The whole idea behind this code was to stop receiving CHLD from
restored tasks after resume. The comment about this is done for
scripts is wrong (we call more scripts before this) because
sigchld_handler() knows about scripts:
commit de71bc69170cfeceb24bddd431ad10b8ea607d42
exit = (siginfo->si_code == CLD_EXITED);
status = siginfo->si_status;
+
+ /* skip scripts */
+ if (!current && root_item->pid.real != pid) {
+ pid = waitpid(root_item->pid.real, &status, WNOHANG);
+ if (pid <= 0)
+ return;
+ }
And since CHLD handler makes little sence after exec, it's easier
just to reset one to default action at the end.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
We tune the CHLD handler if we're restoring root task
as sibling. This tuning is better to be done with one
sigaction() call, rather than two. First, it's shorter
and the second -- it will allow us to move the whole
criu signalling setup into one helper.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
We don't need pid in any of these calls actually, they are
all legacy from the old days. I plan to move the call to
prepare_sigactions, so remove the pid argument in advance.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
CID 1168165 (#2 of 2): Untrusted array index read (TAINTED_SCALAR)
40. tainted_data: Using tainted variable "hoff" as an index into an
array "str"
$ man 3 scanf
n Nothing is expected; instead, the number of characters consumed
thus far from the input is stored through the next pointer,
which must be a pointer to int. This is not a conversion,
although it can be suppressed with the * assignment-suppression
character. The C standard says: "Execution of a %n directive
does not increment the assignment count returned at the comple‐
tion of execution" but the Corrigendum seems to contradict this.
Probably it is wise not to make any assumptions on the effect of
%n conversions on the return value.
So it isn't not enough to check a return code from scanf().
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CID 1230179 (#1 of 1): Resource leak (RESOURCE_LEAK)
15. leaked_storage: Variable "ncd" going out of scope leaks the storage
it points to.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Coverity: 1230177 Dereference before null check
There may be a null pointer dereference, or else the comparison against
null is unnecessary. In parse_task_cgroup: All paths that lead to this
null pointer comparison already dereference the pointer earlier
(CWE-476)
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This brings the changes made in the following commits to the
aarch64 copy of the code.
commit 7794f67f2055420c6b6c2967edfbe0c39a7cd744
Author: Cyrill Gorcunov <gorcunov@openvz.org>
Date: Tue Aug 5 13:59:18 2014 +0400
vdso: x86 -- Fix missing ability to remap vDSO if only one zone present
commit 066add0de44f462e7482571763f303ded0b4762f
Author: Cyrill Gorcunov <gorcunov@openvz.org>
Date: Tue Aug 5 13:07:00 2014 +0400
vdso: x86 -- Simplify vdso_proxify
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This is required to support checkpoint and restore of timers
that notify via file descriptors on ARM and AArch64.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Check that files opened before switching to new mount namespace
remain in it after restore. Right now this is not so :( Andrey is
fixing the issue.
Christopher, can you check whether the ns_child's call to system()
works in your minimal set-ups (it launches cat and awk). If not,
then I should rewrite this routine in pure C.
The first version was written by Pavel (xemul@).
v2: don't use test_init_ns
don't call awk and cat
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: add a comment before mntns_get_root_by_mnt_id(-1);
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Here is a problem with ghost files. Links are created on restore, but
they can't be created on any mount point, because a mount point can be
non-root bind-mount of another one. So we need to find the root mount
and create all links there.
v2: clean up
v3: add optimization for the case when both links on the same mount
point.
v4: don't look up mount points by mnt_id in a second time.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore we add a temporary root to a mount point path. It's convinient
for restoring mount namespaces, but real paths are used for restoring
link-remap files.
v2: replace the offset field on a char * field
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The m->bind will be used to get the "lowest" mount. A mount is
called "lowest" in the chain of bind-mounts when its m->bind is
NULL. I.e. -- it's the mount of the root dir of an FS, all the
others are bind-mounted from it.
The propagate_siblings() is called for each new mount and sets
the bind field for others. A part of these other mounts can be
already mounted.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This modifies the x86 VDSO code to work on AArch64.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
While it duplicates hundreds of lines of code, this is the
short term strategy Cyrill and I have agreed to for supporting
VDSOs across multiple architectures [1]. With better
understanding of where things differ per-architecture, or even
improved consolidation in the kernel, we can hopefully move to
a more shared implementation in the future.
1. http://lists.openvz.org/pipermail/criu/2014-August/015218.html
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
As it was reported, some systems don't use /etc/passwd.
On such systems getpwuid fails with undefined errno(see getpwuid(3))
not allowing criu to restrict ids with user additional groups.
Luckily, on such systems criu is run as root, so we can
just skip obtaining additional groups, as they don't matter
for root.
Reported-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Tested-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This test creates 2 users to check how secure is using criu with setuid bit set.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently check_ids is used to check uids only. So lets rename it
and drop crid argument, as we can use cr_uid directly.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently, we only check if process gids match primary gid of user.
But process and user have additional groups too. So lets:
1) check that process rgid,egid and sgid are in the user's grouplist.
2) on restore check that user has all groups from the images.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Otherwise we might take a look on last vma from previous
cycle not running vdso analisys at all.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Occasionally I ruined the ability to do a in-place remap for
pre 3.16 kernels. Bring it back.
CID 1230182: Logically dead code (DEADCODE)
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
No need for second if() statement, merge everything
in previous one.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When performing "make clean" rpc_pb2.pyc should be deleted as well.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
openat() is used to open files, so absolute pathes can't be used
v2: change the comment
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Here is a bug now. A path for devices and directories should be
generated with a specified root.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For that mnt namespaces should be dumped after files.
v2: rework enumeration of namespaces in dump_mnt_namespaces()
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently collect_shared is executed for each mount namespace separately,
so we miss the dependencies between namespaces.
For example, we have two namespaces, the first one contains a tmpfs mount
and the second one contains a non-root bind-mount of this tmpfs. Without
this patch this example can't be dumped.
On restore mnt_build_tree() is called for all namespaces at once, thus
this bug doesn't exist there.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
