- 15 Jul, 2015 2 commits
-
-
Andrey Vagin authored
linux/seccomp.h doesn't use in the different_creds test. Signed-off-by:
Andrey Vagin <avagin@openvz.org> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
We don't use this any more (and the test was deleted in a previous patch), so let's get rid of this too. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 14 Jul, 2015 14 commits
-
-
Pavel Emelyanov authored
This reverts commit 063c5b89.
-
Andrey Vagin authored
This combination was forbidden in 3.12 commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e : "fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks" and then it was permited again in 3.13: commit 1f7f4dde5c945f41a7abc2285be43d918029ecc5 fork: Allow CLONE_PARENT after setns(CLONE_NEWPID) Cc: Adrian Reber <adrian@lisas.de> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
v2: use the test list instead of the file for telling zdtm.sh the test will fail Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
We'll use this in the next patch when testing the creds comparison for threads. v2: use an explicit list in zdtm.sh instead of a file in the test dir Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
And rename it for easier grepping Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
After we got the total remapable rst memory size, we no longer can allocate from it, otherwise the bootstrap area will not have enough size. Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
It's similar to previous patch with tcp mem -- no need to realloc big arrays and then memcpy data between them. It's enough just to walk timerfd objects at the very end. Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
In current scheme we grow an array with realloc()-s then memcpy() the result into rst_mem. I propose to get rid or realloc-s (we already have objects for the data we need to keep) and memcpy-s (and put objects directly into rst_mem at the end). Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
Calling rst_mem_alloc() in a loop with increasing size causes the n^2 memory grow :) since _alloc is not _realloc. Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 13 Jul, 2015 10 commits
-
-
Saied Kazemi authored
The help message of CRIU has grown in size and is truncated because the size of the private buffer in log.c is too small. This patch increases the size of the buffer. [ The "bad" message is the --help output one ] Signed-off-by:
Saied Kazemi <saied@google.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
The kill syscall queues a signal, but doesn't wait when it will be handled. We need to wait processes if we kill them. The user doesn't expect to find processes after dump in this case. PTRACE_DETACH returns errors for dead tasks, so we don't need to do it in these cases. Cc: Nikita Spiridonov <nspiridonov@odin.com> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Ruslan Kuprieiev authored
Having ability to have your own options structure is quite nice and allows much more flexible use of libcriu in cases when you want to have a bunch of instances of options structures. This patch also allows users to use raw CriuOpts structure modified in any suitable way, whether by libcriu's criu_local_set methods or by using protobuf-c directly. It is also worth noting, that backward-compatibility in API and ABI is preserved. Signed-off-by:
Ruslan Kuprieiev <rkuprieiev@cloudlinux.com> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
| CID 96750 (#1 of 1): Resource leak (RESOURCE_LEAK) | 163. leaked_storage: Variable sec_hdrs going out of scope leaks the storage it points to. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Adding ppc64le specific parts to run test on this architecture. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
In test_msg() a buffer is allocated on stack to cook the outputed message. This buffer's size was defined using the PAGE_SIZE constant defined in zdtmtst.h file. On some system like ppc64, the page size is large (64K), leading to massive stack allocation, which may be too large in case of alternate stack like the one used in the sigaltstack test. This fix, defines a 2048 characters buffer for test_msg, and expose a constant to allocate stack accordingly in the sigaltstack test. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Calls to setsockopt(PACKET_RX_RING/PACKET_TX_RING) are dependent of the system's page size. Using sysconf() page size makes these tests working on ppc64 where page size is 64K. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
Since the page size may be different from an architecture/a system to another it should not be hard coded to 4096. As a consequence, several tests are failing on ppc64 due to a wrong page size value. This fix belongs to sysconf to get the current page size. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Reviewed-by:
Christopher Covington <cov@codeaurora.org> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
linux/seccomp.h may not be available, and the seccomp mode might not be listed in /proc/pid/status, so let's not assume those two things are present. v2: add a seccomp.h with all the constants we use from linux/seccomp.h v3: don't do a compile time check for PTRACE_O_SUSPEND_SECCOMP, just let ptrace return EINVAL for it; also add a checkskip to skip the seccomp_strict test if PTRACE_O_SUSPEND_SECCOMP or linux/seccomp.h aren't present. v4: use criu check --feature instead of checkskip to check whether the kernel supports seccomp_suspend Reported-by: Mr. Jenkins Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
v2: actually set ret = -1 on failure v3: add a --feature option for suspend_seccomp (and make this patch 1, since the tests depend on it now) Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Andrew Vagin <avagin@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 24 Jun, 2015 7 commits
-
-
Laurent Dufour authored
When freeing the vma entries, don't call close on vm_file_fd when dealing with a VMA AIO entry since the vm_file_fd is then filled with aio_nr_req as part of the union. I hit this issue when running the test aio00 on ppc64. Here the value of the VMA aio aio_nr_req field was matching the value of the service file descriptor IMG_FD_OFF. This leads to an obscure checkpoint error. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Laurent Dufour authored
The initial support of the SYS V shared memory on ppc64 is broken. The call to shmat done in the restore blob has no chance to work correctly. This patch fixes the sys_shmat call. Signed-off-by:
Laurent Dufour <ldufour@linux.vnet.ibm.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Ruslan Kuprieiev authored
Using collections.OrderedDict allows us to keep fields in the same order as they appear in corresponding proto files, which helps to impove readability. In non-pretty mode we still use regular dict. Signed-off-by:
Ruslan Kuprieiev <rkuprieiev@cloudlinux.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Since we don't support dumping per-thread creds, let's at least fail to dump if the creds don't match. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Note that we don't add the test into the list of tests to run, because it will fail without the associated kernel patch. v2: spin lock until seccomp strict is set on the child Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Unfortunately, SECCOMP_MODE_FILTER is not currently exposed to userspace, so we can't checkpoint that. In any case, this is what we need to do for SECCOMP_MODE_STRICT, so let's do it. This patch works by first disabling seccomp for any processes who are going to have seccomp filters restored, then restoring the process (including the seccomp filters), and finally resuming the seccomp filters before detaching from the process. v2 changes: * update for kernel patch v2 * use protobuf enum for seccomp type * don't parse /proc/pid/status twice v3 changes: * get rid of extra CR_STAGE_SECCOMP_SUSPEND stage * only suspend seccomp in finalize_restore(), just before the unmap * restore the (same) seccomp state in threads too; also add a note about how this is slightly wrong, and that we should at least check for a mismatch Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 19 Jun, 2015 2 commits
-
-
Cyrill Gorcunov authored
For testing purpose we need to disable using of piegen utility. So lets add PIEGEN make option thus one can "PIEGEN=no make" to build criu without piegen at all. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
Eric wants to restrict permissions for proc mounts in a non-root userns according with proc mounts in the root userns. Author: Eric W. Biederman <ebiederm@xmission.com> Date: Fri May 8 23:49:47 2015 -0500 mnt: Modify fs_fully_visible to deal with locked ro nodev and atime Ignore an existing mount if the locked readonly, nodev or atime attributes are less permissive than the desired attributes of the new mount. ... Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 16 Jun, 2015 5 commits
-
-
Pavel Emelyanov authored
Reasoning: some systems have /sys/fs/cgroup stuff mounted as read-only and we have to either remount it rw or create our own set. The former doesn't look sane as this rw remounting is also done by ststemd, so let's return back to manual cgyard construction. This reverts commit 860df95f. Conflicts: cgroup.c include/cr_options.h Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Instead of keeping around multiple fds that point to various places in /proc, let's just use /proc and openat() things relative to it. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
This is a little tricky, since the threads are forked in the restorer blob, we can't open their attr/curent files to pass into the restorer blob. So, we pass in an fd for /proc that the restorer blob can use to access the attr/current files once they exist. N.B. this is still incorrect in that it restores the same credentials for all threads in the group; however, it matches the behavior of the current creds restore code, which also restores the same creds for all threads in the group. v2: use simple_sprintf() instead of pie_strcat() Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
We'll use this in the next patch for printing paths to LSM files in /proc. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
o_O this is one of those "how has nobody ever hit this" bugs. According to: http://stackoverflow.com/questions/2535989/what-are-the-calling-conventions-for-unix-linux-system-calls-on-x86-64 syscall on x86_64 clobbers rcx and r11. We should mark these registers as clobbered in RUN_CLONE_RESTORE_FN so that gcc avoids using them, e.g.: ...<__export_restore_task> ... 1894: 49 89 db mov r11,rbx 1897: 4c 8d 4c 24 60 lea r9,[rsp+0x60] 189c: 48 89 eb mov rbx,rbp 189f: 48 89 44 24 10 mov QWORD PTR [rsp+0x10],rax 18a4: 48 8d 44 24 30 lea rax,[rsp+0x30] 18a9: 48 89 44 24 18 mov QWORD PTR [rsp+0x18],rax 18ae: eb 53 jmp 1903 <clone_end+0x15> 00000000000018b0 <clone_emul>: 18b0: 48 8b 74 24 08 mov rsi,QWORD PTR [rsp+0x8] 18b5: 48 83 ee 10 sub rsi,0x10 18b9: 48 89 ef mov rdi,rbp 18bc: 48 89 7e 08 mov QWORD PTR [rsi+0x8],rdi 18c0: 49 8b 7b 20 mov rdi,QWORD PTR [r11+0x20] 18c4: 48 89 3e mov QWORD PTR [rsi],rdi 18c7: 48 c7 c7 00 0d 05 00 mov rdi,0x50d00 18ce: 48 8b 54 24 18 mov rdx,QWORD PTR [rsp+0x18] 18d3: 4d 89 fa mov r10,r15 18d6: b8 38 00 00 00 mov eax,0x38 18db: 0f 05 syscall 18dd: 48 85 c0 test rax,rax 18e0: 74 05 je 18e7 <thread_run> 18e2: 48 89 c5 mov rbp,rax 18e5: eb 07 jmp 18ee <clone_end> 00000000000018e7 <thread_run>: 18e7: 48 31 ed xor rbp,rbp 18ea: 58 pop rax 18eb: 5f pop rdi 18ec: ff d0 call rax 00000000000018ee <clone_end>: 18ee: 41 83 c5 01 add r13d,0x1 18f2: 49 81 c7 00 8c 00 00 add r15,0x8c00 18f9: 45 39 6b 14 cmp DWORD PTR [r11+0x14],r13d will cause a seg fault because r11 is clobbered. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-