mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-30 22:05:36 +00:00
Code Issues Releases Wiki Activity
6,109 Commits 12 Branches 70 Tags
d1db4faf9bffada4a8b5c0f07a94e4724d924237
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Cyrill Gorcunov d1db4faf9b vdso: Don't fail if pagemap is not accessbile 
We use page frame number to detect vDSO which has been remapped
in-place from runtime vDSO during restore. In such case if the
kernel is younger than 3.16 the "[vdso]" mark won't be reported
in procfs output.

Still to address recently reported CVEs and be able to run CRIU
in unprivileged mode we need to handle vDSO without pagemap access
and here is the deal -- when we find VMA which "looks like" vDSO
we try to scan it for vDSO symbols and if it matches we restore
its status without PFN access.

Here is some details on @pagemap access in-kernel history:

 - @pagemap introduced in commit 85863e475e59 where anyone
   which can attach to a task via ptrace is allowed to read
   data from @pagemap (Feb 4 2008, v2.6.25-rc1)

 - in commit 006ebb40d3d65 ptrace attach rule has been changed
   into ptrace read permission (May 19 2008, v2.6.27-rc1)

 - in commit ab676b7d6fbf4 opening of @pagemap become guarded
   with CAP_SYS_ADMIN because of leak of physical addresses
   into userspace (Mar 9 2015, v4.0-rc5)

 - in commit 1c90308e7a77a opening of @pagemap become available
   for regular users again (with ptrace read permission) but
   physical addresses of pages are hidden from non-privileged
   userd (Sep 8 2015, v4.3-rc1)

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-12-24 14:40:05 +03:00
arch
arm: syscalls -- Wire in sys_setgroups
2015-12-24 13:17:55 +03:00
contrib
Add OverlayFS support to docker_cr.sh
2015-08-18 18:14:32 +03:00
Documentation
Build pie objects separately
2015-10-14 15:53:07 +03:00
include
vdso: Don't fail if pagemap is not accessbile
2015-12-24 14:40:05 +03:00
lib
lib: Don't use alloca over net received size
2015-11-17 10:53:02 +03:00
pie
vdso: Don't fail if pagemap is not accessbile
2015-12-24 14:40:05 +03:00
protobuf
cpt/rst: access and modification time of ghost files
2015-12-24 13:24:05 +03:00
pycriu
crit: Speed up jenkins test ~60 times
2015-12-11 16:36:05 +03:00
scripts
make: Don't forget to clean up obj-x
2015-10-26 12:11:10 +03:00
test
test: different_creds -- Enhance the testing
2015-12-24 13:30:25 +03:00
.gitignore
build: ignore/clean usr/
2015-11-05 15:35:17 +03:00
.mailmap
repo: Add mailmap file
2012-03-25 23:31:20 +04:00
.travis.yml
travis: add libcap-dev
2015-07-23 15:12:50 +03:00
action-scripts.c
scripts: print an error message if one or scripts failed
2015-11-05 15:19:27 +03:00
aio.c
aio: Fix vma->start printing format on arm
2014-12-30 15:38:25 +03:00
bfd.c
bfd: add breadchr
2015-10-27 22:51:09 +03:00
bitmap.c
bitmap -- Add few helpers for bits manipulations
2015-11-12 11:15:02 +03:00
cgroup.c
cgroup: use xsprintf() in rewrite_cgsets()
2015-12-21 11:57:01 +03:00
COPYING
Add LGPL licence for library directory
2013-04-01 12:29:06 +04:00
cr-check.c
cr-check: Don't include sys/syscalls.h
2015-12-04 11:41:26 +03:00
cr-dedup.c
page-read: Explicitly mark ENOENT with return code
2015-03-13 14:42:11 +03:00
cr-dump.c
criu: Remove security
2015-12-24 14:39:58 +03:00
cr-errno.c
cr-errno: initial commit
2014-12-19 18:58:46 +03:00
cr-exec.c
ptrace: split task_seize into seize_catch_task and seize_wait_task
2015-08-07 13:47:11 +03:00
cr-restore.c
criu: Remove security
2015-12-24 14:39:58 +03:00
cr-service.c
criu: Remove security
2015-12-24 14:39:58 +03:00
cr-show.c
show: read a second magic when it's required
2015-04-21 16:15:44 +03:00
CREDITS
Add the CREDITS file
2012-07-30 13:52:37 +04:00
crit
crit: The 'mems' explorer
2015-12-16 18:14:57 +03:00
crtools
crtools: rename binary to criu
2013-04-30 20:17:55 +04:00
crtools.c
criu: Remove security
2015-12-24 14:39:58 +03:00
Dockerfile
Revert "travis: install libseccomp-dev"
2015-07-14 18:28:05 +03:00
eventfd.c
img: Rename fdset -> imgset
2014-09-30 21:48:10 +04:00
eventpoll.c
img: Remove O_OPT and COLLECT_OPTIONAL
2015-03-13 14:42:01 +03:00
fault-injection.c
criu: Fault injection core
2015-10-19 12:42:29 +03:00
fifo.c
img: Introduce the struct cr_img
2014-09-30 21:48:13 +04:00
file-ids.c
kcmp: Stop showing ids tree
2015-08-18 18:17:31 +03:00
file-lock.c
lock: parse the lock field in fdinfo if it's avaliable (v2)
2015-04-27 14:53:24 +03:00
files-ext.c
img: Introduce the struct cr_img
2014-09-30 21:48:13 +04:00
files-reg.c
cpt/rst: access and modification time of ghost files
2015-12-24 13:24:05 +03:00
files.c
files: check fd flags after restore
2015-12-16 18:22:50 +03:00
fsnotify.c
fsnotify: Lookup for watchee path before doing irmap
2015-11-05 15:39:17 +03:00
image-desc.c
fs: Add binfmt_misc support
2015-12-08 14:52:26 +03:00
image.c
img: Remove empty lazy images after dump
2015-05-30 00:31:52 +03:00
ipc_ns.c
ipc: save local user and group id-s for ipc objects
2015-10-26 12:20:12 +03:00
irmap.c
irmap: use xsprintf() in irmap_update_dir()
2015-12-21 11:57:01 +03:00
kcmp-ids.c
kcmp: Stop showing ids tree
2015-08-18 18:17:31 +03:00
kerndat.c
dump: Dont read prohibited kernel files
2015-12-24 14:40:04 +03:00
libnetlink.c
netlink: increase the receive buffer size
2015-09-04 18:26:51 +03:00
log.c
criu: Remove security
2015-12-24 14:39:58 +03:00
lsm.c
lsm: don't leak apparmor string in the case of "unconfined"
2015-12-18 17:22:00 +03:00
Makefile
make: Fix @install-criu target
2015-12-15 15:03:07 +03:00
Makefile.config
build: get rid of vestigial Makefile.config test
2015-07-15 17:34:14 +03:00
Makefile.crtools
criu: Remove security
2015-12-24 14:39:58 +03:00
Makefile.inc
make: Allow to install in custom dirs
2015-10-05 13:24:23 +03:00
mem.c
dump: Dont read prohibited kernel files
2015-12-24 14:40:04 +03:00
mount.c
Fix 'mnt_path' may be used uninitialized in this function
2015-12-24 13:08:29 +03:00
namespaces.c
mount: wait when mntns will be created to get its root (v2)
2015-11-17 10:46:00 +03:00
net.c
util: don't leak cr-img objects (v2)
2015-11-26 17:04:37 +03:00
netfilter.c
util: Add flags to cr_system
2015-11-12 16:31:19 +03:00
page-pipe.c
log: Use pr_quelled helper
2014-09-03 20:56:58 +04:00
page-read.c
page-read: Fix compilation on arm (2)
2015-11-12 23:51:15 +03:00
page-xfer.c
Rename cr_opts.ps_port into port
2015-12-15 14:00:09 +03:00
pagemap-cache.c
pagemap-cache: add const-qualifier to pmc's vma
2015-12-08 15:45:44 +03:00
parasite-syscall.c
parasite: Add @pad argument for syscall run
2015-12-24 14:40:01 +03:00
pipes.c
pipe: add ability to restore both ends of inhereted pipes
2015-07-15 17:35:59 +03:00
plugin.c
Append newline when using pr_err()
2015-10-09 18:28:00 +03:00
proc_parse.c
proc: Get full file path into handle_vma
2015-12-24 14:40:00 +03:00
protobuf-desc.c
fs: Add binfmt_misc support
2015-12-08 14:52:26 +03:00
protobuf.c
img: Don't create empty images
2015-03-16 15:58:32 +03:00
pstree.c
creds: Allocate CredsEntry for every thread in core_entry_alloc
2015-12-24 13:18:35 +03:00
ptrace.c
criu: Remove security
2015-12-24 14:39:58 +03:00
rbtree.c
code: Fix spaced indentation where found
2012-08-11 21:36:03 +04:00
README.md
Updated README
2015-05-19 22:38:06 +03:00
rst-malloc.c
Use run-time page_size() for mremap
2015-07-28 13:38:30 +03:00
seccomp.c
seccomp: don't leak info on an error path
2015-11-30 11:39:43 +03:00
seize.c
dump: add timeout for collecting processes
2015-12-21 12:00:49 +03:00
shmem.c
page-read: Explicitly mark ENOENT with return code
2015-03-13 14:42:11 +03:00
sigframe.c
sigframe: cast the pointer to the field ucontext::uc_sigmask to k_rtsigset_t
2014-04-08 15:36:09 +04:00
signalfd.c
img: Remove O_OPT and COLLECT_OPTIONAL
2015-03-13 14:42:01 +03:00
sk-inet.c
ipv6: only save scopeid when it is required
2015-12-03 14:54:25 +03:00
sk-netlink.c
img: Remove O_OPT and COLLECT_OPTIONAL
2015-03-13 14:42:01 +03:00
sk-packet.c
img: Remove O_OPT and COLLECT_OPTIONAL
2015-03-13 14:42:01 +03:00
sk-queue.c
img: Introduce the struct cr_img
2014-09-30 21:48:13 +04:00
sk-tcp.c
tcp: disable the repair mode only for sockets of a current process (v3)
2015-07-15 17:35:21 +03:00
sk-unix.c
unix: Fix double restoring of peerless unix sockets, which are peers for others
2015-12-18 17:23:50 +03:00
sockets.c
socket: values of snd and rcv buffer should be divide into two
2015-10-27 22:55:36 +03:00
stats.c
img: Introduce the struct cr_img
2014-09-30 21:48:13 +04:00
string.c
string: Add strlcat helper
2013-11-29 15:36:07 +04:00
sysctl.c
sysctl: don't skip erros
2015-12-08 15:12:19 +03:00
sysfs_parse.c
sysfs_parse: use xsprintf() in fixup_aufs_vma_fd()
2015-12-21 11:57:02 +03:00
timerfd.c
check: do timerfd check on mainline kernel
2015-10-19 12:37:32 +03:00
tty.c
criu: tty: pick only master as a control terminal
2015-12-11 16:50:12 +03:00
tun.c
check: also check tun support in mainline
2015-10-19 12:37:34 +03:00
util.c
dump: Dont read prohibited kernel files
2015-12-24 14:40:04 +03:00
uts_ns.c
sysctl: move sysctl calls to usernsd
2015-10-05 13:16:14 +03:00
vdso.c
vdso: Don't fail if pagemap is not accessbile
2015-12-24 14:40:05 +03:00

README.md

CRIU (Checkpoint and Restore in Userspace)

An utility to checkpoint/restore tasks. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space.

The project home is at http://criu.org.

Pages worth starting with are:

How to contribute

Description
No description provided
Readme 81 MiB
Languages
C 86%
Python 6.1%
Java 2.6%
Shell 2.6%
Makefile 2%
Other 0.7%