- no need for phony pie/piegen, redundant and rather may
cause double execution of a target;
- drop $(ARCH_DIR) from pie deps, initially it should be syscall-lib,
but pie/lib.a already has it.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Tested-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
How to restore an external file? The problem is that a file
can be opened with different flags (O_APPNED, O_RDWR, O_RONLY,
etc). These flags can't be changed for a file descriptor, so
we can't just duplicate an inherit fd, when we meet an external
file.
A file is external, when we can't access them directly.
CRIU is able to restore a file descriptor, if it knows
how to open it, so we need to provide a way to open
an external file.
The idea of this patch is that we can open an external file
via /proc/self/fd/X where X is an inherit fd.
This approach works for files and fifo.
An example how it can be used:
criu -o dump.log -D dump/fifo.py/6/1 -v4 -t 6 --external file[72:a3e7]
criu -o restore.log -D dump/fifo.py/6/1 -v4 --restore-sibling --inherit-fd fd[4]:file[72:a3e7] --restore-detached
https://github.com/xemul/criu/issues/104
Cc: Saied Kazemi <saied@google.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Sometimes we may want to use CRIU on older kernels which don't support
dumping seccomp state where we don't actually care about the seccomp state.
Of course this is unsafe, but it does allow for c/r of things using
seccomp on these older kernels in some cases. When the task is in
SECCOMP_MODE_STRICT or SECCOMP_MODE_FILTER with filters that block the
syscalls criu's parasite code needs, the dump will still fail.
Note that we disable seccomp by simply feigning that we are in mode 0. This
is a little hacky, but avoids distributing ifs throughout the code and
keeps them in this one place.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Docker requested an option, when network devices and routes are not
dumped and not restored. Instead of this Docker will call libnetwork
hook to tune netns from the setup-namespaces action.
Cc: Saied Kazemi <saied@google.com>
Tested-by: Ross Boucher <boucher@gmail.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
If we forget to clean some of this stuff, we can get into strange states
where zdtm.py thinks it has constructed the root, but really hasn't, and
can't construct the root because it partially exists.
v2: kill all the extra debugging crap from v1
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The 'show' action has been deprecated since 1.6, let's finally drop it.
The print_data() routine is kept for yet another (to be deprecated too)
feature called 'criu exec'.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
This function may be called several times for a mnt_share family.
The second call with a mi, which was not a bind source during the
first call, leads to double dependence:
a <-> b <-> c
1)propagate_siblings(a)
b->bind = a;
c->bind = a;
2)propagate_siblings(b)
c->bind = b;
(a is not set, because its mounted is 1).
So during c's bind mount criu use b's root and refers to a wrong
directory.
The reproduction: mntns_root_bind02 test.
The patch fixes the problem.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It's an extension of mntns_root_bind, which is differ by one more bind mount.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Just got a situation inside VM where pretty new
kernel with memfd has been installed (and as result
__NR_memfd_create shipped with kernel headers
is provided as well) but libc was old having no
SYS_memfd_create defined. Thus we've got an error
because we use exactly SYS_ number for calls.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
I have CONFIG_HAS_LIBBSD, but -DCONFIG_HAS_LIBBSD isn't passed to
compiler. Fix for the following error:
<...>
CC cr-dedup.o
CC cr-dump.o
cr-dump.c: In function ‘dump_filemap’:
cr-dump.c:382:3: error: implicit declaration of function ‘strlcpy’ [-Werror=implicit-function-declaration]
strlcpy(aufs_link.name, vma_area->aufs_rpath,
^
cc1: all warnings being treated as errors
/home/japdoll/tools/criu/scripts/nmk/scripts/rules.mk:53: recipe for target 'cr-dump.o' failed
make[2]: *** [cr-dump.o] Error 1
Makefile:146: recipe for target 'built-in.o' failed
make[1]: *** [built-in.o] Error 2
Makefile:109: recipe for target 'criu' failed
make: *** [criu] Error 2
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
We missed restore problems with multiple semaphores in one array
with vzt-cpt, enhance the test to catch it.
The problem was the change of 'struct sem' size which lead to wrong
memcpy of sem_array->sem_base in our kernel checkpointing.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- while arch-lib already depends on syscall lib better to put
it into deps explicitly
- criu's built-in.o must depend on the pie target rather than
pie/lib.a only because it uses -blob.h for internal deps
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Have been removed while developing criu-2
series, need to check that they are cleaned
during "clean" stage.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is (I think) where it was intended to go based on the gitignore
rename, so let's actually generate it and install it to/from there.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Both CRIU library and CRIT python data are moved into
lib/c and lib/py.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
But keep @protobuf as a symlink: we have
this path encoded in sources. Gonna be
removed with time.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- no more x86_64 in @ARCH, as in kernel it's traditional x86 entry
- @build renamed to @build-old, will be deprecated
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is initial import of NMK engine which we gonna use for
CRIU and related tools building.
It's very tiny and while here we merge it as is in future
it gonna be rather a submodule from
https://github.com/cyrillos/nmk
An idea is to have unified build engine for most tools
we're gonna use.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As they store just a value, not any recursive expands, lets simplify.
Impact: cleanup
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As SRCARCH := arm defined two lines above, no need for additional ifeq.
Impact: cleanup
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Reviewed-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Because of the #undef (probably left over from some debugging I did that
accidentally got committed), this test never ran. Anyway, this is all
unnecessary because we can just use the seccomp_filter feature flag in the
tests.
Also reenable the seccomp_filter_tsync test.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is superceded by criu check seccomp_filter and doesn't work on some
systems anyway.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It always exits with "no support" message and checkskip works strangely. Need
to resolve those two first."
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Since we need to align some allocations (but not most of them), let's
always align them when checking the current position.
v2: always rst_mem_align() before the beginning of each "set" of
allocations
v3: merge rst_mem_align and rst_mem_cpos
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Cyrill Gorcunov <gorcunov@gmail.com>
CC: Andrey Vagin <avagin@openvz.org>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Since we align in rst_mem_alloc, we should also align when reporting the
current position; if we don't and things get unlucky, we report a different
position than where the pointer is actually allocated, which fucks things
up quite bad :)
Closes#111
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
When we kill a container, all processes from its pidns are killed by
SIGKILL, but we don't expect that someone from the freezer cgroup will
be killed too if it was not dumped.
(00.468446) Error (seize.c:439): Unexpected child 79162
(00.468489) Error (seize.c:440): BUG at seize.c:440
This situation is posiable, if someone enters into pidns by setns.
In this patch, we deatches from extra processes before killing dumped
processes. In this case, we are not get signals if someone is killed.
v2: use process_to_wait insread of adding a new var
https://jira.sw.ru/browse/PSBM-43795
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
memfd is available since 3.16 kernel so don't fail
building criu on earlier kernels but simply don't
use it on older kernels.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
