Codespell thinks that tThe is a typo. Fix it by separating "\t"
which also includes readability (a bit).
[v2: run via make indent]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
It is mapped, not maped. Same applies for mmap I guess.
Found by codespell, except it wants to change it to mapped,
which will make it less specific.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Codespell thinks that NODEL is a misspelled MODEL. Indeed it looks that
way. Add an underscore.
Do the same for the file names.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Codespell thinks that "inot" is a misspelled "into".
Rename to infd ("inotify fd") to make it happy.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
CRIU has a few places where it creates unix sockets and their names have to be
unique for each criu run.
Fixes: #1798
Signed-off-by: Andrei Vagin <avagin@google.com>
Since https://reviews.llvm.org/D122271, Clang -Wset-but-unused-variable
gets smarter to warn about unused post-increments.
Signed-off-by: Fangrui Song <maskray@google.com>
```
criu/apparmor.c:679:26: error: 'fscanf' may overflow; destination buffer in argument 3 has size 48, but the corresponding specifier may require size 49 [-Werror,-Wfortify-source]
ret = fscanf(f, "%48s", contents);
```
The buffer size should be at least one larger than the fscanf maximum
field width.
Fixes: 8d992a680ef3 ("lsm: support checkpoint/restore of stacked apparmor profiles")
Signed-off-by: Fangrui Song <maskray@google.com>
The init process can exit if it doesn't have any child processes and its
pidns is destroyed in this case. CRIU dump is running in the target pid
namespace and it kills dumped processes at the end. We need to create a
holder process to be sure that the pid namespace will not be destroy
before criu exits.
Fixes: #1775
Signed-off-by: Andrei Vagin <avagin@gmail.com>
zdtm.py mounts two named controllers for tests. In CI, we run zdtm.py a few
times, so we can mount (create) these controllers once to avoid any unwanted
effects.
Signed-off-by: Andrei Vagin <avagin@google.com>
The idea that each zdtm.py should have own helder, so that two zdtm.py that are
running on the same host don't effect each other.
Fixes: #1774
Signed-off-by: Andrei Vagin <avagin@google.com>
We have three of "Can't mount at %s", let's distinguish simple mount
from bind-mount and re-mount to make log reading easier.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
On pre v5.15 kernel we don't have MOVE_MOUNT_SET_GROUP support and thus
all our ci logs are filled with "fallback" messages. Let's decrease log
level to debug, so that we don't see it in ci logs.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
[root@fedora criu]# ./test/zdtm.py run -t zdtm/static/pty-console --iters 2 --keep-going --ignore-taint
[WARNING] Option --keep-going is more useful when running multiple tests
userns is supported
=== Run 1/1 ================ zdtm/static/pty-console
====================== Run zdtm/static/pty-console in uns ======================
Start test
Test is SUID
./pty-console --pidfile=pty-console.pid --outfile=pty-console.out
Run criu dump
Run criu restore
Run criu dump
=[log]=> dump/zdtm/static/pty-console/62/2/dump.log
------------------------ grep Error ------------------------
b'(00.009325) 101 fdinfo 3: pos: 0 flags: 100000/0'
b'(00.009332) Dumping path for 3 fd via self 19 [/zdtm/static]'
b'(00.009345) 101 fdinfo 4: pos: 0 flags: 100002/0'
b'(00.009352) tty: Dumping tty 20 with id 0xc'
b"(00.009358) Error (criu/files-reg.c:1710): Can't lookup mount=1647 for fd=4 path=/ptmx"
b'(00.009361) ----------------------------------------'
b'(00.009369) Error (criu/cr-dump.c:1368): Dump files (pid: 101) failed with -1'
b'(00.009696) Running network-unlock scripts'
b'(00.012401) Unfreezing tasks into 1'
b'(00.012410) \tUnseizing 86 into 1'
b'(00.012415) \tUnseizing 101 into 1'
b'(00.012428) Error (criu/cr-dump.c:1788): Dumping FAILED.'
------------------------ ERROR OVER ------------------------
################ Test zdtm/static/pty-console FAIL at CRIU dump ################
Test output: ================================
<<< ================================
Send the 9 signal to 86
Wait for zdtm/static/pty-console(86) to die for 0.100000
##################################### FAIL #####################################
Restore on second iteration with mount-v2 fails, that is because
devpts_restore which is called from do_new_mount_v2 via fstype->restore
opens ptmx file in service mntns and saves it to fdstore for later use.
So after first c/r open ptmx fd changes mnt_id in fdinfo to a detached
mount. Let's just disable mount-v2 for this test for now.
FIXME: We should create separate fstype hook to do_mount_in_right_mntns,
so that we can open files from this hook in actual restored mntns.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Let's run zdtm in jenkins with --mntns-compat-mode option and same for
device-external mount test from others.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Now when we switched to mount-v2 by default to check old mount engine we
need to explicitly run with --mntns-compat-mode option.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
We can have tracefs separate mount from debugfs and that's why the
/sys/kernel/debug external mount now has children and this thing is not
supported to be bind in container with children, because we don't wan't
external mounts to introduce some unexpected extra external mounts so we
bind them without MS_REC in mount-v2 unlike in old mount engine.
We can either bind without MS_REC when constructing test or provide all
children mount as separate external mounts to criu, let's just disable
for now.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/87875c023
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Before mounts-v2 we have seen mounts loosing their mount readonly flags
when they were in a propagation group, because CRIU "forgot" to set
them, with new mount engine it should work now as all propagations are
now created on the same path there all other normal mounts are created,
and all mount flags are restored.
This test actually mounts only one mount, other three are propagations,
lets set mount ro flag for half of them.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/22584993d
FIXME: need to check options restored right as we don't have
--check-mounts to do this job for us.
Reviewed-by: Alexander Mikhalitsyn (Virtuozzo) <alexander@mihalicyn.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Mounts-v2 engine should fix multiple problems of old engine relative to
sharing options, lets add a test for such problems.
Add all four types of shared groups: 1) private, 2) shared, 3) slave
and 4) slave+shared for mounts. Propagate them into sharing and after
propagation change sharing with four ways: 1) don't change, 2) make
private, 3) make slave and 4) make private + make shared.
This brings 16 cases of different sharing options for mount propagation,
lets check that they all are restored fine.
Lets create mounts from description to make it easier to improve this
test in future.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/8bcd0034d
FIXME: need to check options restored right as we don't have
--check-mounts to do this job for us.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
These test simply checks that sharing between two mounts in container:
1) external mount and 2) it's bind persists (case when bind has the same
mountpoint).
Note: on old mount engine mounts inside container become also shared
with mount in criu mount namespace (outside container) after c/r which
is not right.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/76a09e850
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Now when we switched to mount-v2 by default to check old mount engine we
need to explicitly run with --mntns-compat-mode option.
Note that if the feature move_mount_set_group is not supported then
regular run will just fallback to old mount engine and then we don't
need separate run with --mntns-compat-mode.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/e4a430e1f
Changes: prepend --mntns-compat-mode to r_opts in zdtm.py so that we
can disable this option with --no-mntns-compat-mode from test desc
files.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Design of mounts-v2:
As a preparation step we classify mounts in groups by (shared_id,
master_id) in new resolve_shared_mounts_v2 (just after reading images).
New function prepare_mnt_ns_v2 is our main entry point when switching
from old mount engine to new one actually happens.
First we pre-create each mount namespace nearly empty, only with root
yard in place (pre_create_mount_namespaces).
We walk the mount tree and mount each mount similar to old mount
engine but not in mount tree but as a sub-directory of root yard
(plain mountpoint) in service (criu) mount namespace. Also we
bind this mount from service mntns to real mntns just after creation.
(do_mount_in_right_mntns)
Note: this way we initially have the final mount which would be
visible to restored container user with right mnt_id for the sake of
e.g. creating unix sockets on it (for unix socket bindmounts), and
both have copy of the mount in service mntns so that old code which
accesses files on mounts through service mntns still can acces them.
New can_mount_now_v2 is now free from heuristics we had for restoring
shared groups, we will restore them later via MOVE_MOUNT_SET_GROUP,
for now everything is private.
Now when all plain mount are created in real mount namespaces, we can
move them to the tree for each namespace. Also we open fds on the
mountpoint: one mp_fd_id before moving and another mnt_fd_id after,
so that we can access each file later from final mntns via those fds.
(assemble_mount_namespaces)
New restore_mount_sharing_options walks each root sharing group and
their descendants with dfs tree walk. It creates sharing for the first
mount in the sharing group and then sets the same sharing on all other
mounts in this group.
Sharing creation for fist mount is two step:
a) If mount has master_id we either copy shared_id from parent sharing
group or from external source and then make mount slave thus
converting it to right master_id.
b) Next if mount has shared_id we just make us shared, creating right
shared_id.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/596651d02
Changes:
- Split all "exporting" to separate preparational patches
- Rework cr_time
- Switch to MOVE_MOUNT_SET_GROUP
- Use resolve_mountpoint for external mounts (for MOVE_MOUNT_SET_GROUP)
- Mounting plain mounts both in service and in restored-final mntns
- Call MOVE_MOUNT_SET_GROUP from usernsd
- Rework can_mount_now_v2 to handle bind of both root and external.
- Use sys_move_mount for mount assembling.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
This is a preparation of mounts-v2 new algorithm for mount restore, we
add an alternative mountpoints to each mount, so that if we mount mounts
in these mountpoints they will be "plain": each mount in separate
sub-directory of root_yard, mounts will be mounted without tree. Tree
reconstruction will be done in separate step.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/5e6de171a
Changes: improve get_plain_mountpoint().
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
We plan to switch to Mounts-v2 engine for restoring mounts by default,
this options is to allow switching to old engine. This patch only adds
an option, no engine behind it yet.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/503f9ad2c
Changes: allow --mntns-compat-mode option only on restore and only if
MOVE_MOUNT_SET_GROUP is supported (this also requires change in
unittest/mock.c), change id in rpc criu_opts.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
This helper would be useful to get mountpoints of source path of
external mounts without parsing host mountinfo. When we restore
mountpoint-external mount and we need to copy sharing from source via
MOVE_MOUNT_SET_GROUP, it would require from us to give it real
mountpoint of source path to be able to copy sharing group.
This uses openat2 RESOLVE_NO_XDEV feature which detects crossing
mountpoint boundary instead of potentially slow mountinfo parsing.
v3: coverity CID 389209: close fd only when it was opened
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Will use this for cross mount namespace bindmounts.
Note: don't need separate kdat for mount-v2, as MOVE_MOUNT_SET_GROUP
were added much later than open_tree and all related fixups.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Mounts-v2 requires new kernel feature MOVE_MOUNT_SET_GROUP to be able to
restore propagation between mounts right.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/7da7f9a17
Changes: define move_mount syscall, check mainstream kernel
MOVE_MOUNT_SET_GROUP feature, use our "linux/mount.h" to overcome
possible problems of non-existing header on older kernels.
v3: coverity CID 389201: check ret of umount2 and rmdir at cleanup stage
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
While mounts-v2 mounts all mounts plain without tree in service mntns we can't
just use path relative to mntns to find remap. Make it mount related, it is
also compatible with mounts-v1.
Also we don't need openat and unlinkat here as we've opened rmntns_root
just before that, lets switch to "non-at" variants.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/dc9ac0c80
Changes: rework to skip vz-specific hunks.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
While mounts-v2 would mount all mounts plain without tree in service
mntns we can't just use path relative to mntns to find remap. Make it
mount related, it is also compatible with current mount engine.
Also handle no-mntns case separately in nomntns_create_ghost.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/9cdf0b3e4
Changes: make gf->remap.rpath always relative else we get:
Error (criu/files-reg.c:779): Couldn't unlink remap
/tmp/.criu.mntns.BCurDL/13-0000000000 /zdtm/static/cwd02.test:
No such file or directory
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Will use it to make create_ghost work with mount-v2.
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/156fa4877
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/069bba0ad
Changes: merge fixup.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
This getter should be used when we wan't to access the mount on the filesystem.
In next patches we want to be able to change the location of the mount on
restore in service mount namespace, while not changing ->mountpoint string.
All places where we don't want to access the mount but instead want to
determine relations between mounts in the initial mount tree or just print path
should use ns_mountpoint.
This change effectively brings no change of behaviour everything is the same
for now.
Still leave ->mountpoint references for remap, cr_time and initialization which
need to work with exact variable.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/235c761e0
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
On dump ->mountpoint and ->ns_mountpoint is the same, but on restore
->mountpoint can be changed by mount tree yard setup and remap (and who
knows what else =) ). It is not good to use ->mountpoint for path
comparison between mounts if we are not explictly need to compare
"changed" paths. Imagine the remap change will make two mounts have
different prefixes in ->mountpoint and we won't be able so understand
that those mounts originally were subpaths.
This patch handles 2 simple cases:
a) These functions called ONLY ON DUMP so for them there is no effective
change: fixup_overlayfs, fusectl_dump, check_one_mark, __lookup_overlayfs,
mount_resolve_path, try_resolve_ext_mount, validate_mounts (first and third),
resolve_external_mounts, get_clean_mnt, __umount_children_overmounts,
__umount_overmounts, ns_open_mountpoint, open_mountpoint, dump_one_fs,
dump_one_mountpoint, clean_cr_time_mounts, collect_unix_bindmounts.
b) In these functions ONLY LOGS changed, so no algorithm change:
always_fail, mnt_build_ids_tree, mnt_tree_show, unsupported_nfs_bindmounts,
unsupported_nfs_mount, unsupported_mount, validate_mounts (second),
__search_bindmounts, resolve_shared_mounts, mnt_tree_for_each, resolve_source,
propagate_siblings, propagate_mount, do_mount_one, get_mp_root,
collect_mnt_from_image, merge_mount_trees, ns_remount_writable,
__remount_readonly_mounts, parse_mountinfo.
All complex cases are handled in separate patches.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/4972888dd
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Function mnt_depth is only used on real mounts when building mount tree for
single namespace, thats why we can compare those mounts with ns_mountpoint
safely.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/2be0ff276
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
At this point ns_mountpoint is equal to mountpoint.
More over let's use robust is_same_path helper in should_skip_mount so
that we don't need to rely on ->mountpoint + 1 hacks.
Cherry-picked from Virtuozzo criu:
https://src.openvz.org/projects/OVZ/repos/criu/commits/d4c4271a0
Changes: use is_same_path helper.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
