Using scan-build there is a warning about
infect.c:231:17: warning: The left operand of '!=' is a garbage value
if (ss->state != 'Z') {
which is a false positive as every process will have a 'Status' field,
but initializing the structure makes the clang analyzer silent.
Signed-off-by: Adrian Reber <areber@redhat.com>
The clang analyzer, scan-build, cannot correctly handle the
LOCK_BUG_ON() macro. At multiple places there is the following warning:
Error: CLANG_WARNING:
criu/pie/restorer.c:1221:4: warning: Dereference of null pointer
include/common/lock.h:14:35: note: expanded from macro 'LOCK_BUG_ON'
*(volatile unsigned long *)NULL = 0xdead0000 + __LINE__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
This just disable the clang analyzer for the LOCK_BUG_ON() macro.
Signed-off-by: Adrian Reber <areber@redhat.com>
Some kernels have W^X mitigation, which means they won't execute memory
blocks if that memory block is also writable or ever was writable. This
patch enables CRIU to run on such kernels.
1. Align .data section to a page.
2. mmap a memory block for parasite as RX.
3. mprotect everything after .text as RW.
Signed-off-by: Michał Cłapiński <mclapinski@google.com>
When criu restore runs as PID=1 it has an additional responsibility to
reap zombie processes.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
criu-ns performs double fork, which results in criu restore
using PID=2. Thus, if a user is trying to restore a process
with that PID, the restore will fail.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
class ctypes.c_char_p
Represents the C char * datatype when it points to a zero-
terminated string. For a general character pointer that may
also point to binary data, POINTER(c_char) must be used.
The constructor accepts an integer address, or a bytes object.
https://docs.python.org/3/library/ctypes.html#ctypes.c_char_p
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
In Py2 `range` returns a list and `xrange` creates a sequence object
that evaluates lazily. In Py3 `range` is equivalent to `xrange` in Py2.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
So, here's the enhanced version of the first try.
Changes are:
1. The wrapper name is criu-ns instead of crns.py
2. The CLI is absolutely the same as for criu, since the script
re-execl-s criu binary. E.g.
scripts/criu-ns dump -t 1234 ...
just works
3. Caller doesn't need to care about substituting CLI options,
instead, the scripts analyzes the command line and
a) replaces -t|--tree argument with virtual pid __if__ the
target task lives in another pidns
b) keeps the current cwd (and root) __if__ switches to another
mntns. A limitation applies here -- cwd path should be the
same in target ns, no "smart path mapping" is performed. So
this script is for now only useful for mntns clones (which
is our main goal at the moment).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Looks-good-to: Andrey Vagin <avagin@openvz.org>
CRIU is already using multiple CI systems and not just Travis. This
renames all Travis related things to 'ci' to show it is actually
independent of Travis.
Just a simple rename.
Signed-off-by: Adrian Reber <areber@redhat.com>
This is yet another big release with many new features in it:
* Introduced criu-image-streamer
* Added MIPS support.
* Allow checkpointing out of existing PID namespace and
restoring into existing PID namespace.
* Added additional file validation mechanisms
* Added support to checkpoint and restore BPF hash maps and array maps.
* Initial cgroup2 support
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Build on Fedora Core 33 produces the following warnings:
include/common/asm/bitops.h: Assembler messages:
include/common/asm/bitops.h:37: Warning: no instruction mnemonic suffix given and no register operands; using default for `bt'
include/common/asm/bitops.h: Assembler messages:
include/common/asm/bitops.h:63: Warning: no instruction mnemonic suffix given and no register operands; using default for `bts'
Update test_bit() and test_and_set_bit() implementation with recent
version from the Linux kernel to fix the warning.
Fixes#1217
Reported-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
GNU ld precalculates this information but lld does not. With this
change, handle-elf.c calculates those addresses on its own.
When calculating addresses sections with SHF_ALLOC bit are put one after
another, respecting their alignment requirements. This matches the way
how the blob is constructed by copying section contents.
Signed-off-by: Wojciech Marczenko <marczenko@google.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
CID 73358 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
sk is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 181217 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
Passing null pointer mntns to mntns_get_root_fd, which dereferences it.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 192968 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
dup(fd) is passed to a parameter that cannot be negative. [show details]
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 73358 (#2 of 2): Argument cannot be negative (NEGATIVE_RETURNS)
sk is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 73378 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
sk is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 92720 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
pfd is passed to a parameter that cannot be negative.
CID 92747 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
pfd is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 178391 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
sk is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 192961 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
sockfd is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 192963 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS)
dup(sk) is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226477 (#1 of 1): Resource leak (RESOURCE_LEAK)
Variable fd_dir going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226478 (#1 of 2): Double close (USE_AFTER_FREE)
Calling close(int) closes handle fd which has already been closed.
CID 226478 (#2 of 2): Double close (USE_AFTER_FREE)
Calling close(int) closes handle fd which has already been closed.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226480 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
You might overrun the 4096-character fixed-size string root_link.name by copying new->root without checking the length.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226482 (#1 of 1): Resource leak (RESOURCE_LEAK)
Variable path going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226483 (#1 of 1): Resource leak (RESOURCE_LEAK)
Variable p going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226484 (#1 of 1): Double close (USE_AFTER_FREE)
Calling close(int) closes handle fd which has already been closed.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226485 (#1 of 3): Resource leak (RESOURCE_LEAK)
Variable events going out of scope leaks the storage it points to
CID 226485 (#2 of 3): Resource leak (RESOURCE_LEAK)
Variable events going out of scope leaks the storage it points to
CID 226485 (#3 of 3): Resource leak (RESOURCE_LEAK)
Variable events going out of scope leaks the storage it points to
Also changed epoll_prepare() to check return value of epoll_create()
against '< 0' instead if '== -1' to make coverity happy.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 226486 (#1 of 2): Resource leak (RESOURCE_LEAK)
Variable mi going out of scope leaks the storage it points to.
CID 226486 (#2 of 2): Resource leak (RESOURCE_LEAK)
Variable mi going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302711 (#1 of 1): Logically dead code (DEADCODE)
Execution cannot reach the expression pr->io_complete inside this statement: if (ret == 0 && pr->io_comp....
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302712 (#1 of 1): Resource leak (RESOURCE_LEAK)
Variable build_id going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302714 (#1 of 1): Resource leak (RESOURCE_LEAK)
Variable dirnew going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302715 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
fd is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302717 (#2 of 2): Resource leak (RESOURCE_LEAK)
Variable dirnew going out of scope leaks the storage it points to.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302718 (#1 of 1): Double close (USE_AFTER_FREE)
Calling close(int) closes handle sockfd which has already been closed.
Signed-off-by: Adrian Reber <areber@redhat.com>
CID 302719 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)
img_raw_fd(img) is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
This commit achieves the following:
a) Refactors ZDTM tests bpf_array.c and bpf_hash.c to make use of the
BPF ZDTM library functions. In addition, these tests now verify whether
information obtained from both procfs and BPF_OBJ_GET_INFO_BY_FD are
the same before and after c/r.
b) Updates ZDTM tests bpf_array.c and bpf_hash.c to include a BPF map's
name and also to freeze maps
Source files modified:
* zdtm/static/bpf_array.c
* zdtm/static/bpf_hash.c
Source files added:
* zdtm/static/bpf_array.desc
* zdtm/static/bpf_hash.desc
Note: ${test_name}.desc files have the 'suid' flag set because
BPF_MAP_FREEZE requires the global (root-userns) CAP_SYS_ADMIN or
CAP_BPF. Hence, only test flavors 'h' and 'ns' are executed ('uns'
is skipped) because BPF_MAP_FREEZE can't be used from non-root user
namespaces.
Signed-off-by: Abhishek Vijeev <abhishek.vijeev@gmail.com>
This commit achieves the following:
a) C/R of a BPF map's name as well as ifindex (index of the network
interface to which the map is attached). This information is not
available from procfs and therefore has to be obtained using the
bpf() system call with BPF_OBJ_GET_INFO_BY_FD.
b) Adds support for frozen maps - during the restore operation, CRIU
now freezes a BPF map that was frozen during checkpoint.
Source files modified:
* bpfmap.c
Signed-off-by: Abhishek Vijeev <abhishek.vijeev@gmail.com>
This commit adds a BPF map's name and ifindex to its protobuf image.
ifindex is the index of the network interface to which the BPF map is
attached and can be specified via a parameter while creating the BPF
map (BPF_MAP_CREATE). This commit also provides a default value of
false to the field 'frozen'.
Source files modified:
* images/bpfmap-file.proto
Signed-off-by: Abhishek Vijeev <abhishek.vijeev@gmail.com>
This commit adds BPF helper functions needed by tests in a new library.
It defines new functions that allow verifying BPF map meta-data from
the procfs as well as using the bpf() system call with
BPF_OBJ_GET_INFO_BY_FD. It is necessary to verify from procfs and using
BPF_OBJ_GET_INFO_BY_FD because the information available from both
these places is disjoint (for example, checking whether a map is frozen
cannot be performed with BPF_OBJ_GET_INFO_BY_FD).
Source files modified:
* test/zdtm/lib/Makefile - Generating build artifacts
Source files added:
* test/zdtm/lib/bpfmap_zdtm.c - Provides definitions for 3 new
functions:
(a) parse_bpfmap_fdinfo() - Parses information about the BPF map
from procfs
(b) cmp_bpf_map_info() - Compares the attributes of a BPF map file
obtained from BPF_OBJ_GET_INFO_BY_FD. This function is typically
used to verify that the attributes of a BPF map remain the same
before checkpoint and after restore
(c) cmp_bpfmap_fdinfo() - Compares the attributes of a BPF map file
obtained from procfs. This function is typically used to verify
that the attributes of a BPF map remain the same before checkpoint
and after restore
* test/zdtm/lib/bpfmap_zdtm.h - Structure and function declarations.
Declares struct bpfmap_fdinfo_obj, which stores information about BPF
maps parsed from procfs
Signed-off-by: Abhishek Vijeev <abhishek.vijeev@gmail.com>
