For two cases libcriu was setting the RPC protobuf field `has_*` before
checking if the given parameter is valid. This can lead to situations,
if the caller doesn't check the return value, that we pass as RPC struct
to CRIU which has the `has_*` protobuf field set to true, but does not
have a verified value (or non at all) set for the actual RPC entry.
Signed-off-by: Adrian Reber <areber@redhat.com>
Make it possible to skip network lock to enable uses that break connections
anyway to work without iptables/nftables being present.
Signed-off-by: Michał Mirosław <emmir@google.com>
This commit enables checkpointing and restoring of applications as
non-root.
First goal was to enable checkpoint and restore of the env00 and
pthread00 test case.
This uses the information from opts.unprivileged and opts.cap_eff to
skip certain code paths which do not work as non-root.
Co-authored-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Younes Manton <ymanton@ca.ibm.com>
A file's r/w/x changing between checkpoint and restore does
not necessarily imply that something is wrong. For example,
if a process opens a file having perms rw- for reading and
we change the perms to r--, the process can be restored and
will function as expected.
Therefore, this patch adds an option
--skip-file-rwx-check
to disable this check on restore. File validation is unaffected
and should still function as expected with respect to the content
of files.
Signed-off-by: Younes Manton <ymanton@ca.ibm.com>
We plan to switch to Mounts-v2 engine for restoring mounts by default,
this options is to allow switching to old engine. This patch only adds
an option, no engine behind it yet.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/503f9ad2c
Changes: allow --mntns-compat-mode option only on restore and only if
MOVE_MOUNT_SET_GROUP is supported (this also requires change in
unittest/mock.c), change id in rpc criu_opts.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
This commit adds feature check support to libcriu. It already exists in
the CLI and RPC and this just extends it to libcriu.
This commit provides one function to do all possible feature checks in
one call. The parameter to the feature check function is a structure and
the user can enable which features should be checked.
Using a structure makes the function extensible without the need to
break the API/ABI in the future.
Signed-off-by: Adrian Reber <areber@redhat.com>
In contrast to the CLI it is not possible to do a single pre-dump via
RPC and thus libcriu. In cr-service.c pre-dump always goes into a
pre-dump loop followed by a final dump. runc already works around this
to only do a single pre-dump by killing the CRIU process waiting for the
message for the final dump.
Trying to implement pre-dump in crun via libcriu it is not as easy to
work around CRIU's pre-dump loop expectations as with runc that directly
talks to CRIU via RPC.
We know that LXC/LXD also does single pre-dumps using the CLI and runc
also only does single pre-dumps by misusing the pre-dump loop interface.
With this commit it is possible to trigger a single pre-dump via RPC and
libcriu without misusing the interface provided via cr-service.c. So
this commit basically updates CRIU to the existing use cases.
The existing pre-dump loop still sounds like a very good idea, but so
far most tools have decided to implement the pre-dump loop themselves.
With this change we can implement pre-dump in crun to match what is
currently implemented in runc.
Signed-off-by: Adrian Reber <areber@redhat.com>
In runc we use the join-ns RPC API to enable checkpoint/restore of
containers with shared namespaces. Shared namespaces are often used
when containers run inside Kubernetes Pod.
In crun we use libcriu to interface with CRIU, however it currently
doesn't provide an API for join-ns. This patch adds the necessary
libcriu API to enable checkpoint/restore of containers with shared
namespaces with crun.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
Fixes: #1560
The latest protobuf-c compiler breaks CRIU because they removed
leading underscores from structs in 1.4.0.
This replaces those definitions with the standard generated structs.
v2: remove struct _VmaEntry, struct _CredsEntry and struct _CoreEntry
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
pidfd_store_sk option will be used later to store tasks pidfds
between predumps to detect pid reuse reliably.
pidfd_store_sk should be a fd of a connectionless unix socket.
init_pidfd_store_sk() steals the socket from the RPC client using
pidfd_getfd, checks that it is a connectionless unix socket and
checks if it is not initialized before (i.e. unnamed socket).
If not initialized the socket is first bound to an abstract name
(combination of the real pid/fd to avoid overlap), then it is
connected to itself hence allowing us to store the pidfds in the
receive queue of the socket (this is similar to how fdstore_init()
works).
v2:
- avoid close(pidfd) overriding errno of SYS_pidfd_open in
init_pidfd_store_sk()
- close pidfd_store_sk because we might have leftover from
previous iterations
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
When using libcriu with the notify callback functionality CRIU transmits
an FD during 'orphan-pts-master' back to libcriu user. This is message
is sent via sendmsg() to transmit the FD and not via write() as all
other protobuf messages.
libcriu was using recv() and to be able to receive the FD this needs to
be changed to recvmsg() and if an FD is attached to it (currently only
for 'orphan-pts-master' this FD is stored in a variable which can be
retrieved with the function criu_get_orphan_pts_master_fd().
Signed-off-by: Adrian Reber <areber@redhat.com>
Although the CRIU version is exported in macros in version.h it only
contains the CRIU version of libcriu during build time.
As it is possible that CRIU is upgraded since the last time something
was built against libcriu, this adds functions to query the actual CRIU
binary about its version.
Signed-off-by: Adrian Reber <areber@redhat.com>
The orphan pts master option was introduced with commit [1]
to enable checkpoint/restore of containers with a pty pair
used as a console.
[1] 6afe523d97
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
lib/c/criu.c:343:30: error: implicit conversion from enumeration type
'enum criu_pre_dump_mode' to different enumeration type 'CriuPreDumpMode'
(aka 'enum _CriuPreDumpMode') [-Werror,-Wenum-conversion
opts->rpc->pre_dump_mode = mode;
~ ^~~~
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Two modes of pre-dump algorithm:
1) splicing memory by parasite
--pre-dump-mode=splice (default)
2) using process_vm_readv syscall
--pre-dump-mode=read
Signed-off-by: Abhishek Dubey <dubeyabhishek777@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Instead of creating cgroup yard in CRIU, now we can create it externally
and pass it to CRIU. Useful if somebody doesn't want to grant
CAP_SYS_ADMIN to CRIU.
Signed-off-by: Michał Cłapiński <mclapinski@google.com>
Including the version information of CRIU in criu.h is required by
projects that use libcriu to preserve backward compatibility.
Closes#738
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
criu-3.12/lib/c/criu.c:255: leaked_storage: Variable "rpc" going out of
scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
There are a few places where spaces have been used instead of tabs for
indentation. This patch converts the spaces to tabs for consistency
with the rest of the code base.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
This commit removes the functions criu_(local_)set_service_comm().
These functions are not neccessary, because if
set_service_address(), set_service_fd() or
set_service_binary() has been called it is already clear, which
service comm type should be used.
Furhtermore, this commit reduces the number of misuses.
E.g. if set_service_comm() was set to socket, but a binary was given
via set_service_binary().
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
This commit checks after each strdup() call if the call was successful.
If not, the function that calls strdup() returns an error.
This requires, that the return value of several functions has to be
changed from void to int.
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
The functions criu_(local_)set_service_address and
criu_(local_)set_service_binary are the only functions that
do not create a copy of the given string arguments.
This may lead to problems, if the original string gets freed
but criu relies on them.
Additionally, the function criu_local_init_opts() assigns the
default service_binary now to opt->service_binary instead of
opt->service_address which is in my opinion the preferred way
since both are types of an anonymous union.
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
As most of the `criu_(local_)*` functions already call `strdup()`,
it is possible, to change the function signature to `const char *`.
As the struct `criu_opts` already contains a `const char *
service_binary`, also the member `service_address` is changed to
`const char`.
Additonally, also the function `criu_local_set_freeze_cgroup()` now
calls `strdup()`.
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
According to https://criu.org/API_compliance, the C-library
doesn't support the pageserver option.
This patch contains the functions
`criu_(local_)set_page_server_address_port()`
that allow to specify on which ip and tcp-port the pageserver
is listening.
This patch affects only the c-lib, as criu-rpc already supports the
pageserver settings.
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
If `criu_local_init_opts()` is applied on the same opts-object
several times, not all of the allocated memory gets freed.
Therefore, the functions `criu_(local_)free_opts()` were introduced.
These functions ensure, that opts get freed accordingly.
Furthermore, `criu_(local_)free_opts()` gets part of the c-api,
and can therefore be called by external projects too.
Additionally, with this commit `criu_local_init_opts()` now uses
`criu_local_free_opts()`, to free the opts-parameter if it was already
initalized before.
This commit also contains a fix in `send_req_and_recv_resp_sk()` which
lead to a memory leak, if criu-notifications were received.
Signed-off-by: Martin Wührer <martin.wuehrer@artech.at>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
service_binary is either set to a const char * (CR_DEFAULT_SERVICE_BIN)
or to a user provided char *, but there is no reason to give a char *.
Users of such function will most likely provide a const char *,
that will generate a warning.
Thus, we add the const qualifier to better represent the usage of
service_binary, and avoid such warnings.
Signed-off-by: Ronny Chevalier <ronny.chevalier@hp.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
CID 161693 (#1 of 1): Resource leak (RESOURCE_LEAK)
5. leaked_storage: Variable new going out of scope leaks the storage it points to.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Commit d9486bd720 ("arm/pie/build: do not produce relocatable parasite
object") removed -r from LDFLAGS used to compile criu pie. This
functionality somehow never made it to criu-dev, and was also lost
in master then compel was ported to it.
Make it work with compel.
Unfortunately it was not as simple as I initially thought, as -r flag
to ld was built into nmk. This patch removes it, and adds it to all
places that need intermediate linking.
Cc: Dmitry Safonov <dsafonov@virtuozzo.com>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
As all builds are done from top source dir, there is no need
to have SRC_DIR.
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The problem is, -Wa is a flag for assembler, but CFLAGS are also used
to generate dependencies, and clang complains loudly when it is used
for deps:
> > DEP compel/arch/x86/plugins/std/syscalls-64.d
> > clang-3.8: error: argument unused during compilation:
> > '-Wa,--noexecstack'
This patch moved the noexecflag from assembler to linker. I am not
100% sure but the end result seems to be the same.
This fixes dependency generation when using clang instead of gcc.
I surely have done my research before proposing this change, and
I have tested this change as good as I could.
Sorry, I should have provided more background in the commit message.
Here it goes.
There are a few ways to have non-executable stack:
1. mark the assembler source file (.S) with .section
.note.GNU-stack,"",%progbits
2. pass the -Wa,--noexecstack to compiler
3. pass the -z execstack to linker
All three ways are fine, let's see them in greater details.
Some people say (1) is the best way, but we have way too many
.S files now (23 of them, to be exact). Anyway, I can certainly do it
this way if you like, just let me know. It would look like this:
--- a/compel/arch/aarch64/plugins/std/syscalls/syscall-aux.S
+++ b/compel/arch/aarch64/plugins/std/syscalls/syscall-aux.S
@@ -3,6 +3,8 @@
* that are not implemented in the AArch64 Linux kernel
*/
+.section .note.GNU-stack,"",%progbits
+
ENTRY(sys_open)
mov x3, x2
mov x2, x1
Way (2) is what is currently used. Unfortunately it breaks dependency
generation with clang. One way to fix it would be to filter-out the bad
flag when we're generating deps. I tried experimenting with
$(filter-out) function in Makefiles today but it's complicated and I failed
to make it work.
Way (3) is what this commit offers. It seem to work fine while being
the least intrusive.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
It is already present in rpc, so lets add it to libcriu too.
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It is already present in CLI and RPC, so libcriu should reflect it too.
travis-ci: success for lib: add inherit_fd
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
C standard specifies that the first enum element is 0 and the next ones
are +1 to a previous element (C90, "3.5.2.2 Enumeration
specifiers").
Therefore, there is no need to explicitly specify element values.
The explicit initializers were added in the first commit introducing
this enum (commit 46e8aee).
While at it, let's also add a comma after the last element, for any
future patch adding more elements to look better.
No functional change.
Cc: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It seems that the different libc (musl) which Alpine Linux uses produces
different errors than the usual glibc. This patch fixes most include
errors. Two errors are not yet resolved on Alpine Linux's libc (musl):
* proc_parse.c: In function 'parse_posix_timers':
proc_parse.c:2125:34: error: 'SIGEV_THREAD_ID' undeclared (first use in this function)
timer->spt.it_sigev_notify = SIGEV_THREAD_ID;
proc_parse.c:2125:34: note: each undeclared identifier is reported only once for each function it appears in
Seems difficult to fix as including <linux/signal.h>, which provides
this #define, generates more different error messages related to
time.h and linux/time.h collisions. It is not yet clear if additional
guards would help in the header files.
* fsnotify.c: In function 'open_by_handle':
fsnotify.c:107:9: error: implicit declaration of function 'open_by_handle_at' [-Werror=implicit-function-declaration]
return open_by_handle_at(fd, arg, O_PATH);
The function open_by_handle_at() is not provided by Alpine Linux's
libc (musl).
This patch resolves the following errors/warnings and has been tested on
RHEL7(x86_64/powerpc64le) and Fedora 24:
cr-service.c: In function 'cr_service':
cr-service.c:1082:26: error: passing argument 2 of 'accept' from incompatible pointer type [-Werror=incompatible-pointer-types]
sk = accept(server_fd, &client_addr, &client_addr_len);
^
In file included from /usr/include/fortify/sys/socket.h:20:0,
from cr-service.c:11:
/usr/include/sys/socket.h:301:5: note: expected 'struct sockaddr * restrict' but argument is of type 'struct sockaddr_un *'
int accept (int, struct sockaddr *__restrict, socklen_t *__restrict);
^
cc1: all warnings being treated as errors
files.c: In function 'open_transport_fd':
files.c:845:19: error: passing argument 2 of 'bind' from incompatible pointer type [-Werror=incompatible-pointer-types]
ret = bind(sock, &saddr, sun_len);
^
In file included from /usr/include/fortify/sys/socket.h:20:0,
from files.c:12:
/usr/include/sys/socket.h:298:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int bind (int, const struct sockaddr *, socklen_t);
^
cc1: all warnings being treated as errors
In file included from fsnotify.c:18:0:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
cc1: all warnings being treated as errors
In file included from /root/criu/criu/include/timerfd.h:7:0,
from /root/criu/criu/include/restorer.h:18,
from arch/x86/crtools.c:16:
/root/criu/criu/include/files.h:43:14: error: field 'stat' has incomplete type
struct stat stat;
In file included from arch/x86/vdso-pie.c:6:0:
/root/criu/criu/include/syscall.h:22:66: error: unknown type name 'loff_t'
extern long sys_pread (unsigned int fd, char *buf, size_t count, loff_t pos) ;
^
/root/criu/criu/include/syscall.h:83:31: error: unknown type name 'clockid_t'
extern long sys_timer_create (clockid_t which_clock, struct sigevent *timer_event_spec, kernel_timer_t *created_timer_id
^
/root/criu/criu/include/syscall.h:88:38: error: unknown type name 'clockid_t'
extern long sys_clock_gettime (const clockid_t which_clock, const struct timespec *tp) ;
^
In file included from netfilter.c:5:0:
/usr/include/wait.h:1:2: error: #warning redirecting incorrect #include <wait.h> to <sys/wait.h> [-Werror=cpp]
#warning redirecting incorrect #include <wait.h> to <sys/wait.h>
^
cc1: all warnings being treated as errors
pie/restorer.c: In function '__export_restore_task':
pie/restorer.c:1276:23: error: 'LOCK_EX' undeclared (first use in this function)
ret = sys_flock(fd, LOCK_EX);
^
pie/restorer.c:1276:23: note: each undeclared identifier is reported only once for each function it appears in
pie/restorer.c:1310:23: error: 'LOCK_UN' undeclared (first use in this function)
ret = sys_flock(fd, LOCK_UN);
^
sk-unix.c: In function 'open_unixsk_standalone':
sk-unix.c:1169:19: error: passing argument 2 of 'connect' from incompatible pointer type [-Werror=incompatible-pointer-types]
if (connect(sk, &addr, sizeof(addr.sun_family))) {
^
In file included from /usr/include/fortify/sys/socket.h:20:0,
from sk-unix.c:1:
/usr/include/sys/socket.h:299:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int connect (int, const struct sockaddr *, socklen_t);
^
cc1: all warnings being treated as errors
c/criu.c: In function 'criu_local_set_parent_images':
c/criu.c:169:26: error: implicit declaration of function 'strdup' [-Werror=implicit-function-declaration]
opts->rpc->parent_img = strdup(path);
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
For the previously added option to skip in-flight connections this adds
that option to the RPC interface. The skip in-flight connections is also
described in criu.txt.
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
