- 14 Mar, 2017 40 commits
-
-
Kir Kolyshkin authored
getopt_long() prints an error message and returns '?' in cases - an unknown option is given - a required option argument is missing In such cases, we need to show usage and exit with an error. Signed-off-by:
Kir Kolyshkin <kir@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by:
Andrei Vagin <avagin@virtuozzo.com>
-
Kir Kolyshkin authored
In case our command line is not good, it's not enough to just show usage info -- it is much better to explicitly say what's wrong. Signed-off-by:
-
Kir Kolyshkin authored
Without this check, if -o is not given, compel will fail with the following error: Can't open (null) It's non-trivial to figure out that it means -o is required. While at it, initialize the corresponding field. Signed-off-by:
-
Kir Kolyshkin authored
It will be easier to modify that way. This also fixes incorrect exit code from compel -h. Signed-off-by:
-
Kir Kolyshkin authored
Checks for a number of arguments are to be done after option parsing. With this patch, compel -V now works. Signed-off-by:
-
Kir Kolyshkin authored
Got this when using compel hgen on arm 32-bit: Error (compel/src/lib/handle-elf-host.c:115): String section header @0xf66e11ec is out of [0xf66e1174, 0xf66e1264) Looking at this, it does not make sense. For the reference, sizeof(Elf_Shdr) is 0x28, so end position is also well within bounds. Apparently, the check for string section header bounds is wrong as the last argument of __ptr_struct_oob() is supposed to be a region size, not the region end address as it is. This always worked before because the check was too relaxed, and compel was never used on 32-bit ARM. This time it didn't work because of a 32-bit overflow, which helped to find this bug. This is a fix to commit 6402f03 ("compel: separate get_strings_section from __handle_elf"). Cc: Dmitry Safonov <dsafonov@virtuozzo.com> Signed-off-by:Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
Cyrill Gorcunov authored
Simply run tracee from specfied IP assuming it's arelady have trapping instruction in stream. It's unsafe low-level function use with caution. travis-ci: success for compel: A fix and new helper Signed-off-by:
-
Dmitry Safonov authored
Why should we have self-unmapping code in parasite? It looks like, we can drop this code using simple sys_unmap() injection (like that I did for `criu exec` action and for cases where we failed to insert parasite by some reason, but still need to unmap remotes). It's an RFC, so just a suggestion - maybe I miss something you have in mind - please, describe that/those things. My motivation is: - less code, defined commands for PIE, one BUG() less, one jump to PIE less - I'm making one 64-bit parasite on x86 instead of two 32 and 64 bit. It works (branch 32-one-parasite) with long-jump in the beginning to 64-bit code from 32-bit task. On parasite curing it sig-returns from 64-bit parasite to 32-bit task, this point we're trapping in CRIU. After that we command parasite to unmap itself, so it long-jumps again to parasite 64-bit code, unmaps, we caught task after sys_unmap and the task is with 64-bit CS. We can't set 32-bit registers after this - kernel checks that registers set is the same on PTRACE_SETREGSET: > > static int ptrace_regset(struct task_struct *task, int req, unsigned int type, > > struct iovec *kiov) ... > > if (!regset || (kiov->iov_len % regset->size) != 0) > > return -EINVAL; So, to return again to 32-bit task I need sigreturn() again or add long-jump with 32-bit CS. I've disable that for 32-bit testing with (in compel_cure_remote): - if (ctl->addr_cmd) { + if (ctl->addr_cmd && user_regs_native(&ctl->orig.regs)) { And it works. It also works for native tasks, so why should we keep it? travis-ci: success for compel: kill self-unmap in parasite Cc: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Cc: Andrei Vagin <avagin@virtuozzo.com> Signed-off-by:Dmitry Safonov <dsafonov@virtuozzo.com> Acked-by:
-
Pavel Emelyanov authored
The library can be used not only to run infection blobs, but also just to execute syscalls remotely and here's an example of how to do this. Signed-off-by:
-
Pavel Emelyanov authored
And, at the same time, an example of how to work with compel. Based on titanic preliminary work of Cyrill :) Signed-off-by:
-
Pavel Emelyanov authored
It uses regs caller doesn't always know and is actually a core routine under the API compel_syscall() one. Signed-off-by:
-
Pavel Emelyanov authored
The size value should be page_size() aligned, which is inconvenient for callers, and also differs from the bsize only a little bit, so it's nicer to have the nr_gotpcrel value which is anyway generated by compel hgen. Signed-off-by:
-
Pavel Emelyanov authored
These names are generated by compel hgen, so there's no need in making callers know them. Signed-off-by:
-
Pavel Emelyanov authored
To be symmetrical with compel_stop_task() one. Signed-off-by:
-
Pavel Emelyanov authored
The routine itself is in library, just forgot to putt the declaration into UAPI header. Signed-off-by:
-
Cyrill Gorcunov authored
We use fds helpers in std plugin anyway so just merge it in. Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
To ship plugins, libs and dev headers. Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Because we build compel from toplevel directory inclusion of "common/" doesn't cause any problem but will in future (especially when our headers start using it). Thus add symlink immediately and it will be a notice for installer that common directory in needed in uapi. Signed-off-by:
-
Pavel Emelyanov authored
Right now we load blob into libcompel by providing values from .h file which was generated by "compel hgen" command. In the future we'd like to provide other ways (e.g. by pusing mmap()-ed memory with .o file, or by .o file path), so prepare for such future. travis-ci: success for compel: Prepare for several ways to load blob into libcompel Signed-off-by:
-
Cyrill Gorcunov authored
Where hgen stands for "header generator". travis-ci: success for compel: Rename 'piegen' action into 'hgen' Signed-off-by:
-
Cyrill Gorcunov authored
- extend handle_sigchld - fix garbage return in compel_prepare - handle errors in make_sock_for travis-ci: success for compel: A few fixes and example Signed-off-by:
-
Cyrill Gorcunov authored
It's libcompel's helper. We need to address this problem later. travis-ci: success for compel: A few fixes and example Signed-off-by:
-
Dmitry Safonov authored
Implementation for PIE's builtin_memcpy located at criu/arch/x86/include/asm/string.h travis-ci: success for Compel/compat cleanups Signed-off-by:
-
Dmitry Safonov authored
We don't need them in libcompel for PIE - only needed for C/R. Fixes (with compat enabled back): CC criu/arch/x86/sigaction_compat.o In file included from criu/arch/x86/sigaction_compat.c:1:0: /home/japdoll/tools/criu/criu/arch/x86/include/asm/restorer.h:15:25: error: unknown type name ‘tls_t’ extern void restore_tls(tls_t *ptls); ^~~~~ travis-ci: success for Compel/compat cleanups Signed-off-by: -
Dmitry Safonov authored
Libcompel is now responsible for system calls - criu already depends on building of compel, this code is commented-out... Drop it! travis-ci: success for Compel/compat cleanups Signed-off-by:
-
Dmitry Safonov authored
Remove compatible sigset structure: as it has the same size for both 32-bit and 64-bit, I didn't use it across the code, only for a size check. The check is removed as we use now only k_rtsigset_t. Wordsize for sigset is changed to 64-bit - as it's written in comment for possible 32-bit native building. If we ever going to support compat mode for other archs, we will need to re-introduce compat_sigset_t type if it has for those archs different sizes for compat/native builds. But for a while, let's simplify this. travis-ci: success for Compel/compat cleanups Signed-off-by:
-
Pavel Emelyanov authored
Now we have two routines one of which needs a callback for proc parsing. This is complex, but needed by CRIU. For others let's have a single "stop" call that would to everything. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Cyrill Gorcunov authored
CRIU keeps all registers on CoreEntry and makes sigframe from them as well, which means anyone using the compel library have to provide own handlers, which is inconvenient. So now it's possible to leave this task for libcompel itself: it will save the regs and prerare sigframe on its own. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
CRIU sets up a child hander to get errors from tasks it infects. For compel we'd have the same problem, so there's a way to request for custom child handler, but compel should provide some default by himself. And it's not clear atm how this should look like, so here's a plain stub to move forward. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
Compel needs a socket that lives in victim's net namespace. CRIU creates this socket once for all the processes it works with. For pure compel case the socket is created for each new ctl. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
Yet again -- CRIU has an optimized openat()-based engine that is slightly faster for opening "/proc" files rather than plain open(). The latter is provided by default by compel. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
The ictx->syscall_ip is the address of any x-able VMA. CRIU knows this as it parses the smaps file (heavily). For others compel just parses /proc/pid/maps file. travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
The original compel_prepare() also initializes the infect_ctx with values suitable for simple usage. As a starting point the task_size value is set. The compel_prepare_noctx() allocates ctx-less handler that is to be filled by the caller (CRIU). travis-ci: success for compel: Contrinue improving library Signed-off-by:
-
Pavel Emelyanov authored
https://travis-ci.org/xemul/criu/builds/177585567Signed-off-by:
-
Pavel Emelyanov authored
This one is needed only for task_size() on some arches and it is simpler to keep this routine in compel .c rather than messing with common/page.h installation. https://travis-ci.org/xemul/criu/builds/177585567Signed-off-by:
-
Cyrill Gorcunov authored
PIE logger already in compel. Forgot to remove. travis-ci: success for criu: Drop dangling symlink Signed-off-by:
-
Kir Kolyshkin authored
This is highly controversial, but fixes the following compilation problem with Alpine Linux (i.e. musl libc) caused by the previous commit (""): > gcc -c -O2 -g -Wall -Wformat-security -Werror -D_FILE_OFFSET_BITS=64 > -D_GNU_SOURCE -iquote include/ -iquote /criu/compel/include -iquote > /criu/criu/arch/x86/include -iquote /criu/criu/include -iquote > /criu/include -iquote /criu -fno-strict-aliasing -iquote > /criu/criu/include -iquote /criu/include -iquote /criu/images -iquote > /criu/criu/pie -iquote /criu/criu/arch/x86 -iquote > /criu/criu/arch/x86/include -iquote /criu/ -I/usr/include/libnl3 -iquote > compel/plugins/include -iquote compel/include -iquote > compel/arch/x86/plugins/std -iquote /criu/compel/plugins/include -iquote > /criu/compel/include -DCR_NOGLIBC -Wstrict-prototypes > -fno-stack-protector -nostdlib -fomit-frame-pointer -fpie > -DCONFIG_X86_64 criu/pie/parasite.c -o criu/pie/parasite.o > In file included from /criu/criu/include/util.h:10:0, > from /criu/criu/include/restorer.h:13, > from criu/pie/parasite.c:23: > /usr/include/fortify/string.h:37:27: error: redefinition of 'memcpy' > _FORTIFY_FN(memcpy) void *memcpy(void *__od, const void *__os, size_t > __n) > ^ > In file included from > compel/plugins/include/uapi/std/syscall-types.h:13:0, > from compel/plugins/include/uapi/std/syscall-64.h:5, > from compel/plugins/include/uapi/std/syscall.h:8, > from criu/pie/parasite.c:11: > /usr/include/sched.h:72:7: note: previous definition of 'memcpy' was > here > void *memcpy(void *__restrict, const void *__restrict, size_t); > ^ > In file included from /criu/criu/include/util.h:10:0, > from /criu/criu/include/restorer.h:13, > from criu/pie/parasite.c:23: > /usr/include/fortify/string.h:64:27: error: redefinition of 'memset' > _FORTIFY_FN(memset) void *memset(void *__d, int __c, size_t __n) > ^ > In file included from /usr/include/fortify/string.h:20:0, > from /criu/criu/include/util.h:10, > from /criu/criu/include/restorer.h:13, > from criu/pie/parasite.c:23: > /usr/include/string.h:27:7: note: previous definition of 'memset' was > here > void *memset (void *, int, size_t); > ^ > /criu/scripts/nmk/scripts/build.mk:103: recipe for target > 'criu/pie/parasite.o' failed > https://travis-ci.org/kolyshkin/criu/builds/174634847Signed-off-by: -
Andrei Vagin authored
Currently we prepare a parasite socket only once and save it in a static variable. It's bad idea to use a static variable in a library. In addition, it doesn't work if we have processes in different network namespaces. In this case, we have to have a separate socket for each namespace. v2: fix compilation on Alpine convert *p_sock into sock travis-ci: success for compel: check whether a parasite socket is prepared each time (rev2) Signed-off-by:
-
