- 13 Jul, 2015 9 commits
-
-
Andrey Vagin authored
The kill syscall queues a signal, but doesn't wait when it will be handled. We need to wait processes if we kill them. The user doesn't expect to find processes after dump in this case. PTRACE_DETACH returns errors for dead tasks, so we don't need to do it in these cases. Cc: Nikita Spiridonov <nspiridonov@odin.com> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Ruslan Kuprieiev authored
Having ability to have your own options structure is quite nice and allows much more flexible use of libcriu in cases when you want to have a bunch of instances of options structures. This patch also allows users to use raw CriuOpts structure modified in any suitable way, whether by libcriu's criu_local_set methods or by using protobuf-c directly. It is also worth noting, that backward-compatibility in API and ABI is preserved. Signed-off-by:
Ruslan Kuprieiev <rkuprieiev@cloudlinux.com> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
| CID 96750 (#1 of 1): Resource leak (RESOURCE_LEAK) | 163. leaked_storage: Variable sec_hdrs going out of scope leaks the storage it points to. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Adding ppc64le specific parts to run test on this architecture. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
In test_msg() a buffer is allocated on stack to cook the outputed message. This buffer's size was defined using the PAGE_SIZE constant defined in zdtmtst.h file. On some system like ppc64, the page size is large (64K), leading to massive stack allocation, which may be too large in case of alternate stack like the one used in the sigaltstack test. This fix, defines a 2048 characters buffer for test_msg, and expose a constant to allocate stack accordingly in the sigaltstack test. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Calls to setsockopt(PACKET_RX_RING/PACKET_TX_RING) are dependent of the system's page size. Using sysconf() page size makes these tests working on ppc64 where page size is 64K. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Since the page size may be different from an architecture/a system to another it should not be hard coded to 4096. As a consequence, several tests are failing on ppc64 due to a wrong page size value. This fix belongs to sysconf to get the current page size. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Reviewed-by:
Christopher Covington <cov@codeaurora.org> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
linux/seccomp.h may not be available, and the seccomp mode might not be listed in /proc/pid/status, so let's not assume those two things are present. v2: add a seccomp.h with all the constants we use from linux/seccomp.h v3: don't do a compile time check for PTRACE_O_SUSPEND_SECCOMP, just let ptrace return EINVAL for it; also add a checkskip to skip the seccomp_strict test if PTRACE_O_SUSPEND_SECCOMP or linux/seccomp.h aren't present. v4: use criu check --feature instead of checkskip to check whether the kernel supports seccomp_suspend Reported-by: Mr. Jenkins Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
v2: actually set ret = -1 on failure v3: add a --feature option for suspend_seccomp (and make this patch 1, since the tests depend on it now) Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 24 Jun, 2015 7 commits
-
-
Laurent Dufour authored
When freeing the vma entries, don't call close on vm_file_fd when dealing with a VMA AIO entry since the vm_file_fd is then filled with aio_nr_req as part of the union. I hit this issue when running the test aio00 on ppc64. Here the value of the VMA aio aio_nr_req field was matching the value of the service file descriptor IMG_FD_OFF. This leads to an obscure checkpoint error. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
The initial support of the SYS V shared memory on ppc64 is broken. The call to shmat done in the restore blob has no chance to work correctly. This patch fixes the sys_shmat call. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Ruslan Kuprieiev authored
Using collections.OrderedDict allows us to keep fields in the same order as they appear in corresponding proto files, which helps to impove readability. In non-pretty mode we still use regular dict. Signed-off-by:
Ruslan Kuprieiev <rkuprieiev@cloudlinux.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Since we don't support dumping per-thread creds, let's at least fail to dump if the creds don't match. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Note that we don't add the test into the list of tests to run, because it will fail without the associated kernel patch. v2: spin lock until seccomp strict is set on the child Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Unfortunately, SECCOMP_MODE_FILTER is not currently exposed to userspace, so we can't checkpoint that. In any case, this is what we need to do for SECCOMP_MODE_STRICT, so let's do it. This patch works by first disabling seccomp for any processes who are going to have seccomp filters restored, then restoring the process (including the seccomp filters), and finally resuming the seccomp filters before detaching from the process. v2 changes: * update for kernel patch v2 * use protobuf enum for seccomp type * don't parse /proc/pid/status twice v3 changes: * get rid of extra CR_STAGE_SECCOMP_SUSPEND stage * only suspend seccomp in finalize_restore(), just before the unmap * restore the (same) seccomp state in threads too; also add a note about how this is slightly wrong, and that we should at least check for a mismatch Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 19 Jun, 2015 2 commits
-
-
Cyrill Gorcunov authored
For testing purpose we need to disable using of piegen utility. So lets add PIEGEN make option thus one can "PIEGEN=no make" to build criu without piegen at all. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
Eric wants to restrict permissions for proc mounts in a non-root userns according with proc mounts in the root userns. Author: Eric W. Biederman <ebiederm@xmission.com> Date: Fri May 8 23:49:47 2015 -0500 mnt: Modify fs_fully_visible to deal with locked ro nodev and atime Ignore an existing mount if the locked readonly, nodev or atime attributes are less permissive than the desired attributes of the new mount. ... Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 16 Jun, 2015 6 commits
-
-
Pavel Emelyanov authored
Reasoning: some systems have /sys/fs/cgroup stuff mounted as read-only and we have to either remount it rw or create our own set. The former doesn't look sane as this rw remounting is also done by ststemd, so let's return back to manual cgyard construction. This reverts commit 860df95f. Conflicts: cgroup.c include/cr_options.h Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Instead of keeping around multiple fds that point to various places in /proc, let's just use /proc and openat() things relative to it. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
This is a little tricky, since the threads are forked in the restorer blob, we can't open their attr/curent files to pass into the restorer blob. So, we pass in an fd for /proc that the restorer blob can use to access the attr/current files once they exist. N.B. this is still incorrect in that it restores the same credentials for all threads in the group; however, it matches the behavior of the current creds restore code, which also restores the same creds for all threads in the group. v2: use simple_sprintf() instead of pie_strcat() Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
We'll use this in the next patch for printing paths to LSM files in /proc. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
o_O this is one of those "how has nobody ever hit this" bugs. According to: http://stackoverflow.com/questions/2535989/what-are-the-calling-conventions-for-unix-linux-system-calls-on-x86-64 syscall on x86_64 clobbers rcx and r11. We should mark these registers as clobbered in RUN_CLONE_RESTORE_FN so that gcc avoids using them, e.g.: ...<__export_restore_task> ... 1894: 49 89 db mov r11,rbx 1897: 4c 8d 4c 24 60 lea r9,[rsp+0x60] 189c: 48 89 eb mov rbx,rbp 189f: 48 89 44 24 10 mov QWORD PTR [rsp+0x10],rax 18a4: 48 8d 44 24 30 lea rax,[rsp+0x30] 18a9: 48 89 44 24 18 mov QWORD PTR [rsp+0x18],rax 18ae: eb 53 jmp 1903 <clone_end+0x15> 00000000000018b0 <clone_emul>: 18b0: 48 8b 74 24 08 mov rsi,QWORD PTR [rsp+0x8] 18b5: 48 83 ee 10 sub rsi,0x10 18b9: 48 89 ef mov rdi,rbp 18bc: 48 89 7e 08 mov QWORD PTR [rsi+0x8],rdi 18c0: 49 8b 7b 20 mov rdi,QWORD PTR [r11+0x20] 18c4: 48 89 3e mov QWORD PTR [rsi],rdi 18c7: 48 c7 c7 00 0d 05 00 mov rdi,0x50d00 18ce: 48 8b 54 24 18 mov rdx,QWORD PTR [rsp+0x18] 18d3: 4d 89 fa mov r10,r15 18d6: b8 38 00 00 00 mov eax,0x38 18db: 0f 05 syscall 18dd: 48 85 c0 test rax,rax 18e0: 74 05 je 18e7 <thread_run> 18e2: 48 89 c5 mov rbp,rax 18e5: eb 07 jmp 18ee <clone_end> 00000000000018e7 <thread_run>: 18e7: 48 31 ed xor rbp,rbp 18ea: 58 pop rax 18eb: 5f pop rdi 18ec: ff d0 call rax 00000000000018ee <clone_end>: 18ee: 41 83 c5 01 add r13d,0x1 18f2: 49 81 c7 00 8c 00 00 add r15,0x8c00 18f9: 45 39 6b 14 cmp DWORD PTR [r11+0x14],r13d will cause a seg fault because r11 is clobbered. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Otherwise getting | parasite-syscall.c: In function ‘parasite_infect_seized’: | parasite-syscall.c:1222:5: error: ‘elf_relocs’ undeclared (first use in this function) Simply wrap the @elf_relocs_apply with macros. Reported-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 15 Jun, 2015 8 commits
-
-
Cyrill Gorcunov authored
When been playing wich checkpoint/restore of container I found that we can't reuse existing controller if they were pre-created. For example currently in PCS7 we're bindmount cgroups which belong to a container in a form of /sys/fs/cgroup/<controller>/<container> ==> /sys/fs/cgroup/<controller> so that CRIU dumps such configuration fine but on restore it recreates controllers from the scratch which we would like to bindmount them and ask CRIU to restore subcgroups and their parameters. So I extended --manage-cgroups option to take <mode> arguments. Detailed description in docs. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Currently we always create temporary directory where we restore cgroups, but this won't work in case if mounting cgroups is forbidden from inside of a container for some reason (as in OpenVZ kernel). So one can pass --cgroup-yard option to specify an existing directory where cgroups are living. By default we assume it lays in /sys/fs/cgroup. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
For example some linkers generate @__export_parasite_args as symbol which won't relocate. Handle such case properly. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Otherwise it's confusing since. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
The error I got was: CC pie/piegen/elf-x86-64.o In file included from pie/piegen/elf-x86-32.c:16:0: pie/piegen/elf.c: In function ‘handle_elf_x86_32’: pie/piegen/elf.c:476:3: error: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘Elf32_Word’ [-Werror=format=] pr_debug("Copying section '%s'\n" \ ^ Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
On PPC64, the hard definition of TFD_IOC_SET_TICKS doesn't match the kernel one. We should use the _IOW based on to be more flexible here. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 11 Jun, 2015 8 commits
-
-
Tycho Andersen authored
We'll need this for use in the restorer blob for restoring LSMs. It looks like arm already has openat, so I think it's just x86 and ppc that need it. In any case, please double check this, as I've only tested it on x86. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Reported-by: Mr Jenkins Signed-off-by:
Andrew Vagin <avagin@openvz.org> Acked-by:
Ruslan Kuprieiev <rkuprieiev@cloudlinux.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
If the netns image is absent, the NetnsEntry entry will not be initialized. Currently restore from old images crashes: Core was generated by `criu swrk 3'. Program terminated with signal SIGSEGV, Segmentation fault. $0 0x0000000000427d80 in netns_entry.free_unpacked () (gdb) bt $0 0x0000000000427d80 in netns_entry.free_unpacked () $1 0x0000000000436d07 in prepare_net_ns () $2 0x0000000000457c78 in prepare_namespace () $3 0x0000000000432917 in restore_task_with_children () $4 0x00007fc86acfccfd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 v2: remove debugging code Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Acked-by:
Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
The checkpoint and restore of the Power PC floating point registers is buggy. The issue is that the signal frame context is defined to store double value while the protocol buffer is handling unsigned 64bits integer value. A silent cast done by the compiler was modifying the restored value in our back. This fix changes the type used when manipulating the FP registers value to be consistent between checkpoint and restart. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
Otherwise the root yard can be propagated into the host mount namespace and remain there and criu will fail, because it will not be able to remove the roots yard. It occures if we give a shared mount as root to "criu restore" and criu converts it into a slave mount. Reported-by:
Cyrill Gorcunov <gorcunov@openvz.org> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Acked-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Add prefix to the piegen's error and debug output to avoid confusion and fix few debug lines. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Since opts is defined as extern in piegen.h, there is no need to pass it as argument. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Introduce a new -o argument to piegen to specify generate file name. Send the debug stream to stdout and force it to /dev/null in the makefile if V=1 is not specify. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-