While we try to seize task it can die and give its pid to
somebody else. This can break pstree consistency. Check for
parent being valid after task is seized.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Move proc checks for Z-state into seize_task().
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Without the patch all files starting with "." will be ommited.
Use of strcmp() - explicit check for "." and ".." looks clearer.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
- drop double file-ids.h inclusion
- rename fd_id_entry to plain entry, it's
used just in a couple of lines only, no
need for complex name
Reported-by: Kir Kolyshkin <kir@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
This patch was designed to be generic and thus usable for all kinds of
sockets. Not sure, thah this goal has been reached, but at least I tried.
Key ideas:
1) On-stack structure for collecting sockets queues and then passing them to
parasite code.
2) Singly linked list is used for collecting structures, representing sockets
of any kind (!) with queues.
Based on xemul@ patches.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
We switch generic-object-id concept with sys_kcmp approach,
which implies changes of image format a bit (and since it's
early time for project overall, we're allowed to).
In short -- previously every file descriptor had an ID
generated by a kernel and exported via procfs. If the
appropriate file descriptors were the same objects in
kernel memory -- the IDs did match up to bit. It allows
us to figure out which files were actually the identical
ones and should be restored in a special way.
Once sys_kcmp system call was merged into the kernel,
we've got a new opprotunity -- to use this syscall instead.
The syscall basically compares kernel objects and returns
ordered results suitable for objects sorting in a userspace.
For us it means -- we treat every file descriptor as a combination
of 'genid' and 'subid'. While 'genid' serves for fast comparison
between fds, the 'subid' is kind of a second key, which guarantees
uniqueness of genid+subid tuple over all file descritors found
in a process (or group of processes).
To be able to find and dump file descriptors in a single pass we
collect every fd into a global rbtree, where (!) each node might
become a root for a subtree as well.
The main tree carries only non-equal genid. If we find genid which
is already in tree, we need to make sure that it's either indeed
a duplicate or not. For this we use sys_kcmp syscall and if we
find that file descriptors are different -- we simply put new
fd into a subtree.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
The ptrace seize doesn't prevent signals from delivery. That said,
we should block the signals in the target task before dumping
anything which is signals-related, i.e. memory and registers.
But once we've blocked signals, we should dump registers before
unblocking them, since any postponed signal will screw things up.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
This patch tries to introduce lazy and hidden pid_dir support,
meaning one don't have to worry about pid_dir but the optimization
is still there.
The patch relies on the fact that we work with many /proc/pid files for
one pid, then for another pid and so on, i.e. not in a random manner.
The idea is when we call open_proc() with a new pid for the first time,
the appropriate /proc/PID directory is opened and its fd is stored.
Next call to open_proc() with the same PID only need to check that
the PID is not changed. In case PID is changed, we close the old one
and open/store a new one.
Now the code using open_proc() and friends:
- does not need to carry proc_pid around, pid is enough
- does not need to call open_pid_proc()
The only thing that can't be done in that "lazy" mode is closing the last
PID fd, thus close_pid_proc().
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
...and make it correctly print the file name we were unable to open.
Also, error from fdopen[dir]() is now reported with file name as well.
Note that open_proc() and friends need to be macros in order for
pr_perror() to show actual file name and line number where error occured.
Historical note: the original version of this patch was way more radical,
changing openat() to open() and thus removing pid_dir (replacing with pid
when needed) and open_proc_dir(), changing openat() to open(). The word
from Pavel is he wants to keep the openat/pid_dir optimization because
it saves two dentry lookups in kernel code for each open(). Because of
this optimization (and desire to print correct file name in case
of error) we have to carry both pid and pid_dir everywhere.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
- make control block to keep all information
needed to run injected syscall and parasite
blobs
- add ptrace_swap_area helper
- handle both parasite engine calls and injected
syscalls by single __parasite_execute function
- drop jerr() usage
- bring back handling of inflight signals from
original program inside parasite code
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
I don't like that we poke the parasite into remote space with 4k calls
to ptrace. Now we have the /proc/pid/map_files/ dir which helps us sharing
a mapping with some other process.
Use this -- map the remote area for parasite locally and put the parasite
blob into it with simple memcpy.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Right now we do syscall_seized for this, but we have the misc dumping command
and the core is (after patch #3) dump after parasite, so we can get brk from
the misc dump, thus avoiding one more switch to parasite.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
This actually does two things:
1. The parasite code writes to pages _or_ to pages_shared file himself based
on a hint given from the main program. This avoids shared pages copying
in finalize_core.
2. The private pages are moved out of the core file into a separate one. This
avoids private pages copying in finalize_core.
The goal of this patch is a) to avoid pages copying at all (we still have
one on restore, but fixing this requires Andrey's work on shared memory
dumping) and b) make big blobs with pages be stored in separate files (I
have plans on its format rework and unification).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Only the low 32 bits of orig_ax are meaningful
for obtaining syscall number so we need to test
if sign extended bits are greater than 0.
Reported-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
v2: wrappers names become less obfuscating
This patch:
1) Updates function cr_fdset_open() to be suitable for handling fdset creation
for dump and show stages.
2) Replaces cr_fdset_open() by new wrapper function cr_fdset_dump().
3) Replaces prep_cr_fdset_for_restore() by new wrapper function cr_fdset_show().
Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
In case of critical error is happened during checkpoint
procedure, the program should exit immediately.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
This patch adds ability to checkpoint/restore
/proc/pid/exe symlink, so if a process we've just
checkpointed has been say /path/to/exe, then at restore
time we bring this path back.
There some restiction from kernel side: if
existing /proc/pid/exe already mapped more than
once, the kernel will refuse to change the symlink,
so we need to restore it lately when mmaps of crtools
itself already unmapped (ie via late call in
restorer.c).
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
This commit brings the former "Rewrite task/threads stopping engine"
commit back. Handling it separately is too complex so better try
to handle it in-place.
Note some tests might fault, it's expected.
---
Stopping tasks with STOP and proceeding with SEIZE is actually excessive --
the SEIZE if enough. Moreover, just killing a task with STOP is also racy,
since task should be given some time to come to sleep before its proc
can be parsed.
Rewrite all this code to SEIZE task and all its threads from the very beginning.
With this we can distinguish stopped task state and migrate it properly (not
supported now, need to implement).
This thing however has one BIG problem -- after we SEIZE-d a task we should
seize
it's threads, but we should do it in a loop -- reading /proc/pid/task and
seizing
them again and again, until the contents of this dir stops changing (not done
now).
Besides, after we seized a task and all its threads we cannot scan it's children
list once -- task can get reparented to init and any task's child can call clone
with CLONE_PARENT flag thus repopulating the children list of the already seized
task (not done also)
This patch is ugly, yes, but splitting it doesn't help to review it much, sorry
:(
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Stopping tasks with STOP and proceeding with SEIZE is actually excessive --
the SEIZE if enough. Moreover, just killing a task with STOP is also racy,
since task should be given some time to come to sleep before its proc
can be parsed.
Rewrite all this code to SEIZE task and all its threads from the very beginning.
With this we can distinguish stopped task state and migrate it properly (not
supported now, need to implement).
This thing however has one BIG problem -- after we SEIZE-d a task we should seize
it's threads, but we should do it in a loop -- reading /proc/pid/task and seizing
them again and again, until the contents of this dir stops changing (not done now).
Besides, after we seized a task and all its threads we cannot scan it's children
list once -- task can get reparented to init and any task's child can call clone
with CLONE_PARENT flag thus repopulating the children list of the already seized
task (not done also)
This patch is ugly, yes, but splitting it doesn't help to review it much, sorry :(
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
* kid -> child
* First letter should be uppercase
* Misc typos in messages and comments
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
v2: strlen() check removed from parse_ns_string()
Now '-n' option must be followed by namespaces tags, separated by commas.
Currently, only "uts" namespace is supported.
Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
There are two cases for cr_fdset_open
- It might be called with already allocated
memory so we should reuse it.
- It might be called with NULL pointing out
that caller expects us to allocate memory.
If an open() error happens somewhere inside cr_fdset_open
it requires two error paths
- Just close all files opened but don't free memory
if it was not allocated by us
- Close all files opened *and* free memory allocated
by us.
In any case we should close all files opened so close_cr_fdset()
helper is splitted into two parts.
Also the caller should be ready for such semantics as well and
do not re-assign pointers obtained but simply test for NULL
on results.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
cr-dump.c: In function ‘dump_one_reg_file’:
cr-dump.c:128:2: error: format ‘%8x’ expects type ‘unsigned int’, but argument 5 has type ‘long unsigned int’
cr-dump.c: In function ‘dump_one_pipe’:
cr-dump.c:223:2: error: format ‘%d’ expects type ‘int’, but argument 2 has type ‘long unsigned int’
cr-dump.c:237:3: error: format ‘%8lx’ expects type ‘long unsigned int’, but argument 2 has type ‘u32’
cr-dump.c:237:3: error: format ‘%8lx’ expects type ‘long unsigned int’, but argument 3 has type ‘u32’
cr-dump.c:237:3: error: format ‘%8lx’ expects type ‘long unsigned int’, but argument 4 has type ‘u32’
cr-dump.c:237:3: error: format ‘%8lx’ expects type ‘long unsigned int’, but argument 5 has type ‘u32’
cr-dump.c:240:3: error: format ‘%d’ expects type ‘int’, but argument 4 has type ‘long unsigned int’
cr-dump.c: In function ‘dump_one_fd’:
cr-dump.c:257:3: error: format ‘%d’ expects type ‘int’, but argument 5 has type ‘long unsigned int’
cr-dump.c:262:3: error: format ‘%d’ expects type ‘int’, but argument 4 has type ‘long unsigned int’
cr-dump.c:272:4: error: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long unsigned int’
cr-dump.c:286:4: error: format ‘%d’ expects type ‘int’, but argument 4 has type ‘long unsigned int’
cr-dump.c:295:2: error: format ‘%d’ expects type ‘int’, but argument 4 has type ‘long unsigned int’
cr-dump.c: In function ‘dump_task_files’:
cr-dump.c:340:3: error: too few arguments for format
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
This is a standard convention to print error message (i.e. strerror(errno))
at the end of line, like this:
Cannot remove file: Permission denied
So pr_perror is fixed to follow this convention (using GNU extension
%m helps a lot here). Unfortunately, due to this we have to make
pr_perror() print a new line character, too, so we had to strip it
from the all pr_perror() invocations.
That (appending a newline) also makes pr_perror() a black sheep
in the herd of pr_* helpers, but what can we do? Worst case scenario
is an extra newline after an error message, not too harmful.
An alternative approach (stripping the newline from the passed format
string and re-adding it) was discussed thoroughly, and it was decided
that such a hack looks a bit too dirty.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Dumping is simple. All but secbits can be read from proc, secbits
are got from parasite.
Restoring is a bit tricky -- when you change anything on kernel
cred's struct it performs sophisticated checks and can change
some more stuff than requested, so the creds restoration procedure
is carefully commented step-by-step.
Another thing to mention is that creds are restored after everything
else, i.e. right before performing final threads sync and sigreturns.
This is done to avoid potential problems with insufficient caps for
restoring other stuff (e.g. CAP_DAC_OVERRIDE or zero euid is most
likely required for opening any image file and the notorious control
/proc/sys/kernel/ns_last_pid, which in turn is performed till the
very last moment).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Add command and basis for dumping minor bits for task
from parasite code. It's supposed to retrieve minor bits
form tasks which cannot be read from /proc.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
New option -n to dump/restore namespaces.
Fork the namespaces dumping task and write a helper for switching a namespace.
Prepare the restorer code for restoring namespaces before root task.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Split the CR_FD_ bits into per-task and global ones and replace
of CR_FD_DESC_NOPSTREE with CR_FD_DESC_TASK, which is explicit
set of per-task bits.
The CR_FD_DESC_NS will appear soon.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Timers are dumped from inside parasite code, the format is plain -- just
3 pairs of interval/value one-by-one.
The restoration occurs in two stages -- first prepare the timer values in
restorer (and check for sanity), then setup the timers in the latest stage
before actually calling the sigreturn.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Dump the core-pid.img file only. On restore select the way of killing
task based on his exit_code -- exit or kill with a signal. Before dying
unblock all the handlers and set SIG_DFL to it (to make the dead signal
other than KILL be deliverable).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Don't dump tasks in any state but T (stopped). Will extend it with Z soon.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Introduce 3 states we will have to work with:
* alive for tasks sleeping or running
* dead for zombies
* stopped for stopped tasks. We cannot distinguish tasks in this state now,
but with freezer cgroup this will become possible
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Move common code for tasks and threads dumping into routine. It will be
used for zombies as well.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Kill all the macros for reading/writing image parts. New API looks like
* write_img_buf/write_img
Write an object into an image. Reports 0 for OK, -1 for error. The _buf
version accepts object size as an argument, the other one uses sizeof()
* read_img_buf/read_img
Reads an object from image. Reports 0 for OK, -1 for error or EOF.
* read_img_buf_eof/read_img
Reads an object from image. Reports 1 for OK, 0 for EOF and -1 for error.
This is not symmetrical with the previous one, but it was done deliberately
to make it possible to write code like
ret = read_img_bug_eof();
if (ret <= 0)
return ret; /* 0 means OK, all is done, -1 means error was met */.
... /* 1 means object was read, can proceed */
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Keep task arch-independent fields in one struct (will be extended) in the
beginning of the image and make pads be located separately.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Rename prep_cr_fdset_for_dump into cr_fdset_open and make it reentable, i.e.
every next enter will open more files in the same fdset. Required for zombies
and makes the code cleaner.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
This is to make sure we dump zombies w/o threads.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Move the /proc/pid/stat parsing before anything in dump_one_task (prepare
for zombies dumping) and cleanup the rest of the code accordingly.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
These are checking in proc parse routine anyway.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
