In this case they will be executed in other name-spaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch can be committed instead of:
[PATCH 1/6] cr-dump: move parasite_drain_fds_seized out of dump_task_files
[PATCH 2/6] cr-dump: fix dumping file locks in a mount namespace
readlink is not required here and a file can be unavailable,
if a process is in another mnt namespace
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On glibc-2.16 I'm getting
| sched_prio00.c: In function ‘main’:
| sched_prio00.c:48:3: error: implicit declaration of function ‘setpriority’ [-Werror=implicit-function-declaration]
| sched_prio00.c:48:19: error: ‘PRIO_PROCESS’ undeclared (first use in this function)
| sched_prio00.c:48:19: note: each undeclared identifier is reported only once for each function it appears in
| sched_prio00.c:60:3: error: implicit declaration of function ‘getpriority’ [-Werror=implicit-function-declaration]
fix it adding headers needed.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When we've read all pstree-items and their ids we
can get the desired clone-flags early and avoid all
these dances with flag calculations in fork_with_pid
and company.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Helpers don't have any IDs on board and thus checks for "is
my X shared with parent" will be wrong.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In old images we had no clue whether the root task is to be
created in new namespaces. Remember using the --namespaces
option for explicitl specification of this fact.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's no longer required to use this option -- two currently
supported cases (tasks on host and tasks in containers) can
be detected automatically. Keep this option for future.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Introduce the current_ns_mask variable, that collects info about
which namespaces tasks being dumped and to be restored live in.
For simlicity all tasks are supposed to live in one set of spaces.
This should be fixed eventually.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's required to know whether the root task lives in
namespaces very very early (e.g. -- to lock the network
properly). Thus we have to collect task IDs right at
the time we collect the tasks themselves.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore we'll need to know whether the root task should be
cloned in new set of namespaces. It's natural to do it by
comparing root ids with some "other-world" IDs.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The recent kernels allow to get namespaces IDs by reading proc-ns links.
Use this to generate IDs for tasks' namespaces (I do generate them, since
IDs provided by kernel look ugly :( ).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These functions are designated to convert a native pointer
to uint64_t used to store a virtual address in protobuf messages
and vice versa in a machine-independent way.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The patch reverts the commit 58064d9b723bd5a5e5910ed752fb3b19cc962fa8.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a task executes a non-userspace code (that sometimes takes place on ARM)
while being seized the subsequent infection with the syscall blob fails
because ptrace fails to write to the VMA the PC is in.
The patch modifies the function get_vma_by_ip() to check the PC of the task
being seized is below the TASK_SIZE boundary. If the check fails
the first suitable VMA is infected.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch prevents compilation warnings about shift overflow on ARM.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The macro specifies the size of the machine pointer explicitly.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch fixes format strings in newly added code.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This part was lost after update to "sysctl" interface for IPC object ID
specifying (previous, currently obsolete, interface was able to pass proper
credentials with KEY change) .
Signed-off-by: Stanislav Kinsbursky <skinsbursky@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Oracle has such mappings.
v2: add check, that a file is a character device
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We check shared lock, exclusive lock and mandatory-read lock for flock
file locks. After restore, by parsing /proc/locks file, we check if
the process holds the same file locks as it was dumped.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We check read lock and write lock for posix file locks. After restore,
we use fcntl(fd, F_GETLK, &lock), to see if the file is hold the same
lock as it was dumped.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
According to the file lock information from the image, we recall
flock or fcntl with proper parameters, so we can rehold the file
locks as we were dumped.
We only support flock and posix file locks so far.
Changelog since the initial version:
a. Use prepare_file_locks instead of restore function directly.
b. Fix some bugs.
Originally-signed-off-by: Zheng Gu <cengku.gu@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Dump file locks' necessary entries to the image, we only support flock and
posix file lock right now.
Changelog since the initial version:
We got file lock info from global list, so the dump_task_file_locks
can be much simpler.
Originally-signed-off-by: Zheng Gu <cengku.gu@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We collect all file locks to a golbal list, so we can use them easily
in dump_one_task. For optimizaton, we only collect file locks hold by
tasks in the pstree.
Thanks to the ptrace-seize machanism, we can aviod the blocked file lock
issue, makes the work simpler.
Right now, the check handles only one situation:
-- Dumping tasks with file locks hold without the -l option.
This covers for the most part. But we still need some more work to make
it perfect robust in the future.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Sometimes, when we parse some global info files, we can only care about
tasks which are taken into dump(such as file locks), which means their
pids are in the pstree.
So a function like this would be help.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We need a new protobuf description for file-lock.
Originally-signed-off-by: Zheng Gu <cengku.gu@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Add --file-locks/-l option to support handling file locks, for safety,
only used for container.
Originally-signed-off-by: Zheng Gu <cengku.gu@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This workarounds a compilation warning on ARM:
packet-sock.pb-c.c: In function 'packet_sock_entry__init':
packet-sock.pb-c.c:98:3: error: this decimal constant is unsigned only in ISO C90 [-Werror]
packet-sock.pb-c.c: At top level:
packet-sock.pb-c.c:318:1: error: this decimal constant is unsigned only in ISO C90 [-Werror]
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch replaces the format specifier %ld with PRIx64
in the following places:
* the format string argument of the functions scanf() and printf(),
* in the macros GEN_SYSCTL_*_FUNC.
We need explicit specification of the integer size there.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The layout of the struct rlimit depends on the value
of the macro FILE_OFFSET_BITS. If FILE_OFFSET_BITS is 64
the userspace and kernel definitions becomes incoherent
on a 32-bit platform.
The struct krlimit representing the kernel version of
the struct rlimit is introduced to address the issue:
the function restore_rlims() is fixed to convert between
the userspace and kernel representations of the struct.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This makes it possible to use TASK_SIZE instead of TASK_SIZE_MAX.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
I occasionally read FanotifyMarkEntry object as InotifyWdEntry
in collect_one_fanotify_mark, this didn't trigger a bug in test
since the events are still occured (and before protobuf file
refine the formats were close to each other), which means
the fanotify00 test-case need to be updated (which is addressed
in further patch).
And don't forget to init fields.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The object is allocated with malloc. The lack of initialization
is not problem at moment since we assign members in
collect_inotify_mark unconditionally but it might cause problems
in future so better to init it as early as possible.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Just reading if event entry exist in buffer is not
enough we rathee need to be sure that all flags
and bits are recovered well.
For this sake we parse fdinfo before and after the
c/r sessions and compare results.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
To be consistent with naming (we have collect_one_fanotify_mark
helper already).
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This removes code duplication. There is no strong
need for free_fhandle but I decided to add it to
be consistent with alloc/free handlers.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
