Otherwise static/socket-tcp and streaming/socket-tcp have the same path
to images and they can affect each other.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
They are now in per-pid images, but every entry contains a
pid to which it "belongs". This belonging is fake -- it's
just a pid of a task who placed the lock, while locks really
belong to files. We even have a bug when task that locked
a file exited and "delegated" the lock to its child.
This images merge reduces the amount of image files criu
generates and may simplify the fix of mentioned above issue.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
A bit later we'd need to check whether cinfo collector
opened an image or not due to file absense.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If the root task is forked in a new pidns, it can't use its pid for
accessing /proc, because this proc belongs to the source pidns.
v2: don't copy a static string.
v3: take a bright part of Tycho's patch
Reported-by: Tycho Andersen <tycho.andersen@canonical.com>
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
criu managed cgroups is now an opt-in thing, so by default criu does not manage
(i.e. dump or restore) cgroups. This allows users to use the previous behavior.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It looks like criu constantly postpones external bind mounts. I'm trying to resolve
when we manage to break this (when I did ext-mount-map they for some reason didn't).
Meanwhile, this patch fixes it back.
Reported-by: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The $test variable was being used without being locally defined in
the start_test function. Define it locally for uniformity with other
functions and use it where convenient. Also make the definition in
case_error local for uniformity with other functions.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The -p argument to `ps` is not supported by Busybox v1.19.4. Sending
signal 0 with the `kill` command is an alternative way to check
whether a process is still running.
http://www.linuxjournal.com/content/monitoring-processes-kill-0
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Building on top of the cgroup properties infrastructure patch, this patch will
add all the cgroups properties to the static list of properties we want to restore.
Change-Id: I992c260089dcc2ba169a8ac5b19d73f29c678e7d
Signed-off-by: Garrison Bellack <gbellack@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Restores 2 cgroup properties after the criu restoration of tasks.
Currently the cgroup files to be restored are static but
are easily extendable. To change the properties to be restored,
edit this list at the top of cgroup.c. If a cgroup exists during
restoration, its properties will not be overwritten.
Work based off Tycho Anderson tycho.andersen@canonical.com
Change-Id: Ida32b9773eeac1d4d6e82ad644524ed099d5f9b1
Signed-off-by: Garrison Bellack <gbellack@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
There is an issue where if the proccess to be killed spawns a child proccess and
moves it in a child cgroup of the one the parent process is in, the cgroup fd
was being closed in the parent process before it forked the child. Then when
move_in_cgroup() is called for the child process, the file descriptor has
already been closed causing a failure for the second call to move_in_cgroup().
Moved the fd close after the fork call.
Change-Id: I6ae88b95c5410a7f56108e28eb3133f113e868d0
Signed-off-by: Garrison Bellack <gbellack@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
SIGMAX is a valid value, but the 0 signal doesn't exist.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
proc_parse.c: In function ‘parse_task_cgroup’:
proc_parse.c:1603:16: error: ‘path’ may be used uninitialized in this function [-Werror=uninitialized]
cc1: all warnings being treated as errors
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The helper task doesn't change sigaction and does nothing with
parent_sigacts. paren_sigacts will contain values for the previous alive
task, so the logic about inherence should work as expected.
Reported-by: Jenkins Criuovich
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Most of the sigactions are the same across the tasks in the image.
Nonetheless existing code always calls a syscall to restore them
and spends 64 calls per-task.
Let's restore signals before forking children and let them inherit
sigactions. Tune one only if it differs from the parent's.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
The whole idea behind this code was to stop receiving CHLD from
restored tasks after resume. The comment about this is done for
scripts is wrong (we call more scripts before this) because
sigchld_handler() knows about scripts:
commit de71bc69170cfeceb24bddd431ad10b8ea607d42
exit = (siginfo->si_code == CLD_EXITED);
status = siginfo->si_status;
+
+ /* skip scripts */
+ if (!current && root_item->pid.real != pid) {
+ pid = waitpid(root_item->pid.real, &status, WNOHANG);
+ if (pid <= 0)
+ return;
+ }
And since CHLD handler makes little sence after exec, it's easier
just to reset one to default action at the end.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
We tune the CHLD handler if we're restoring root task
as sibling. This tuning is better to be done with one
sigaction() call, rather than two. First, it's shorter
and the second -- it will allow us to move the whole
criu signalling setup into one helper.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
We don't need pid in any of these calls actually, they are
all legacy from the old days. I plan to move the call to
prepare_sigactions, so remove the pid argument in advance.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
CID 1168165 (#2 of 2): Untrusted array index read (TAINTED_SCALAR)
40. tainted_data: Using tainted variable "hoff" as an index into an
array "str"
$ man 3 scanf
n Nothing is expected; instead, the number of characters consumed
thus far from the input is stored through the next pointer,
which must be a pointer to int. This is not a conversion,
although it can be suppressed with the * assignment-suppression
character. The C standard says: "Execution of a %n directive
does not increment the assignment count returned at the comple‐
tion of execution" but the Corrigendum seems to contradict this.
Probably it is wise not to make any assumptions on the effect of
%n conversions on the return value.
So it isn't not enough to check a return code from scanf().
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 1230179 (#1 of 1): Resource leak (RESOURCE_LEAK)
15. leaked_storage: Variable "ncd" going out of scope leaks the storage
it points to.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Coverity: 1230177 Dereference before null check
There may be a null pointer dereference, or else the comparison against
null is unnecessary. In parse_task_cgroup: All paths that lead to this
null pointer comparison already dereference the pointer earlier
(CWE-476)
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This brings the changes made in the following commits to the
aarch64 copy of the code.
commit 7794f67f2055420c6b6c2967edfbe0c39a7cd744
Author: Cyrill Gorcunov <gorcunov@openvz.org>
Date: Tue Aug 5 13:59:18 2014 +0400
vdso: x86 -- Fix missing ability to remap vDSO if only one zone present
commit 066add0de44f462e7482571763f303ded0b4762f
Author: Cyrill Gorcunov <gorcunov@openvz.org>
Date: Tue Aug 5 13:07:00 2014 +0400
vdso: x86 -- Simplify vdso_proxify
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This is required to support checkpoint and restore of timers
that notify via file descriptors on ARM and AArch64.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Check that files opened before switching to new mount namespace
remain in it after restore. Right now this is not so :( Andrey is
fixing the issue.
Christopher, can you check whether the ns_child's call to system()
works in your minimal set-ups (it launches cat and awk). If not,
then I should rewrite this routine in pure C.
The first version was written by Pavel (xemul@).
v2: don't use test_init_ns
don't call awk and cat
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: add a comment before mntns_get_root_by_mnt_id(-1);
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Here is a problem with ghost files. Links are created on restore, but
they can't be created on any mount point, because a mount point can be
non-root bind-mount of another one. So we need to find the root mount
and create all links there.
v2: clean up
v3: add optimization for the case when both links on the same mount
point.
v4: don't look up mount points by mnt_id in a second time.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore we add a temporary root to a mount point path. It's convinient
for restoring mount namespaces, but real paths are used for restoring
link-remap files.
v2: replace the offset field on a char * field
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
