If there is nested pid_ns, we need to be able to get pid in
the whole pid hierarhy. This may be taken from "/proc/[pid]/status"
file only. Check, that kernel has support for it.
v3: Add criu feature check
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Pid may contain more then one level, so this patch teaches the function
to work with such pids. The signify difference after this patch is that
we link a new item in several rb_root in every ns.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Pass a namespace of item to the function.
This will allow to link the pid in correct ns::pid::root_rb
in next patches.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Sanity check, that we have pid_ns_id. As we dump pid_ns_id
since ids are implemented, they must be always.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Alive tasks must have ids populated, while dead tasks have
pid and user namespaces are set (in Linux). But we never
dumped ids for dead tasks.
Since we have no support nested pid ns yet, only one pid_ns
is possible in existing dumps, so it must be equal to
root_item's. User ns is not so, but currently it's impossible
to know dead task's user ns from the dump, so set it
to root_item's too.
In further, we're going to dump ids for all tasks: see next
patches for that. This patch is only to handle old images
with unexisting dead tasks's ids.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Move block with finding of parent item up in the function.
No functional changes, only changing the order.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
It's the most parent pid namespace, which is seen by dumpees.
It's NS_ROOT if root_ns_mask has CLONE_NEWPID, and NS_CRIU
otherwise.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Read ids before creation of item, then we'll know
pid_ns of the item, so later we will be able to
allocate item with right levels of pid (in next patches).
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Pass vpid instead of pstree_item as input argument,
and return ids to caller. No functional changes here.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
This patch is cleanup, which just makes comparation
on values on the one pid level. It has no functional
payload, because the new patches turn off pgid set
if for multi-level pids cases, till it will be implemented.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
This allows to compare pids values on the whole hierarhy.
v3: Do not use break as some travis builds don't like it.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
(Was "user_ns: Block SIGCHLD during namespaces generation")
We don't want asynchronous signal handler during creation
of namespaces (for example, in create_user_ns_hierarhy())
as we do wait() synchronous. So we need to block the signal.
Do this once globally.
v2: Set initial ret = 0
v3: Block signal globally in root_item before its children
are created.
v4: Move block to prepare_namespace()
Suggested-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
We're interested in just created child only. Other possibly guys
will be handled in appropriate places later (criu task may have
helpers-children).
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
After the commit
02c763939c10 ("test/zdtm: unify common code")
CFLAGS with -D_GNU_SOURCE defined in the top Makefile
are being passed to tests Makefiles.
As _GNU_SOURCE is also defined by tests, that resulted in
zdtm tests build failures:
make[2]: Entering directory `/home/criu/test/zdtm/lib'
CC test.o
test.c:1:0: error: "_GNU_SOURCE" redefined [-Werror]
#define _GNU_SOURCE
^
<command-line>:0:0: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[2]: *** [test.o] Error 1
However, we didn't catch this in time by Travis-CI, as zdtm.py doesn't
do `make zdtm`, rather it does `make -C test/zdtm/{lib,static,transition}`.
By calling middle makefile this way, it doesn't have _GNU_SOURCE in
CFLAGS from top-Makefile.
I think the right thing to do here - is following CRIU's way:
rely on definition of _GNU_SOURCE by Makefiles.
This patch is almost fully generated with
find test/zdtm/ -name '*.c' -type f \
-exec sed -i '/define _GNU_SOURCE/{n;/^$/d;}' '{}' \; \
-exec sed -i '/define _GNU_SOURCE/d' '{}' \;
With an exception for adding -D_GNU_SOURCE in tests Makefile.inc for
keeping the same behaviour for zdtm.py.
Also changed utsname.c to use utsname::domainname, rather private
utsname::__domainname, as now it's uncovered (from sys/utsname.h):
> struct utsname
> {
...
> # ifdef __USE_GNU
> char domainname[_UTSNAME_DOMAIN_LENGTH];
> # else
> char __domainname[_UTSNAME_DOMAIN_LENGTH];
> # endif
Reported-by: Adrian Reber <areber@redhat.com>
Cc: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Check, that fdstore-keeped user ns files are opened
correct after restore.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Since net ns is assigned after prepare_fds() and,
in common case, at the moment of open_ns_fd() call
task points to a net ns, which differs to its target
net ns, we can't get the ns from a task. So, get it
from fdstore. Also, support userns ns fds.
v2: Add comment
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This improves uniformity. Also, this will be used in next patch.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Move the code to simplify it and to allow to use this function others.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This function may call functions like open_proc(),
so use CLONE_VM to reflect children open files in
parent memory.
v3: New
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This will be used in next patch.
Also, check for MAP_FAILED istead of NULL before munmap().
v3: New
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
CRIU sets a sigchld handler and calls waitpid from it,
but when we call a sub-process, we want to wait it
v2: remove a debug code
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
rst_mem_alloc() can moves a vma with previous objects, so
if we want to access them, we have to update their pointers
https://github.com/xemul/criu/issues/304
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Fixes: 72e295ebbb26 ("ns: Convert task cred's xids to target user ns")
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This reverts a hunk from commit 4ad343c ("Use *open_proc* where
possible"), and adds a comment explaining why.
The bug was caught by ci [1] and wasn't caught by Travis because
the last one runs on the older kernel.
(00.271276) 1: Error (criu/util.c:204): fd 0 already in use
(called at criu/files.c:1008)
(00.292162) Error (criu/cr-restore.c:1127): 425 exited, status=1
(00.295802) Error (criu/cr-restore.c:2059): Restoring FAILED.
[1] https://ci.openvz.org/view/CRIU/job/CRIU/job/CRIU-snap/job/criu-dev/2079/consoleFull
Reported-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
In glibc 2.24, getpid() returns a parent PID, if a child was created
with the CLONE_VM flag.
https://sourceware.org/bugzilla/show_bug.cgi?id=17214https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857909
The glibc git contains the next patch, which removes cached pid too:
commit c579f48edba88380635ab98cb612030e3ed8691e
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Mon Oct 10 15:08:39 2016 -0300
Remove cached PID/TID in clone
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
We shave a test case for external veth devices. This test case
checks veth devices which are living in two dumped network
namespaces.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
A network device, which is connected to a bridge, is restored
after the bridge. In this case we can set the master attribute and
the device will be connected to the bridge automatically.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
When we dump a veth device, the kernel reports where a peer device lives
and we use this information to restore this veth pair.
On restore we set a net ns id for a peer and it is created in the required
netns.
v2: add more comments
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
In each network namespace we can set an id for another network namespace
to be able to address it in netlink messages.
For example, we can say that a peer of a veth devices has to be created
in a network namespace with a specified id. If we request information about
a veth device, a kernel will report where a peer device lives.
An user are able to set this ID-s, so we have to dump and restore them.
v2: add more commetns
v3: make a union of nsfd_id and ns_fd, they are not used together
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Each network namespaces has a list of ID-s for other namespaces,
so if we request infomation about a veth device, we get an id
for a namespace of a peer device.
These ID-s can be set by users or by kernel when they are required.
CRIU has to restore these ID-s for network namespaces. We have to
remember that one netns can have different id-s in different network
namespaces.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
It is possible to assign id for network namespaces and
this id will be used by the kernel in some netlink messages.
If no id is assigned when the kernel needs it, it will be
automatically assigned by the kernel.
For example, this id is reported for peer veth devices.
v2: add a comment
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
