If a connection was reseted, it can have some data in a sent queue,
a use can't read this data, so we can ignore them too.
https://jira.sw.ru/browse/PSBM-67026
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
- Add new test "s390x_runtime_instr" to check if the RI control block is
correctly restored when the RI is active.
- Add RI control block in test s390x_regs_check.c
The original test case for RI has been provided by
Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
- Add new test "s390x_gs_threads" for GS with broadcast command for the
s390_guarded_storage() system call.
- Add GS control blocks in test s390x_regs_check.c
The original test case for GS has been provided by
Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Dump and restore process with RI control block. Runtime instrumentation
allows to collect information about program execution as CPU data.
The RI control block is dumped and restored for all threads.
Ptrace kernel interface is provided by:
c122bc239b13 ("s390/ptrace: add runtime instrumention register get/set")
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Dump and restore tasks with GS control blocks. Guarded-storage is a new
s390 feature to improve garbage collecting languages like Java.
There are two control blocks in the CPU:
- GS control block
- GS broadcast control block
Both control blocks have to be dumped and restored for all threads.
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Add new function arch_set_task_regs_nosigrt(). It allows to restore
architecture-specific registers not present in sigreturn signal frame.
Each architecture can overwrite this function.
The arch_set_task_regs_nosigrt function restores the registers between the
final sigreturn and PTRACE_DETACH. We do this at this point because
we are sure that all threads have already been created.
Add arch_set_thread_regs in pre-dump because some registers may have
been changed by the parasite infection and they are not present in
sigreturn signal frame.
Signed-off-by: Alice Frosi <alice@linux.vnet.ibm.com>
Reviewed-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Running all the tests with --lazy-pages and --remote-lazy-pages takes too
long. Let's run only several representing tests for those cases.
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The UFFDIO_UNREGISTER returns ENOMEM only when it is unable to get
mm_struct. We can assume in such case that the task is exited.
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
On Fedora rawhide with kernel-headers-4.14.0-0.rc2.git0.1.fc28.x86_64
glibc-devel-2.26.90-15.fc28.x86_64 criu does not build any more:
In file included from /usr/include/linux/aio_abi.h:31:0,
from criu/cr-check.c:24:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
MS_RDONLY = 1, /* Mount read-only. */
^
make[2]: *** [/builddir/build/BUILD/criu-3.5/scripts/nmk/scripts/build.mk:111: criu/cr-check.o] Error 1
make[1]: *** [criu/Makefile:73: criu/built-in.o] Error 2
make: *** [Makefile:233: criu] Error 2
This simple re-ordering of includes fixes it for me.
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Otherwise we will see warnings like these ones:
Warn (criu/kerndat.c:805): Can't load /run/criu.kdat
Warn (criu/net.c:2726): Unable to get a socket network namespace
Warn (criu/kerndat.c:844): Can't keep kdat cache on non-tempfs
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
test/zdtm.py:1535:30: E711 comparison to None should be 'if cond is not None:'
test/zdtm.py:1538:31: E711 comparison to None should be 'if cond is not None:'
test/zdtm.py:1601:31: E711 comparison to None should be 'if cond is not None:'
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
As requested, implement a test with two threads that have mismatching,
non-root credentials, like Apache does.
Signed-off-by: Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
We are carrying uids/gids in per-thread way since v1.8,
so no need to require them to match anymore. We still
require seccomp to match though. Need to revisit, seems
may relax this requirement as well.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
When checkpoint is done on the kernels where
commit 6933599697c96c3213c95f5f1fc7cb6abfd08c54
is not yet present then mask is not filtered
and saved in image in this raw form.
For such case restore on more modern kernels
will fail because only a small set of events
are allowed to pass from userspace.
Signed-off-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
We found a good plugin for Jenkins to analize test results,
but it can handle only the junit format.
v2: work without the junit python module
v3: install junit-xml, because zdtm.py is executed
with the --report option from jenkins scripts.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
It isn't required and it is absant on alpine
autofs.c:9:25: fatal error: bits/signum.h: No such file or directory
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
(00.052683) Error (soccr/soccr.c:166): Failed to obtain TCP_INFO: No error information
We don't need a whole tcp info, so get only a part
what we are going to use.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Otherwise we get errors like this:
/usr/include/sys/socket.h:315:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int bind (int, const struct sockaddr *, socklen_t);
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
In file included from socket_listen.c:22:0:
/usr/include/wait.h:1:2: error: #warning redirecting incorrect #include <wait.h> to <sys/wait.h> [-Werror=cpp]
#warning redirecting incorrect #include <wait.h> to <sys/wait.h>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The x86_64 job is the one we run inside Docker (as opposed to 'local',
which runs on the host). Let's update this to use Ubuntu Zesty, and
since it has clang-4 (unlike the 'local' one) it makes sense to add
a clang build.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Also, use more official / better maintained Docker image repo.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
With clang 4, the following error appears:
> CC criu/pie/parasite.o
> In file included from criu/pie/parasite.c:23:
> criu/arch/arm/include/asm/parasite.h:6:21: error: this function
> declaration is not a
> prototype [-Werror,-Wstrict-prototypes]
> *ptls = ((tls_t (*)())0xffff0fe0)();
> ^
> void
> 1 error generated.
Apparently, adding void fixes it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Numerous improvement to extract-deb-pkg, in no particular order:
* Use bash
* More strict error checking (set -u -o pipefail)
* Print error message if target dir exists
* Check number of arguments, provide usage info
* Separate mirror to a variable for easier changing
* Use mirrors.kernel.org
* Use https and check cert with curl
* Make curl silent
* Use zgrep instead of gunzip | grep
* Error out with a message in case more than 1 package was found
* Do not create a target directory before we need it
* Fix shellcheck warnings (way too many to mention)
* ...
* PROFIT!!!111
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This comes with newer libc headers so we can catch errors earlier.
Also, clang 4.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Let's use Ubuntu 17.04 "Zesty" for ARM-64 bit CI.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Same as commit e4000c59a71 ("Dockerfiles: don't ignore make failures").
Seems that Dockerfile.fedora-asan copy/pasted an old version.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This is what we have:
> compel/src/lib/infect.c:1145:38: error: taking address of packed member
> 'uc_sigmask' of class or structure 'ucontext_ia32' may result in an
> unaligned pointer value [-Werror,-Waddress-of-packed-member]
> blk_sigset = RT_SIGFRAME_UC_SIGMASK(f);
> ~~~~~~~~~~~~~~~~~~~~~~~^~
> compel/include/uapi/asm/sigframe.h:133:4: note: expanded from macro
> 'RT_SIGFRAME_UC_SIGMASK'
> (&rt_sigframe->compat.uc.uc_sigmask))
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1 error generated.
Indeed this results in an unaligned pointer, but as this is intended and
well known (see commit dd6736bd "compel/x86/compat: pack ucontext_ia32"),
we need to silence the warning here.
For more details, see https://reviews.llvm.org/D20561
Originally found by Travis on Alpine Linux, reproduced on Ubuntu 17.10.
[v2: fix for non-x86]
Reported-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
For older kernels (e.g. RHEL7 with 3.10) it seems that wait(NULL) after
ptrace(PTHREAD_ATTACH) does not work properly for threads that have
to be created via clone().
Fix this by using waitpid() with the __WALL flag.
>From the waitpid() man page:
__WALL (since Linux 2.4)
Wait for all children, regardless of type ("clone" or "non-clone").
Reported-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Plus patch replaces atoi(32 bit) to xatol(64 bits) for "pipe_ino" mount
option thus fixing the issue with negative inode number for big values.
v2: fixed uninitialized "err" variable in "parse_options" function
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
These helpers are safe versions of atol() and atoi() respectively.
And they check for overflow and NAN errors
v3:
1) Added string print to convertion error message in xatol_base()
2) Added check for INT range in xatoi()
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
==36==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000001c at pc 0x7fb26c88d5f9 bp 0x7ffc15087d40 sp 0x7ffc150874d0
WRITE of size 13 at 0x60200000001c thread T0
#0 0x7fb26c88d5f8 in vsprintf (/lib64/libasan.so.4+0x9e5f8)
#1 0x7fb26c88d986 in __interceptor_sprintf (/lib64/libasan.so.4+0x9e986)
#2 0x402453 in main /root/git/main/criu/test/zdtm/static/chroot.c:68
#3 0x7fb26c43e4d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
#4 0x4031b9 in _start (/root/git/main/criu/test/zdtm/static/chroot+0x4031b9)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Without this message, we don't know which fdinfo can't be opened.
https://github.com/xemul/criu/issues/390
Signed-off-by: Andrei Vagin <avagin@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
On VZ7 we have a problem in random tests on iptables restore when
running tests in parallel(one iptables-restore instance tries to lock
xtables lock and fails while other instance(some iptables* command) is
already holding the lock):
================== Run zdtm/static/socket_udp_shutdown in ns ===================
Start test
./socket_udp_shutdown --pidfile=socket_udp_shutdown.pid --outfile=socket_udp_shutdown.out
Run criu dump
Run criu restore
=[log]=> dump/zdtm/static/socket_udp_shutdown/77/1/restore.log
------------------------ grep Error ------------------------
(00.158864) 1: Running ip rule delete table local
(00.167319) 1: Running ip rule restore
(00.175647) 1: Running iptables-restore for iptables-restore
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
(00.185245) 1: Error (criu/util.c:719): exited, status=4
(00.185289) 1: Error (criu/net.c:1739): iptables-restore failed
(00.185301) 1: Error (criu/net.c:2382): Can't create net_ns
(00.185370) 1: Error (criu/util.c:1412): Can't wait or bad status: errno=0, status=65280(00.187281) Error (criu/mount.c:2944): mnt: Can't remove the directory /tmp/.criu.mntns.Ai5EG9: No such file or directory
(00.187298) uns: calling exit_usernsd (-1, 1)
(00.187344) uns: daemon calls 0x466a40 (93, -1, 1)
(00.187361) uns: `- daemon exits w/ 0
(00.188375) uns: daemon stopped
(00.188390) Error (criu/cr-restore.c:2450): Restoring FAILED.
------------------------ ERROR OVER ------------------------
Test zdtm/static/socket_udp_shutdown FAIL at CRIU restore
https://ci.openvz.org/job/CRIU/job/CRIU-virtuozzo/job/criu-dev/2873
It happens now in every test-suit run on VZ7 host as we had updated to
1.4.21-18 iptables package, which has patches for xlocks support in
iptables-restore ported:
* Mon Apr 24 2017 Thomas Woerner <twoerner@redhat.com> 1.4.21-18 - Add
support for --wait options to restore commands (RHBZ#1438597)
Whether these patches are ported to other distribution packages we'll
have these problem in other distributions.
Just add -w to wait lock on iptables-restore as older versions does not
error on invalid option, just warning is printed.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
New ip[6]tables-restore utils has this parameter,
which allows to wait for xtables lock, if it's
occupied. When they don't wait, then the restore
of iptables fails.
Old versions just ignore this parameter
with error in stderr, but it does not make them
fail. So, pass it unconditionally.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The errors set by both uffdio_copy and uffdio_zeropage are the same and
require the same handling. Let's use a helper function to handle the errors
returned by uffdio_copy and uffdio_zero.
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
When running 'make zdtm' on s390x it fails on RHEL7 with:
make[3]: Leaving directory `/tmp/criu/test/zdtm/lib'
CC s390x_regs_check.o
s390x_regs_check.c: In function "util_hexdump_grp":
s390x_regs_check.c:214:7: error: "ptr" may be used uninitialized
in this function [-Werror=maybe-uninitialized]
ptr += sprintf(ptr, "%02x", buf[i]);
Fix this and assign ptr from the beginning to help gcc.
Reported-by: Adrian Reber <adrian@lisas.de>
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Acked-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The origin idea was to set --empty net for criu dump and criu restore,
but before cde33dcb0639 ("empty-ns: Don't C/R iptables too (v2)"),
criu restore worked without --empty net and we didn't notice that
docker doesn't set this option on restore.
After a small brainstorm, we decided that it is better to remove
this requirement. Docker has to set this option, but with this changes,
the docker issue will be less urgent.
https://github.com/checkpoint-restore/criu/issues/393
So, the long-running task with lazy restore is (almost) finished :) Some
issues are still to be resolved, but the heaviest lift has been done.
Another notable thing is VDSO C/R rework. It's now more robust and fast.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
When merging files into one image we've forgotten about crit x
feature that scans image files by names.
https://github.com/xemul/criu/issues/381
The patch was made for master (as in criu-dev there was problem
with pstree_item.pid parsing), but should apply to dev smoothly.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
