-
Notifications
You must be signed in to change notification settings - Fork 583
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GSOC] udp: Add support for checkpoint/restore UDP socket's queues #1571
base: criu-dev
Are you sure you want to change the base?
Commits on Jan 12, 2021
-
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 1b3274a - Browse repository at this point
Copy the full SHA 1b3274aView commit details -
compel: Fix missing loff_t in Alpine
musl defines 'loff_t' in fcntl.h as 'off_t'. This patch resolves the following error when running the compel tests on Alpine Linux: gcc -O2 -g -Wall -Werror -c -Wstrict-prototypes -fno-stack-protector -nostdlib -fomit-frame-pointer -ffreestanding -fpie -I ../../../compel/include/uapi -o parasite.o parasite.c In file included from ../../../compel/include/uapi/compel/plugins/std/syscall.h:8, from ../../../compel/include/uapi/compel/plugins/std.h:5, from parasite.c:3: ../../../compel/include/uapi/compel/plugins/std/syscall-64.h:19:66: error: unknown type name 'loff_t'; did you mean 'off_t'? 19 | extern long sys_pread (unsigned int fd, char *buf, size_t count, loff_t pos) ; | ^~~~~~ | off_t ../../../compel/include/uapi/compel/plugins/std/syscall-64.h:96:46: error: unknown type name 'loff_t'; did you mean 'off_t'? 96 | extern long sys_fallocate (int fd, int mode, loff_t offset, loff_t len) ; | ^~~~~~ | off_t ../../../compel/include/uapi/compel/plugins/std/syscall-64.h:96:61: error: unknown type name 'loff_t'; did you mean 'off_t'? 96 | extern long sys_fallocate (int fd, int mode, loff_t offset, loff_t len) ; | ^~~~~~ | off_t make[1]: *** [Makefile:32: parasite.o] Error 1 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for cf0337c - Browse repository at this point
Copy the full SHA cf0337cView commit details -
compel/test: Fix warn_unused_result
gcc -O2 -g -Wall -Werror -I ../../../compel/include/uapi -o spy spy.c ../../../compel/libcompel.a spy.c: In function ‘check_pipe_ends’: spy.c:107:2: error: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Werror=unused-result] 107 | write(wfd, "1", 2); | ^~~~~~~~~~~~~~~~~~ spy.c:108:2: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result] 108 | read(rfd, aux, sizeof(aux)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 0e7321c - Browse repository at this point
Copy the full SHA 0e7321cView commit details
Commits on Jan 20, 2021
-
servicefd: don't move service fds in case they remain in the same place
Improve the check to skip moving service fds in clone_service_fd because we don't need to move anything if old service fds resulting offset is the same as new service fds resulting offset. It saves us from excess calls to dup/fcntl(F_DUPFD). Currently we check that base is the same and shared fdt ids are the same, but there also can be situations where different bases with different shared fdt ids still give the same offset sum (running zdtm in Virtuozzo CT we've seen such a case where service_fd_base=512, new_base=128, service_fd_id=24, id=0, SERVICE_FD_MAX=16). Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 4178bea - Browse repository at this point
Copy the full SHA 4178beaView commit details -
util: move open_proc_self_fd to service_fd
We need this to avoid conflicts with file descriptors which has to be restored. Currently open_proc PROC_SELF is not used during restoring file descriptors, but we are going to use it for memfd restore. Note: in get_proc_fd let's not close service fd if we detect service fd is not ours, it will be replaced in open_pid_proc anyway, and e.g. in protected sfd context we can't close or open sfd, but can replace it without any problems. While on it also add FIXME because the check in get_proc_fd is error prone in some rare cases (nested pidns is not supported yet). We need to populate this new SELF service fd in populate_pid_proc, so that it is later available in protected context. Also don't close /proc/self service fd in prep_unix_sk_cwd as it can be called from protected context and there is no much point of closing it anyway. Close proc self servicefd in close_old_fds, because first we don't wan't to reuse it from some ancestor, second there can be some junk fd as we are yet only in the beginning of close_old_fds. This junk fd can come from service fds of other tasks from parent's shared fdtable, and this fd would not allow us to do opendir_proc(PROC_SELF). Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 3f047f1 - Browse repository at this point
Copy the full SHA 3f047f1View commit details -
memfd: use PROC_SELF instead of getpid in __open_proc
This looks better for me, should be no functional change. Another implication of this is nested pid namespaces, when we will support them "__open_proc(getpid()...)" will try to open file of the process which has the same pid but in NS_ROOT pidns, which is bad. See also aa2d920 ("files: use PROC_SELF when a process accesses its /proc/PID") for a similar change. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 56853fb - Browse repository at this point
Copy the full SHA 56853fbView commit details
Commits on Jan 24, 2021
-
restore: warning: Value stored to 'ret' is never read
criu/cr-restore.c:3230:3: note: Value stored to 'ret' is never read ret = false; ^ ~~~~~ 3228| if (n == -1) { 3229| pr_perror("Failed to get number of supplementary groups"); 3230|-> ret = false; 3231| } 3232| if (n != n_groups) Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8112e76 - Browse repository at this point
Copy the full SHA 8112e76View commit details -
coverity: get_service_fd() is passed to a parameter that cannot be ne…
…gative criu/fdstore.c:110: negative_return_fn: Function "get_service_fd(FDSTORE_SK_OFF)" returns a negative number. criu/fdstore.c:110: assign: Assigning: "sk" = "get_service_fd(FDSTORE_SK_OFF)". criu/fdstore.c:114: negative_returns: "sk" is passed to a parameter that cannot be negative. criu/namespaces.c:1366: negative_return_fn: Function "get_service_fd(USERNSD_SK)" returns a negative number. criu/namespaces.c:1366: assign: Assigning: "sk" = "get_service_fd(USERNSD_SK)". criu/namespaces.c:1389: negative_returns: "sk" is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com> Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3dc47b2 - Browse repository at this point
Copy the full SHA 3dc47b2View commit details -
dump: at exit do not call timing_stop if stats are not initialized
Stats often call 'get_timing' function which has a BUG() assertion to catch cases when stats failed to initialize correctly. If stats haven't initialized yet assertion will also be triggered. We dont want the trigger to happen in a case when criu fails at early steps before initializing stats, but this can happen in the following case: - at cr_dump_tasks criu can catch error before the call to init_stats. - it then decides to gracefully quit with error and calls cr_dump_finish. - cr_dump_finish will call timing_stop -> get_timing and BUG() gets triggered But because criu is already quitting gracefully, BUG() is not needed. In this code path we can call timing_stop under proper condition. [avagin: rebase on top of criu-dev and a few minor changes] Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 41b4867 - Browse repository at this point
Copy the full SHA 41b4867View commit details -
mount: adjust log level for get_clean_mnt
In case get_clean_mnt fails open_mountpoint is still able to resolve mounts by helper process or print error in the worst case. Using pr_warn instead of pr_perror. Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 504c032 - Browse repository at this point
Copy the full SHA 504c032View commit details -
mount: adjust log level for mnt_is_dir
mnt_is_dir is used when looking up for suitable mount point. In some cases that function may fail several times. Error level seems to strict for this cases. Added error message to lookup_mnt_sdev in case all mnt_is_dir failed. As for open_handle and alloc_openable which are calling mnt_is_dir, they are used in check_open_handle, which will call error afterwards. Adjusted log level for __open_mountpoint result in open_handle since it is allowed to fail several times. open_handle caller get_mark_path expect possible failure and will print error in case. Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for d3b1d6e - Browse repository at this point
Copy the full SHA d3b1d6eView commit details -
fsnotify: rework redundant code
open_handle and first part of alloc_openable do the same work. Both these function are called from check_open_handle. Rework check_open_handle to call only alloc_openable. Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 2cf09cc - Browse repository at this point
Copy the full SHA 2cf09ccView commit details
Commits on Jan 26, 2021
-
Configuration menu - View commit details
-
Copy full SHA for 11b3a1a - Browse repository at this point
Copy the full SHA 11b3a1aView commit details
Commits on Jan 29, 2021
-
ci: move vagrant test to cirrus ci
With Travis dramatically reducing the minutes available for CI, CRIU needs a new place to run tests. This moves the Vagrant based Fedora 32 no VDSO test cases to Cirrus CI. Cirrus CI seems to be one of the very few free CI services allowing access to /dev/kvm. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9807413 - Browse repository at this point
Copy the full SHA 9807413View commit details -
zdtm: cleanup thread-bomb test error handling and printing
1) Let's do test_init earlier so that max_nr test_msg is now visible in thread-bomb.out. 2) Also lets check errors from malloc and pthread_... functions, print messages about their errors and do proper deallocation at least. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for af1103f - Browse repository at this point
Copy the full SHA af1103fView commit details -
ci: run aarch64 compile tests on Drone
Besides Travis CI Drone CI seems to be only service providing ARM based builds. This switches the aarch64 and arm32 builds to drone.io. Because Drone CI is running in a Docker container we cannot use 'setarch linux32' as it requires the blocked syscall 'personality(2)'. But Drone CI provides an 'arch: arm' which gives the same architecture as 'setarch linux32' on Travis aarch64: armv8l Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7766f12 - Browse repository at this point
Copy the full SHA 7766f12View commit details -
ci: also use clang for compel-host-bin
Running in an environment with clang and without gcc even installed does not work as compel-host-bin uses HOSTCC which defaults to gcc. If CLANG=1 is set this also sets HOSTCC to clang to actually build compel-host-bin with clang and not with gcc. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 76f9ccc - Browse repository at this point
Copy the full SHA 76f9cccView commit details -
namespaces: handle errors of snprintf
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 90f043d - Browse repository at this point
Copy the full SHA 90f043dView commit details -
util: zero the events pointer to avoid its double free
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 7d63cea - Browse repository at this point
Copy the full SHA 7d63ceaView commit details -
zdtm: handle a case when a test vma is merged with another one
Fixes: checkpoint-restore#1346 Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 098d4cc - Browse repository at this point
Copy the full SHA 098d4ccView commit details
Commits on Jan 30, 2021
-
ci: fix syntax error in stale.yml
The commas need to be inside of the quotes. Not on the outside. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d4b0f0f - Browse repository at this point
Copy the full SHA d4b0f0fView commit details -
ci: upgrade vagrant and Fedora version
The updates to the latest Vagrant version and from Fedora 32 to 33. Also using --no-tty instead of > /dev/null for vagrant up. Also run 'dnf upgrade -y' in out vagrant VM to get the latest kernel. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9ec1f1a - Browse repository at this point
Copy the full SHA 9ec1f1aView commit details
Commits on Feb 1, 2021
-
See: checkpoint-restore#1354 Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8c89fbd - Browse repository at this point
Copy the full SHA 8c89fbdView commit details -
ci: factor out Fedora Rawhide CI setup
To run Fedora Rawhide based aarch64 containers on Drone CI our current Dockerfile setup does not work. This moves the package installation out of the Dockerfile into scripts/ci/prepare-for-fedora-rawhide.sh to be usable in the Dockerfile environment and in the Drone CI environment. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 442dc65 - Browse repository at this point
Copy the full SHA 442dc65View commit details -
ci: move Fedora Rawhide based tests away from Travis
This moves Fedora Rawhide based tests away from Travis. To Github Actions for x86_64 and to Drone for aarch64. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 41efd59 - Browse repository at this point
Copy the full SHA 41efd59View commit details -
Tell podman to use vfs as storage-driver
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b62707b - Browse repository at this point
Copy the full SHA b62707bView commit details -
vdso: fix segmentation fault caused by char pointer array
When I compile criu with "make DEBUG=1" and run it to restore my program, it produces a segmentation fault. In aarch64, with compile flag "-O0", when criu executes the code in pie, it is unable to visit the content of ARCH_VDSO_SYMBOLS. So I put these variables into the stack. Signed-off-by: anatasluo <luolongjuna@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 2cb1156 - Browse repository at this point
Copy the full SHA 2cb1156View commit details
Commits on Feb 5, 2021
-
ci: move asan and image streamer test to github
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5792612 - Browse repository at this point
Copy the full SHA 5792612View commit details -
README.md: remove trailing whitespaces
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 10cb852 - Browse repository at this point
Copy the full SHA 10cb852View commit details -
README.md: remove unused badges; add a few new badges
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 4c3f324 - Browse repository at this point
Copy the full SHA 4c3f324View commit details -
ci: move compat tests to Github Actions
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 81c3c97 - Browse repository at this point
Copy the full SHA 81c3c97View commit details
Commits on Feb 6, 2021
-
dump: dump has to fail if there is locks and --file-locks isn't set
If criu finds a file lock and the --file-locks option isn't set, it stops dumping processes, resumes them and exits with an error. Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 7a64074 - Browse repository at this point
Copy the full SHA 7a64074View commit details -
test/zdtm: check that locks are not dumped if --file-locks isn't set
If criu finds a file lock and the --file-locks option isn't set, it stops dumping processes, resumes them and exits with an error. Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3fb8cd3 - Browse repository at this point
Copy the full SHA 3fb8cd3View commit details -
ci: move coverage run to github
This also connects the coverage run to codecov.io. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 042560a - Browse repository at this point
Copy the full SHA 042560aView commit details
Commits on Feb 9, 2021
-
files: Don't forget on stripping deleted postfix on linked files
Otherwise we gonna accumulated "(deleted)" postfix generated by kernel on every c/r iteration eventually overflowing PATH_MAX which will make container undumpable. Signed-off-by: Cyrill Gorcunov <gorcunov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 9546f39 - Browse repository at this point
Copy the full SHA 9546f39View commit details -
files-reg: rework strip_deleted
Moved strip_deleted to util and reworked it so other parts of criu can use it without the need of files-reg.h Reviewed-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 8d92d46 - Browse repository at this point
Copy the full SHA 8d92d46View commit details -
sk-unix: make criu respect existing files while restoring ghost unix …
…socket fd If there are any file in place of ghost unix socket, criu will delete it at restore while trying to recreate ghost one. Reviewed-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for a4c000e - Browse repository at this point
Copy the full SHA a4c000eView commit details -
sk-unix: rework unix_resolve_name
Use SIOCUNIXFILE ioctl approach to get socket fd opened with O_PATH. Utilise it for detecting deletion and resolving relative name. Preserve old method as fallback if this new IOCTL fails. Also remove overmount_sock crfail in zdtm. With the unix_resolve_name reworked to use SIOCUNIXFILE criu can now pass this test. Reviewed-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 82f2033 - Browse repository at this point
Copy the full SHA 82f2033View commit details -
zdtm: add fifo upon unix socket test case
Create unix socket and unlink it. Make fifo in this place. Reviewed-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 903b903 - Browse repository at this point
Copy the full SHA 903b903View commit details -
zdtm: add second fifo_upon_unix test
This differs from the previous one by 1. using relative path instead of absolute 2. chdir() after setup Reviewed-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Reviewed-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 1b5dbe5 - Browse repository at this point
Copy the full SHA 1b5dbe5View commit details
Commits on Feb 10, 2021
-
seccomp: initialize seccomp_mode in all cases
In parse_pid_status(), it is assumed that the seccomp field can be missing from /proc/pid/status. When the field is missing, it is not properly initialized, leading to bad behavior. We initialize seccomp_mode to SECCOMP_MODE_DISABLED by default, similarly to what is done in compel/src/lib/infect.c:parse_pid_status. Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Configuration menu - View commit details
-
Copy full SHA for 42c2112 - Browse repository at this point
Copy the full SHA 42c2112View commit details
Commits on Feb 19, 2021
-
ci: use runc instead of crun for podman tests
The latest podman pulls in crun instead of runc. Unfortunately crun is not built against libcriu and does not support checkpoint/restore. Switch back to runc. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a277c84 - Browse repository at this point
Copy the full SHA a277c84View commit details -
file-lock: Add space in error message
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 2692215 - Browse repository at this point
Copy the full SHA 2692215View commit details -
javaTests: Add --file-locks option
Resolves checkpoint-restore#1370 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 89aa874 - Browse repository at this point
Copy the full SHA 89aa874View commit details -
test: Reduce verbosity of mvn output
The -q option will only show errors Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 7a8f426 - Browse repository at this point
Copy the full SHA 7a8f426View commit details -
zdtm: Add javaTests output to .gitignore
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 6110236 - Browse repository at this point
Copy the full SHA 6110236View commit details
Commits on Feb 24, 2021
-
test: fix test compilation on rawhide
The latest glibc has redefined SIGSTKSZ as 'sysconf (_SC_SIGSTKSZ)' and this breaks a static char[] definition. Hardcoding TESTSIGSTKSZ to 16384 in the test. This fixes: sigaltstack.c:17:13: error: variably modified 'stack_thread' at file scope 17 | static char stack_thread[SIGSTKSZ + TEST_MSG_BUFFER_SIZE] __stack_aligned__; | ^~~~~~~~~~~~ sigaltstack.c:18:13: error: variably modified 'stack_main' at file scope 18 | static char stack_main[SIGSTKSZ + TEST_MSG_BUFFER_SIZE] __stack_aligned__; | ^~~~~~~~~~ Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 42171ca - Browse repository at this point
Copy the full SHA 42171caView commit details -
bug: add __builtin_unreachable in BUG_ON_HANDLER
This will surpress false gcc warnings like this: criu/stats.c:85:10: error: array subscript 4 is above array bounds of 'struct timing[2]' [-Werror=array-bounds] 85 | return &rstats->timings[t]; | ^~~~~~~~~~~~~~~~~~~ criu/stats.c:25:16: note: while referencing 'timings' 25 | struct timing timings[RESTORE_TIME_NS_STATS]; | ^~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 950a88c - Browse repository at this point
Copy the full SHA 950a88cView commit details -
sk-unix: check whether a socket name is NULL before printing it
criu/include/log.h:72:2: error: '%s' directive argument is null [-Werror=format-overflow=] 72 | print_on_level(LOG_DEBUG, \ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 73 | LOG_PREFIX fmt, ##__VA_ARGS__) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ criu/sk-unix.c:133:2: note: in expansion of macro 'pr_debug' 133 | pr_debug("\t%s: ino %u peer_ino %u family %4d type %4d state %2d name %s\n", | ^~~~~~~~ CC criu/stats.o Fixes: checkpoint-restore#1373 Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3397ac0 - Browse repository at this point
Copy the full SHA 3397ac0View commit details
Commits on Mar 1, 2021
-
plugin: check for plugin path truncation
New compilators print warnings if snprintf return value is not checked for truncation. Let's make them happy. Fixes: checkpoint-restore#1372 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for ab395e4 - Browse repository at this point
Copy the full SHA ab395e4View commit details -
ci: fix Fedora rawhide CI failures
It seems the Fedora rawhide /tmp is no longer 1777 but 755. Change it back to 1777 to make our CI runs successful again. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 168668e - Browse repository at this point
Copy the full SHA 168668eView commit details
Commits on Mar 2, 2021
-
github/stale: separate labels with commas without following spaces
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e0d4aef - Browse repository at this point
Copy the full SHA e0d4aefView commit details -
ci/compat: Check if tests are 32-bit ELFs
To be sure that we don't lose COMPAT_TEST=y on the way to make. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for f8cf071 - Browse repository at this point
Copy the full SHA f8cf071View commit details -
x86: Use PTRACE_GET_THREAD_AREA instead of sys_get_thread_area()
To minimize things done in parasite, PTRACE_GET_THREAD_AREA can be used to get remote tls. That also removes an additional compat stack (de)allocation in the parasite (also asm-coded syscall). In order to use PTRACE_GET_THREAD_AREA, the dumpee should be stopped. So, let's move this from criu to compel to non-seized state and put tls into thread info on x86. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 84be304 - Browse repository at this point
Copy the full SHA 84be304View commit details -
namespaces: properly handle errors of snprintf
If snprintf was truncated we should probably know about it instead of continuing to increase off, as snprintf returns number of characters which would have been written and not the number which was actually written. Normally we check snprintf only for overflow not for error, some modern compilers print warnings if truncation was not checked. Probably it was the case why we implemented [1], the truncation happened and on the next iteration of for loop we've hit negative size for snprintf and got -1. Fixes: 90f043d ("namespaces: handle errors of snprintf") [1] Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for e4e58a8 - Browse repository at this point
Copy the full SHA e4e58a8View commit details
Commits on Mar 9, 2021
-
x86/compel/fault-inject: Add a fault-injection for corrupting extende…
…d regset With pseudo-random garbage, the seed is printed with pr_err(). get_task_regs() is called during seizing the task and also for each thread. At this moment only for x86. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 2fdc094 - Browse repository at this point
Copy the full SHA 2fdc094View commit details -
zdtm/fpu00: Simplify ifdeffery
..to introduce a new one! ;-D Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 6e1cd5b - Browse repository at this point
Copy the full SHA 6e1cd5bView commit details -
zdtm/fpu03: Add a test to check fpu C/R in a thread
CRIU dumps main thread and sub-threads differently, so there needed a test to check if fpu is preserved across C/R in sub-threads. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 8394062 - Browse repository at this point
Copy the full SHA 8394062View commit details -
compel: Store extended registers set in the thread context
Extended registers set for task is restored with rt_sigreturn() through prepared sigframe. For threads it's currently lost. Preserve it inside thread context to restore on thread curing. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for e9b1e0b - Browse repository at this point
Copy the full SHA e9b1e0bView commit details -
compel: Provide compel_set_task_ext_regs()
Arch-dependend way to restore extended registers set. Use it straight-away to restore per-thread registers. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for e07e5ee - Browse repository at this point
Copy the full SHA e07e5eeView commit details -
fault-injection: Run fpu corruption tests
For the thread leader and for subthreads too. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 24f57c6 - Browse repository at this point
Copy the full SHA 24f57c6View commit details -
Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for fc1fefd - Browse repository at this point
Copy the full SHA fc1fefdView commit details -
Revert "compel: add -ffreestanding to force gcc not to use builtin me…
…mcpy, memset" This reverts commit c98af78. Now FPU/SSE/MMX/etc can be used inside parasite. Let's have compiler optimizations back. Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 6569412 - Browse repository at this point
Copy the full SHA 6569412View commit details -
zdtm/fpu03: Add .desc file to omit running on !x86
I managed to forget .desc file and ppc on Jenkins now fails with: > === Run 177/394 =======--------- zdtm/static/fpu03 > timens isn't supported on 5.8.18-100.fc31.ppc64le > ========================== Run zdtm/static/fpu03 in h ========================== > Start test > ./fpu03 --pidfile=fpu03.pid --outfile=fpu03.out > make: *** [Makefile:430: fpu03.pid] Error 1 > Test zdtm/static/fpu03 FAIL at ['make', '--no-print-directory', '-C', 'zdtm/static', 'fpu03.pid'] > Test output: ================================ > 08:56:48.325: 56: SKIP: fpu03.c:116: Unsupported arch > 08:56:48.325: 55: ERR: test.c:316: Test exited unexpectedly with code 0 > > <<< ================================ Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for 447b3cf - Browse repository at this point
Copy the full SHA 447b3cfView commit details
Commits on Mar 10, 2021
-
test: move vt test to minor 65 on s390x
Our Jenkins s390x vt test fails with ./vt --pidfile=vt.pid --outfile=vt.out --filename=vt.test make: *** [Makefile:432: vt.pid] Error 1 Test zdtm/static/vt FAIL at ['make', '--no-print-directory', '-C', 'zdtm/static', 'vt.pid'] Test output: ================================ 08:08:15.556: 54: ERR: vt.c:38: Open virtual terminal vt.test failed (errno = 6 (No such device or address)) 08:08:15.556: 53: ERR: test.c:316: Test exited unexpectedly with code 1 Because the host has no ttyS0 as used previously. This changes the test to use 'ttysclp0'. That seems to exist on multiple s390x we checked. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 1c1949a - Browse repository at this point
Copy the full SHA 1c1949aView commit details -
pstree: check for pid collision before switching to new sid/gid
Without this check we can hit the BUG in lookup_create_item just a few steps later (if one thread in images has same pid with new sid/gid). And also this check saves us from different sorts of unexpected errors on restore (if one non-thread task in images has same pid/sid/gid already). Fixes: checkpoint-restore#1332 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 77968d4 - Browse repository at this point
Copy the full SHA 77968d4View commit details -
ci: move Travis CI Docker tests to GitHub Actions
Travis CI is no longer providing CI minutes for open source projects. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for b51fb87 - Browse repository at this point
Copy the full SHA b51fb87View commit details -
docker-test: use containerd v1.5.0-beta.0
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 19be9ce - Browse repository at this point
Copy the full SHA 19be9ceView commit details -
docker-test: set log file path
By default docker writes logs in a run-time directory unique for each container. To be able to read this file, we can specify the path in CRIU's configuration file for runc. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for fddf3a7 - Browse repository at this point
Copy the full SHA fddf3a7View commit details -
lib/cli.py: Open out file as a binary
python3 fails to encode image with the following: > [dima@Mindolluin criu]$ ./crit/crit encode -i tmp -o tmp.1 > Traceback (most recent call last): > File "/home/dima/src/criu/./crit/crit", line 6, in <module> > cli.main() > File "/home/dima/src/criu/crit/pycriu/cli.py", line 410, in main > opts["func"](opts) > File "/home/dima/src/criu/crit/pycriu/cli.py", line 50, in encode > pycriu.images.dump(img, outf(opts)) > File "/home/dima/src/criu/crit/pycriu/images/images.py", line 617, in dump > f.write(struct.pack('i', magic.by_name['IMG_COMMON'])) > TypeError: write() argument must be str, not bytes Opening the output file as binary seems to help. Signed-off-by: Dmitry Safonov <dima@arista.com>
Configuration menu - View commit details
-
Copy full SHA for ca2d273 - Browse repository at this point
Copy the full SHA ca2d273View commit details
Commits on Mar 14, 2021
-
ci: remove '-Wl,-z,now' workaround
This removes extending LDFLAGS with '-Wl,-z,now'. This was added as workaround but never really worked. It is correctly fixed with pull request checkpoint-restore#1379 Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for cdfca86 - Browse repository at this point
Copy the full SHA cdfca86View commit details -
lib: fix recode errors seen in Jenkins
Although we are running crit-recode.py also in all CI runs we never seen following error except in Jenkins: Traceback (most recent call last): File "/usr/lib/python3.8/base64.py", line 510, in _input_type_check m = memoryview(s) TypeError: memoryview: a bytes-like object is required, not 'str' The above exception was the direct cause of the following exception: Traceback (most recent call last): File "./test/crit-recode.py", line 25, in recode_and_check r_img = pycriu.images.dumps(pb) File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 635, in dumps dump(img, f) File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 626, in dump handler.dump(img['entries'], f) File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 289, in dump f.write(base64.decodebytes(item['extra'])) File "/usr/lib/python3.8/base64.py", line 545, in decodebytes _input_type_check(s) File "/usr/lib/python3.8/base64.py", line 513, in _input_type_check raise TypeError(msg) from err TypeError: expected bytes-like object, not str This commit fixes this by encoding the string to bytes. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8017b6a - Browse repository at this point
Copy the full SHA 8017b6aView commit details -
ci: run recode tests on more input files
We were running crit-recode in CI only on the output of zdtm/static/env00. This adds zdtm/transition/fork and zdtm/static/ghost_holes00 to run through crit-recode as the image files from those test triggered errors in Jenkins we did not see in CI. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9f2a696 - Browse repository at this point
Copy the full SHA 9f2a696View commit details -
ccache was set up in Travis to speed up compilation by re-using the .ccache directory from previous CI runs. As we are no longer using Travis we can remove all CI related ccache setup. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b7d2c2a - Browse repository at this point
Copy the full SHA b7d2c2aView commit details -
ci: run zdtm/transition/pid_reuse with pre-dumps in ci tests
This test should be run with at least 1 pre-dump to trigger the problem as mentioned in commit 4d9bf60. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 628ff18 - Browse repository at this point
Copy the full SHA 628ff18View commit details -
criu-ns: Convert indentation to spaces
Spaces are the preferred indentation method. https://www.python.org/dev/peps/pep-0008/#tabs-or-spaces Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 42df849 - Browse repository at this point
Copy the full SHA 42df849View commit details -
criu-ns: Remove space before/after bracket
Avoid extraneous whitespace. https://python.org/dev/peps/pep-0008/#whitespace-in-expressions-and-statements Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for a6659c3 - Browse repository at this point
Copy the full SHA a6659c3View commit details -
criu-ns: Extract mount new /proc into a function
By extracting this code into a function the main code becomes smaller and more obvious. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for c7d7608 - Browse repository at this point
Copy the full SHA c7d7608View commit details -
criu-ns: Extract wait for process into a function
Reduce duplication of code. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 097834d - Browse repository at this point
Copy the full SHA 097834dView commit details -
criu-ns: Use documentation strings
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for b790ce2 - Browse repository at this point
Copy the full SHA b790ce2View commit details -
criu-ns: Remove unused _umount
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for ab9418d - Browse repository at this point
Copy the full SHA ab9418dView commit details -
criu-ns: Extract set namespace functions
This change extracts some of the duplicated code from set_pidns() and set_mntns() functions. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 44a1d32 - Browse repository at this point
Copy the full SHA 44a1d32View commit details -
criu-ns: Close namespace fd before raise
It is a good practice to close open file descriptors. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for b31d3ad - Browse repository at this point
Copy the full SHA b31d3adView commit details -
criu-ns: Pass arguments to run_criu()
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 6055d0b - Browse repository at this point
Copy the full SHA 6055d0bView commit details -
criu-ns: Handle restore-detached option
The criu-ns script creates a new PID namespace where criu is the "init" process. When using the --restore-detached option with criu-ns, users expect criu-ns to exit without killing the restored process tree. Thus, criu-ns should not pass the --restore-detached to criu to prevent it from terminating, and it should exit instead of waiting for criu's exit status. Resolves checkpoint-restore#1278 Suggested-by: Andrei Vagin <avagin@gmail.com> Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 719c5b0 - Browse repository at this point
Copy the full SHA 719c5b0View commit details -
criu-ns: Add unsupported msg for restore-sibling
Currently criu-ns does not support the --restore-sibling option. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 66f5ab4 - Browse repository at this point
Copy the full SHA 66f5ab4View commit details -
criu-ns: Merge comparisons with 'in'
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for d49ace9 - Browse repository at this point
Copy the full SHA d49ace9View commit details
Commits on Mar 16, 2021
-
lib: fromstring() and tostring() are deprecated
fromstring() and tostring() are deprecated since Python 3.2 and have been removed in 3.9. Both functions were just aliases and this patch changes images.py to directly call fromybytes() and tobytes(). Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 02b0e85 - Browse repository at this point
Copy the full SHA 02b0e85View commit details -
lib: correctly handle padding of dump images
With the switch to Python3 and binary output it is not possible to use code like: 'f.write('\0' * (rounded - size))'. Switching to binary helps. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c8beca6 - Browse repository at this point
Copy the full SHA c8beca6View commit details
Commits on Mar 19, 2021
-
pstree: don't change sid/gid-s if current sid/gid is the same
Previously we only skipped replacing sid for shell job if root_item was session leader, but there is other case where root_item sid is the same as current_sid we can safely skip replacing for this case. Same applies to gid-s. Now after we have pid collision check we not only "can" but should skip pid collision checks for the latter case. It is quite obvious that there are tasks in tree with sid==current_sid if current_sid==old_sid. Fixes: checkpoint-restore#1400 Fixes: 77968d4 ("pstree: check for pid collision before switching to new sid/gid") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for d334ba3 - Browse repository at this point
Copy the full SHA d334ba3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9b0d752 - Browse repository at this point
Copy the full SHA 9b0d752View commit details
Commits on Mar 22, 2021
-
ci: move CentOS 8 based test to Cirrus
The kernel on GitHub Actions has a bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1919472 which breaks our CI. It works on Cirrus. Let's move it there. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ca03208 - Browse repository at this point
Copy the full SHA ca03208View commit details -
lib: fix crit-recode fix for Python 2
The recent fix to make Jenkins run crit-recode again broke Python 2 support (because Python 2 based CI was not running). This should fix the Python 2 based test run. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 49b9cff - Browse repository at this point
Copy the full SHA 49b9cffView commit details
Commits on Mar 24, 2021
-
cr-service: fix CRIU_REQ_TYPE__FEATURE_CHECK RPC request
Closes: checkpoint-restore#1408 CRIU_REQ_TYPE__FEATURE_CHECK was failing, this was caused by two things in handle_feature_check(): 1. setup_opts_from_req() was used and it could be NULL (kerndat_init() is enough for feature checking) 2. resp.success was always set to false Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4806058 - Browse repository at this point
Copy the full SHA 4806058View commit details
Commits on Mar 29, 2021
-
criu: Throw error when parent path is provided but invalid
In image dump directory, there are 2 parent symlink error cases: - Parent symlink does not exist - Parent symlink exists but points to invalid target At the moment, 2 cases are handled exactly the same (do full dump). However, while the first case happen when parent path is not provided, the second one is likely user's mistake when provides invalid parent path. So we throw an error in the latter case instead of performing the full dump. Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9edf531 - Browse repository at this point
Copy the full SHA 9edf531View commit details
Commits on Mar 30, 2021
-
criu: Replace faccessat with fstatat when using AT_SYMLINK_NOFOLLOW flag
Currently, alpine musl libc library returns Invalid argument error (EINVAL) when calling faccessat with AT_SYMLINK_NOFOLLOW flag. Fix this by using fstatat instead. Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 840dc0b - Browse repository at this point
Copy the full SHA 840dc0bView commit details -
lib: correctly handle stdin/stdout (Python 3)
This changes stdin to be opened as binary if the input is not a tty. This changes stdout to be opened as binary if encoding or if the output is not a tty. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f9616e9 - Browse repository at this point
Copy the full SHA f9616e9View commit details -
lib: print nice error if crit gets wrong input
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 35a4761 - Browse repository at this point
Copy the full SHA 35a4761View commit details -
lib: also handle extra pipe data correctly
CI sometimes errors out encoding/decoding extra pipe data. This should fix extra pipe data for Python 3 and still keep it working on Python 2. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for e65a56a - Browse repository at this point
Copy the full SHA e65a56aView commit details -
test: fix crit test and extend it
This fixes the others/crit test to work again and extends it to make sure all possible input and output options are correctly handled by crit. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7accc44 - Browse repository at this point
Copy the full SHA 7accc44View commit details -
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 38a9cbe - Browse repository at this point
Copy the full SHA 38a9cbeView commit details
Commits on Apr 5, 2021
-
images: re-license as Expat license (so-called MIT)
This changes the license of all files in the images/ directory from GPLv2 to the Expat license (so-called MIT). According to git the files have been authored by: Abhishek Dubey Adrian Reber Alexander Mikhalitsyn Alice Frosi Andrei Vagin (Andrew Vagin, Andrey Vagin) Cyrill Gorcunov Dengguangxing Dmitry Safonov Guoyun Sun Kirill Tkhai Kir Kolyshkin Laurent Dufour Michael Holzheu Michał Cłapiński Mike Rapoport Nicolas Viennot Nikita Spiridonov Pavel Emelianov (Pavel Emelyanov) Pavel Tikhomirov Radostin Stoyanov rbruno@gsd.inesc-id.pt Sebastian Pipping Stanislav Kinsburskiy Tycho Andersen Valeriy Vdovin The Expat license (so-called MIT) can be found here: https://opensource.org/licenses/MIT According to that link the correct SPDX short identifier is 'MIT'. https://spdx.org/licenses/MIT.html Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b98bbda - Browse repository at this point
Copy the full SHA b98bbdaView commit details
Commits on Apr 13, 2021
-
scripts/build: drop obsolete ENV1 variable
The ENV1 variable was first introduced with commit 7290de5 (travis: enable ccache for docker/qemu builds) and it is not used anymore. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 901ea2b - Browse repository at this point
Copy the full SHA 901ea2bView commit details
Commits on Apr 15, 2021
-
net: allow restoring of precreated veth devices
This introduces a new option --external netdev[IFNAME]:ORIGNAME which informs CRIU that this is pre-created network device that it is supposed to move into a target network namespace. The "netdev" name was chosen to make it flexible enough to e.g. also cover physical devices if that is desirable at some point. For example: --external netdev[eth0]:vethA23adf3 would instruct CRIU to move the network device with the name "vethA23adf3" into a target network namespace renaming it to "eth0" while doing so. In order to restore ip addresses and additional data correctly CRIU needs to move the network device into the target netns with the recorded ifindex. This requires a kernel patch as discussed in [1]. The patch has been merged into net-next and is expected to show up in the v5.13 release (cf. [2]) The motivating use-case can be found in [1]. But I'm repeating it mostly verbatim here: Assume a container with a standard veth tunnel for an unprivileged container: <veth-host> <-> <bridge-host> <-> <veth-container> When LXD starts a container it will create the veth pair in the host namespaces with random names, let's assume: <veth-host> := vethHOST <veth-container> := vethCONT The LXD generates a config for the container and tells the container to use vethCONT as network device and usually also tells it to rename that device to something more sensible like eth3. The container will then use netlink to move and rename the vethCONT device into it's network namespace as eth3 during startup. Users may use lxc snapshot --stateful to create a CRIU dump. And they can restore via lxc restore --stateful <container-name> <stateful-snapshot-name> And this is where things get hairy currently. LXD's network models requires it to always be in control of all network devices and so similar to regular startup it will precreate the two veth devices vethHOST and vethCONT and tell LXC about it. What we would like CRIU to be able to do is to add a commandline option to tell CRIU to not bother creating the veth device but instead to simply assume that someone else will create, move, and rename it and instead just restore routes, iptables, addresses and so on. With this kernel patch applied I can successfully dump and restore a LXD containers: ubuntu@f2-vm:~/src/bin$ lxc launch images:alpine/edge alp1 Creating alp1 Starting alp1 ubuntu@f2-vm:~/src/bin$ lxc snapshot --stateful alp1 ubuntu@f2-vm:~/src/bin$ lxc list +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | alp1 | RUNNING | 10.47.211.144 (eth0) | fd42:8722:277d:69cf:216:3eff:fe69:9b8b (eth0) | CONTAINER | 1 | +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ ubuntu@f2-vm:~/src/bin$ lxc restore --stateful alp1 snap0 ubuntu@f2-vm:~/src/bin$ lxc list +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | alp1 | RUNNING | 10.47.211.144 (eth0) | fd42:8722:277d:69cf:216:3eff:fe69:9b8b (eth0) | CONTAINER | 1 | +------+---------+----------------------+-----------------------------------------------+-----------+-----------+ ubuntu@f2-vm:~/src/bin$ lxc exec alp1 -- sh ~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 15: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 00:16:3e:69:9b:8b brd ff:ff:ff:ff:ff:ff inet 10.47.211.144/24 brd 10.47.211.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fd42:8722:277d:69cf:216:3eff:fe69:9b8b/64 scope global dynamic flags 100 valid_lft 86355sec preferred_lft 86355sec inet6 fe80::216:3eff:fe69:9b8b/64 scope link valid_lft forever preferred_lft forever [1]: checkpoint-restore#1421 [2]: https://patchwork.kernel.org/project/netdevbpf/patch/20210406075448.203816-1-avagin@gmail.com/ Fixes: checkpoint-restore#1421 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for e49ce51 - Browse repository at this point
Copy the full SHA e49ce51View commit details
Commits on Apr 20, 2021
-
tiny fix on function dump_empty_fs
return value of is_empty_dir: * < 0 : open directory stream failed * 0 : directory is not empty * 1 : directory is empty Signed-off-by: Liu Hua <weldonliu@tencent.com>
Configuration menu - View commit details
-
Copy full SHA for 32b7243 - Browse repository at this point
Copy the full SHA 32b7243View commit details
Commits on Apr 21, 2021
-
Dockerfile: use 'git clean' before build
The 'make docker-build' command creates a copy of all files from the in local CRIU clone inside a container. Then it runs 'make mrproper' inside the container, followed by compilation of criu, followed by another 'make mrproper'. After the last mrproper command, it attempts to check if the clean was successful by running 'git clean'. However, this check fails when the local repository contains files that are not part of the repository. For example, the vscode editor creates the folder '.vscode/' which would be copied inside the docker container and cause 'make docker-build' to fail. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 66a259f - Browse repository at this point
Copy the full SHA 66a259fView commit details -
Dockerfile: re-build criu after clean
In order to be able to run the zdtm tests inside a container, we have to make sure that all protobuf sources have been compiled. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 2d189ca - Browse repository at this point
Copy the full SHA 2d189caView commit details -
Dockerfile: add missing test dependencies
This patch adds missing dependencies required to run the zdtm tests. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 31b6447 - Browse repository at this point
Copy the full SHA 31b6447View commit details -
docker-test: use host cgroup & network ns
The test/zdtm_mount_cgroups script fails with 'permission denied' when running tests with private cgroup namespace. Using the host network namespace allows us to test criu as if it is running on the host, sharing iptables rules etc. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 2eec2e9 - Browse repository at this point
Copy the full SHA 2eec2e9View commit details -
Makefile: update excluded tests for docker-test
All zdtm tests pass on Fedora 33 for `make docker-build && make docker-test` with devicemapper storage driver. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 9314efc - Browse repository at this point
Copy the full SHA 9314efcView commit details -
Makefile: docker-test don't use interactive tty
Running zdtm tests does not require input and therefore it is not necessary to use -it. This change also allows to run the test in CI where it currently fails with: the input device is not a TTY make: *** [Makefile:388: docker-test] Error 1 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for ebb3e03 - Browse repository at this point
Copy the full SHA ebb3e03View commit details -
ci: exclude lazy-thp for remote pages over tls
Temporarily disable this test until the checkpoint-restore#1380 is resolved. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 9bef478 - Browse repository at this point
Copy the full SHA 9bef478View commit details -
kerndat: check whether IFLA_NEW_IFINDEX is supported
Send an RTM_SETLINK request with a negative IFLA_NEW_IFINDEX. If IFLA_NEW_IFINDEX is supported, the kernel will return ERANGE. Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 6ead08e - Browse repository at this point
Copy the full SHA 6ead08eView commit details -
test/zdtm: check that restore can handle precreated veth devices
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5e9f2d4 - Browse repository at this point
Copy the full SHA 5e9f2d4View commit details
Commits on Apr 23, 2021
-
Another pr_perror spring cleaning time! As pr_perror adds a semicolon, an strerror(errno), and a newline, there's no need to add one manually. Brought to you by for f in $(git grep -l pr_perror); do test -f $f || continue echo $f sed -i '\%^[[:space:]]*pr_perror(.*\\n"%s/\\n//' $f done Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e6bb997 - Browse repository at this point
Copy the full SHA e6bb997View commit details -
criu: don't use errno for pr_error
There is no need to, as pr_error already adds strerror(errno) to the error message. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 96dbfc0 - Browse repository at this point
Copy the full SHA 96dbfc0View commit details -
test/zdtm: don't use pr_perror where errno is unset
pr_perror should be used for cases where the failed operation sets errno. For cases where errno is not set, pr_err is preferable. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 13bf2d6 - Browse repository at this point
Copy the full SHA 13bf2d6View commit details -
test/zdtm: don't use errno for pr_perror
Macro pr_perror already adds errno and its string representation to the error message, so there's no need to explicitly do it. While at it, fix some error messages. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 998c37d - Browse repository at this point
Copy the full SHA 998c37dView commit details -
test/zdtm: don't use \n with fail()
Macro fail already appends \n to the message, so there's no need to do it explicitly. Brought to you by for f in $(git grep -l fail test/zdtm); do test -f $f || continue echo $f sed -i '\%^[[:space:]]*fail(.*\\n"%s/\\n"/"/' $f done Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ca08482 - Browse repository at this point
Copy the full SHA ca08482View commit details -
test/zdtm: don't use %m with fail
Macro fail already appends errno and strerror(errno) to the error message, so there's no need to do it explicitly. Brought to you by for f in $(git grep -l fail test/zdtm); do test -f $f || continue echo $f sed -i '\|^[[:space:]]*fail(.*[ (]%m)*"|s/:*[ (]*%m)*//' $f done Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for bb56a6f - Browse repository at this point
Copy the full SHA bb56a6fView commit details -
test/zdtm: don't pass errno to fail()
Macro fail() already prints the value of errno, so there's no need to explicitly add it. Found by git grep '^\s*\<fail\>.*errno' Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 43d4a98 - Browse repository at this point
Copy the full SHA 43d4a98View commit details -
Makefile: amend lint with pr_perror/fail checks
In many cases developers forget that pr_perror and fail macros are a bit special, in particular: 1. they already show errno; 2. they already append \n to the message. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b5bbfdc - Browse repository at this point
Copy the full SHA b5bbfdcView commit details -
scripts: fix shellcheck warnings
On my system (shellcheck v0.7.1) make lint shows a few warnings about needing to quote variables. Fix those. PS I am not sure why those are not shown by GHA CI, I assume there is different shellcheck version used. Add shellcheck -- version to the appropriate Makefile target to avoid confusion. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 76ffd8d - Browse repository at this point
Copy the full SHA 76ffd8dView commit details -
criu/mount.c: fix \n in pr_debug
Funny but it used incorrect slash. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 117e8f6 - Browse repository at this point
Copy the full SHA 117e8f6View commit details -
test/others/bers: use pr_perror
When errno is set, it makes sense to use pr_perror. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e79d8f8 - Browse repository at this point
Copy the full SHA e79d8f8View commit details -
test/zdtm: pr_err / pr_perror fixes
1. Use pr_perror where errno needs to be shown. 2. Use pr_err in cases where errno is not set by the previous failed call. 3. Make sure pr_err's first argument do not have \n. 4. While at it, fix some error messages. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0959fce - Browse repository at this point
Copy the full SHA 0959fceView commit details -
criu: make sure to use pr_perror to show errno
In cases where we need to print errno, it is better to use pr_perror. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 670210a - Browse repository at this point
Copy the full SHA 670210aView commit details -
Whitespace at EOL cleanup and check
My editor (vim) auto-removes whitespace at EOL for *.c and *.h files, and I think it makes sense to have a separate commit for this, rather than littering other commits with such changes. To make sure this won't pile up again, add a line to Makefile under the linter target to check for such things (so CI will fail). This is all whitespace except an addition to Makefile. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5115b63 - Browse repository at this point
Copy the full SHA 5115b63View commit details -
criu: end pr_(err|warn|msg|info|debug) with \n
Unlike pr_perror, pr_err and other macros do not append \n to the message being printed, so the caller needs to take care of it. Sometimes it was not done, so let's add this manually. To make sure it won't happen again, add a line to Makefile under the linter target to check for such missing \n. NOTE this check is only done for part of such cases (where the pr_* statement fits in one line and there's no comment after), but it's better than nothing. Add comments after pr_msg and pr_info statements where we deliberately don't add \n, so that the above check ignores them. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f1cc40c - Browse repository at this point
Copy the full SHA f1cc40cView commit details
Commits on Apr 24, 2021
-
restore: fix error message when fork fails
`last_pid_buf` is not where the last_pid string is, but it is in `s`. Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Configuration menu - View commit details
-
Copy full SHA for 73d76d4 - Browse repository at this point
Copy the full SHA 73d76d4View commit details
Commits on Apr 27, 2021
-
net: add a #define for increased compatiblity with old distributions
Debian 9 doesn't have IFLA_NEW_IFINDEX defined Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Configuration menu - View commit details
-
Copy full SHA for fbff0e9 - Browse repository at this point
Copy the full SHA fbff0e9View commit details
Commits on Apr 30, 2021
-
logging: pr_perror() -> pr_msg() when execvp fails in action scripts …
…and others When invoking an action-script, all file descriptors >= 3 are closed. If execvp() fails, we can only log the error on stderr. pr_msg() outputs on stderr, so we use this as opposed to pr_perror(). Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Configuration menu - View commit details
-
Copy full SHA for 6ac4c93 - Browse repository at this point
Copy the full SHA 6ac4c93View commit details
Commits on May 8, 2021
-
Allow systemcfg proc file to be dumped
Currently, it cannot be check-pointed, because that type of file is on UNSUPP list. Signed-off-by: zl-wang <zlwang@ca.ibm.com>
Configuration menu - View commit details
-
Copy full SHA for ea8921b - Browse repository at this point
Copy the full SHA ea8921bView commit details -
CRIU follows Linux kernel coding style. This patch updates the architecture-specific code for MIPS to use tab indentation, add whitespace between closing parenthesis and open bracket, and changes the mode of source files from 755 to 644. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 8d07cda - Browse repository at this point
Copy the full SHA 8d07cdaView commit details -
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for b692641 - Browse repository at this point
Copy the full SHA b692641View commit details -
tools.mk: Use Python 3 by default
As of January 1st, 2020 Python 2 is no longer supported and many distributions no longer provide packages for Python 2 dependencies. This patch allows CRIU to use Python 3 by default when both major versions are available on the system. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 266cc6a - Browse repository at this point
Copy the full SHA 266cc6aView commit details -
lsm: handle half initialized SELinux setups
CRIU used to check for the existence of /sys/fs/selinux to see if SELinux is enabled on a system. We have seen systems with SELinux kind of enabled but reading out the labels gives does not return real labels. To work around this, this commit adds a check during LSM detection if SELinux labels are in the right format. For CRIU this check means to see if there are at least 3 ':' in a label. If not CRIU switches to no LSM mode. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c455c46 - Browse repository at this point
Copy the full SHA c455c46View commit details -
net: skip iptables dump if it has nft backend and nft dump is supported
On modern Linux distributions iptables binaries using new nftables API. We dump iptables rules using "iptables-save", and nftables rules using libnftables API. This breaks network unlock on modern systems because technically, we dump rules (including network lock rules) two times. There is another problem - on host we can have modern distribution, but in Docker container we can use iptables with netfilter (legacy) API. So, in this case this legacy rules will be skipped. This patch handles all of that cases. It tries to find iptables legacy and dump legacy rules by using appropriate iptables binaries, dump nftables rules by using libnftables. Fixes checkpoint-restore#1435 Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for cd13e44 - Browse repository at this point
Copy the full SHA cd13e44View commit details -
zdtm: skip static/netns-nft test if nftables feature isn't supported
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 16a8962 - Browse repository at this point
Copy the full SHA 16a8962View commit details -
zdtm: add combined nftables/iptables netns-nft-ipt test
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 30bcca7 - Browse repository at this point
Copy the full SHA 30bcca7View commit details -
ci: remove hack for netns-nft zdtm test
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 08b98cf - Browse repository at this point
Copy the full SHA 08b98cfView commit details -
sk-unix: ghost: fix deadlock between peer_fle->stage and fds wake up
This patch fixes deadlock that appears on ghost DGRAM unix sockets. Problem is that wake_connected_sockets() function *should* be called strictly after fle->stage >= FLE_OPEN. Explanation: Consider situation, we have ghost unix DGRAM socket (peer socket), and also have several sockets that connected to this peer socket. How restore of that picture works? In files subsystem we have open_fdinfos(pstree_item*) function that calls open_fd() function for *every* fd of task. open_fd() function calls appropriate file descriptor "open" handler that may return "1" which means "try again later". This retcode means, that some additional resources is needed to fully restore file descriptor. For *ghost* UNIX sockets, for instance, we need to have peer socket file descriptor *before* we can open and restore client sockets. Here is the main problem. open_fdinfos() called from separate tasks simultaneously, so, when we get "1" retcode we stay on futex (wait_fds_event() function) and waiting for someone another task restore some resource and notify us that we can retry opening of file descriptor. With *ghost* UNIX socket I've managed to caught next behaviour. 1. From one task (that holds client socket) open_fdinfos() called open_fd() that called open_unixsk_standalone(). In open_unixsk_standalone we have check that means "if socket have peer and that peer is GHOST and that peer fle->stage < FLE_OPEN" return "try again". Ok. So, this task will stay on wait_fds_event(). 2. Second task, that holds *peer* tried to open peer socket fd. So, it also calls open_fd() -> open_unixsk_standalone() -> opening socket -> bind_unix_sk() -> in bind_unix_sk we have call to wake_connected_sockets(). So, after that call we will "wake up" task from first point and it may proceed fd restoring. Yes? No. In first point we need to "peer_fle->stage >= FLE_OPEN" but fle->stage of our peer socket will become FLE_OPEN in open_fd(). After we return from open_unixsk_standalone we proceed to setup_and_serve_out() where we have appropriate stage change. Between call of wake_connected_sockets and moment when we set stage to FLE_OPEN should pass very small amount of time. But it may happen, so we "wake up" tasks that holds client sockets but did not have enough time to change fle->stage to FLE_OPEN. Exactly that case I've managed to reproduce. (Really, ossec-hids application managed to reproduce this problem at first %) ) v1: file_desc_ops->on_stage_change callback was introduced, sk-unix ghost code reworked so that to call wake_connected_sockets() strictly after changing fle->stage to FLE_OPEN. v2: implementation replaced with short and more practical patch by Andrei Suggested-by: Andrei Vagin <avagin@gmail.com> Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 5bc6051 - Browse repository at this point
Copy the full SHA 5bc6051View commit details -
zdtm: add sk-unix-dgram-ghost test case
This testcase reproduces deadlock in "wait_fds_event" futex in open_fdinfos() function (files subsystem). Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for c20d7a5 - Browse repository at this point
Copy the full SHA c20d7a5View commit details
Commits on May 9, 2021
-
test: create new tls certificates
The certificates expired again. This replaces the expired certificates with test certificates which are valid for ever: echo -ne "ca\ncert_signing_key\nexpiration_days = -1\n" > temp certtool --generate-privkey > cakey.pem certtool --generate-self-signed \ --template temp \ --load-privkey cakey.pem \ --outfile cacert.pem echo -ne "cn=$HOSTNAME\nencryption_key\nsigning_key\nexpiration_days = -1\n" > temp certtool --generate-privkey > key.pem certtool --generate-certificate \ --template temp \ --load-privkey key.pem \ --load-ca-certificate cacert.pem \ --load-ca-privkey cakey.pem \ --outfile cert.pem rm cakey.pem temp Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 38012e5 - Browse repository at this point
Copy the full SHA 38012e5View commit details
Commits on May 21, 2021
-
This is the workaround for checkpoint-restore#1429. The parasite code contains instructions that trigger SIGTRAP to stop at certain points. In such cases, the kernel sends a force SIGTRAP that can't be ignore and if it is blocked, the kernel resets its signal handler to a default one and unblocks it. It means that if we want to save the origin signal handle Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8063eb8 - Browse repository at this point
Copy the full SHA 8063eb8View commit details -
test/zdtm: check that a penging SIGTRAP handled properly
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 00dbc42 - Browse repository at this point
Copy the full SHA 00dbc42View commit details
Commits on May 27, 2021
-
lib/cli.py: Open explore file as a binary
Fixes checkpoint-restore#1484 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for d556ebf - Browse repository at this point
Copy the full SHA d556ebfView commit details -
test/others/crit: add test for 'x'
This commit extends the CRIT tests to cover the 'x' command, which is used to explore an image directory. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 2402192 - Browse repository at this point
Copy the full SHA 2402192View commit details
Commits on May 30, 2021
-
kerndat: Handle non-root mode when checking uffd
When criu is run as user it fails and exits because of kerndat_uffd() returning -1. This, in turn, happens after uffd = syscall(SYS_userfaultfd, flags); which only works for root. In the change it ignores the permission error and proceeds further just like it's done for e.g. pagemap checking. Signed-off-by: Nithin Jaikar J <jaikar006@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for cfdeac4 - Browse repository at this point
Copy the full SHA cfdeac4View commit details
Commits on May 31, 2021
-
criu: check if pidfd_open syscall is supported
pidfd_open syscall will be needed later to send pidfds between pre-dump/dump iterations for pid reuse detection. v2: - make kerndat_has_pidfd_open void since 0 is always returned - fix missing tabs in syscall tables Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ff922a1 - Browse repository at this point
Copy the full SHA ff922a1View commit details -
criu: check if pidfd_getfd syscall is supported
pidfd_getfd syscall will be needed later to send pidfds between pre-dump/dump iterations for pid reuse detection. v2: - check size written/read of val_a/val_b is correct - return with error when val_a != val_b Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for cf9616c - Browse repository at this point
Copy the full SHA cf9616cView commit details -
cr-service: add pidfd_store_sk option to rpc.proto
pidfd_store_sk option will be used later to store tasks pidfds between predumps to detect pid reuse reliably. pidfd_store_sk should be a fd of a connectionless unix socket. init_pidfd_store_sk() steals the socket from the RPC client using pidfd_getfd, checks that it is a connectionless unix socket and checks if it is not initialized before (i.e. unnamed socket). If not initialized the socket is first bound to an abstract name (combination of the real pid/fd to avoid overlap), then it is connected to itself hence allowing us to store the pidfds in the receive queue of the socket (this is similar to how fdstore_init() works). v2: - avoid close(pidfd) overriding errno of SYS_pidfd_open in init_pidfd_store_sk() - close pidfd_store_sk because we might have leftover from previous iterations Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1273ffd - Browse repository at this point
Copy the full SHA 1273ffdView commit details -
cr-check: add ability to check if pidfd_store feature is supported
pidfd_store which will be used for reliable pidfd based pid reuse detection for RPC clients requires two recent syscalls (pidfd_open and pidfd_getfd). We allow checking if pidfd_store is supported using: 1. CLI: criu check --feature pidfd_store 2. RPC: CRIU_REQ_TYPE__FEATURE_CHECK and set pidfd_store to true in the "features" field of the request Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ef59abf - Browse repository at this point
Copy the full SHA ef59abfView commit details -
criu: add pidfd based pid reuse detection for RPC clients
Closes: checkpoint-restore#717 This increases the reliability of pid reuse detection using pidfds, currently through RPC migration tools like P.Haul. A connectionless unix socket is passed to criu in RPC mode through the RPC option pidfd_store_sk. If this option is set, the socket is initialized in init_pidfd_store_sk() to be used as a queue for task pidfds. criu then sends tasks pidfds to this socket in send_pidfd_entry() and receives them in the next pre-dump/dump iteration to build the pidfds hashtable in init_pidfd_store_hash(). These pidfds will be used later in detect_pid_reuse(). How it should be used in migration tools like P.Haul: - Open a connectionless unix socket - Pass the socket fd in the RPC option pidfd_store_sk when doing a pre-dump or dump This will fail if the kernel does not support pidfd_open or pidfd_getfd syscalls, so pidfd_store_sk should not be set if the kernel does not support pidfd_open. This could be checked with: CLI: criu check --feature pidfd_store RPC: CRIU_REQ_TYPE__FEATURE_CHECK and set pidfd_store to true in the "features" field of the request v2: - add reasonable polling restart limit in check_pidfd_entry_state to avoid getting stuck - avoid leaking pidfd in send_pidfd_entry when entry is NULL, otherwise pidfds are freed in free_pidfd_store v3: - check that the passed pidfd store is not empty after the first iteration (i.e. --prev-images-dir option set). v4: - clear pidfd_hash heads - check entry allocation error in init_pidfd_store_hash() Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e1ccdaf - Browse repository at this point
Copy the full SHA e1ccdafView commit details -
zdtm: add --pidfd-store option in RPC mode
When testing pid reuse using pidfd_store feature in RPC mode we need to pass a unix socket fd used to CRIU in the RPC option pidfd_store_sk to store the pidfds between predump/dump iterations. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 80ae09d - Browse repository at this point
Copy the full SHA 80ae09dView commit details -
zdtm: add pidfd store based pid reuse test
This is just a symlink to the original transition/pid_reuse test with the right options passed to trigger the pidfd store based pid reuse detection code path. Pidfd store based detection is supported only in RPC mode which requires passing a unix socket fd to be used as pidfd store and the kernel should support pidfd_open and pidfd_getfd syscalls {'feature': 'pidfd_store'} for this test to work. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d34c7ce - Browse repository at this point
Copy the full SHA d34c7ceView commit details
Commits on Jun 2, 2021
-
mem/pidfd: fix poll retry error checking
One should never rely on errno if libc syscall is successful. We can either see an errno set from some previous failed syscall or even errno set by a this successful libc syscall. So lets check ret first. Fixes: 1ccdaf47 ("criu: add pidfd based pid reuse detection for RPC clients") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for dee4472 - Browse repository at this point
Copy the full SHA dee4472View commit details
Commits on Jun 7, 2021
-
ksigset: fix a typo in ksigdelset
Fixes: 8063eb8 ("parasite: don't block SIGTRAP") Reported-by: zl-wang <zlwang@ca.ibm.com> Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9292a90 - Browse repository at this point
Copy the full SHA 9292a90View commit details -
test: add a test to check that sigtrap handlers are restored
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b59a0cb - Browse repository at this point
Copy the full SHA b59a0cbView commit details
Commits on Jun 10, 2021
-
test/others: drop '_exit' function
The function name '_exit' is misleading as this function doesn't actually exit when the status of the previous command is zero. In addition, the behaviour of this function is not really needed. This patch removes the '_exit' function and applies the correct behaviour to stop the test on failure. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 26a05ff - Browse repository at this point
Copy the full SHA 26a05ffView commit details -
test/others: refactor loop process
There are several problems with the loop.sh script. First, the code is duplicated across tests in the so-called 'othres' category. Second, we need to run it with the 'setsid' utility to make sure that it runs in a new session. Third, we have to redirect the standard file descriptors and use the '&' operator to make it run in the background. Finally, obtaining the PID of the 'loop.sh' process resulted in race condition. In this patch we replace the loop.sh script with a program that would address all problems mentioned above. The requirements for this program are as follows. - It must be reusable across tests - It must start a process that is detached from the current shell - It must wait for the process to start and output its PID Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 7970fbe - Browse repository at this point
Copy the full SHA 7970fbeView commit details
Commits on Jun 15, 2021
-
Now that the Ubuntu kernel is no longer broken with regards to overlayfs, let's switch back to overlayfs instead of devicemapper and vfs graphdrivers. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for e6faf68 - Browse repository at this point
Copy the full SHA e6faf68View commit details -
kdat: make uffd_open return errno from syscall separately
Previousely kerndat_uffd could not differentiate -EPERM and -1 returned from uffd_open(). That way "Failed to get uffd API" and "Incompatible uffd API ..." errors were just ignored, which is probably not what we want. v2: rework with extra argument of uffd_open for errno, rename err label in uffd_open for readability Fixes: cfdeac4 ("kerndat: Handle non-root mode when checking uffd") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 1407614 - Browse repository at this point
Copy the full SHA 1407614View commit details -
criu(8): document --join-ns option
The --join-ns option was introduced with commits: checkpoint-restore@2cf17cd checkpoint-restore@790ec46 Closes: checkpoint-restore#1054 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 99d9398 - Browse repository at this point
Copy the full SHA 99d9398View commit details -
github: Add templates for new issues and pull requests
This way users would be able to create more meaningfull pull-requests and issues. And we would not need to ask them to provide basic information each time. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 6d059ff - Browse repository at this point
Copy the full SHA 6d059ffView commit details -
cr_options: handle the case where __dest == __src in SET_CHAR_OPTS
The SET_CHAR_OPT(__dest, __src) macro is essentially: free(opts.__dest); opts.__dest = xstrdup(__src); So if __dest == __src the string that get's copied is freed. This e.g. is the case in criu/lsm.c int lsm_check_opts(void) { char *aux; if (!opts.lsm_supplied) return 0; aux = strchr(opts.lsm_profile, ':'); if (aux == NULL) { pr_err("invalid argument %s for --lsm-profile\n", opts.lsm_profile); return -1; } *aux = '\0'; aux++; if (strcmp(opts.lsm_profile, "apparmor") == 0) { if (kdat.lsm != LSMTYPE__APPARMOR) { pr_err("apparmor LSM specified but apparmor not supported by kernel\n"); return -1; } SET_CHAR_OPTS(lsm_profile, aux); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ } else if (strcmp(opts.lsm_profile, "selinux") == 0) { if (kdat.lsm != LSMTYPE__SELINUX) { pr_err("selinux LSM specified but selinux not supported by kernel\n"); return -1; } SET_CHAR_OPTS(lsm_profile, aux); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ } else if (strcmp(opts.lsm_profile, "none") == 0) { xfree(opts.lsm_profile); opts.lsm_profile = NULL; } else { pr_err("unknown lsm %s\n", opts.lsm_profile); return -1; } return 0; } Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for 15ed740 - Browse repository at this point
Copy the full SHA 15ed740View commit details
Commits on Jun 16, 2021
-
Ubuntu 18.04 still has a problem with overlayfs and breaks CRIU https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 41ab15c - Browse repository at this point
Copy the full SHA 41ab15cView commit details
Commits on Jun 17, 2021
-
test: skip time namespaced tests on <= 5
Although CentOS 8 comes with 4.18 kernel it has time namespace patches backported but not all the required once. This disables time namespaced tests on everything older than 5.11. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ea07931 - Browse repository at this point
Copy the full SHA ea07931View commit details -
zdtm/tun_ns: add per-test dependencies
The tun_ns test was introduced with [1] and [2], however, these commits didn't add per-test dependencies required for the test. Per-test dependencies are listed in the .desc file as 'deps': [<list>] These dependencies are made available inside the test namespace and without the ip dependency, the tests fails on Fedora 34 with Error: ipv4: FIB table does not exist. [1] checkpoint-restore@7e355e7 [2] checkpoint-restore@3ba0893 Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 7686b93 - Browse repository at this point
Copy the full SHA 7686b93View commit details
Commits on Jun 18, 2021
-
docker-test: use latest containerd release
This patch improves the changes from 19be9ce. To use the newer version of containerd, we need to make sure that the containerd service has been restarted after install. Instead of hard-coding a version number, we can use github API to get the latest release. In addition, the tar file contains all binary files in a './bin' sub-folder. Thus, it should be extracted in '/usr'. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 185036b - Browse repository at this point
Copy the full SHA 185036bView commit details -
build: respect $PKG_CONFIG settings
The build needs to respect $PKG_CONFIG env var like other standard build systems and the the upstream pkg-config project itself. This allows the package builder to point it to the right tool when doing a cross-compile build. Otherwise the host pkg-config tool is used which won't have access to the packages in the cross sysroot. Signed-off-by: Mike Frysinger <vapier@chromium.org>
Configuration menu - View commit details
-
Copy full SHA for d89f7da - Browse repository at this point
Copy the full SHA d89f7daView commit details -
crtools: improve error handling on signal setting
Signed-off-by: Valery Ivanov <ivalery111@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 7cfe7b4 - Browse repository at this point
Copy the full SHA 7cfe7b4View commit details
Commits on Jun 19, 2021
-
add PKG_CONFIG default in a few more places
These files use $PKG_CONFIG before they include the common files that setup a default, so set early defaults in them too. Signed-off-by: Mike Frysinger <vapier@chromium.org>
Configuration menu - View commit details
-
Copy full SHA for 5e81dca - Browse repository at this point
Copy the full SHA 5e81dcaView commit details -
scripts/vagrant: Use Fedora 34
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 7bd807f - Browse repository at this point
Copy the full SHA 7bd807fView commit details -
scripts/vagrant: Use vagrant 2.2.16
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 89787bf - Browse repository at this point
Copy the full SHA 89787bfView commit details
Commits on Jun 20, 2021
-
zdtm: allow ignore taint via environment variable
With this change tainted kernels can be ignored with setting ZDTM_IGNORE_TAINT=1. This is just to simplify the CI script to not require to change every call of zdtm. Setting the variable once should be enough. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f10b887 - Browse repository at this point
Copy the full SHA f10b887View commit details -
ci: disable -x during print_env()
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 2a89750 - Browse repository at this point
Copy the full SHA 2a89750View commit details -
ci: switch CentOS 7 test to Cirrus CI
On Cirrus CI we can run tests on the orignal CentOS 7 kernel. The kernel is rather old, but on GitHub Actions we a 5.8 kernel and a containerized CentOS 7 user space not much is working correctly anymore. With this commit CentOS 7 based tests are no longer running on GitHub Actions but on Cirrus CI. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 3518b45 - Browse repository at this point
Copy the full SHA 3518b45View commit details -
This commit removes a couple of workaround for old kernels and distributions which we no longer use in CI. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 46bb2d7 - Browse repository at this point
Copy the full SHA 46bb2d7View commit details -
ci: disable some tests on CentOS 7
Now that we are running CI on an actual CentOS 7 kernel different tests are no longer working as they require newer kernels. This commit disables a few tests only on CentOS 7. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d46e20e - Browse repository at this point
Copy the full SHA d46e20eView commit details
Commits on Jun 21, 2021
-
bfd: loop through read()/write() when the action is incomplete
The callers of bread() and bwrite() assume the operation reads/writes the complete length of the passed buffer. We must loop when invoking the read()/write() APIs. Fixes checkpoint-restore#1504 Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Configuration menu - View commit details
-
Copy full SHA for 178c902 - Browse repository at this point
Copy the full SHA 178c902View commit details
Commits on Jun 24, 2021
-
criu: add cleanup_free attribute
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 0622006 - Browse repository at this point
Copy the full SHA 0622006View commit details -
config: make configuration file parser more robust
Trying to see how robust the configuration parser I was able to crash CRIU pretty quickly. This fixes a few crashes in the existing configuration file parser. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c627d0c - Browse repository at this point
Copy the full SHA c627d0cView commit details -
test: add tests for configuration file parsing
This adds a test run to ensure known (but fixed) configuration file parser errors are not crashing CRIU anymore. Based on missing test code coverage this script also tests code paths of the option handling which have not been tested until now. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c98b1d9 - Browse repository at this point
Copy the full SHA c98b1d9View commit details -
criu: add unit testing for config file parser
This tries to add a unit test for the configuration file parser. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for efe927f - Browse repository at this point
Copy the full SHA efe927fView commit details
Commits on Jun 25, 2021
-
criu exec is deprecated for some time now and criu just exits with an error if running 'criu exec'. This removes the test for that non-working subcommand. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a226a1b - Browse repository at this point
Copy the full SHA a226a1bView commit details -
zdtm: add network namespace locking test
When criu dumps a process in a network namespace it locks the network so that no packets from peer enters the stack, otherwise RST will be sent by a kernel causing the connection to fail. In netns_lock.c we try to enter the netns created by post-start hook so that criu locks the network namespace between dump and restore. A TCP server is started in post-start hook inside the test netns and runs in the background detached from its parent so that it stays alive for the duration of the test. Other hooks (pre-dump, pre-restore, post-restore) try to connect to the server. Pre-dump and post-restore hooks should be able to connect successfully. Pre-restore hook client with SOCCR_MARK should also connect successfully. Pre-restore hook client without SOCCR_MARK should not be able to connect but also should not get connection refused as all packets are dropped in the namespace so the kernel shouldn't send an RST packet as a result. Instead we check that the connect operation causes a timeout. This test would be useful when testing that the network is locked using different ways (using iptables currently and other methods later). v2: - check that packets with SOCCR_MARK are allowed to pass when the netns is locked. v3: - fix pre-restore hook skipping non SOCCR_MARK connection test due to early exit in SOCCR_MARK variant. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9818698 - Browse repository at this point
Copy the full SHA 9818698View commit details
Commits on Jun 29, 2021
-
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 056e301 - Browse repository at this point
Copy the full SHA 056e301View commit details -
Enable changing of mount context on restore
This change is motivated by checkpointing and restoring container in Pods. When restoring a container into a new Pod the SELinux label of the existing Pod needs to be used and not the SELinux label saved during checkpointing. The option --lsm-profile already enables changing of process SELinux labels on restore. If there are, however, tmpfs checkpointed they will be mounted during restore with the same context as during checkpointing. This can look like the following example: context="system_u:object_r:container_file_t:s0:c82,c137" On restore we want to change this context to match the mount label of the Pod this container is restored into. Changing of the mount label is now possible with the new option --mount-context: criu restore --mount-context "system_u:object_r:container_file_t:s0:c204,c495" This will lead to mount options being changed to context="system_u:object_r:container_file_t:s0:c204,c495" Now the restored container can access all the files in the container again. This has been tested in combination with runc and CRI-O. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a0ab129 - Browse repository at this point
Copy the full SHA a0ab129View commit details -
Add test for new --lsm-mount-context option
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for cbaa599 - Browse repository at this point
Copy the full SHA cbaa599View commit details
Commits on Jul 2, 2021
-
pycrit: fix the broken of cli the
crit show xxx.img
It will broken when the cli `crit show ipcns-shm-9.img` is executed, msg: { "magic": "IPCNS_SHM", "entries": [ { "desc": { "key": 0, "uid": 0, "gid": 0, "cuid": 0, "cgid": 0, "mode": 438, "id": 0 }, "size": 1048576, "in_pagemaps": true, "extra": Traceback (most recent call last): File "/usr/bin/crit", line 6, in <module> cli.main() File "/usr/lib/python3/dist-packages/pycriu/cli.py", line 412, in main opts["func"](opts) File "/usr/lib/python3/dist-packages/pycriu/cli.py", line 45, in decode json.dump(img, f, indent=indent) File "/usr/lib/python3.9/json/__init__.py", line 179, in dump for chunk in iterable: File "/usr/lib/python3.9/json/encoder.py", line 431, in _iterencode yield from _iterencode_dict(o, _current_indent_level) File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict yield from chunks File "/usr/lib/python3.9/json/encoder.py", line 325, in _iterencode_list yield from chunks File "/usr/lib/python3.9/json/encoder.py", line 405, in _iterencode_dict yield from chunks File "/usr/lib/python3.9/json/encoder.py", line 438, in _iterencode o = _default(o) File "/usr/lib/python3.9/json/encoder.py", line 179, in default raise TypeError(f'Object of type {o.__class__.__name__} ' TypeError: Object of type bytes is not JSON serializable This is caused by `img['magic'][0]['extra']` which is bytes. I find other load condtions, fix them at the same time. Signed-off-by: fu.lin <fulin10@huawei.com>
Configuration menu - View commit details
-
Copy full SHA for 402bbac - Browse repository at this point
Copy the full SHA 402bbacView commit details -
Keep inherit-fd strings alive until task restore
If inherit-fd is read from a config file its buffer will be freed after the config file is parsed but before task restore, which is when we need to use the mapping. Therefore, when adding an inherit-fd mapping to the opts list, copy the key string to a new buffer. Signed-off-by: Younes Manton <ymanton@ca.ibm.com>
Configuration menu - View commit details
-
Copy full SHA for e12ff27 - Browse repository at this point
Copy the full SHA e12ff27View commit details -
The mips64el-cross test target started to show following error: error: listing the stack pointer register '$29' in a clobber list is deprecated [-Werror=deprecated] This fixes it in three different places by removing $29' from the clobber list. This is only compile tested as we have no mips hardware for testing. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ec1f919 - Browse repository at this point
Copy the full SHA ec1f919View commit details
Commits on Jul 5, 2021
-
test/jenkins: fix netns_lock test multiple iterations failure
netns_lock is highly dependent on the order of the hooks, and iterations causes the --pre-dump hook to be called multiple times which expectedly caused the test to fail. The server loop accommodates for multiple iterations. https://ci.kernoops.org/job/CRIU/job/CRIU-iter/job/criu-dev/431/testReport/(root)/criu/zdtm_static_netns_lock/ Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8310b0b - Browse repository at this point
Copy the full SHA 8310b0bView commit details -
test/ci: sync netns_lock test and its --post-start hook
The --post-start hook creates a netns which the test should enter at the beginning of the test. The test randomly failed in CI tests, it is most likely caused by a race condition. I suspect this flow is root cause: 1. --post-start hook starts just after the test (in parallel) 2. --post-start hook calls ip netns add to create the test netns 3. ip creates the netns file 4. netns_lock test opens that file and uses it in setns 5. ip mounts the netns to the file Of course test fails at step 4 because the netns is not yet mounted to the file. I made the test wait for SYNCFILE to be created by the --post-start hook before it tries to open the netns file and call setns. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 15266a4 - Browse repository at this point
Copy the full SHA 15266a4View commit details -
pidfd_store: move pidfd_store to a separate file
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3bc9f88 - Browse repository at this point
Copy the full SHA 3bc9f88View commit details -
pidfd_store: tidy up interface and hide unneeded details
There is no need to expose the internals of pidfd_store like hash table entries and how to use them for pid reuse detection. v2: fixup some spacing issues v3: fix hash memory leak after xmalloc in init_pidfd_store_hash() Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ce2d037 - Browse repository at this point
Copy the full SHA ce2d037View commit details -
cr-service: move pidfd_store initialization to cr-service
Moved pidfd store hashtable initialization to cr-service.c since pidfd_store is only relevant in RPC mode. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for ee48929 - Browse repository at this point
Copy the full SHA ee48929View commit details -
crit: fix error on memfd files parsing
Else we get error: [root@fedora criu]# crit/crit x test/dump/zdtm/static/memfd00/56/1/ mems ... Traceback (most recent call last): File "/home/snorch/devel/ms/criu/crit/crit", line 6, in <module> cli.main() File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 430, in main opts["func"](opts) File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 361, in explore explorers[opts['what']](opts) File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 283, in explore_mems fn = ' ' + get_file_str(opts, { File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 214, in get_file_str f = ft['get'](opts, ft, fd['id']) File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 165, in ftype_reg rf = ftype_find_in_image(opts, ft, fid, 'reg-files.img') File "/home/snorch/devel/ms/criu/crit/pycriu/cli.py", line 154, in ftype_find_in_image return f[ft['field']] KeyError: 'reg' Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 47feec9 - Browse repository at this point
Copy the full SHA 47feec9View commit details
Commits on Jul 7, 2021
-
ci: combine cross compile container definitions
The cross compile container definitions for each architecture were almost the same files except for the architecture. This moves the architecture to variables so that all cross compile setups can use the same container definition. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for de0311d - Browse repository at this point
Copy the full SHA de0311dView commit details
Commits on Jul 8, 2021
-
lib: fix broken crit-recode test
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ed52ba9 - Browse repository at this point
Copy the full SHA ed52ba9View commit details -
ci: also test tcp stream crit recoding
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9cfa3d2 - Browse repository at this point
Copy the full SHA 9cfa3d2View commit details -
scripts: run lint also on criu-ns
Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 374c77e - Browse repository at this point
Copy the full SHA 374c77eView commit details -
restore: cleanup cgroup properly in error path
Cgroup yard is setup in crtools_prepare_shared. But it is not cleaned up properly in some code path, which leads cgroup mountpoint leaking. Signed-off-by: Liu Hua <weldonliu@tencent.com>
Configuration menu - View commit details
-
Copy full SHA for f29a02a - Browse repository at this point
Copy the full SHA f29a02aView commit details
Commits on Jul 10, 2021
-
zdtm: make --sbs also stop on each pre-dump/snap iteration
This is useful to investigate problems on pre-dump iterations. After this patch test output with "--pre=2 --sbs" would have new usefull stop points. While on it let's remove confusion in sbs stop point naming. "Pause at pre-dump" actually has nothing to do with pre-dump, let's better use "before " instead of "at pre-", similar let's use "after " instead of "at post-". Result would look like: ========================== Run zdtm/static/env00 in h ========================== Start test ./env00 --pidfile=env00.pid --outfile=env00.out --envname=ENV_00_TEST Pause before pre-dump 0. Press Enter to continue. Run criu pre-dump Pause before pre-dump 1. Press Enter to continue. Run criu pre-dump Pause before dump. Press Enter to continue. Run criu dump Pause before restore. Press Enter to continue. Run criu restore Pause after restore. Press Enter to continue. v2: improve sbs step naming; rename "iter" to more meaningfull "pre-dump"/"snap". Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 9a058db - Browse repository at this point
Copy the full SHA 9a058dbView commit details
Commits on Jul 14, 2021
-
ci/openj9: run mrproper before make
Make sure to remove all files created from previous local build before compiling in the container. Reported-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@amd.com> Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for bc98adf - Browse repository at this point
Copy the full SHA bc98adfView commit details
Commits on Jul 17, 2021
-
lib: fix crit-recode msgque errors in Jenkins
b'test/dump/zdtm/static/msgque/63/1/ipcns-msg-11.img' encode fails: expected bytes-like object, not str b'test/dump/zdtm/static/msgque/63/1/ipcns-msg-11.img' pretty encode fails: expected bytes-like object, not str FAIL Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a68e0b9 - Browse repository at this point
Copy the full SHA a68e0b9View commit details -
ci: add msgque test case to crit-recode
crit-recode on msgque tests was broken in Jenkins. Run it also in GitHub CI. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 1d7b14e - Browse repository at this point
Copy the full SHA 1d7b14eView commit details
Commits on Jul 19, 2021
-
cgroup: cgroup_contains has to update the mask for cgroupv2
Fixes: checkpoint-restore#1524 Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 47611e6 - Browse repository at this point
Copy the full SHA 47611e6View commit details
Commits on Jul 23, 2021
-
criu: dump and restore notify_thread_id of posix timer
When sigev_notify_thread_id is not set, get_pid will return a NULL pointer and do_timer_create will return -EINVAL in kernel. So criu will failed to create posix timer: (09.806760) pie: 41301: Error (criu/pie/restorer.c:1998): Can't restore posix timers -22 (09.806824) pie: 41301: Error (criu/pie/restorer.c:2133): Restorer fail 41301 (09.891880) Error (criu/cr-restore.c:2596): Restoring FAILED. Signed-off-by: Liu Chao <liuchao173@huawei.com>
Configuration menu - View commit details
-
Copy full SHA for 524f226 - Browse repository at this point
Copy the full SHA 524f226View commit details -
proc_parse: get a thread ID in a thread pidns from /proc/pid/status
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 6775b68 - Browse repository at this point
Copy the full SHA 6775b68View commit details -
timers: save tid from a task pid namespace
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a9a32e8 - Browse repository at this point
Copy the full SHA a9a32e8View commit details -
zdtm: add a test for SIGEV_THREAD timers
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f2e8ce2 - Browse repository at this point
Copy the full SHA f2e8ce2View commit details
Commits on Jul 25, 2021
-
protobuf: remove leading underscores from protobuf structs
Fixes: checkpoint-restore#1560 The latest protobuf-c compiler breaks CRIU because they removed leading underscores from structs in 1.4.0. This replaces those definitions with the standard generated structs. v2: remove struct _VmaEntry, struct _CredsEntry and struct _CoreEntry Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1c25914 - Browse repository at this point
Copy the full SHA 1c25914View commit details -
scripts/build: add a docker file for archlinux
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f4d5fb4 - Browse repository at this point
Copy the full SHA f4d5fb4View commit details -
zdtm: prioritize /lib/* dependencies in some tests
Prioritize /lib/* because iptables fails to search /usr/lib64/* first on archlinux. This change of 'deps' order prioritizes the default library location. This affects: - zdtm/static/netns-nf - zdtm/static/netns-nft-ipt - zdtm/static/socket-tcp-closed-last-ack - zdtm/static/socket-tcp-reseted - zdtm/static/socket-tcp-syn-sent Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b1f7622 - Browse repository at this point
Copy the full SHA b1f7622View commit details
Commits on Jul 28, 2021
-
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for c5333bc - Browse repository at this point
Copy the full SHA c5333bcView commit details -
Documentation: Add man page for criu-ns
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for b5f26ab - Browse repository at this point
Copy the full SHA b5f26abView commit details -
criu-ns: update script name in help message
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for f1e85e2 - Browse repository at this point
Copy the full SHA f1e85e2View commit details -
criu-ns: add top-level conditional execution
Execute actions only if run as a script. https://docs.python.org/3/library/__main__.html Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for e2e6444 - Browse repository at this point
Copy the full SHA e2e6444View commit details -
criu-ns: add support for 'check' action
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for e444292 - Browse repository at this point
Copy the full SHA e444292View commit details -
kerndat: Check that "/proc/[pid]/status" file has NS{pid, ..} lines
If there is nested pid_ns, we need to be able to get pid in the whole pid hierarhy. This may be taken from "/proc/[pid]/status" file only. Check, that kernel has support for it. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> NSpid is not (yet) supported on Centos7 thus we need this check for compatibility. (cherry-picked from Virtuozzo criu commit https://src.openvz.org/projects/OVZ/repos/criu/commits/94f4653f20) Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 5dcf63c - Browse repository at this point
Copy the full SHA 5dcf63cView commit details -
proc_parse: make nspid field optional
On Centos7 we don't have NSpid field in /proc/[pid]/status so for compatibility let's skip it. (cherry-pick one hunk from Virtuozzo commit https://src.openvz.org/projects/OVZ/repos/criu/commits/c6d0ee567c) Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 1a0618f - Browse repository at this point
Copy the full SHA 1a0618fView commit details -
posix-timers: fallback notify thread id encoding for non-pidns and no…
…n-nspid 1) If all dumped processes are in host pidns we can skip pid conversion logic and just use real pid. 2) If we have pidns to dump we should also have kernel NSpid feature, else we should fail to dump notify thread id, as it's not possible to properly convert rpid to vpid. While on it let's put the code to encode_notify_thread_id helper to improve code readability. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 147acb4 - Browse repository at this point
Copy the full SHA 147acb4View commit details -
zdtm/pthread_timers: require ns_pid feature and add non-ns test
Resolving real pid to vpid for notify thread ids requires NSpid feature supported by kernel, though in simple non-pid-ns case we can deal without it, so add a requirement and split out the host test without the requirement. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 29d5865 - Browse repository at this point
Copy the full SHA 29d5865View commit details
Commits on Jul 29, 2021
-
GitHub Actions already has Podman installed. No need to install it a second time. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a14b451 - Browse repository at this point
Copy the full SHA a14b451View commit details
Commits on Jul 30, 2021
-
posix-timers: fix getoverrun error handling
If retcode of dump_posix_timers is not zero it is treated as an error in compel_rpc_sync. And currently we can return positive overrun of last timer (if we are lucky and it is not zero) as retcode of function dump_posix_timers, let's fix it. Also I don't see any point in putting negative value into .overrun on error path, fix it too. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
3Configuration menu - View commit details
-
Copy full SHA for f97e638 - Browse repository at this point
Copy the full SHA f97e638View commit details
Commits on Aug 2, 2021
-
Fedora Rawhide updated to a glibc using clone3(). clone3() is, however, not yet part of the seccomp filter. Unfortunately 'docker build' does not allow dropping seccomp but luckily 'podman build' does. This switches the Fedora Rawhide test to use Podman. Podman is part of GitHub Actions and no additional packages need to be installed. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 4d86757 - Browse repository at this point
Copy the full SHA 4d86757View commit details
Commits on Aug 3, 2021
-
zdtm: fix indentation in Makefile wait_stop target
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 493f8c2 - Browse repository at this point
Copy the full SHA 493f8c2View commit details
Commits on Aug 5, 2021
-
criu: introduce clang-format to format source code
This is another attempt to introduce a tool to format CRIU's source code. This time it is based on clang-format. The .clang-format file is taken from the linux kernel git tree (5.13). I removed all comments from lines which state that it requires at least clang-format 4 or 5. For this resulting file at least clang-format 11 is required. See scripts/fetch-clang-format.sh for all the changes done to the Linux kernel .clang-format file. Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c7af208 - Browse repository at this point
Copy the full SHA c7af208View commit details -
Run 'make indent' on all C files
Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for c07bf8a - Browse repository at this point
Copy the full SHA c07bf8aView commit details -
Run 'make indent' on header files
Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f3c8c63 - Browse repository at this point
Copy the full SHA f3c8c63View commit details -
Separate commit for easier criu-dev <-> master transfer. Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 4aced9c - Browse repository at this point
Copy the full SHA 4aced9cView commit details -
ci: extend lint run to run 'make indent'
Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a315774 - Browse repository at this point
Copy the full SHA a315774View commit details
Commits on Aug 8, 2021
-
lsm: change when LSM profiles are collected
Instead of collecting profiles right at thread dump time, let's collect them all at a single point. This way, when we add support for suspending LSMs, we know what profiles if any we need to suspend. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for 7458e37 - Browse repository at this point
Copy the full SHA 7458e37View commit details -
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for 361e269 - Browse repository at this point
Copy the full SHA 361e269View commit details -
lsm: support checkpoint/restore of stacked apparmor profiles
Support for apparmor namespaces and stacking is coming to Ubuntu kernels in 16.10, and should hopefully be upstreamed Soon (TM) :). The basic idea is similar to how cgroups are done: we can restore the apparmor namespace and profile blobs independently of the tasks, and then at the end we can just set the task's label appropriately. This means the code that moves tasks under a label stays the same, and the only new code is the stuff that dumps and restores the policy blobs that are in the namespace that were loaded by the container. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for 87aef42 - Browse repository at this point
Copy the full SHA 87aef42View commit details -
check: add a feature test for apparmor_stacking
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for cfbd651 - Browse repository at this point
Copy the full SHA cfbd651View commit details -
tests: add a test for apparmor_stacking
v2: use a profile that doesn't have "unix" to test the suspend feature too v3: use "/" in the profile names to make sure this works Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for e7d11e5 - Browse repository at this point
Copy the full SHA e7d11e5View commit details -
lsm: handle SELinux LSM correctly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for e68bb86 - Browse repository at this point
Copy the full SHA e68bb86View commit details -
apparmor: actually enable suspend for AppArmor
The original patches didn't pass down the "suspend" boolean into write_aa_policy() and so suspend never really happened. Pass it down. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for a8c2b1d - Browse repository at this point
Copy the full SHA a8c2b1dView commit details -
zdtm/apparmor_stacking: don't include optional AppArmor namespace sep…
…arator AppArmor namespaces are officially colon-separated. The double-slash syntax is just convenience: "The trailing : separates the namespace name from the profile name and the optional / and // separators are provided as a convenience for those familiar with ssh and protocol urls." (see [1]) [1]: https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorNamespaces Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for f9afc48 - Browse repository at this point
Copy the full SHA f9afc48View commit details -
Make it easy to run commands and capture the output in a user provided buffer. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Configuration menu - View commit details
-
Copy full SHA for 49550ff - Browse repository at this point
Copy the full SHA 49550ffView commit details
Commits on Aug 9, 2021
-
dump: suspend/resume lsm on pre-dump
Otherwise, criu pre-dump can fail with errors like this: lib/infect.c:650: Unable to connect a transport socket: Permission denied' Reported-by: Mr Jenkins Signed-off-by: Andrei Vagin <avagin@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8f91824 - Browse repository at this point
Copy the full SHA 8f91824View commit details -
docker-test: refactor test scenario
The following error occurs when creating a checkpoint of a container immediately after the container has been restored from another checkpoint. Error response from daemon: Cannot checkpoint container cr: content sha256:12c69b7a9d25695dd5f9d37d4e858e2f7c3f9da738ccf86f8d3042f6973af1df: already exists In this patch we add a healthcheck to the test container and update the test to perform a checkpoint only when the container is in a 'healthy' state. In addition, this patch adds a scenario to test the checkpoint/restore of multiple containers. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Configuration menu - View commit details
-
Copy full SHA for 23b2636 - Browse repository at this point
Copy the full SHA 23b2636View commit details -
ci: fix 'crit.sh: 3: source: not found'
Jenkins test runs are failing with: ./test/jenkins/run_ct ./test/jenkins/crit.sh ./test/jenkins/crit.sh: 3: source: not found Switch to bash which has 'source'. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f5c358b - Browse repository at this point
Copy the full SHA f5c358bView commit details -
zdtm/pthread_timers: make sure glibc allocated SIGEV_THREAD's stack
On Virtuozzo7 jenkins we see a fail of criu-dev zdtm: ===================== Run zdtm/static/pthread_timers in ns ===================== Start test ./pthread_timers --pidfile=pthread_timers.pid --outfile=pthread_timers.out Run criu dump =[log]=> dump/zdtm/static/pthread_timers/112/1/dump.log ------------------------ grep Error ------------------------ (00.004817) netlink: Collect netlink sock 0x1cad6e21 (00.004821) netlink: Collect netlink sock 0x1cad6e22 (00.004831) Collecting pidns 9/112 (00.004886) No parent images directory provided (00.004903) Warn (criu/lsm.c:328): don't know how to suspend LSM 0 ------------------------ ERROR OVER ------------------------ Run criu restore 4: Old maps lost: set([]) 4: New maps appeared: set([u'7fe4c54ca000-7fe4c54cb000 ---p', u'7fe4c0000000-7fe4c0021000 rw-p', u'7fe4c0021000-7fe4c4000000 ---p', u'7fe4c54cb000-7fe4c5ccb000 rw-p']) ############# Test zdtm/static/pthread_timers FAIL at maps compare ############# https://ci.openvz.org/job/CRIU/job/CRIU-virtuozzo/job/criu-dev/8032/consoleFull First thing to mention is that this is not related to criu. I can manage to reproduce it with "--nocr", problem is that some mapping appears a bit later when we do pre-cr get_visible_state(). By debugging SIGEV_THREAD thread with gdb I can see that addresses from this unexpectedly appearing mapping are used by glibc here as "struct pthread *pd": clone() start_thread() timer_helper_thread() __pthread_create_2_1() So the mapping looks allocated by allocate_stack(), and it is only gets done after first timer trigger (we have glibc-2.17 on vz7): https://github.com/bminor/glibc/blob/release/2.17/master/nptl/sysdeps/unix/sysv/linux/timer_routines.c#L92 So let's wait at least 1 timer trigger so that memory outfit of the test become permanent and our check_visible_state zdtm check would not be false negative. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Configuration menu - View commit details
-
Copy full SHA for 3d97d19 - Browse repository at this point
Copy the full SHA 3d97d19View commit details
Commits on Aug 10, 2021
-
files-reg: do not print a warning if a file has no build_id
On systems where there is no build_id we get a warning for each run Warn (criu/files-reg.c:1458): Couldn't find the build-id note for file with fd 15 Change the log level to debug for this message as the file just does not have a build_id and printing a warning clutters the CI logs. Signed-off-by: Adrian Reber <areber@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 6e36b39 - Browse repository at this point
Copy the full SHA 6e36b39View commit details
Commits on Aug 11, 2021
-
udp: Add support for checkpoint/restore UDP socket's queues
In this patch, I implement - A new protobuf image for storing dumped UDP packets. The image has the following format: UdpQueueEntry at the beginning for storing queues' information, each packet has UdpPacketEntry at the beginning for storing address information and packet's length followed by packet's data. - Checkpoint/restore support for UDP send queue via the newly proposed UDP_REPAIR in the Linux kernel. - Checkpoint/restore support for UDP receive queue. When checkpointing, packets are peeked from the socket. When restoring, a temporary socket is used to send these dumped packet. The source IP addresses of these are modified to matched the IP addresses when checkpointing by using IP_PKTINFO and IP_TRANSPARENT. However, the source port cannot be restored in some cases and the packet will be dropped. Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for bc154ed - Browse repository at this point
Copy the full SHA bc154edView commit details -
zdtm: Add tests for C/R UDP socket's queues
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 10c84ef - Browse repository at this point
Copy the full SHA 10c84efView commit details