This test calls iptables to set a new packet filter using a shared
library libxt_standard.so. Unfortunately, depending on the
distribution we are running on, this shared library may be stored on a
different place.
This patch allows this test to be run on Debian like systems.
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Depending on the distribution, binaries or shared libraries a test is
dependent of may not be stored at the same place.
This patch introduces the ability to define option in the dependency
list, by separating the optional target names by a '|' character.
For instance the dependency of test may be described this way:
{'flavor': 'ns', 'deps': [ '/bin/foo|/usr/bin/foo' ], 'flags': 'suid'}
Note, there shouldn't be any spaces around the '|'.
If none of the optional dependency is satisfied, an error is raised.
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The descriptor for test netns-nf and netns are referencing /bin/diff.
On Fedora this is a hard link to /usr/bin/diff created during the
install of the package diffutils. However this hard link doesn't exist
on Debian like systems.
Referencing /usr/bin/diff works in both cases.
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It turns out we can't just test for /proc/<pid>, because the kernel appends
(deleted), since the directory is actually deleted (vs. something like
/proc/1/mountinfo, where the file still exists in the unlinked directory,
so there is no (deleted)). See comment for details.
v2: s/ret/is_dead in /proc/<pid>/xxx test, split tests to correctly test
both cases
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
A static test should not change its state during C/R.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This patch updates Makefile for measuring code coverage in CRIU.
criu binary should be compiled with option --coverage and linked with -lgcov
option. lcov utility creates HTML pages containing the source code annotated
with coverage information.
make GCOV=1
make test
make gcov
Look at gcov/html/index.html
Changes:
- disable optimization on compilation for gathering coverage data
- mention an option for coverage in help
- cleanup the files produced for code coverage
- make path to coverage files produced by tests in ns independent on environment
- add an option lcov_branch_coverage as branch coverage disabled by default
Signed-off-by: Sergey Bronnikov <sergeyb@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
A static test should not change its state during C/R
===================== Run zdtm/live/static/session00 in ns =====================
Start test
./session00 --pidfile=session00.pid --outfile=session00.out
Run criu dump
Run criu restore
7: Old files lost: set(['4'])
7: New files appeared: set([])
############# Test zdtm/live/static/session00 FAIL at fds compare ##############
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Replace stack alignment magic constant with
__stack_aligned__ macro.
Also align stack for sigaltstack test case.
Signed-off-by: Vijaya Kumar K <vijayak@caviumnetworks.com>
Reviewed-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
dev_t is %ul on x86_64 and %ull on arm32
tty.c: In function 'get_tty_driver':
tty.c:247:2: error: format '%lx' expects argument of type 'long unsigned int', but argument 4 has type 'dev_t' [-Werror=format=]
snprintf(id, sizeof(id), "tty[%lx:%lx]", rdev, dev);
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
arm64 requires stack pointer to be aligned to 16 bytes.
Update all test cases that are using clone system call
to have 16 byte aligned stack pointer.
Signed-off-by: Vijaya Kumar K <vijayak@caviumnetworks.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
arm64 requires stack to be aligned to 16 bytes.
update RESTORE_ALIGN_STACK macro to always align
to 16 bytes.
Signed-off-by: Vijaya Kumar K <vijayak@caviumnetworks.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
arm64 expects stack to be aligned to 16 bytes.
If stack pointer is not aligned clone system call
fails during restore.
Signed-off-by: Vijaya Kumar K <vijayak@caviumnetworks.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
System call number 78 corresponds to readlinkat.
Where as 78 is mapped to readlink() in syscall.def for
arm.
With this patch, use sys_readlinkat instead of sys_readlink
and update syscall.def to point syscall number 78 to readlinkat()
instead of readlink()
Signed-off-by: Vijaya Kumar K <vijayak@caviumnetworks.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
prepare_loginuid() called on kerndat_loginuid where it tests for
loginuid restore feature. Let's omit error printing for feature test.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently if criu segfaulted, the inventory image isn't removed and
we can't detect that images are incomplete.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Now we can use the --inherit-fd option to mark external terminals on dump
and to tell which file desdriptors should be used to restore these terminals.
Here is an example how it works:
$ setsid sleep 1000
$ ipython
In [1]: import os
In [2]: st = os.stat("/proc/self/fd/0")
In [3]: print "tty[%x:%x]" % (st.st_rdev, st.st_dev)
tty:[8800:d]
$ps -C sleep
PID TTY TIME CMD
4109 ? 00:00:00 sleep
$ ./criu dump --external 'tty[8800:d]' -D imgs -v4 -t 4109
$ ./criu restore --inherit-fd 'fd[1]:tty[8800:d]' -D imgs -v4
v2: add missed break
remove @non_file from tty_driver
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This option is used to mark external resources on dump.
Currently it's going to be used to handle external tty-s,
but in a future it can be used to any type of resources.
We can have a few ways to restore external resources and
we will have a separate options to say how to restore each type.
For example, we can use --inherit-fd to restore external
file descriptors.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We can't use only a terminal device, because we can not distinguish
two pty-s from different mounts in this case.
$ mount -t devpts -o newinstance xxx pts1
$ mount -t devpts -o newinstance xxx pts2
$ stat pts1/0
Device: 27h/39d Inode: 3 Links: 1 Device type: 88,0
$ stat pts2/0
Device: 28h/40d Inode: 3 Links: 1 Device type: 88,0
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Right now if we bind-mount / of some FS into container and want this
to be 'external' mount, criu would refuse to dump this mountpoint.
Tune the check in validate_mounts() to always accept any external mps
regardless of whether they are fsroot or not.
https://github.com/xemul/criu/issues/93
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Tested-by: Dengguangxing <dengguangxing@huawei.com>
Use explicit type to placate the compiler.
| proc_parse.c: In function 'vma_get_mapfile':
| proc_parse.c:282:6: error: format '%lx' expects argument of type 'long unsigned
| int', but argument 5 has type 'uint64_t' [-Werror=format=]
| pr_err("Strange file mapped at %lx [%s]:%d.%d.%ld\n",
| ^
| proc_parse.c:335:5: error: format '%lx' expects argument of type 'long unsigned
| int', but argument 5 has type 'uint64_t' [-Werror=format=]
| pr_err("Failed to resolve mapping %lx filename\n",
| ^
| cc1: all warnings being treated as errors
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Loginuid tests should run only when kdat.has_loginuid set.
This is for > 3.13 kernels with CONFIG_AUDITSYSCALL enabled.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Dump/Restore loginuid value only when kdat.has_loginuid set.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This value will differ on C/R:
- on checkpoint it means that it's possible to dump logiuid values;
- on restore it means that it's possible to unset loginuid and write
saved value to unsetted loginuid.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore we try to put data back into recv queue with quite
big chunks. However the kernel doesn't try hard to split the
data into packets in repair mode for this queue and just
allocates the linear skb of the given size. If the size is
moderately big, the allocation is subject to fail, slab doesn't
reliably allocates memory over 4k.
So, when failing with big chunk on recv queue -- shrink the
chunk and try again.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Some tests require criu to be root, e.g. tcp tests of unlink-mmaps ones,
so mark those in desc files as such.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
There are several restrictions:
1. Onlu dump is checked (--norst) for now
2. Only host flavor as tests has to start themselves in non-root mode
3. Only non-suid tests
4. TCP doesn't work too, should be manually excluded :\
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Currently parasite is loaded using the map_files dir,
which is guarged with CAP_SYS_ADMIN by default (which
is dropped in 4.2 series). So lets do a deal -- try
to use memfd interface first (which has been introduced
in 4.0 kernel series) and if we fail then switch to old
map_files interface.
With time all users are switched to new kernels so
memfd gonna be primary interface.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Kernel doesn't allow to mess with map_files dir in proc. So,
when doing dump from user process, we should try to get
file path using path from smaps file. To be 100% sure the
path is correct we also get device and ino numbers and
check them agains the stat()-ed path ones.
With this scheme we miss
- mapped packet sockets, but users don't use them
- AIOs, but this can be detected via device, inode and name
- several nested mntns's, but users don't use them
- mapped and unlinked files, but this can be fixed by
reading file via task's memory (slow, but still)
gorcunov@:
- For special mappings such as heap, vsyscall, vdso and such
the kernel provides names rounded by brackets so exit
from vma_get_mapfile if we meet one and allow the caller
to handle it.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If criu is running in unprivileged mode and we can't
access dumpee's pagemap file -- simply switch to
greedy mode where all pages are gonna be dumped
regardless of their presence in memory.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We use page frame number to detect vDSO which has been remapped
in-place from runtime vDSO during restore. In such case if the
kernel is younger than 3.16 the "[vdso]" mark won't be reported
in procfs output.
Still to address recently reported CVEs and be able to run CRIU
in unprivileged mode we need to handle vDSO without pagemap access
and here is the deal -- when we find VMA which "looks like" vDSO
we try to scan it for vDSO symbols and if it matches we restore
its status without PFN access.
Here is some details on @pagemap access in-kernel history:
- @pagemap introduced in commit 85863e475e59 where anyone
which can attach to a task via ptrace is allowed to read
data from @pagemap (Feb 4 2008, v2.6.25-rc1)
- in commit 006ebb40d3d65 ptrace attach rule has been changed
into ptrace read permission (May 19 2008, v2.6.27-rc1)
- in commit ab676b7d6fbf4 opening of @pagemap become guarded
with CAP_SYS_ADMIN because of leak of physical addresses
into userspace (Mar 9 2015, v4.0-rc5)
- in commit 1c90308e7a77a opening of @pagemap become available
for regular users again (with ptrace read permission) but
physical addresses of pages are hidden from non-privileged
userd (Sep 8 2015, v4.3-rc1)
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
