This generates more readable data in logs.
| (00.002930) inet: Collected: ino 0xc3f15b family AF_INET type SOCK_DGRAM port 8081 state TCP_CLOSE src_addr 127.0.0.10
| (00.002980) inet: Collected: ino 0xc3f159 family AF_INET type SOCK_RAW port 1 state TCP_CLOSE src_addr 127.0.0.14
| (00.002984) inet: Collected: ino 0xc3f158 family AF_INET type SOCK_RAW port 17 state TCP_CLOSE src_addr 127.0.0.12
| (00.002988) inet: Collected: ino 0xc3f156 family AF_INET type SOCK_RAW port 255 state TCP_CLOSE src_addr 0.0.0.0
| (00.003439) inet: Collected: ino 0xc3f15a family AF_INET6 type SOCK_RAW port 58 state TCP_CLOSE src_addr ::
| (00.003449) inet: Collected: ino 0xc3f157 family AF_INET6 type SOCK_RAW port 255 state TCP_CLOSE src_addr ::
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The tun files may have same names but different
net namespace so consider ns_id when searching
for particluar tun device name.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Opening tun device is tricky: the net device
is allocated from current net namespace, thus
we should set it first, otherwise all tuns
which live in nested net namespace get moved
to the toplevel one.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
In Py2 `range` returns a list and `xrange` creates a sequence object
that evaluates lazily. In Py3 `range` is equivalent to `xrange` in Py2.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Use __future__ imports to keep this working for python2
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
CPython currently uses a reference-counting scheme with (optional)
delayed detection of cyclically linked garbage, which collects most
objects as soon as they become unreachable, but is not guaranteed to
collect garbage containing circular references.
Some objects contain references to "external" resources such as open
files. It is understood that these resources are freed when the object
is garbage-collected, but since garbage collection is not guaranteed to
happen, such objects also provide an explicit way to release the
external resource, usually a close() method.
Programs are strongly recommended to explicitly close such objects.
Reference: https://docs.python.org/3.6/reference/datamodel.html
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Add hostname resolution in setup_tcp_client(). This change allows a
valid hostname to be provided as value for --address option when
connecting to page server.
This change is needed for the following path which removes
setup_TCP_client_socket() from img-proxy.c. In this function the
hostname resolution was implemented using gethostbyname()
However, here we use `getaddrinfo` instead because gethostbyname() is
marked obsolescent in POSIX.1-2001 and is removed in POSIX.1-2008
specifications.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
When --remote-lazy-pages is used the address option was not specified.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
The function `setup_TCP_server_socket` (defined in img-remote.c) and
`setup_tcp_server` (defined in util.c) have very similar functionality.
Replace setup_TCP_server_socket() with setup_tcp_server() to reduce
code duplication and to enable IPv6 support for the image-cache action
of CRIU.
We set SO_REUSEADDR flag to allow reuse of local addresses.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
We don't have rights to print anything into standard descriptors
and we want to have all output in a specified log file.
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Service descriptors are a set of file descriptors which isn't
intercepted with restored file descriptors.
In all cases, when we don't need to restore file descriptors, we can
skip all magic of service-fd and just save descriptor numbers in a
static array.
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Currently, install_service_fd() always creates a new file descriptor,
but it is going to be reworked to reuse a file descriptor when it is
possible.
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
For a long time we've been demanding from cpus to be compatible
on fpu frame level, but growing list of cpu features triggers
inability for restored programs to proceed after restore due
to specific intructions execution (such as avx2). Note the
fpu frame may carry same size but not on instruction level
where SIGILL may happen after the restore.
Thus lets require instruction mode to be set and verified by default.
Still one can drop this option via command line or rpc request.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Since we're using bintmaps for options don't exit early
if --cpu-cap=ins specified because there might be a
combination of options.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Since now validation is bit based there is no longer need to
exit early if fpu matches, we rather need over all possible
options where several capability modes can be set.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmaill.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Current scheme of when to write and verify cpuinfo
images is unclear: we define default mode to 'fpu'
and this implies that no cpuinfo image get written
on dump and read on restore. In turn if 'cpu' or
'ins' mode specified in command line we write and
verify this image.
This is all wrong -- we need to produce image if
any mode ecxept 'none' is specified. The 'none'
mode is designed exactly for skipping cpuinfo
image production or verification.
Because any non-default mode requires explicit
--cpu-cap option to be passed we can use this
and setup new CPU_CAP_IMAGE telling criu to
write or read this image.
Note the default mode doesn't break backward
compatibility because by default we don't
write or read the image at all.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmaill.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
xsave sizes should sit in fpu capability block because
instruction and strick mode checkig is a different
thing.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmaill.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Usually people simply leave cpu checkin in default
mode (which is fpu level) but idea was to be able
to compose a mixture of settings, for this sake
CPU_CAP_ constants are bit shifts. Thus use bitwise
operator for this.
Same time define CPU_CAP_ as bit shifts explicitly
and use explicit CPU_CAP_NONE compare where needed.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmaill.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Keep xsave sizes in image to be sure that on restore the application
won't override memory out of xsave frame size if been calling xsave
instruction directly.
Here are some details: while been testing vz7 containers migration
we've noticed that sometime applications do crash after restore,
what is worse such execution abort may happen not immediately
after the restore but after passing some time. After spending
a lot of time we discovered that it is due to the fact that
the migration is directed from an old cpu to a modern one
which has extensions such as mpx. In result libc has cached
small xsave size and then after restore any direct call to
xsave instruction overwrite memory which is allocated with
size less than needed.
Thus we save xsave frame size in image and require it to
match to prevent such situation.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: Dmitry Safonov <0x7f454c46@gmaill.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Before fix issubpath("./zdtm/static/mntns_shared_vs_private.test",
"./") returned false, though should return true.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>