mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-22 01:51:51 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: mir:622b4ed448a07707593a04d4cfa7e005596188c7
Branches Tags
mir:criu-dev
mir:master
mir:criu-dev-next
mir:wip/flog
mir:wip/avagin/rootless
mir:wip/check-only
mir:wip/nested-namespaces
mir:criu-2.x-stable
mir:br-1.7-stable
mir:br-1.6-stable
mir:br-1.5-stable
mir:br-1.3-stable
mir:v4.1.1
mir:v4.1
mir:v4.0
mir:v3.19
mir:v3.18
mir:v3.17.1
mir:v3.17
mir:v3.16.1
mir:v3.16
mir:v3.15
mir:v3.14
mir:v3.13
mir:v3.12
mir:v3.11
mir:v3.10
mir:v3.9
mir:v3.8.1
mir:v3.8
mir:v3.7
mir:v3.6
mir:v3.5
mir:v3.4
mir:v3.3
mir:v3.2.1
mir:v3.2
mir:v3.1
mir:v3.0
mir:v2.12.1
mir:v2.12
mir:v2.11.1
mir:v2.11
mir:v2.10
mir:v2.9
mir:v2.8
mir:v2.7
mir:v2.6
mir:v2.5
mir:v2.4
mir:v2.3
mir:v2.2
mir:v2.1
mir:v2.0
mir:v1.8
mir:v1.7.2
mir:v1.7.1
mir:v1.7
mir:v1.6.1
mir:v1.6
mir:v1.5.2
mir:v1.5.1
mir:v1.5
mir:v1.4
mir:v1.3.1
mir:v1.3
mir:v1.3-rc2
mir:v1.3-rc1
mir:v1.2
mir:v1.1
mir:v1.1-rc2
mir:v1.1-rc1
mir:v1.0
mir:v0.8
mir:v0.7
mir:v0.6
mir:v0.5
mir:v0.4
mir:v0.3
mir:v0.2
mir:v0.1
mir:init
...
compare: mir:799504d9ffd52abe8ef2d604112670b29f0339f3
Branches Tags
mir:criu-dev
mir:master
mir:criu-dev-next
mir:wip/flog
mir:wip/avagin/rootless
mir:wip/check-only
mir:wip/nested-namespaces
mir:criu-2.x-stable
mir:br-1.7-stable
mir:br-1.6-stable
mir:br-1.5-stable
mir:br-1.3-stable
mir:v4.1.1
mir:v4.1
mir:v4.0
mir:v3.19
mir:v3.18
mir:v3.17.1
mir:v3.17
mir:v3.16.1
mir:v3.16
mir:v3.15
mir:v3.14
mir:v3.13
mir:v3.12
mir:v3.11
mir:v3.10
mir:v3.9
mir:v3.8.1
mir:v3.8
mir:v3.7
mir:v3.6
mir:v3.5
mir:v3.4
mir:v3.3
mir:v3.2.1
mir:v3.2
mir:v3.1
mir:v3.0
mir:v2.12.1
mir:v2.12
mir:v2.11.1
mir:v2.11
mir:v2.10
mir:v2.9
mir:v2.8
mir:v2.7
mir:v2.6
mir:v2.5
mir:v2.4
mir:v2.3
mir:v2.2
mir:v2.1
mir:v2.0
mir:v1.8
mir:v1.7.2
mir:v1.7.1
mir:v1.7
mir:v1.6.1
mir:v1.6
mir:v1.5.2
mir:v1.5.1
mir:v1.5
mir:v1.4
mir:v1.3.1
mir:v1.3
mir:v1.3-rc2
mir:v1.3-rc1
mir:v1.2
mir:v1.1
mir:v1.1-rc2
mir:v1.1-rc1
mir:v1.0
mir:v0.8
mir:v0.7
mir:v0.6
mir:v0.5
mir:v0.4
mir:v0.3
mir:v0.2
mir:v0.1
mir:init

2 Commits
622b4ed448 ... 799504d9ff

Author SHA1 Message Date
Radostin Stoyanov
799504d9ff aarch64/crtools: fix define for missing constants 
Building CRIU package on Debian 11 aarch64 fails with

criu/arch/aarch64/crtools.c: In function 'save_pac_keys':
criu/arch/aarch64/crtools.c:32:31: error: storage size of 'paca' isn't known
  struct user_pac_address_keys paca;
                               ^~~~
criu/arch/aarch64/crtools.c:33:31: error: storage size of 'pacg' isn't known
  struct user_pac_generic_keys pacg;
                               ^~~~
criu/arch/aarch64/crtools.c:47:15: error: 'HWCAP_PACA' undeclared (first use in this function); did you mean 'HWCAP_FCMA'?
  if (hwcaps & HWCAP_PACA) {
               ^~~~~~~~~~
               HWCAP_FCMA
criu/arch/aarch64/crtools.c:47:15: note: each undeclared identifier is reported only once for each function it appears in
criu/arch/aarch64/crtools.c:53:44: error: 'NT_ARM_PACA_KEYS' undeclared (first use in this function); did you mean 'NT_ARM_SVE'?
   if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_ARM_PACA_KEYS, &iov))) {
                                            ^~~~~~~~~~~~~~~~
                                            NT_ARM_SVE
criu/arch/aarch64/crtools.c:73:39: error: 'NT_ARM_PAC_ENABLED_KEYS' undeclared (first use in this function)
   ret = ptrace(PTRACE_GETREGSET, pid, NT_ARM_PAC_ENABLED_KEYS, &iov);
                                       ^~~~~~~~~~~~~~~~~~~~~~~
criu/arch/aarch64/crtools.c:82:15: error: 'HWCAP_PACG' undeclared (first use in this function); did you mean 'HWCAP_AES'?
  if (hwcaps & HWCAP_PACG) {
               ^~~~~~~~~~
               HWCAP_AES
criu/arch/aarch64/crtools.c:88:44: error: 'NT_ARM_PACG_KEYS' undeclared (first use in this function); did you mean 'NT_ARM_SVE'?
   if ((ret = ptrace(PTRACE_GETREGSET, pid, NT_ARM_PACG_KEYS, &iov))) {
                                            ^~~~~~~~~~~~~~~~
                                            NT_ARM_SVE
criu/arch/aarch64/crtools.c:33:31: error: unused variable 'pacg' [-Werror=unused-variable]
  struct user_pac_generic_keys pacg;
                               ^~~~
criu/arch/aarch64/crtools.c:32:31: error: unused variable 'paca' [-Werror=unused-variable]
  struct user_pac_address_keys paca;
                               ^~~~
criu/arch/aarch64/crtools.c: In function 'arch_ptrace_restore':
criu/arch/aarch64/crtools.c:227:31: error: storage size of 'upaca' isn't known
  struct user_pac_address_keys upaca;
                               ^~~~~
criu/arch/aarch64/crtools.c:228:31: error: storage size of 'upacg' isn't known
  struct user_pac_generic_keys upacg;
                               ^~~~~
criu/arch/aarch64/crtools.c:241:18: error: 'HWCAP_PACA' undeclared (first use in this function); did you mean 'HWCAP_FCMA'?
   if (!(hwcaps & HWCAP_PACA)) {
                  ^~~~~~~~~~
                  HWCAP_FCMA
criu/arch/aarch64/crtools.c:255:44: error: 'NT_ARM_PACA_KEYS' undeclared (first use in this function); did you mean 'NT_ARM_SVE'?
   if ((ret = ptrace(PTRACE_SETREGSET, pid, NT_ARM_PACA_KEYS, &iov))) {
                                            ^~~~~~~~~~~~~~~~
                                            NT_ARM_SVE
criu/arch/aarch64/crtools.c:261:44: error: 'NT_ARM_PAC_ENABLED_KEYS' undeclared (first use in this function)
   if ((ret = ptrace(PTRACE_SETREGSET, pid, NT_ARM_PAC_ENABLED_KEYS, &iov))) {
                                            ^~~~~~~~~~~~~~~~~~~~~~~
criu/arch/aarch64/crtools.c:268:18: error: 'HWCAP_PACG' undeclared (first use in this function); did you mean 'HWCAP_AES'?
   if (!(hwcaps & HWCAP_PACG)) {
                  ^~~~~~~~~~
                  HWCAP_AES
criu/arch/aarch64/crtools.c:275:44: error: 'NT_ARM_PACG_KEYS' undeclared (first use in this function); did you mean 'NT_ARM_SVE'?
   if ((ret = ptrace(PTRACE_SETREGSET, pid, NT_ARM_PACG_KEYS, &iov))) {
                                            ^~~~~~~~~~~~~~~~
                                            NT_ARM_SVE
criu/arch/aarch64/crtools.c:233:6: error: variable 'ret' set but not used [-Werror=unused-but-set-variable]
  int ret;
      ^~~
criu/arch/aarch64/crtools.c:228:31: error: unused variable 'upacg' [-Werror=unused-variable]
  struct user_pac_generic_keys upacg;
                               ^~~~~
criu/arch/aarch64/crtools.c:227:31: error: unused variable 'upaca' [-Werror=unused-variable]
  struct user_pac_address_keys upaca;
                               ^~~~~
This patch adds the missing constants and structs if undefined.

Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
 2025-04-21 14:38:04 -07:00
Andrei Vagin
75eaa65f81 net: nftables: avoid restore failure if the CRIU nft table already exist 
CRIU locks the network during restore in an "empty" network namespace.
However, "empty" in this context means CRIU isn't restoring the
namespace. This network namespace can be the same namespace where
processes have been dumped and so the network is already locked in it.

Fixes #2650

Signed-off-by: Andrei Vagin <avagin@gmail.com>
 2025-04-21 10:50:44 -07:00
4 changed files with 62 additions and 19 deletions
Show Stats Expand all files Collapse all files

47
criu/arch/aarch64/crtools.c
View File

@ -23,6 +23,45 @@
#include "compel/infect.h"
#include "pstree.h"
/*
* cr_user_pac_* are a copy of the corresponding uapi structs
* in arch/arm64/include/uapi/asm/ptrace.h
*/
struct cr_user_pac_address_keys {
__uint128_t apiakey;
__uint128_t apibkey;
__uint128_t apdakey;
__uint128_t apdbkey;
};
struct cr_user_pac_generic_keys {
__uint128_t apgakey;
};
/*
* The following HWCAP constants are copied from
* arch/arm64/include/uapi/asm/hwcap.h
*/
#ifndef HWCAP_PACA
#define HWCAP_PACA (1 << 30)
#endif
#ifndef HWCAP_PACG
#define HWCAP_PACG (1UL << 31)
#endif
/*
* The following NT_ARM_PAC constants are copied from
* include/uapi/linux/elf.h
*/
#ifndef NT_ARM_PACA_KEYS
#define NT_ARM_PACA_KEYS 0x407 /* ARM pointer authentication address keys */
#endif
#ifndef NT_ARM_PACG_KEYS
#define NT_ARM_PACG_KEYS 0x408
#endif
#ifndef NT_ARM_PAC_ENABLED_KEYS
#define NT_ARM_PAC_ENABLED_KEYS 0x40a /* AArch64 pointer authentication enabled keys. */
#endif
@ -33,8 +72,8 @@ extern unsigned long getauxval(unsigned long type);
static int save_pac_keys(int pid, CoreEntry *core)
{
struct user_pac_address_keys paca;
struct user_pac_generic_keys pacg;
struct cr_user_pac_address_keys paca;
struct cr_user_pac_generic_keys pacg;
PacKeys *pac_entry;
long pac_enabled_key;
struct iovec iov;
@ -228,8 +267,8 @@ int restore_gpregs(struct rt_sigframe *f, UserRegsEntry *r)
int arch_ptrace_restore(int pid, struct pstree_item *item)
{
unsigned long hwcaps = getauxval(AT_HWCAP);
struct user_pac_address_keys upaca;
struct user_pac_generic_keys upacg;
struct cr_user_pac_address_keys upaca;
struct cr_user_pac_generic_keys upacg;
PacAddressKeys *paca;
PacGenericKeys *pacg;
long pac_enabled_keys;

2
criu/cr-restore.c
View File

@ -2119,7 +2119,7 @@ static int restore_root_task(struct pstree_item *init)
* the '--empty-ns net' mode no iptables C/R is done and we
* need to return these rules by hands.
*/
ret = network_lock_internal();
ret = network_lock_internal(/* restore = */ true);
if (ret)
goto out_kill;
}

2
criu/include/net.h
View File

@ -31,7 +31,7 @@ extern int collect_net_namespaces(bool for_dump);
extern int network_lock(void);
extern void network_unlock(void);
extern int network_lock_internal(void);
extern int network_lock_internal(bool restore);
extern struct ns_desc net_ns_desc;

30
criu/net.c
View File

@ -3206,12 +3206,12 @@ static inline FILE *redirect_nftables_output(struct nft_ctx *nft)
}
#endif
static inline int nftables_lock_network_internal(void)
static inline int nftables_lock_network_internal(bool restore)
{
#if defined(CONFIG_HAS_NFTABLES_LIB_API_0) || defined(CONFIG_HAS_NFTABLES_LIB_API_1)
cleanup_file FILE *fp = NULL;
struct nft_ctx *nft;
int ret = 0;
int ret = 0, exit_code = -1;
char table[32];
char buf[128];
@ -3224,11 +3224,16 @@ static inline int nftables_lock_network_internal(void)
fp = redirect_nftables_output(nft);
if (!fp)
goto out;
goto err2;
snprintf(buf, sizeof(buf), "create table %s", table);
if (NFT_RUN_CMD(nft, buf))
ret = NFT_RUN_CMD(nft, buf);
if (ret) {
/* The network has been locked on dump. */
if (restore && errno == EEXIST)
return 0;
goto err2;
}
snprintf(buf, sizeof(buf), "add chain %s output { type filter hook output priority 0; policy drop; }", table);
if (NFT_RUN_CMD(nft, buf))
@ -3246,17 +3251,16 @@ static inline int nftables_lock_network_internal(void)
if (NFT_RUN_CMD(nft, buf))
goto err1;
goto out;
exit_code = 0;
out:
nft_ctx_free(nft);
return exit_code;
err1:
snprintf(buf, sizeof(buf), "delete table %s", table);
NFT_RUN_CMD(nft, buf);
err2:
ret = -1;
pr_err("Locking network failed using nftables\n");
out:
nft_ctx_free(nft);
return ret;
goto out;
#else
pr_err("CRIU was built without libnftables support\n");
return -1;
@ -3288,7 +3292,7 @@ static int iptables_network_lock_internal(void)
return ret;
}
int network_lock_internal(void)
int network_lock_internal(bool restore)
{
int ret = 0, nsret;
@ -3301,7 +3305,7 @@ int network_lock_internal(void)
if (opts.network_lock_method == NETWORK_LOCK_IPTABLES)
ret = iptables_network_lock_internal();
else if (opts.network_lock_method == NETWORK_LOCK_NFTABLES)
ret = nftables_lock_network_internal();
ret = nftables_lock_network_internal(restore);
if (restore_ns(nsret, &net_ns_desc))
ret = -1;
@ -3427,7 +3431,7 @@ int network_lock(void)
if (run_scripts(ACT_NET_LOCK))
return -1;
return network_lock_internal();
return network_lock_internal(false);
}
void network_unlock(void)