If we get EBUSY here, it means that we didn't umount in the test (i.e. we
didn't call fini() on some path). We should just do that instead.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The kernel only requires that we supply a scope id to bind() when the
source address is of certain types, so lets only save/supply the scope id
in these cases.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This change does two things to be more defensive: 1. add a checkskip script
which fails if __NR_seccomp isn't defined, and 2. allows
seccomp_filter_tsync to compile even if it isn't defined (and then fails
"gracefully" with a skip message if it does).
The checkskip bits are necessary because zdtm.sh gets confused if the test
exits 0 without actually invoking criu.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's possiable, if a parent task lives in a sub-mntns and
its child lives in the root mntns. A mount namespace is
restored before forking children, so all children are created
in parent's mount namespace. If a child lives in another
mount namespace, we need to move it into the required mntns.
Reported-by: Mr Jenkins
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This tests c/r of the link-local scope-id argument to bind().
v2: sort the interfaces so diff works
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For some ipv6 scope types (link local, amongo others), we need to tell the
kernel the ifindex of the interface whose address we want to bind to as
well as the address itself.
v2: use SO_BINDTODEVICE to get the ifname, and pass that through instead of
using netlink to grab all the ipv6 sockets via rtnetlink.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 154853 (#1 of 1): Uninitialized scalar variable (UNINIT)
7. uninit_use_in_call: Using uninitialized value c when calling write.
Reported-by: coverity
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 154850 (#1 of 1): Resource leak (RESOURCE_LEAK)
9. leaked_handle: Handle variable cwd_fd going out of scope leaks the handle.
Reported-by: coverity
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 154852 (#1 of 3): Resource leak (RESOURCE_LEAK)
32. leaked_storage: Variable info going out of scope leaks the storage it points to.
Reported-by: coverity
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This header is unused, and not present on kernels w/o CONFIG_BPF_SYSCALL,
so let's not require it.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
nsid->mnt.ns_fd is initialized into 0, so currently
fini_restore_mntns() closes the 0 descriptor if processes
lives in a current mount namespace (NS_CRIU).
Without this patch I get the following error:
(00.166444) 4109: Inherit fd tty:[8800:d] -> 0 has been closed
v2: typo fix
v3: do nothing when processes are restored in the local mntns
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a task is stopped, waitpid() will return its status, but
wait4() in seize_wait_task will hang forever, because a stopped
state is reported only once.
v2: don't like a file object
Reported-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The timeout between iterations should be the save oder
with scheduler timeslice, which is about 100 msec.
Currently we wait for inly 10 msec, which is obviously not enough.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We need to call close_image() for "empty" images.
v2: don't touch generic functiuons
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
A task can be stopped and has a queued SIGSTOP, in this case we need
to resume the task twice to skip "both" signals.
v2: detect SIGSTOP in shared and per-process queues
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We found that we want to know whether SIGSTOP is queue
in both or is in one of this queues.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We get the stack trace if a test failed:
Test output: ================================
09:11:34.584: 4: PASS
<<< ================================
Traceback (most recent call last):
File "zdtm.py", line 922, in <module>
do_run_test(tinfo[0], tinfo[1], tinfo[2], tinfo[3])
File "zdtm.py", line 696, in do_run_test
t.kill()
File "zdtm.py", line 302, in kill
self.__flavor.fini()
File "zdtm.py", line 168, in fini
subprocess.check_call(["mount", "--make-private", self.root])
File "/usr/lib64/python2.7/subprocess.py", line 540, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['mount', '--make-private', '/tmp/criu-root-YN1t3X']' returned non-zero exit status 32
umount: /tmp/criu-root-YN1t3X: not mounted
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a task was in a stopped state before we started to ptrace-seize
it, this stopped state will be restored by kernel upon detach.
If SIGSTOP was only in a task queue, we need to send it by hands
again bedore detaching. Otherwise we clean stop from queue (to
run parasite) and seize will restore task as running.
And, since SIGSTOP doesn't affect states of already stopped tasks,
we can send it to then safely and not distinguish stopped from
stop-queued ones.
Reported-by: Mr Jenkins
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When we restore ipv6 addresses, they go through a “tentative” phase
and sockets could not be bound to them in this moment.
v2: add more comments in code
Reported-by: Ross Boucher <boucher@gmail.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This include is actually unused (probably leftover from an old version of
the kernel API when I was porting the patchsets); we can delete it.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In current implementation of thread bomb effectively only one
thread runs, the rest sit in the read from pipe.
Fix this by making threads constantly creating new ones and
just exiting.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
SIGSTOP can't be blocked, so we need to wait when it will be handled.
v2: don't duplicate the same code twice
Reported-by: Mr Jenkins
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's required to check the SIGSTOP signal, which can't be blocked.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Let's imagine that we have two local interconnected sockets.
Whe we are restoring tcp sockets, we need to disable the repair mode
to restore data in sending queues.
If traffic isn't blocked, a socket starts operating, but
in this time another end can be not restored yet.
$ test/zdtm.sh -r ns/static/socket-tcpbuf-local
...
(00.274632) 5: Error (sk-tcp.c:485): Can't restore 2 queue data (-1), want (1780919:1780919): Connection reset by peer
We create a separate chain to avoid conflicts with other rules.
https://bugs.openvz.org/browse/CRIU-96
v2: use iptables-restore to apply whole configuration for one call
v3: add a comment why we use iptables-restore instread of iptables.
v4: remove unused headers
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
So we keep it and dont close inside close_old_fds()
helper but pass into veth creation so the kernel
can fetch the net namespace of the veth peer.
v2 (by avagin@):
- don't forget to close opened descriptor
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: use a cached value to dump ipv6 interface addesses
call get_ipv6() from kerndat_init_rst too
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
