Vladimir said that a page can be unmapped from one process, but can be
mmaped in another one. In this case we can't understand whether both
processes link to the same page or they don't.
So we can try read both pages to take them from swap.
Cc: Vladimir Davydov <vdavydov@parallels.com>
Reported-by: Parallels' QA
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
cow01 uses /proc/pid/pagemap which has been protected by
CAP_SYS_ADMIN.
"""
commit ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce
pagemap: do not leak physical addresses to non-privileged userspace
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.
"""
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Print all cap values in case of test is failed.
Also check for capset() and capsget() return values.
Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
- easier to read @posix_timers
- more verbose logging is convernient for handling errors
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
A tests is executed from different users in cases with and without
userns, so it can't to open files which were created before.
Here is an example for ns/user/static/inotify_irmap:
13355 mkdir("/etc", 0600) = -1 EEXIST (File exists)
13355 unlink("/etc/zdtm-test") = -1 EACCES (Permission denied)
13355 creat("/etc/zdtm-test", 0600) = -1 EACCES (Permission denied)
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
One test can't be execute as ns/test ans ns/user/test
simultaneously, because they use the same file tree
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
"%m" can't be used to print strerror(errno), because test_msg()
calls gettimeofday() which can overwrite errno.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
tname doesn't contain a test type.
Reported-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We link files to each other at restore time to restore
unlinked paths. Kernel has strange secutiry restrictions
about linkat we use. If the fsuid of the caller doesn't
equals the uid of the file and the file is not "safe"
one, then only global CAP_CHOWN will be allowed to link().
This brings problems in user namespaces -- uns root is
not allowed to linkat any file, unlike global root.
Fortunately, we can change the fsuid temporarily and
still linkat the file we want. Hopefully this hack will
go away some day soon, when the kernel will have saner
checks for linkat capabilities.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
The test uses map_files dir to check for mapping being restored,
while this proc directory is only available for CAP_SYS_ADMIN.
Fix this by checking less strict /proc/pid/maps.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This allows excluding more userns tests from blacklist.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
The rest partially need more userns_call-s but mostly just don't
work in userns themselves. Need further investigation.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
Can be useful to re-run some tests in case smth failed in the middle
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
It is nice to have non-root user case covered with tests.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Use mature technics to organize test process.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We suppose that the test is not able to exit before this moment.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Need to make it working in Debian where "dash" is default.
Signed-off-by: Konstantin Khorenko <khorenko@parallels.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If shm->delta = MAX_DELTA and we set shm->stop to 1, the child can exit
before the parent adds MAX_DELTA to shm->delta.
parent child
shm->stop = 1
if (shm->stop == 1 && shm->delta == MAX_DELTA)
break
shm->delta += MAX_DELTA
Cc: Konstantin Neumoin <kneumoin@parallels.com>
Reported-by: Konstantin Neumoin <kneumoin@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Right now we state that CRIU works on 3.11 and above kernels and, at the
same time, have support for a couple of new features like aio, tun, timerfd
etc. available in later kernels. Since these new features do not break
generic operations we do not require them in the kernel strictly.
However, in the zdtm tests it's very important to know exactly what can
and what cannot be tested. Right now this is done in a tough manner -- if
the kernel is not 3.11 or criu check fails for _any_ reason we treat the
kernel as being "bad" and throw out a set of tests.
I propose to test some individual features and form the list of tests
in a more fine-grained manner.
This patch only fixes the AIO, mnt_id, tun and posix-timers tests. Next
I will add checks and fixes for user-namespaces tests.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
Test steps:
1) generate img files by dumping loop.sh
2) convert img files to json files
3) convert json files to img files
4) cmp original and produces img files
It also uses i/o redirection and --format nice options to
check if they work properly.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This job does three iterations. We need to write about 0.5Gb of images
for maps04. This is too much for our test VM and other tests start fail
due to timeout.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We may not have permissions for this.
Reported-by: Mr Jenkins
Fixes: 7dbd38dbc939 ("zdtm: set additional groups along with uids and gids")
Cc: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We may not have permissions for this.
Reported-by: Mr Jenkins
Fixes: 7dbd38dbc939 ("zdtm: set additional groups along with uids and gids")
Cc: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Don't use an uninitialized variable to create a path pattern.
v2: fix the comment
v3: don't use readlink -m, which isn't supported by busybox
Cc: Christopher Covington <cov@codeaurora.org>
Reported-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Reviewed-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Lets simulate some errors and check what
error will be returned by service.
v2, fix tests accordingly to new errorlist
v3, fix tests accordingly to new errorlist, again
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
