Fix timerfd restore problem with double parsing #2030

Change made through this commit: - Include copy of flog as a seperate tree. - Modify the makefile to add and compile flog code. Signed-off-by: prakritigoyal19 <[email protected]>

CID 302713 (checkpoint-restore#1 of 1): Missing varargs init or cleanup (VARARGS) va_end was not called for argptr. Signed-off-by: Adrian Reber <[email protected]>

Separate commit for easier criu-dev <-> master transfer. Acked-by: Mike Rapoport <[email protected]> Signed-off-by: Adrian Reber <[email protected]>

It is mapped, not maped. Same applies for mmap I guess. Found by codespell, except it wants to change it to mapped, which will make it less specific. Signed-off-by: Kir Kolyshkin <[email protected]>

Brought to you by codespell -w (using codespell v2.1.0). [v2: use "make indent" on the result] Signed-off-by: Kir Kolyshkin <[email protected]>

It can be confusing to see error from post-dump action script and non zero return from criu though at the same time see "Dumping finished successfully" in log. I believe it is logical to consider post-dump action script as a part of "dump" process so fail in it means that the whole dump failed. Signed-off-by: Pavel Tikhomirov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

As private hugetlb mappings are not pre-mapped, the content of them is restored in the the restorer which cannot use page_read->read_pages. As a result, we cannot recursively read the content of pre-dumped image in the parent directory and use preadv to read the content from the last dumped image only. Therefore, it may freeze while restoring when the content of mapping is in pre-dumped image in parent directory. We need to skip pre-dumping on hugetlb mappings to resolve the issue. Suggested-by: Alexander Mikhalitsyn <[email protected]> Signed-off-by: Bui Quang Minh <[email protected]>

This reverts commit 37ea8c5. Signed-off-by: Bui Quang Minh <[email protected]>

Reported-by: Mr. Jenkins (ppc64le) Signed-off-by: Alexander Mikhalitsyn <[email protected]>

Name collision with an abandoned project named 'crit' in pypi causes pip to show crit (CRiu Image Tool) as outdated. This patch updates crit to use the same version and license as criu. Fixes checkpoint-restore#1878 Signed-off-by: Radostin Stoyanov <[email protected]>

But actually, 5a92f10 probably has to be reverted as a whole. PIPE_MAX_SIZE is the hard limit to avoid PAGE_ALLOC_COSTLY_ORDER allocations in the kernel. But F_SETPIPE_SZ rounds up a requested pipe size to a power-of-2 pages. It means that when we request PIPE_MAX_SIZE that isn't a power-of-2 number, we actually request a pipe size greater than PIPE_MAX_SIZE. Fixes: 5a92f10 ("page-pipe: Resize up to PIPE_MAX_SIZE") Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

Due to side effects of F_SETPIPE_SZ, the actual pipe size can be greater than PIPE_MAX_SIZE. Signed-off-by: Andrei Vagin <[email protected]>

In this case, vmplice attaches pages without coping them. Signed-off-by: Andrei Vagin <[email protected]>

* handle unexpected errors of process_vm_readv * adjust riovs in analyze_iov * call handle_faulty_iov only if process_vm_readv returns EFAULT. Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

@siris

When building packages for CRIU the source directory might have a name different than 'criu'. Fixes: checkpoint-restore#1877 Reported-by: @siris Signed-off-by: Radostin Stoyanov <[email protected]>

Building the criu packages for Ubuntu/Debian fails with: mkdir: cannot create directory '/var/lib/criu': Permission denied This patch updates PLUGINDIR with the value /usr/lib/criu Fixes: checkpoint-restore#1877 Signed-off-by: Radostin Stoyanov <[email protected]>

This allows us to only detect bad formating in PR changes but not all the CRIU codebase. Signed-off-by: Pavel Tikhomirov <[email protected]>

criu-ns script incorrectly compares the pidns fd with mntns fd. Also reversed the condition in is_my_namespace function to align it with the function name. Signed-off-by: Ashutosh Mehra <[email protected]>

Before this patch, if we had a unixsk with incomming scm packets (with fds) and with the sender side fd closed, we got an error: Error (criu/sk-unix.c:1125): unix: Can't find sender for 0x1e First part of the problem is that unix_note_scm_rights() expects to see a "queuer" which would send scm packets to the unixsk, and there is no as the sender side is closed. Second part of the problem is that we already have "fake" queuers feature so that it already creates a unix socket pair and leaves other end open for later queuing packets. But function add_fake_unix_queuers() is called after unix_note_scm_rights() thus there is no chance to find queuer at the point of failure. Third part is that when we look for a queuer in find_queuer_for() we actually look for a socket for which we are a queuer and not for the socket which is a queuer for us, which is opposite to the name. For cases where both ends are alive both are queuers for each other so this was not important, but for our closed sender case it breaks. So let's reorder add_fake_unix_queuers() before unix_note_scm_rights() and make find_queuer_for() actually do what it's name implies. This situation is started to reproduce on Virtuozzo start/stop tests with the unixsk belonging to systemd, we suppose that this state where the sender fd side is closed happens rarely only on systemd start/stop, so we don't see it in regular suspend resume of long-living containers. Signed-off-by: Pavel Tikhomirov <[email protected]>

Signed-off-by: Pavel Tikhomirov <[email protected]>

This helper restores master_id and shared_id of first mount in the sharing group. It first copies sharing from either external source or internal parent sharing group and makes master_id from shared_id. Next it creates new shared_id when needed. All other mounts except first are just copied from the first one. Signed-off-by: Pavel Tikhomirov <[email protected]>

…root It's a problem when while restoring sharing group we need to copy sharing between two mounts with non-intersecting roots, because kernel does not allow it. We have a case opencontainers/runc#3442, where runc adds different devtmpfs file-bindmounts to container and there is no fsroot mount in container for this devtmpfs, thus mount-v2 faces the above problem. Luckily for the case of external mounts which are in one sharing group and which have non-intersecting roots, these mounts likely only have external master with no sharing, so we can just copy sharing from external source and make it slave as a workaround. checkpoint-restore#1886 Signed-off-by: Pavel Tikhomirov <[email protected]>

Signed-off-by: Pavel Tikhomirov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

…roach Currently, the content of anonymous private hugetlb mapping is dumped in 2 different images: memfd approach and normal private mapping dumping. In memfd approach, we dump the content of the backing pseudo file (/anon_hugepage). This is incorrect and redundant since the mapping is private, the content of backing file may differ from the content of the mapping. With this commit, we remove the redundant memfd approach dump and only do the normal private mapping dump on anonymous hugetlb mapping. Run zdtm.py run -f h --keep-img always -t zdtm/static/maps09, du -h in the dumped image directory Before this commit 13M test/dump/zdtm/static/maps09/55/1 After this commit 8.5M test/dump/zdtm/static/maps09/55/1 The reduction in size is approximately 4MB which is the size of anonymous private hugetlb mapping in the test. Signed-off-by: Bui Quang Minh <[email protected]>

…nter Else we have a Segmentation fault in __move_mount_set_group() on xfree(source_mp) if resolve_mountpoint() returned statically allocated path. Signed-off-by: Pavel Tikhomirov <[email protected]>

This test has one external mount [criumntns] /zdtm_root_ext.tmp -> [testmntns] /mnt_root_ext.test, and it specifically gives '--external mnt[MNT]:.zdtm_root_ext.tmp' option on restore without '/' to make dirname on it return static '.' path (see glibc dirname() code) and reproduce a segfault in resolve_mountpoint(). Signed-off-by: Pavel Tikhomirov <[email protected]>

@mrc1119

Else we trigger BUG in task_reset_dirty_track(): Error (criu/mem.c:45): BUG at criu/mem.c:45 The check in kerndat_get_dirty_track() does not work right. checkpoint-restore#1917 Reported-by: @mrc1119 Signed-off-by: Pavel Tikhomirov <[email protected]>

This patch contains auto-generated changes from `make indent` Signed-off-by: Radostin Stoyanov <[email protected]>

Add SIGTSTP signal dump and restore. Add a corresponding field in the image, save it only if a task is in the stopped state. Restore task state by sending desired stop signal if it is present in the image. Fallback to SIGSTOP if it's absent. Signed-off-by: Yuriy Vasiliev <[email protected]>

stopped03 check that stopped by SIGTSTP tasks are restored correctly. stopped04 check that stopped by SIGSTOP tasks which have blocked SIGTSTP and have SIGTSTP pending are restored correctly. Signed-off-by: Yuriy Vasiliev <[email protected]>

A file's r/w/x changing between checkpoint and restore does not necessarily imply that something is wrong. For example, if a process opens a file having perms rw- for reading and we change the perms to r--, the process can be restored and will function as expected. Therefore, this patch adds an option --skip-file-rwx-check to disable this check on restore. File validation is unaffected and should still function as expected with respect to the content of files. Signed-off-by: Younes Manton <[email protected]>

Add a simple test using tail to check that processes can't be restored by default when the r/w/x mode of an open file changes, unless --skip-file-rwx-check is used. Signed-off-by: Younes Manton <[email protected]>

1. For some reason, Marier distribution headers not correctly define __GLIBC_HAVE_KERNEL_RSEQ compile-time constant. It remains undefined, but in fact header files provides corresponding rseq types declaration which leads to conflict. 2. Another issue, is that they use uint*_t types instead of __u* types as in original rseq.h. This leads to compile time issues like this: format '%llx' expects argument of type 'long long unsigned int', but argument 5 has type 'uint64_t' {aka 'long unsigned int'} and we can't even replace %llx to %PRIx64 because it will break compilation on other distros (like Fedora) with analogical error: error: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘__u64’ {aka ‘long long unsigned int’} Let's use our-own struct rseq copy fully equal to the kernel one, it's safe because this structure is a part of Linux Kernel ABI. Fixes checkpoint-restore#1934 Reported-by: Nikola Bojanic Signed-off-by: Alexander Mikhalitsyn <[email protected]>

Error from: ./test/zdtm.py run -t zdtm/static/fpu00 --fault 134 -f h --norst (00.003111) Dumping GP/FPU registers for 56 (00.003121) Error (compel/arch/x86/src/lib/infect.c:310): Corrupting fpuregs for 56, seed 1651766595 (00.003125) Error (compel/arch/x86/src/lib/infect.c:314): Can't set FPU registers for 56: Invalid argument (00.003129) Error (compel/src/lib/infect.c:688): Can't obtain regs for thread 56 (00.003174) Error (criu/cr-dump.c:1564): Can't infect (pid: 56) with parasite See also: 145e9e0d8c6 ("x86/fpu: Fail ptrace() requests that try to set invalid MXCSR values") torvalds/linux@145e9e0 We decided to move from mxcsr cleaning up scheme and use mxcsr mask (0x0000ffbf) as kernel does. Thanks to Dmitry Safonov for pointing out. Tested-on: Intel(R) Xeon(R) CPU E3-1246 v3 @ 3.50GHz Reported-by: Mr. Jenkins Suggested-by: Dmitry Safonov <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>

Normally, vsyscall vma has VM_READ, VM_EXEC permission. However, when CONFIG_LEGACY_VSYSCALL_XONLY=y, that vma only has VM_EXEC. This commit removes the permission part when checking to skip vsyscall vma in x32 tests. Signed-off-by: Bui Quang Minh <[email protected]>

On Arch Linux with 5.18.3-zen1-1-zen kernel, the vdso's size is 3 pages which exceeds the current 2-page reserved buffer. This commit simply increases the reserved buffer size to 4 pages. Fixes: checkpoint-restore#1916 Signed-off-by: Bui Quang Minh <[email protected]>

If root mount in criu mntns is slave, it would be slave of host mount where criu is stored, so if someone mounts something in subdir of {criu-dir}/test/ on host while tests are running this mount can influence the test as it appears on top of root mount in criu mntns. 1) With mount-compat this mount can get into restored test mntns, which means wrong restore, as this mount was not there on dump. 2) With mount-v2 this mount would just fail container restore, as root container mount is mounted non-recursively to protect from unexpected mounts appear after restore. Signed-off-by: Pavel Tikhomirov <[email protected]>

This test specifically wants to create external bind-mount of "/" from criu mntns to test mntns, and it wants "/" in criu mntns to be a shared mount so that "external" mount in the test mntns is it's slave. This is to triger specific dirname() resolution which happens only when sharing restore is involved for external mounts, and only if rootfs is involved. But initially I missed that when we create external mount in test's temporary mntns it creates a propagation in criu mntns on top of root mount. This mount may influence other tests restore as child mount in root mount converts to locked child mount in criu service mntns (for uns flavour) and when criu would restore root container mount it would fail with EINVAL on non recursive bind with locked children. To fix this mess we just need to prohibit propagating from tests temporary mntns to criu mntns by making mounts slave. Fixes: checkpoint-restore#1941 Signed-off-by: Pavel Tikhomirov <[email protected]>

…files files-reg.c checks whether the file size is larger than ghost_limit with st_size (in dump_ghost_remap), which can not deal with large ghost sparse file, since its actual file size is not the same as what st_size shows. Therefore, in this commit, I replace st_size with st_blocks, which shows the actual file size. (1 block = 512B), thus criu can deal with large ghost sparse file. Signed-off-by: Liang-Chun Chen <[email protected]>

unlink_largefile test In the past, the unlink_largefile test should be fail on large ghost file. However, it used sparse file, it will pass in current criu, since the large ghost sparse file issue was fixed. So the crfail flag of this test should be removed. Signed-off-by: Liang-Chun Chen <[email protected]>

ghost_holes_large00 is a test which creates a large ghost sparse file with 1GiB hole(pwrite can only handle 2GiB maximum on 32-bit system) and 8KiB data, criu should be able to handle this kind of situation. ghost_holes_large01 is a test which creates a large ghost sparse file with 1GiB hole and 2MiB data, since 2MiB is larger than the default ghost_limit(1MiB), criu should fail on this test. v2: fix overflow on 32-bit arch. Signed-off-by: Liang-Chun Chen <[email protected]>

I've been contributing to CRIU for sometime and I'm hoping that my familiarity with the project would be sufficient to self-nominate as a maintainer. I would like to help with code reviews, submitting patches, implementing new features, and maintaining the project in general. Signed-off-by: Radostin Stoyanov <[email protected]>

We need to pass environment variables from the CI environment to distinguish between CI environments. However, when `sudo -E` is used to run Podman it results in the XDG_RUNTIME_DIR environment variable being set incorrectly that prevents Podman from running. This patch fixes the following error in the GitHub Action virtual environment: error running container: error from /usr/bin/crun creating container for [/bin/sh -c /bin/prepare-for-fedora-rawhide.sh]: sd-bus call: Connection reset by peer Fixes: checkpoint-restore#1942 Signed-off-by: Radostin Stoyanov <[email protected]>

There are several changes in glibc 2.36 that make sys/mount.h header incompatible with kernel headers: https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E This patch removes conflicting includes for `<linux/mount.h>` and updates the content of `criu/include/linux/mount.h` to match `/usr/include/sys/mount.h`. In addition, inline definitions sys_*() functions have been moved from "linux/mount.h" to "syscall.h" to avoid conflicts with `uapi/compel/plugins/std/syscall.h` and `<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced with local include to avoid conflicts with `<sys/mount.h>`. Fixes: checkpoint-restore#1949 Signed-off-by: Radostin Stoyanov <[email protected]>

This reverts commit 8bb05e3. The following bug has been fixed: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1967924 Signed-off-by: Radostin Stoyanov <[email protected]>

In commits [1, 2] the version of containerd installed by default in the GitHub CI virtual environment was replaced with the latest release from GitHub as a workaround to a bug in containerd. This bug has been fixed sometime ago and the current default version of containerd (1.6.6) does not require this workaround. However, with the latest release, the containerd binaries uploaded on GitHub have been built for Ubuntu 22.04 [3]. Our tests are still running on Ubuntu 20.04 and this results in the following error: /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/containerd) /usr/bin/containerd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /usr/bin/containerd) [1] checkpoint-restore@046cad8 [2] checkpoint-restore@81a68ad [3] containerd/containerd@6b2dc9a37 Signed-off-by: Radostin Stoyanov <[email protected]>

@andrej

The feature check for AppArmor stacking was introduced in commit: 8723e3f check: add a feature test for apparmor_stacking However, on systems that don't support AppArmour, this check always fails. As a result, `criu check --all` shows the following message: Looks good but some kernel features are missing which, depending on your process tree, may cause dump or restore failure. Reported-by: André Rösti (@andrej) Signed-off-by: Radostin Stoyanov <[email protected]>

The result of check_aa_ns_dumping() is stored in kdat. Instead of doing the same check twice - once on kerndat_init(), and again in check_apparmor_stacking(), we can check the stored value. Suggested-by: Pavel Tikhomirov <[email protected]> Signed-off-by: Radostin Stoyanov <[email protected]>

Before this patch we assumed that CRIU is compiled against the same GLibc as it runs with. But as we see from real world examples like checkpoint-restore#1935 it's not always true. The idea of this patch is to detect rseq configuration for the main CRIU process and use it to unregister rseq for all further child processes. It's correct, because we restore pstree using clone*() syscalls, don't use exec*() (!) syscalls, so rseq gets inherited in the kernel and rseq configuration remains the same for all children processes. This will prevent issues like this: checkpoint-restore#1935 Suggested-by: Florian Weimer <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>

Let's use dynamic approach to detect built-in *libc rseq in all cases, and "old" static approach as a fallback path if the user kernel lacks support of ptrace_get_rseq_conf feature. Suggested-by: Florian Weimer <[email protected]> Signed-off-by: Alexander Mikhalitsyn <[email protected]>

Alex implemented a few complex features and maintain our CI system. Signed-off-by: Andrei Vagin <[email protected]>

There is a race condition in docker/containerd that causes docker to occasionally fail when starting a container from a checkpoint immediately after the checkpoint has been created. This problem is unrelated to criu and has been reported in moby/moby#42900 Signed-off-by: Radostin Stoyanov <[email protected]>

Mostly a copy-paste from the CentOS 8 task, with a few differences: - Use dnf instead of yum - Enable crb instead of powertools - Different way of installing EPEL - No need to switch to python3 as this is the default - junit_xml is now available as an rpm Signed-off-by: Kir Kolyshkin <[email protected]>

1. Rename CentOS 8 to CentOS Stream 8 (which it is). 2. Install junit_xml from the repo rather than via pip. Signed-off-by: Kir Kolyshkin <[email protected]>

When delivering system call traps, set bit 7 in the signal number (i.e., deliver SIGTRAP|0x80). This makes it easy for the tracer to distinguish normal traps from those caused by a system call. Signed-off-by: Andrei Vagin <[email protected]>

Breakpoints are used to stop as close as possible to a target system call. First, we don't need it after this point. Second, PTRACE_CONT can't pass through a breakpoint on arm64. Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

The x86 implement hardware breakpoint to accelerate the tracing syscall procedure instead of `ptrace(PTRACE_SYSCALL)`. The arm64 has the same capability according to <<Learn the architecture: Armv8-A self-hosted debug>>[[1]]. <<Arm Architecture Reference Manual for A-profile architecture>[[2]] illustrates the usage detailly: - D2.8 Breakpoint Instruction exceptions - D2.9 Breakpoint exceptions - D13.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers, n Note: [1]: https://developer.arm.com/documentation/102120/0100 [2]: https://developer.arm.com/documentation/ddi0487/latest Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: fu.lin <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

Before this change, CRIU would just lose that data upon migration. So it's better to fail migration in this case. To reproduce the bug one can: 1. Create an AF_UNIX socket and call listen on it. 2. Create a second AF_UNIX socket and call connect to the first one. 3. Send the data to the second socket. 4. Migrate. 5. Call accept on the first socket and then read. There would be no data available. It should be even possible to close the second socket before migration. This would cause accept to hang because CRIU totally misses a closed in-flight socket. Signed-off-by: Michal Clapinski <[email protected]>

This allows to make test code more compact: if (ret == -1) { pr_perror("XXX"); return 1; } vs if (ret == -1) return pr_perror("XXX"); Signed-off-by: Andrei Vagin <[email protected]>

Check that CRIU handles non-empty listen queues properly. Signed-off-by: Andrei Vagin <[email protected]> [[email protected]: update test_doc and test_author] Signed-off-by: Michal Clapinski <[email protected]>

The entry "build/" will ignore any directory named "build" at any level of the source tree, including our scripts/build directory. We only want to ignore the top-level build directory created by `make install`. As the git manpage suggests, entries with slashes at the start or in the middle will only match at the same level as the .gitignore, hence use build/** instead. Signed-off-by: Younes Manton <[email protected]>

We used to pull AdoptOpenJDK's OpenJ9 builds but switched to Eclipse Temurin, which uses the HotSpot VM instead of OpenJ9. Rename the corresponding Dockerfiles to hotspot. Signed-off-by: Younes Manton <[email protected]>

Semeru builds (which use OpenJ9 instead of HotSpot) are the successors of AdoptOpenJDK's OpenJ9 builds. Signed-off-by: Younes Manton <[email protected]>

This patch changes top-level OpenJ9 filename and data references to Java to make them generic and launches tests against both HotSpot and OpenJ9 JVMs. Signed-off-by: Younes Manton <[email protected]>

@ymanton

A recent change in glibc introduced `enum fsconfig_command` [1] and as a result the compilation of criu fails with the following errors In file included from criu/pie/util.c:3: /usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command' 240 | enum fsconfig_command | ^~~~~~~~~~~~~~~~ In file included from /usr/include/sys/mount.h:32: criu/include/linux/mount.h:11:6: note: originally defined here 11 | enum fsconfig_command { | ^~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG' 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */ | ^~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command' 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */ | ^~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING' 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command' 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY' 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command' 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH' 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */ | ^~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command' 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */ | ^~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY' 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */ | ^~~~~~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command' 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */ | ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD' 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */ | ^~~~~~~~~~~~~~~ criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command' 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */ | ^~~~~~~~~~~~~~~ /usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE' 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */ | ^~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command' 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */ | ^~~~~~~~~~~~~~~~~~~ /usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE' 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */ | ^~~~~~~~~~~~~~~~~~~~~~~~ criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command' 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */ This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular, sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`. [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570 Reported-by: Younes Manton (@ymanton) Signed-off-by: Radostin Stoyanov <[email protected]>

When we are restoring in new pidns we specifically do setsid() from criu-ns init so that sids of restored tasks are non-zero in this pidns and on next dump CRIU would not have problems with zero sids, see [1]. But after this CRIU tries to inherit and setup a tty for the restored process, and it fails to set it's process group via TIOCSPGRP to be a foreground group for it's tty, because tty already is a controlling tty for other session (which we had before setsid). So to make it restore we need to reset tty to be a controlling tty of criu-ns init via TIOCSCTTY before calling criu. Else when restoring first time via criu-ns (from criu-ns dump) we get: Error (criu/tty.c:689): tty: Failed to set group 40816 on 0: Inappropriate ioctl for device checkpoint-restore#232 [1] v2: add why and what comment in code, set controlling tty only for --shell-job and fail if stdin is not a tty. Fixes: checkpoint-restore#1893 Signed-off-by: Pavel Tikhomirov <[email protected]>

When we restore a shell-job we would inherit tty-s, so even if we don't have a right mount for it in container on dump, on restore it should just be right. Else when dumping second time via criu-ns we get: (00.005678) Error (criu/files-reg.c:1710): Can't lookup mount=29 for fd=0 path=/dev/pts/20 Fixes: checkpoint-restore#1893 Signed-off-by: Pavel Tikhomirov <[email protected]>

Instead of using shellcheck v0.7.2 from fedora repo, let's install the latest version (v0.8.0). This allows to remove some "shellcheck disable=..." annotations, and (I hope) better checking quality overall. While at it, remove findutils from dnf install as this package is already installed. Signed-off-by: Kir Kolyshkin <[email protected]>

It is ok to quote $@, as it expands to "$1" "$2" ... Signed-off-by: Kir Kolyshkin <[email protected]>

We can use globstar bash feature instead of find in this case. Signed-off-by: Kir Kolyshkin <[email protected]>

This is easy to fix (but we have to specify -x). Signed-off-by: Kir Kolyshkin <[email protected]>

This is a preferred way of fixing SC2086 shellcheck warning. Note that since ZDTM_OPTS is passed as a string (via make or docker), we are converting it to an array using read -a. Remove all "shellcheck disable=SC2086" annotations. Signed-off-by: Kir Kolyshkin <[email protected]>

Those are no longer needed with shellcheck 0.8.0. Signed-off-by: Kir Kolyshkin <[email protected]>

This basically replaces for x in $(sed ...); do with sed ... | while IFS= read -r x; do The only caveat is, sed program was amended to remove empty lines (there was one right above the PB_AUTOGEN_STOP). Signed-off-by: Kir Kolyshkin <[email protected]>

In fact an array (aptly named array) is already used in run_test2, so let's just make it an array right from the start. While at it, remove ls invocation. Signed-off-by: Kir Kolyshkin <[email protected]>

Signed-off-by: Liu Hua <[email protected]>

Starting the daemon is the first time we run code in the victim using the parasite stack. It's useful for testing to be able to infect the victim without starting the daemon so that we can inspect the victim's state, set up stack guards, and so on before stack-related corruption can happen. Add compel_infect_no_daemon() to infect the victim but not start the daemon and compel_start_daemon() to start the daemon after the victim is infected. Add compel_get_stack() to get the victim's main and thread parasite stacks. Signed-off-by: Younes Manton <[email protected]>

Signed-off-by: Younes Manton <[email protected]> return zero on chk success Signed-off-by: Pavel Tikhomirov <[email protected]> Co-authored-by: Pavel Tikhomirov <[email protected]>

Some ABIs allow functions to store data in caller frame, which means that we have to allocate an initial stack frame before executing code on the parasite stack. This test saves the contents of writable memory that follows the stack after the victim has been infected but before we start using the parasite stack. It later checks that the saved data matches the current contents of the two memory areas. This is done while the victim is halted so we expect a match unless executing parasite code caused memory corruption. The test doesn't detect cases where we corrupted memory by writing the same value. Signed-off-by: Younes Manton <[email protected]>

The ppc64le ABI allows functions to store data in caller frames. When initializing the stack pointer prior to executing parasite code we need to pre-allocating the minimum sized stack frame before jumping to the parasite code. Signed-off-by: Younes Manton <[email protected]>

python2-future, python2-junit_xml, python-flake8 and libbsd-devel are now provided from EPEL. Signed-off-by: Radostin Stoyanov <[email protected]>

The idea behind the rootless CRIU code is, that CRIU reads out its effective capabilities and stores that in the global opts structure. Different parts of CRIU can then, based on the existing capabilities, automatically enable or disable certain code paths. Currently at least CAP_CHECKPOINT_RESTORE is required. CRIU will not start without this capability. Signed-off-by: Adrian Reber <[email protected]>

This adds the function check_caps() which checks if CRIU is running with at least CAP_CHECKPOINT_RESTORE. That is the minimum capability CRIU needs to do a minimal checkpoint and restore from it. In addition helper functions are added to easily query for other capability for enhanced checkpoint/restore support. Co-authored-by: Younes Manton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>

This commit enables checkpointing and restoring of applications as non-root. First goal was to enable checkpoint and restore of the env00 and pthread00 test case. This uses the information from opts.unprivileged and opts.cap_eff to skip certain code paths which do not work as non-root. Co-authored-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>

This patch modifies how kerndat is handled in unprivileged mode. Initialization and functionality that can only be done as root is made separate from common code. The kerndat file's location is defined as $XDG_RUNTIME_DIR/criu.kdat in unprivileged mode. Since we expect that directory to be on tmpfs we maintain the same behavior as the root-mode kerndat which lives in /run. Co-authored-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>

This adds the non-root section and information about the parameter --unprivileged to the man page. Co-authored-by: Anna Singleton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Anna Singleton <[email protected]>

These are the minimal changes to make zdtm.py successfully run the env00 and pthread test case as non-root using the '--rootless' zdtm option. Co-authored-by: Younes Manton <[email protected]> Signed-off-by: Adrian Reber <[email protected]> Signed-off-by: Younes Manton <[email protected]>

Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber <[email protected]>

…irements In Virtuozzo we've faced out-of-bound access when calling this function on short path string, which corrupted other memory and lead to segmentation fault. So it may be useful to have this comment in code to avoid such a missuse of this function in future. Signed-off-by: Pavel Tikhomirov <[email protected]>

…oach Since commit torvalds/linux@5563cabdde, user with enough capability can open IPC sysctl files and write to them. Therefore, we don't need to use usernsd process in the outside user namespace to help with that anymore. Furthermore, some later commits: torvalds/linux@1f5c135ee5, torvalds/linux@0889f44e28 bind the IPC namespace to the opened file descriptor of IPC sysctl at the open() time, the changed value does not depend on the IPC namespace of write() time anymore. This breaks the current usernsd approach. So, we prioritize opening/writing IPC sysctl files in the context of restored process directly without usernsd help. This approach succeeds in the newer kernel since the restored process has enough capabilities at this restore stage. With older kernel, the open() fails and we fallback to the usernsd approach. Signed-off-by: Bui Quang Minh <[email protected]>

It seems like drone.io no longer provides free aarch64/armhf CI runs. This switches the aarch64 CI runs to Cirrus CI. armhf CI runs have been dropped for now as they are not directly supported. Signed-off-by: Adrian Reber <[email protected]>

This commit supports checkpoint/restore some new global properties in cgroup-v2 cgroup.subtree_control cgroup.max.descendants cgroup.max.depth cgroup.freeze cgroup.type Only cgroup.subtree_control, cgroup.type need some more code to handle. cgroup.subtree_control value needs to be set with "+", "-" prefix and cgroup.type can only be written with value "threaded" if we want to make this controller threaded. cgroup.type is a special property because this property must be restored before any processes can move into this controller. Signed-off-by: Bui Quang Minh <[email protected]>

Add write_value/read_value helpers to write/read buffer to/from files into zdmt library. Signed-off-by: Bui Quang Minh <[email protected]>

Check that CRIU can checkpoint/restore global properties in cgroup-v2 properly. Signed-off-by: Bui Quang Minh <[email protected]>

Currently, we assume all threads in process are in the same cgroup controllers. However, with threaded controllers, threads in a process may be in different controllers. So we need to dump cgroup controllers of every threads in process and fixup the procfs cgroup parsing to parse from self/task/<tid>/cgroup. Signed-off-by: Bui Quang Minh <[email protected]>

…lers As threads in a process may be in different threaded controllers, we need to move thoses threads to the correct controllers. Because the threads of a process are restored in later stage in restorer.c, we need to create a cgroupd service to help to move those threads into correct controllers when they are restored. We cannot use usernsd as the code in restorer does not know the address of outside function to pass to userns_call. However, this cgroupd service still reuses a lot of code from usernsd. The main logic is that restored threads receive the cg_set number they belong to before restorer stage in case their cg_set are different from main thread. When these threads are restored, they send the cg_set number and their thread ids through unix socket to cgroupd. cgroupd receives the cg_set number and thread ids and moves those threads into correct controllers. Thread ids are sent through SCM_CREDENTIALS of unix socket so they are translated into correct thread ids in the receiving end. Signed-off-by: Bui Quang Minh <[email protected]>

This test creates a process with 2 threads in different threaded controllers and check if CRIU restores these threads' cgroup controllers properly. Signed-off-by: Bui Quang Minh <[email protected]>

As cgroupv2_00, cgroupv2_01 need cpuset in cgroup-v2 hierarchy to check CRIU handle cgroup-v2 properly, umount cpuset in cgroup-v1 to make it move to cgroup-v2. Signed-off-by: Bui Quang Minh <[email protected]>

…lled Signed-off-by: Adrian Reber <[email protected]>

A previous commit added a cgroup cpuset unmounting to scripts/ci/Makefile. We are sometimes running in a container without the necessary privileges to unmount certain cgroups. This commit moves the cgroup unmounting to a place in run-ci-tests.sh which already requires privileged access and does not break unprivileged build-only CI runs. Signed-off-by: Adrian Reber <[email protected]>

…turned Some users on Raspberry Pi report that the kerndat checking for memfd_create(MFD_HUGETLB) support returns ENOSYS even when memfd_create syscall is available. We currently treat this error as unexpected and return error. This commit marks the memfd_create(MFD_HUGETLB) as unavailable when ENOSYS is returned. Signed-off-by: Bui Quang Minh <[email protected]>

Zombie tasks are dumped in dump_zombies() so it is redundant to handle them in dump_one_task(). Deprecate cg_set in task_core_entry as this field must be per thread now. Signed-off-by: Bui Quang Minh <[email protected]>

Signed-off-by: Mathias Gibbens <[email protected]>

This patch adds a missing definition for `__nmk_dir` in the Makefile for the amdgpu plugin. This definition is required, for example, when building the `test_topology_remap` target: make -C plugins/amdgpu/ test_topology_remap Signed-off-by: Radostin Stoyanov <[email protected]>

While building on a machine that has a HOL clang compiler, I ran into warnings regarding the changed line. It appears this warning is on by default because of anticipated changes to the C standard. Signed-off-by: Drew Wock <[email protected]>

The way ShellCheck is installed was changed in commit c056f99 (ci/gha/lint: install a recent shellcheck) to use the latest version v0.8.0 and remove some of the "shellcheck disable=..." annotations. Since then, Fedora 37 has been released and the ShellCheck package has been updated to v0.8.0. Signed-off-by: Radostin Stoyanov <[email protected]>

The python3 package in Alpine has recently been updated to install symbolic link for /usr/bin/python. https://git.alpinelinux.org/aports/commit/main/python3?id=d91da210b1614eb75517d59b7f348fee01699f35 This causes the following error in CI: Step 10/11 : RUN ln -s /usr/bin/python3 /usr/bin/python ---> Running in a5a94be9dc93 ln: failed to create symbolic link '/usr/bin/python': File exists The command '/bin/sh -c ln -s /usr/bin/python3 /usr/bin/python' returned a non-zero code: 1 Signed-off-by: Radostin Stoyanov <[email protected]>

This patch fixes applies the changes required by clang-format v15.0.5 for `make indent`. Signed-off-by: Radostin Stoyanov <[email protected]>

In order to reduce the frequency of using system call, based on https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/misc/create_inode.c#n519, I created a new algorithm of dumping chunk via fiemap.(copy_file_to_chunks_fiemap) Also, I added another BOOL_OPT for users to determine which algorithm they want to use. Moreover, for those filesystem not supporting fiemap, criu will fall back to the original algorithm(SEEK_HOLE/SEEK_DATA). v2: don't call copy_chunk_from_file on outstanding extent; rearange headers to workaround "redeclaration of ‘enum fsconfig_command’" problem Signed-off-by: Liang-Chun Chen <[email protected]>

ghost_multi_hole00 and ghost_multi_hole01 are tests which create a ghost file with a lot of holes, there are 4K data and 4K hole inside every 8K length. The only difference between them is ghost-fiemap option, 01 is a test for the fiemap dumping algorithm, and we want to test the behavior of EXTENT_MAX_COUNT part, so the file size should be 8M, thus there will be 1024 chunks in the ghost file. In some file system, such as xfs, we somehow can not easily create highly sparse file as in ext4 or btrfs, therefore we need `fallocate` to forcibly create holes. Signed-off-by: Liang-Chun Chen <[email protected]>

Signed-off-by: Shubham Verma <[email protected]>

SO_SNDBUFFORCE/SO_RCVBUFFORCE require root or CAP_NET_ADMIN. We can use SO_SNDBUF/SO_RCVBUF in some cases and avoid needing elevated privileges. This patch renames sk_setbufs() to sk_setbufs_ns() and makes sk_setbufs() a general helper that sets socket send and receive buffer sizes. The helper tries to use SO_SNDBUFFORCE/SO_RCVBUFFORCE first and falls back to SO_SNDBUF/SO_RCVBUF if we're in unprivileged mode. The existing sk_setbufs_ns() which takes a pid parameter and is intended to be called via userns_call() is rewritten to call sk_setbufs(). Existing code that sets buffer sizes via setsockopt() is modified to call sk_setbufs() instead. Signed-off-by: Younes Manton <[email protected]>

Restoring SO_MARK requires root or CAP_NET_ADMIN. If the value is 0 we will avoid dumping it so that we don't need to do a privileged call on restore. Signed-off-by: Younes Manton <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

TestNG is vulnerable to Path Traversal Fixes https://github.com/checkpoint-restore/criu/security/dependabot/1. Signed-off-by: Andrei Vagin <[email protected]> Signed-off-by: Radostin Stoyanov <[email protected]>

We restore timerfd with the state of it_value and it_interval. However, when it_value is zero, the timer will be restore without running. Because it_value is changing with the timer running, we can restore the timerfd with double parsing the it_value. If the timer is running, the it_value can be non-zero at least once. Signed-off-by: Jingxian He <[email protected]>

Fix timerfd restore problem with double parsing #2030

Are you sure you want to change the base?

Fix timerfd restore problem with double parsing #2030

Commits on May 13, 2022

Commits on May 16, 2022

Commits on May 17, 2022

Commits on Jun 8, 2022

Commits on Jun 13, 2022

Commits on Jun 14, 2022

Commits on Jun 20, 2022

Commits on Jun 21, 2022

Commits on Jun 22, 2022

Commits on Jul 2, 2022

Commits on Jul 13, 2022

Commits on Jul 19, 2022

Commits on Jul 23, 2022

Commits on Jul 26, 2022

Commits on Aug 4, 2022

Commits on Aug 5, 2022

Commits on Aug 8, 2022

Commits on Aug 10, 2022

Commits on Aug 12, 2022

Commits on Aug 14, 2022

Commits on Aug 15, 2022

Commits on Aug 23, 2022

Commits on Aug 28, 2022

Commits on Aug 29, 2022

Commits on Aug 30, 2022

Commits on Sep 14, 2022

Commits on Oct 2, 2022

Commits on Oct 25, 2022

Commits on Nov 2, 2022

Commits on Nov 8, 2022

Commits on Nov 11, 2022

Commits on Nov 12, 2022

Commits on Nov 18, 2022

Commits on Nov 21, 2022

Commits on Nov 24, 2022

Commits on Nov 25, 2022

Commits on Nov 30, 2022

Commits on Dec 3, 2022

Commits on Dec 12, 2022

Commits on Dec 13, 2022

Commits on Dec 26, 2022