty of criu-ns init via TIOCSCTTY before calling criu. Else when restoring first time via criu-ns (from criu-ns dump) we get: Error (criu/tty.c:689): tty: Failed to set group 40816 on 0: Inappropriate ioctl for device checkpoint-restore#232 [1] v2: add why and what comment in code, set controlling tty only for --shell-job and fail if stdin is not a tty. Fixes: checkpoint-restore#1893 Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 94bfff7 - Browse repository at this point
Copy the full SHA 94bfff7View commit details -
files-reg: skip failed mount lookup for shell-job's tty
When we restore a shell-job we would inherit tty-s, so even if we don't have a right mount for it in container on dump, on restore it should just be right. Else when dumping second time via criu-ns we get: (00.005678) Error (criu/files-reg.c:1710): Can't lookup mount=29 for fd=0 path=/dev/pts/20 Fixes: checkpoint-restore#1893 Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2666eec - Browse repository at this point
Copy the full SHA 2666eecView commit details -
ci/gha/lint: install a recent shellcheck
Instead of using shellcheck v0.7.2 from fedora repo, let's install the latest version (v0.8.0). This allows to remove some "shellcheck disable=..." annotations, and (I hope) better checking quality overall. While at it, remove findutils from dnf install as this package is already installed. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c056f99 - Browse repository at this point
Copy the full SHA c056f99View commit details -
scripts/ci/apt-install: fix (not ignore) shellcheck warning
It is ok to quote $@, as it expands to "$1" "$2" ... Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 01e643a - Browse repository at this point
Copy the full SHA 01e643aView commit details -
scripts/ci/asan.sh: fix, not ignore, shellcheck warning
We can use globstar bash feature instead of find in this case. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 527a4ce - Browse repository at this point
Copy the full SHA 527a4ceView commit details -
Fix, not ignore, shellcheck SC1091 warnings
This is easy to fix (but we have to specify -x). Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 06e1cad - Browse repository at this point
Copy the full SHA 06e1cadView commit details -
scripts/ci/run-ci-tests: use bash arrays
This is a preferred way of fixing SC2086 shellcheck warning. Note that since ZDTM_OPTS is passed as a string (via make or docker), we are converting it to an array using read -a. Remove all "shellcheck disable=SC2086" annotations. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0fce00f - Browse repository at this point
Copy the full SHA 0fce00fView commit details -
scripts/ci: rm shellcheck disable annotations
Those are no longer needed with shellcheck 0.8.0. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 72d27e9 - Browse repository at this point
Copy the full SHA 72d27e9View commit details -
scripts/protobuf-gen.sh: fix (not ignore) shellcheck warnings
This basically replaces for x in $(sed ...); do with sed ... | while IFS= read -r x; do The only caveat is, sed program was amended to remove empty lines (there was one right above the PB_AUTOGEN_STOP). Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ebe8770 - Browse repository at this point
Copy the full SHA ebe8770View commit details -
test/others/crit/test.sh: use bash array
In fact an array (aptly named array) is already used in run_test2, so let's just make it an array right from the start. While at it, remove ls invocation. Signed-off-by: Kir Kolyshkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6128eb6 - Browse repository at this point
Copy the full SHA 6128eb6View commit details
Commits on Sep 14, 2022
-
seize: do not overwrite exit code from failpath
Signed-off-by: Liu Hua <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 58257cb - Browse repository at this point
Copy the full SHA 58257cbView commit details
Commits on Oct 2, 2022
-
compel: Add APIs to facilitate testing
Starting the daemon is the first time we run code in the victim using the parasite stack. It's useful for testing to be able to infect the victim without starting the daemon so that we can inspect the victim's state, set up stack guards, and so on before stack-related corruption can happen. Add compel_infect_no_daemon() to infect the victim but not start the daemon and compel_start_daemon() to start the daemon after the victim is infected. Add compel_get_stack() to get the victim's main and thread parasite stacks. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e9a908 - Browse repository at this point
Copy the full SHA 6e9a908View commit details -
compel: Fix infect test to not override failures
Signed-off-by: Younes Manton <[email protected]> return zero on chk success Signed-off-by: Pavel Tikhomirov <[email protected]> Co-authored-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 50dda15 - Browse repository at this point
Copy the full SHA 50dda15View commit details -
compel: Add test to check parasite stack setup
Some ABIs allow functions to store data in caller frame, which means that we have to allocate an initial stack frame before executing code on the parasite stack. This test saves the contents of writable memory that follows the stack after the victim has been infected but before we start using the parasite stack. It later checks that the saved data matches the current contents of the two memory areas. This is done while the victim is halted so we expect a match unless executing parasite code caused memory corruption. The test doesn't detect cases where we corrupted memory by writing the same value. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a7cbdcb - Browse repository at this point
Copy the full SHA a7cbdcbView commit details -
compel: Fix ppc64le parasite stack layout
The ppc64le ABI allows functions to store data in caller frames. When initializing the stack pointer prior to executing parasite code we need to pre-allocating the minimum sized stack frame before jumping to the parasite code. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 615763e - Browse repository at this point
Copy the full SHA 615763eView commit details -
python2-future, python2-junit_xml, python-flake8 and libbsd-devel are now provided from EPEL. Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4cd295b - Browse repository at this point
Copy the full SHA 4cd295bView commit details
Commits on Oct 25, 2022
-
non-root: add infrastructure to run as non-root
The idea behind the rootless CRIU code is, that CRIU reads out its effective capabilities and stores that in the global opts structure. Different parts of CRIU can then, based on the existing capabilities, automatically enable or disable certain code paths. Currently at least CAP_CHECKPOINT_RESTORE is required. CRIU will not start without this capability. Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 294aedc - Browse repository at this point
Copy the full SHA 294aedcView commit details -
non-root: add functions to work with capabilities
This adds the function check_caps() which checks if CRIU is running with at least CAP_CHECKPOINT_RESTORE. That is the minimum capability CRIU needs to do a minimal checkpoint and restore from it. In addition helper functions are added to easily query for other capability for enhanced checkpoint/restore support. Co-authored-by: Younes Manton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for de70d2c - Browse repository at this point
Copy the full SHA de70d2cView commit details -
non-root: enable non-root checkpoint/restore
This commit enables checkpointing and restoring of applications as non-root. First goal was to enable checkpoint and restore of the env00 and pthread00 test case. This uses the information from opts.unprivileged and opts.cap_eff to skip certain code paths which do not work as non-root. Co-authored-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3b5f5c7 - Browse repository at this point
Copy the full SHA 3b5f5c7View commit details -
non-root: Introduce unprivileged mode to kerndat
This patch modifies how kerndat is handled in unprivileged mode. Initialization and functionality that can only be done as root is made separate from common code. The kerndat file's location is defined as $XDG_RUNTIME_DIR/criu.kdat in unprivileged mode. Since we expect that directory to be on tmpfs we maintain the same behavior as the root-mode kerndat which lives in /run. Co-authored-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2cb3da2 - Browse repository at this point
Copy the full SHA 2cb3da2View commit details -
Documentation: add details about --unprivileged
This adds the non-root section and information about the parameter --unprivileged to the man page. Co-authored-by: Anna Singleton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Anna Singleton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1db95af - Browse repository at this point
Copy the full SHA 1db95afView commit details -
non-root: extend zdtm.py to be able to run tests as non-root
These are the minimal changes to make zdtm.py successfully run the env00 and pthread test case as non-root using the '--rootless' zdtm option. Co-authored-by: Younes Manton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0add1b6 - Browse repository at this point
Copy the full SHA 0add1b6View commit details -
non-root: add non-root test case to cirrus runs
Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8cf8fe8 - Browse repository at this point
Copy the full SHA 8cf8fe8View commit details -
cgroup: add a comment to restore_cgroup_prop about path argument requ…
…irements In Virtuozzo we've faced out-of-bound access when calling this function on short path string, which corrupted other memory and lead to segmentation fault. So it may be useful to have this comment in code to avoid such a missuse of this function in future. Signed-off-by: Pavel Tikhomirov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 18c6426 - Browse repository at this point
Copy the full SHA 18c6426View commit details
Commits on Nov 2, 2022
-
ipc_sysctl: Prioritize restoring IPC variables using non usernsd appr…
…oach Since commit torvalds/linux@5563cabdde, user with enough capability can open IPC sysctl files and write to them. Therefore, we don't need to use usernsd process in the outside user namespace to help with that anymore. Furthermore, some later commits: torvalds/linux@1f5c135ee5, torvalds/linux@0889f44e28 bind the IPC namespace to the opened file descriptor of IPC sysctl at the open() time, the changed value does not depend on the IPC namespace of write() time anymore. This breaks the current usernsd approach. So, we prioritize opening/writing IPC sysctl files in the context of restored process directly without usernsd help. This approach succeeds in the newer kernel since the restored process has enough capabilities at this restore stage. With older kernel, the open() fails and we fallback to the usernsd approach. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5bcde6f - Browse repository at this point
Copy the full SHA 5bcde6fView commit details -
Switch aarch64 builds to Cirrus CI
It seems like drone.io no longer provides free aarch64/armhf CI runs. This switches the aarch64 CI runs to Cirrus CI. armhf CI runs have been dropped for now as they are not directly supported. Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 83ed54b - Browse repository at this point
Copy the full SHA 83ed54bView commit details -
cgroup-v2: Checkpoint and restore some global properties
This commit supports checkpoint/restore some new global properties in cgroup-v2 cgroup.subtree_control cgroup.max.descendants cgroup.max.depth cgroup.freeze cgroup.type Only cgroup.subtree_control, cgroup.type need some more code to handle. cgroup.subtree_control value needs to be set with "+", "-" prefix and cgroup.type can only be written with value "threaded" if we want to make this controller threaded. cgroup.type is a special property because this property must be restored before any processes can move into this controller. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f5ad26c - Browse repository at this point
Copy the full SHA f5ad26cView commit details -
zdtm: Add write_value/read_value helpers into zdtm library
Add write_value/read_value helpers to write/read buffer to/from files into zdmt library. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1304415 - Browse repository at this point
Copy the full SHA 1304415View commit details -
zdtm: Add test to check global properties of cgroup-v2 are preserved
Check that CRIU can checkpoint/restore global properties in cgroup-v2 properly. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a8328c7 - Browse repository at this point
Copy the full SHA a8328c7View commit details -
cgroup-v2: Dump cgroup controllers of every threads in a process
Currently, we assume all threads in process are in the same cgroup controllers. However, with threaded controllers, threads in a process may be in different controllers. So we need to dump cgroup controllers of every threads in process and fixup the procfs cgroup parsing to parse from self/task/<tid>/cgroup. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c3a5192 - Browse repository at this point
Copy the full SHA c3a5192View commit details -
cgroup-v2: Restore threads in a process into correct threaded control…
…lers As threads in a process may be in different threaded controllers, we need to move thoses threads to the correct controllers. Because the threads of a process are restored in later stage in restorer.c, we need to create a cgroupd service to help to move those threads into correct controllers when they are restored. We cannot use usernsd as the code in restorer does not know the address of outside function to pass to userns_call. However, this cgroupd service still reuses a lot of code from usernsd. The main logic is that restored threads receive the cg_set number they belong to before restorer stage in case their cg_set are different from main thread. When these threads are restored, they send the cg_set number and their thread ids through unix socket to cgroupd. cgroupd receives the cg_set number and thread ids and moves those threads into correct controllers. Thread ids are sent through SCM_CREDENTIALS of unix socket so they are translated into correct thread ids in the receiving end. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for da84213 - Browse repository at this point
Copy the full SHA da84213View commit details -
zdtm: Check threads are restored into correct threaded controllers
This test creates a process with 2 threads in different threaded controllers and check if CRIU restores these threads' cgroup controllers properly. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 030c5ab - Browse repository at this point
Copy the full SHA 030c5abView commit details -
ci: Make cpuset move to cgroup-v2 hierarchy
As cgroupv2_00, cgroupv2_01 need cpuset in cgroup-v2 hierarchy to check CRIU handle cgroup-v2 properly, umount cpuset in cgroup-v1 to make it move to cgroup-v2. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d3ed3e9 - Browse repository at this point
Copy the full SHA d3ed3e9View commit details
Commits on Nov 8, 2022
-
ci: Do not fail if latest epel repository definition is already insta…
…lled Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f47f5c0 - Browse repository at this point
Copy the full SHA f47f5c0View commit details -
ci: move cgroup unmounting to run-ci-tests.sh
A previous commit added a cgroup cpuset unmounting to scripts/ci/Makefile. We are sometimes running in a container without the necessary privileges to unmount certain cgroups. This commit moves the cgroup unmounting to a place in run-ci-tests.sh which already requires privileged access and does not break unprivileged build-only CI runs. Signed-off-by: Adrian Reber <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 979c842 - Browse repository at this point
Copy the full SHA 979c842View commit details
Commits on Nov 11, 2022
-
kerndat: Mark memfd_create(MFD_HUGETLB) unavailable when ENOSYS is re…
…turned Some users on Raspberry Pi report that the kerndat checking for memfd_create(MFD_HUGETLB) support returns ENOSYS even when memfd_create syscall is available. We currently treat this error as unexpected and return error. This commit marks the memfd_create(MFD_HUGETLB) as unavailable when ENOSYS is returned. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 614fb7d - Browse repository at this point
Copy the full SHA 614fb7dView commit details
Commits on Nov 12, 2022
-
cgroup: Remove redundant code that handles zombie tasks
Zombie tasks are dumped in dump_zombies() so it is redundant to handle them in dump_one_task(). Deprecate cg_set in task_core_entry as this field must be per thread now. Signed-off-by: Bui Quang Minh <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 52435d7 - Browse repository at this point
Copy the full SHA 52435d7View commit details
Commits on Nov 18, 2022
-
Remove execute bit from source file
Signed-off-by: Mathias Gibbens <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c6517a - Browse repository at this point
Copy the full SHA 1c6517aView commit details
Commits on Nov 21, 2022
-
amdgpu: define __nmk_dir if missing
This patch adds a missing definition for `__nmk_dir` in the Makefile for the amdgpu plugin. This definition is required, for example, when building the `test_topology_remap` target: make -C plugins/amdgpu/ test_topology_remap Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7fee7d2 - Browse repository at this point
Copy the full SHA 7fee7d2View commit details -
Fix warnings from -Wstrict-prototypes in clang 16.0.0
While building on a machine that has a HOL clang compiler, I ran into warnings regarding the changed line. It appears this warning is on by default because of anticipated changes to the C standard. Signed-off-by: Drew Wock <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6f3b81d - Browse repository at this point
Copy the full SHA 6f3b81dView commit details
Commits on Nov 24, 2022
-
ci/lint: install ShellCheck with dnf
The way ShellCheck is installed was changed in commit c056f99 (ci/gha/lint: install a recent shellcheck) to use the latest version v0.8.0 and remove some of the "shellcheck disable=..." annotations. Since then, Fedora 37 has been released and the ShellCheck package has been updated to v0.8.0. Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b50d3d7 - Browse repository at this point
Copy the full SHA b50d3d7View commit details -
ci/alpine: remove symlink for /usr/bin/python
The python3 package in Alpine has recently been updated to install symbolic link for /usr/bin/python. https://git.alpinelinux.org/aports/commit/main/python3?id=d91da210b1614eb75517d59b7f348fee01699f35 This causes the following error in CI: Step 10/11 : RUN ln -s /usr/bin/python3 /usr/bin/python ---> Running in a5a94be9dc93 ln: failed to create symbolic link '/usr/bin/python': File exists The command '/bin/sh -c ln -s /usr/bin/python3 /usr/bin/python' returned a non-zero code: 1 Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5b9f7a9 - Browse repository at this point
Copy the full SHA 5b9f7a9View commit details
Commits on Nov 25, 2022
-
This patch fixes applies the changes required by clang-format v15.0.5 for `make indent`. Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4f659d5 - Browse repository at this point
Copy the full SHA 4f659d5View commit details
Commits on Nov 30, 2022
-
files-reg.c: fiemap algorithm for ghost file
In order to reduce the frequency of using system call, based on https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/misc/create_inode.c#n519, I created a new algorithm of dumping chunk via fiemap.(copy_file_to_chunks_fiemap) Also, I added another BOOL_OPT for users to determine which algorithm they want to use. Moreover, for those filesystem not supporting fiemap, criu will fall back to the original algorithm(SEEK_HOLE/SEEK_DATA). v2: don't call copy_chunk_from_file on outstanding extent; rearange headers to workaround "redeclaration of ‘enum fsconfig_command’" problem Signed-off-by: Liang-Chun Chen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7819a11 - Browse repository at this point
Copy the full SHA 7819a11View commit details -
zdtm: add two tests for highly sparse ghost file
ghost_multi_hole00 and ghost_multi_hole01 are tests which create a ghost file with a lot of holes, there are 4K data and 4K hole inside every 8K length. The only difference between them is ghost-fiemap option, 01 is a test for the fiemap dumping algorithm, and we want to test the behavior of EXTENT_MAX_COUNT part, so the file size should be 8M, thus there will be 1024 chunks in the ghost file. In some file system, such as xfs, we somehow can not easily create highly sparse file as in ext4 or btrfs, therefore we need `fallocate` to forcibly create holes. Signed-off-by: Liang-Chun Chen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f4a91fc - Browse repository at this point
Copy the full SHA f4a91fcView commit details
Commits on Dec 3, 2022
-
Signed-off-by: Shubham Verma <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 50db2be - Browse repository at this point
Copy the full SHA 50db2beView commit details
Commits on Dec 12, 2022
-
non-root: Rework socket bufs for unprivileged mode
SO_SNDBUFFORCE/SO_RCVBUFFORCE require root or CAP_NET_ADMIN. We can use SO_SNDBUF/SO_RCVBUF in some cases and avoid needing elevated privileges. This patch renames sk_setbufs() to sk_setbufs_ns() and makes sk_setbufs() a general helper that sets socket send and receive buffer sizes. The helper tries to use SO_SNDBUFFORCE/SO_RCVBUFFORCE first and falls back to SO_SNDBUF/SO_RCVBUF if we're in unprivileged mode. The existing sk_setbufs_ns() which takes a pid parameter and is intended to be called via userns_call() is rewritten to call sk_setbufs(). Existing code that sets buffer sizes via setsockopt() is modified to call sk_setbufs() instead. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b3c7286 - Browse repository at this point
Copy the full SHA b3c7286View commit details -
non-root: Don't dump socket option SO_MARK if 0
Restoring SO_MARK requires root or CAP_NET_ADMIN. If the value is 0 we will avoid dumping it so that we don't need to do a privileged call on restore. Signed-off-by: Younes Manton <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 318ff08 - Browse repository at this point
Copy the full SHA 318ff08View commit details -
Signed-off-by: Andrei Vagin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e11e7f - Browse repository at this point
Copy the full SHA 6e11e7fView commit details
Commits on Dec 13, 2022
-
test/javaTests: update org.testng:testng (Maven)
TestNG is vulnerable to Path Traversal Fixes https://github.com/checkpoint-restore/criu/security/dependabot/1. Signed-off-by: Andrei Vagin <[email protected]> Signed-off-by: Radostin Stoyanov <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 008c2b9 - Browse repository at this point
Copy the full SHA 008c2b9View commit details
Commits on Dec 15, 2022
-
link-remap: Add --keep-link-remaps option
When specified, this option disables the automatic deletion of link-remaps on restore. This allows checkpoints dumped with --link-remap to be restored multiple times (provided that other conditions for reuse are met). Signed-off-by: Drew Wock <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 972ae4e - Browse repository at this point
Copy the full SHA 972ae4eView commit details