It's better to
1. Use strlcpy() instead of strncpy() as otherwise we might end up
with a not NULL-terminated string, which opens a portal to hell.
There are a few places reported by Coverity for this, such as:
- in criu_connect(), Coverity CID 51591;
- in proc_pid_parse(), Coverity CID 51590;
- in move_veth_to_bridge(), Coverity CID 51593;
- etc.
2. Use strlcpy() instead of strcpy() to avoid buffer overruns.
Some of these are also reported by Coverity, for example
the one in dump_filemap(), Coverity CID 51630.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This option allows users to specify their own irmap paths to scan in the event
that they don't have a path in one of the hard coded hints.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Hui Kang <hkang.sunysb@gmail.com>
Looks-good-to: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Users shouldn't use it directly anyway, they should
use criu_set* fucntions for that.
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In this mode libcriu will execute criu binary in swrk
mode, so users are not always obliged to run criu service
daemon.
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
* Added functionality for dumping unnamed unix sockets.
When we call CRIU with dump option, for unnamed socket we
should pass it inode into --ext-unix-sk. Details about this problem
described in http://criu.org/External_UNIX_socket#What_to_do_with_socketpair.28.29-s.3F.
Usage example:
criu dump -D images -o dump.log -v4 --ext-unix-sk=4529709 -t 13506
* fix typo error in log output
Signed-off-by: Artem Kuzmitskiy <artem.kuzmitskiy@lge.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently, libcriu is connecting to CRIU service
by itself, just asking user for a path to socket.
But in some cases users need to provide fd instead
path. For example, sometimes task has no access to
criu socket because of strict security mesures, but
is able to inherit fd from a parent that has access
to criu socket.
v2, use union for addr and fd
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
criu_opts contains rpc options and notify callback,
so we can keep all options in just one structure.
This will allow us to easily extend libcriu functionality
and yet keep all options in one place.
We're also not hiding rpc opts structure anymore, so
it is pretty clear where power-user should put his own
CriuOpts instance if he would like to do that.
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Having ability to have your own options structure is quite nice
and allows much more flexible use of libcriu in cases when you
want to have a bunch of instances of options structures.
This patch also allows users to use raw CriuOpts structure
modified in any suitable way, whether by libcriu's criu_local_set
methods or by using protobuf-c directly.
It is also worth noting, that backward-compatibility in API and ABI
is preserved.
Signed-off-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we use a static buffer, but it is too small.
Error (cr-service.c:58): Failed unpacking request: Success
Error (cr-service.c:694): Can't recv request: Success
data too short after length-prefix of 1217
v2: use recv instead on recvmsg
Reported-by: Ross Boucher <rboucher@gmail.com>
Cc: Ross Boucher <rboucher@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Ruslan Kuprieiev <rkuprieiev@cloudlinux.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We have a slight mess with how criu restores root task.
Right now we have the following options.
1) CLI
a) Usually
task calling criu
`- criu
`- root restored task
b) when --restore-detached AND root has pdeath_sig
task calling criu
`- criu
`- root restored task
2) Library/SWRK
task using lib/swrk
`- criu
`- root restored task
3) Standalone service
a) Usually
service
`- service sub task
`- root restored task
b) when root has pdeath_sig
criu service
`- criu sub task
`- root restored task
It would be better is CRIU always restored the root task as sibling,
but we have 3 constraints:
First, the case 1.a is kept for zdtm to run tests in pid namespaces
on 3.11, which in turn doesn't allow CLONE_PARENT | CLONE_NEWPID.
Second, CLI w/o --restore-detach waits for the restored task to die and
this behavior can be "expected" already.
Third, in case of standalone service tasks shouldn't become service's
children.
And I have one "plan". The p.haul project while live migrating tasks
on destination node starts a service, which uses library/swrk mode. In
this case the restored processes become p.haul service's kids which is
also not great.
That said, here's the option called --restore-child that pairs the
--restore-detach like this:
* detached AND child:
task
`- criu restore (exits at the end)
`- root task
The root task will become task's child.
This will be default to library/swrk.
This is what LXC needs.
* detach AND !child
task
`- criu restore (exits at the end)
`- root task
The root task will get re-parented to init.
This will be compatible with 1.3.
This will be default to standalone service and
to my wish with the p.haul case.
* !detach AND child
task
`- criu restore (waits for root task to die)
`- root task
This should be deprecated, so that criu restore doesn't mess
with task <-> root task signalling.
* !detach AND !child
task
`- criu restore (waits for root task to die)
`- root task
This is how plain criu restore works now.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Andrew Vagin <avagin@openvz.org>
criu managed cgroups is now an opt-in thing, so by default criu does not manage
(i.e. dump or restore) cgroups. This allows users to use the previous behavior.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Andrey validly pointed out, that restoring pdeath_sig is not
compatible with criu_restore_child() call -- after criu restore
children, it will exit and fire the pdeath_sig into restored
tree root, potentially killing it.
The fix for that could be -- when started in swrk more, criu can
restore tree not as children tasks, but as siblings, using the
CLONE_PARENT flag when fork()-ing the root task.
With this we should also take care about errors handing -- right
now criu catches the SIGCHILD from dying children tasks, and
since we plan to create them be children of the criu parent (the
library caller) we will not be able to catch them. To do so we
SEIZE the root task in advance thus causing all SIGCHLD-s go to
criu, not to its parent.
Having this done we no longer need the SUBREAPER trick in the
library call -- tasks get restored right as callers kids :)
Some thoughts for future -- using this trick we can finally make
"natural" restoration of shell jobs. I.e. -- make criu restore
some subtree right under bash, w/o leaving itself as intermediate
task and w/o re-parenting the subtree to init after restore.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrey Vagin <avagin@parallels.com>
Perform dumping but with preliminary iterations. Each
time an iteration ends the ->more callback is called.
The callback's return value is
- positive -- one more iteration starts
- zero -- final dump is performed and call exits
- negative -- dump is aborted, the value is returned
back from criu_dump_iters
Inside callback one may (well, should) call criu_set_
function to alter the details of next iterations. In
particluar, then prev and next images directories should
be changed.
The @pi argument is an opaque value that caller may
use to request pre-dump statistics (not yet implemented).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
After a bit more thinking I found a way to fetch arguments
from notifications -- pass opaque value into callback and
provide a set of calls for exploring one.
With this we can
a) provide more data if service supplies additional fields
in the future
b) not check the action name to decide whether or not the
requested argument is available
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This is achieved by supplying the callback. Every time a notification
arrives the callback is called. Return value of 0 means continue,
any other value aborst the request and the value is reported back
to the caller (from criu_dump/criu_restore calls).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It fully uses the swrk action of criu. The problems, that caller may
have is that the restored tasks die _before_ libcriu's call returns.
v2:
* rename _sub to _child
* unblock sigchild before execl-ing criu
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The --exec-cmd option specifies a command that will be execvp()-ed on successful
restore. This way the command specified here will become the parent process of
the restored process tree.
Waiting for the restored processes to finish is responsibility of this command.
All service FDs are closed before we call execvp(). Standad output and error of
the command are redirected to the log file when we are restoring through the RPC
service.
This option will be used when restoring LinuX Containers and it seems helpful
for perf or other use cases when restored processes must be supervised by a
parent.
Two directions were researched in order to integrate CRIU and LXC:
1. We tell to CRIU, that after restoring container is should execve()
lxc properly explaining to it that there's a new container hanging
around.
2. We make LXC set himself as child subreaper, then fork() criu and ask
it to detach (-d) from restore container afterwards. Being a subreaper,
it should get the container's init into his child list after it.
The main reason for choosing the first option is that the second one can't work
with the RPC service. If we call restore via the service then criu service will
be the top-most task in the hierarchy and will not be able to reparent the
restore trees to any other task in the system. Calling execve from service
worker sub-task (and daemonizing it) should solve this.
Signed-off-by: Deyan Doychev <deyandoichev@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This function implements the --root command line option in libcriu.
Signed-off-by: Deyan Doychev <deyandoichev@gmail.com>
Reviewed-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
As we've added work_dir_fd to RPC, lets add support for it to libcriu.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 1141012 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
2. fixed_size_dest: You might overrun the 108 byte fixed-size string
"addr.sun_path" by copying "service_address" without checking the
length.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These functions are to be used to check criu, dump process and restore process.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Defining it as static char is a bad idea especially
if it get included and never used -- we will get
"unused" variable error.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Add target lib to Makefile for criu library.
Created directory lib and add there Makefile and criu.c - skelettons for criu library.
Signed-off-by: Ruslan Kupreev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
