We've seen addresses in parasite.built-in.o precalculated by linker but
in some unexpected manner:
readelf -WS criu/pie/parasite.built-in.o
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 1] .text PROGBITS 0000000000000000 000040 00400a 00 AX 0 0 16
[87] .data PROGBITS 0000000000000000 005000 000068 00 WA 0 0 4096
[88] .rodata PROGBITS 0000000000000080 005080 001016 00 A 0 0 32
(Notes: All other sections does not have SHF_ALLOC or are of size 0, so I
skip them. Need to add "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" to
CFLAGS to reproduce.)
Section 88 has address 0x80 in elf file but in our "consequent"
addresses precalculation algorithm it should be at 0x5080:
addr(.text) == 0x0
addr(.data) == 0x400a + (0x1000 - 0x400a % 0x1000) + 0x68 == 0x5068
addr(.rodata) == 0x5068 + (0x20 - 0x5068 % 0x20) == 0x5080
Probably the linker advises us to move 4096 aligned section to the
beginning to save some space, but it's just a guess.
So probably we should be ready to "non-consequent" alignments
precalculated and just override them.
https://github.com/checkpoint-restore/criu/issues/1301
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
There is a small typo in test/zdtm/static/socket_aio.c, test/zdtm/static/socket_listen.c, test/zdtm/static/socket_listen4v6.c, test/zdtm/static/socket_listen6.c, test/zdtm/static/socket_udp-corked.c, test/zdtm/static/socket_udp.c, test/zdtm/static/socket_udplite.c.
Should read `client` rather than `clietn`.
Signed-off-by: Tim Gates <tim.gates@iress.com>
We see strange cases there page-server or lazy-pages are exiting with
non-zero but print no errors, probably the tail of the log can help us
to understand what happened.
There are some other uses of grep_errors but let's only change cases
where we explicitly through an exeption on bad ret. For others I'm not
sure if we need extra output, e.g. for validly failing fault injections.
To debug #1280
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Sometimes there are uffd messages in a queue of a dying task and by the
time these messages are processed in handle_request, the uffd is no
longer valid and reading from it causes errors.
Add processing of EBADF in handle_uffd_event() to gracefully handle such
situation.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Currently the code checks for SIGSTOP only if (!current).
Let's provide better status checks for debug-ability.
Signed-off-by: Dmitry Safonov <dima@arista.com>
For the schedule daily special definitions were needed for MIPS as it is
not part of the release branch. Now that the release branch contains
MIPS, it is no longer necessary to have separate files for MIPS.
This also changes to make the scheduled runs actually daily and not
hourly.
Signed-off-by: Adrian Reber <areber@redhat.com>
Using travis-ci.com instead of travis-ci.org offers access to bare metal
aarch64 based systems and thus enabling us to run the full CRIU CI test
suite.
Switch arm64 based tests to arm64-graviton2 for tests.
This is the first non x86_64 architecture running tests and not just
compile in Travis.
Signed-off-by: Adrian Reber <areber@redhat.com>
Log messages showing the send/recv errno value would
help us to debug issues such as #1280.
Example:
Error (criu/tls.c:321): tls: Pull callback recv failed: Connection reset by peer'
Error (criu/tls.c:147): tls: Failed receiving data: Error in the pull function.'
Error (criu/page-xfer.c:1225): page-xfer: Can't read pagemap from socket: I/O error"
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
%u is quite common and I remember there were workarounds to print
(unsigned long) as long or whatever.
Just support it from now - it's not hard and not much code.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Currently if the specifier can't be parsed - error message is printed
and parsing of the format string continues. That's wrong as the argument
for the specifier will be used for the next specifier. I.e:
pr_info("[%zu]`%s`\n", 0UL, "")
will crash PIE because %u is not known and the argument (0UL) will be
used for dereferencing string for %s.
Stop parsing printf position arguments at an unknown specifier.
Make this string visible so that `grep Error` in zdtm.py will catch it:
=[log]=> dump/zdtm/static/busyloop00/52/1/restore.log
------------------------ grep Error ------------------------
b'(00.001847) pie: 52: vdso: ['
b'Error: Unknown printf format %u'
------------------------ ERROR OVER ------------------------
Send the 15 signal to 52
Wait for zdtm/static/busyloop00(52) to die for 0.100000
======================= Test zdtm/static/busyloop00 PASS =======================
Reported-by: @ashwani29
Signed-off-by: Dmitry Safonov <dima@arista.com>
When vdso symbol is copied, it should be zero-terminated.
The logging code wants to print vdso names that differ
between vdso from images and vdso that's provided by kernel:
: pr_info("[%zu]`%s` offset differs: %lx != %lx (rt)\n",
: i, sym_name, sym_offset, rt_sym_offset);
In unlikely event when vdso function name is longer than 32
(not any currently), null-terminator is missing.
Signed-off-by: Dmitry Safonov <dima@arista.com>
In the case, that xrealloc() fails do not overwrite the original pointer
to be able to free the original pointer on exit.
Signed-off-by: Adrian Reber <areber@redhat.com>
One of the previous static code analyzer fixes added a xfree() at the
end of cr_lazy_pages(). It can, however, happen that during
complete_forks() the memory location for events is moved by xrealloc()
and the final xfree() will be done on the wrong address.
Passing &events to handle_requests() enables the xfree() to free the
correct and changed memory location.
Signed-off-by: Adrian Reber <areber@redhat.com>
Our CentOS based CI run is based on CentOS 7. CentOS 8 exists already
for some time and CentOS 7 will probably go end of life at some point.
This adds a CentOS 8 based CI run to be prepared for the time CentOS 7
goes away.
Signed-off-by: Adrian Reber <areber@redhat.com>
Raising an exception breaks out of the normal
flow of control of a code block. When an exception
is not handled, the interpreter terminates execution
of the program, or returns to its interactive main loop.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
The special characters in the test selection regexp should no be esaped
for the regexp to work properly.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Most (all?) lazy tests are not being executed if "$KERN_MAJ" -ge "4" and
"$KERN_MIN" -ge "18". Currently most CI systems are running on something
with 5.4.x which means $KERN_MAJ is greater than 4 but $KERN_MIN is less
than 18 and so we are not running any lazy tests.
This commit removes the complete lazy test kernel version detection as
kernels on the CI systems are new enough to always have all required
features.
Signed-off-by: Adrian Reber <areber@redhat.com>
criu/namespaces.c:529: var_decl: Declaring variable "path" without initializer.
criu/namespaces.c:602: uninit_use_in_call: Using uninitialized value "*path" as argument to "%s" when calling "print_on_level".
Signed-off-by: Adrian Reber <areber@redhat.com>
criu/pagemap.c:245: negative_return_fn: Function "img_raw_fd(pr->pi)" returns a negative number.
criu/pagemap.c:245: assign: Assigning: "fd" = "img_raw_fd(pr->pi)".
criu/pagemap.c:258: negative_returns: "fd" is passed to a parameter that cannot be negative.
criu/ipc_ns.c:762: negative_return_fn: Function "img_raw_fd(img)" returns a negative number.
criu/ipc_ns.c:762: assign: Assigning: "ifd" = "img_raw_fd(img)".
criu/ipc_ns.c:768: negative_returns: "ifd" is passed to a parameter that cannot be negative.
Signed-off-by: Adrian Reber <areber@redhat.com>
criu/sk-unix.c:1173: chroot_call: Calling chroot: "chroot(".")".
criu/sk-unix.c:1175: chroot: Calling function "close_safe" after chroot() but before calling chdir("/").
criu/sk-unix.c:1251: chroot_call: Calling chroot: "chroot(".")".
criu/sk-unix.c:1263: chroot: Calling function "print_on_level" after chroot() but before calling chdir("/").
Coverity also says:
175312, 175313 Insecure chroot
If a call to chroot is not followed by a call to chdir("/") the chroot jail confinement can be violated.
Signed-off-by: Adrian Reber <areber@redhat.com>
Using strsep() moves the pointer of the original string and this
introduces a copy of the malloc()ed memory to be able to free() it
later.
Signed-off-by: Adrian Reber <areber@redhat.com>
The function collect_one_unixsk() has a parameter 'i' and at the same
time has a variable, in a loop, with the name 'i'.
This is no real error or problem, because the function parameter 'i' is
never used in the whole function.
Just trying to reduce confusion and making a code checker happy.
Signed-off-by: Adrian Reber <areber@redhat.com>
Using scan-build there is a warning about
infect.c:231:17: warning: The left operand of '!=' is a garbage value
if (ss->state != 'Z') {
which is a false positive as every process will have a 'Status' field,
but initializing the structure makes the clang analyzer silent.
Signed-off-by: Adrian Reber <areber@redhat.com>
The clang analyzer, scan-build, cannot correctly handle the
LOCK_BUG_ON() macro. At multiple places there is the following warning:
Error: CLANG_WARNING:
criu/pie/restorer.c:1221:4: warning: Dereference of null pointer
include/common/lock.h:14:35: note: expanded from macro 'LOCK_BUG_ON'
*(volatile unsigned long *)NULL = 0xdead0000 + __LINE__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
This just disable the clang analyzer for the LOCK_BUG_ON() macro.
Signed-off-by: Adrian Reber <areber@redhat.com>
Some kernels have W^X mitigation, which means they won't execute memory
blocks if that memory block is also writable or ever was writable. This
patch enables CRIU to run on such kernels.
1. Align .data section to a page.
2. mmap a memory block for parasite as RX.
3. mprotect everything after .text as RW.
Signed-off-by: Michał Cłapiński <mclapinski@google.com>
When criu restore runs as PID=1 it has an additional responsibility to
reap zombie processes.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
criu-ns performs double fork, which results in criu restore
using PID=2. Thus, if a user is trying to restore a process
with that PID, the restore will fail.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
class ctypes.c_char_p
Represents the C char * datatype when it points to a zero-
terminated string. For a general character pointer that may
also point to binary data, POINTER(c_char) must be used.
The constructor accepts an integer address, or a bytes object.
https://docs.python.org/3/library/ctypes.html#ctypes.c_char_p
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
In Py2 `range` returns a list and `xrange` creates a sequence object
that evaluates lazily. In Py3 `range` is equivalent to `xrange` in Py2.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
So, here's the enhanced version of the first try.
Changes are:
1. The wrapper name is criu-ns instead of crns.py
2. The CLI is absolutely the same as for criu, since the script
re-execl-s criu binary. E.g.
scripts/criu-ns dump -t 1234 ...
just works
3. Caller doesn't need to care about substituting CLI options,
instead, the scripts analyzes the command line and
a) replaces -t|--tree argument with virtual pid __if__ the
target task lives in another pidns
b) keeps the current cwd (and root) __if__ switches to another
mntns. A limitation applies here -- cwd path should be the
same in target ns, no "smart path mapping" is performed. So
this script is for now only useful for mntns clones (which
is our main goal at the moment).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Looks-good-to: Andrey Vagin <avagin@openvz.org>
