We missed restore problems with multiple semaphores in one array
with vzt-cpt, enhance the test to catch it.
The problem was the change of 'struct sem' size which lead to wrong
memcpy of sem_array->sem_base in our kernel checkpointing.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- while arch-lib already depends on syscall lib better to put
it into deps explicitly
- criu's built-in.o must depend on the pie target rather than
pie/lib.a only because it uses -blob.h for internal deps
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Have been removed while developing criu-2
series, need to check that they are cleaned
during "clean" stage.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is (I think) where it was intended to go based on the gitignore
rename, so let's actually generate it and install it to/from there.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Both CRIU library and CRIT python data are moved into
lib/c and lib/py.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
But keep @protobuf as a symlink: we have
this path encoded in sources. Gonna be
removed with time.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- no more x86_64 in @ARCH, as in kernel it's traditional x86 entry
- @build renamed to @build-old, will be deprecated
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is initial import of NMK engine which we gonna use for
CRIU and related tools building.
It's very tiny and while here we merge it as is in future
it gonna be rather a submodule from
https://github.com/cyrillos/nmk
An idea is to have unified build engine for most tools
we're gonna use.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As they store just a value, not any recursive expands, lets simplify.
Impact: cleanup
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As SRCARCH := arm defined two lines above, no need for additional ifeq.
Impact: cleanup
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Reviewed-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Because of the #undef (probably left over from some debugging I did that
accidentally got committed), this test never ran. Anyway, this is all
unnecessary because we can just use the seccomp_filter feature flag in the
tests.
Also reenable the seccomp_filter_tsync test.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This is superceded by criu check seccomp_filter and doesn't work on some
systems anyway.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It always exits with "no support" message and checkskip works strangely. Need
to resolve those two first."
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Since we need to align some allocations (but not most of them), let's
always align them when checking the current position.
v2: always rst_mem_align() before the beginning of each "set" of
allocations
v3: merge rst_mem_align and rst_mem_cpos
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Cyrill Gorcunov <gorcunov@gmail.com>
CC: Andrey Vagin <avagin@openvz.org>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Since we align in rst_mem_alloc, we should also align when reporting the
current position; if we don't and things get unlucky, we report a different
position than where the pointer is actually allocated, which fucks things
up quite bad :)
Closes#111
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
When we kill a container, all processes from its pidns are killed by
SIGKILL, but we don't expect that someone from the freezer cgroup will
be killed too if it was not dumped.
(00.468446) Error (seize.c:439): Unexpected child 79162
(00.468489) Error (seize.c:440): BUG at seize.c:440
This situation is posiable, if someone enters into pidns by setns.
In this patch, we deatches from extra processes before killing dumped
processes. In this case, we are not get signals if someone is killed.
v2: use process_to_wait insread of adding a new var
https://jira.sw.ru/browse/PSBM-43795
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
memfd is available since 3.16 kernel so don't fail
building criu on earlier kernels but simply don't
use it on older kernels.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Fix checkskip logic, also emit a clearer reason when checkskip fails as to
why the test was skipped.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
If the profile is "undefined" render_lsm_profile doesn't render anything,
since there is no need to set a profile. We shouldn't crash in this case.
We never hit this bug because we are careful not to put an "undefined"
profile into the images. But, if someone else edits the images, we
shouldn't crash on restore because of that.
Closes#110
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Looks like it's a leftover from one of intermediate versions..
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Since ghost_files content is not available for parent
tasks, leave ghost_file names unchanged.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
ghost_files populates another process, than who does try_clean_ghost(),
so this list is not visible for the cleaner. Revert the patch.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Fix for commit 0ce8e42995 ("kerndat: do not report errors on feature
test").
That commit hid error messages for feature testing when you cannot
write to /proc/*/loginuid files because of missing kernel patch that
allows unsetting loginuid value on older kernels, but it didn't hide
error messages in case of disabled CONFIG_AUDITSYSCALL - then you
don't have loginuid files.
Also fixed comment for kerndat feature test: procfs file might fail
to open if it's missing and that's fine - !CONFIG_AUDITSYSCALL case,
but it can't fail due permission fault on _read_ (then something is
wrong, lets report a problem).
Reported-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This tests sets filters which drops all packets which don't
belongs to current tcp connections and creates one tcp connection.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Currently the kernel doesn't report sequence numbers for contracks
and tries to restore them from first packets.
When we are restoring a tcp connection, we send a window probe and
set seq - 1 in it to get ack immediatly.
/* Use a previous sequence. This should cause the other
* end to send an ack. Don't queue or clone SKB, just
* send it.
*/
tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
But conntrack doesn't like this, because then we get ack, which is greater than seq.
It looks like we try to ack data which we haven't received yet.
[ 735.528073] td_maxwin == 0
seq=1081132048 ack=2965916432+(0) sack=2965916432+(0) win=342 end=1081132048
tcp_in_window: sender end=0 maxend=0 maxwin=0 scale=0 receiver end=0 maxend=0 maxwin=0 scale=0
[ 735.533409] log_invalid:
seq=2965916431 ack=1081132049+(0) sack=1081132049+(0) win=342 end=2965916431
tcp_in_window: sender end=2965916431 maxend=2965916773 maxwin=342 scale=0 receiver end=1081132048 maxend=1081132390 maxwin=342 scale=0
[ 735.537651] nf_ct_tcp: ACK is over the upper bound (ACKed data not seen yet)
The kernel sets IP_CT_TCP_FLAG_BE_LIBERAL for new conntracks,
if we are in the middle of a connection.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
rst_mem_alloc() returns alligned slices. When we want to
allocate an array element, we don't expect to get a hole between
a new element and an old one.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Stas found that if we don't align a pointer,
futex and atomic operations can fail.
v2: don't hard-code the size of void *
v3: add a function to allocate memory without gaps with
a privious slice. It's used to allocate arrays.
v4: don't change rst_mem_cpos
Cc: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
