1. 01 Mar, 2017 7 commits
    • Andrei Vagin's avatar
      tty: check that a master of a bind-mounted slave is in the root mntns · aa26237e
      Andrei Vagin authored
      Here we check that a master of a bind-mounted slave was opened in the
      root mount namespace. The problem is that we restore all mounts in the
      root mount namespace. Only when all mounts are restored, we create other
      mount namespaces.  So when we are restoring mounts, we can open files
      only in the root mount namespace.
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      aa26237e
    • Andrei Vagin's avatar
      mount: restore mounts in the root mount namespace · b6f75771
      Andrei Vagin authored
      Currently all mounts are restored in a one mount namespace, then
      this namespace is cloned to restore other mount namespaces and
      we need another copy of this namespace to clean link remap files.
      
      Let's define terms:
      A - the root mount namespace
      B - the mount namespace where link remap files are destroyed
      
      Currently we restore all mounts in the B namespace and then
      clone it into the A namespace.
      
      But it doesn't work in a case, when we have to open file
      descriptores to restore mounts (e g to restore bind-mount
      pty slaves), because a file descriptor has to be opened from
      a specified mount (which is one of restore mount namespaces).
      
      This patch reworks code so, that all mounts is restored in the A mount
      namespace and then the B mount namespace is created. In this case
      we can open files from the root mount namespace (A).
      
      $ ./zdtm.py run -t zdtm/static/pty-console --iter 5
      
      ====================== Run zdtm/static/pty-console in ns =======================
      Start test
      Test is SUID
      ./pty-console --pidfile=pty-console.pid --outfile=pty-console.out
      Run criu dump
      Run criu restore
      Run criu dump
      =[log]=> dump/zdtm/static/pty-console/36/2/dump.log
      ------------------------ grep Error ------------------------
      (00.106521) Error (criu/files-reg.c:1132): Can't lookup mount=563 for fd=4 path=/ptmx
      (00.106585) Error (criu/cr-dump.c:1325): Dump files (pid: 70) failed with -1
      (00.129041) Error (criu/cr-dump.c:1674): Dumping FAILED.
      ------------------------ ERROR OVER ------------------------
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      b6f75771
    • Andrei Vagin's avatar
      mount: clone a mount namespace to open a detached mount · f830e0ff
      Andrei Vagin authored
      If we can't create a temporary directory for a detached mount,
      we can clone a whole mount namespace, open a mount and release
      the created namespace. The result will be the same.
      
      https://jira.sw.ru/browse/PSBM-57135
      https://github.com/opencontainers/runc/issues/1202
      travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      f830e0ff
    • Andrei Vagin's avatar
      mount: create a slave pty if it has to be bind-mounted to somewhere · 3cedb618
      Andrei Vagin authored
      Now we create pty pairs when file descriptors are restored.
      The problem is that a slave tty can be bind-mounted to somewhere
      and in this case we have to create this pair and hold a master file
      descritore before related file descriptors will not be restored.
      
      In this patch, a unix socket is used to hold file descriptros.
      And we use SK_PEEK_OFF and MSG_PEEK to get any of them.
      
      travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      3cedb618
    • Andrei Vagin's avatar
      fdstore: add synchronization to protect a peek offset · 7dc7030d
      Andrei Vagin authored
      When we need to get a file descriptor, we have to set peek offset
      and then to peek a message. There are two system calls, so we need
      to be sure that nobody changes a socket peek offset after we set it.
      Acked-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      7dc7030d
    • Andrei Vagin's avatar
      fdstore: add a storage for file descriptors (v2) · 4d06aa12
      Andrei Vagin authored
      We need a storage for file descriptors which is shared between processes
      and doesn't use a lot of file descriptors. We are going to use it on
      restore and if it will use file descriptors, we will have to find
      descriptors which don't used by all restored processes to not confilict
      with their descriptors.
      
      There are two solutions. The first one is a service (process) which
      handles to command push_fd(id, fd) and pop_fd(id, fd).
      
      Another solution is to save descriptros in a unix socket.  It requires
      only one extra descriptor which we can register as a service fd. Each
      unix socket has a buffer and can fit a number of file descriptros. We
      can use SK_PEEK_OFF and MSG_PEEK to get file descriptros from a socket
      as many times as we need.
      
      This patch implements the second solution.
      
      v2: call recvmsg with MSG_PEEK
      travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      4d06aa12
    • Andrei Vagin's avatar
      tty: notify about orphan tty-s via rpc · 6afe523d
      Andrei Vagin authored
      Now Docker creates a pty pair from a container devpts to use is as console.
      A slave tty is set as a control tty for the init process and bind-mounted
      into /dev/console. The master tty is handled externelly.
      
      Now CRIU can handle external resources, but here we have internal resources
      which are used externaly.
      
      https://github.com/opencontainers/runc/issues/1202
      travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      6afe523d
  2. 17 Feb, 2017 4 commits
  3. 13 Feb, 2017 1 commit
    • Pavel Emelyanov's avatar
      criu: Version 2.11 · 8719b7c9
      Pavel Emelyanov authored
      This is a bugfix-mostly release. Interesting new features include
      the huge rework of files restoring engine which fixed us bugs we
      haven't seen in reality :) but have proven they exist. Als this
      rework opens the way for scm-rigts c/r we need for nginx.
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      8719b7c9
  4. 09 Feb, 2017 1 commit
  5. 08 Feb, 2017 2 commits
  6. 07 Feb, 2017 1 commit
    • Adrian Reber's avatar
      xsave: check for X86_FEATURE_OSXSAVE rather than for X86_FEATURE_XSAVE · 7ac2d79c
      Adrian Reber authored
      Migrating a process between a system with the 'xsave' CPU flag and
      another system without the 'xsave' CPU flags is not possible and
      fails during restore. To avoid this situation it is possible to boot
      the source system of the migration with 'noxsave' kernel command-line.
      
      Unfortunately criu currently tries to detect the presence of 'xsave'
      with the macro X86_FEATURE_XSAVE which represents the features of
      the CPU without taking into account if the operating system has
      disabled 'xsave'. Checking for 'xsave' availability with the macro
      X86_FEATURE_OSXSAVE detects correctly if Linux has been booted
      with disabled 'xsave' and thus migrating processes between hosts
      with and without 'xsave' is possible if the kernel uses the flag
      'noxsave'.
      
      travis-ci: success for criu dump fails when using noxsave (rev2)
      Signed-off-by: 's avatarAdrian Reber <areber@redhat.com>
      Reviewed-by: 's avatarCyrill Gorcunov <gorcunov@openvz.org>
      Signed-off-by: 's avatarPavel Emelyanov <xemul@virtuozzo.com>
      7ac2d79c
  7. 06 Feb, 2017 24 commits