plugin: Change default max buffer size to 4G #2293

Change made through this commit: - Include copy of flog as a seperate tree. - Modify the makefile to add and compile flog code. Signed-off-by: prakritigoyal19 <[email protected]>

CID 302713 (checkpoint-restore#1 of 1): Missing varargs init or cleanup (VARARGS) va_end was not called for argptr. Signed-off-by: Adrian Reber <[email protected]>

Separate commit for easier criu-dev <-> master transfer. Acked-by: Mike Rapoport <[email protected]> Signed-off-by: Adrian Reber <[email protected]>

It is mapped, not maped. Same applies for mmap I guess. Found by codespell, except it wants to change it to mapped, which will make it less specific. Signed-off-by: Kir Kolyshkin <[email protected]>

Brought to you by codespell -w (using codespell v2.1.0). [v2: use "make indent" on the result] Signed-off-by: Kir Kolyshkin <[email protected]>

Fixes: checkpoint-restore#2121 Signed-off-by: Pengda Yang <[email protected]>

The TOS(type of service) field in the ip header allows you specify the priority of the socket data. Signed-off-by: Suraj Shirvankar <[email protected]>

Signed-off-by: Suraj Shirvankar <[email protected]>

The pipe_size type is unsigned int, when the fcntl call fails and return -1, it will cause a negative rollover problem. Signed-off-by: zhoujie <[email protected]>

Newer Intel CPUs (Sapphire Rapids) have a much larger xsave area than before. Looking at older CPUs I see 2440 bytes. # cpuid -1 -l 0xd -s 0 ... bytes required by XSAVE/XRSTOR area = 0x00000988 (2440) On newer CPUs (Sapphire Rapids) it grows to 11008 bytes. # cpuid -1 -l 0xd -s 0 ... bytes required by XSAVE/XRSTOR area = 0x00002b00 (11008) This increase the xsave area from one page to four pages. Without this patch the fpu03 test fails, with this patch it works again. Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Using the fact that we know criu_pid and criu is a parent of restored process we can create pidfile with pid on caller pidns level. We need to move mount namespace creation to child so that criu-ns can see caller pidns proc. Signed-off-by: Pavel Tikhomirov <[email protected]>

By default, the file name 'amdgpu_plugin.txt' is used also as the name for the corresponding man page (`man amdgpu_plugin`). However, when this man page is installed system-wide it would be more appropriate to have a prefix 'criu-' (e.g., `man criu-amdgpu-plugin`). Signed-off-by: Radostin Stoyanov <[email protected]>

crun wants to set empty_ns and this interface is missing from the library. This adds it to libcriu. Signed-off-by: Adrian Reber <[email protected]>

--criu-binary argument provides a way to supply the CRIU binary location to run_criu(). Related to: checkpoint-restore#1909 Signed-off-by: Dhanuka Warusadura <[email protected]>

These changes remove and update the changes introduced in 7177938 in favor of the Python version in CI. os.waitstatus_to_exitcode() function appeared in Python 3.9 Related to: checkpoint-restore#1909 Signed-off-by: Dhanuka Warusadura <[email protected]>

These changes add test implementations for criu-ns script. Fixes: checkpoint-restore#1909 Signed-off-by: Dhanuka Warusadura <[email protected]>

These changes fix the `ImportError: No module named pathlib` error when executing criu-ns tests located at criu/test/others/criu-ns Signed-off-by: Dhanuka Warusadura <[email protected]>

CentOS 7 CI environment uses Python 2. To execute criu-ns script in CentOS 7 changing the current shebang line to python is required. This reverse the changes made in a15a63f Signed-off-by: Dhanuka Warusadura <[email protected]>

This is a patch proposed by Thomas here: https://lore.kernel.org/all/87ilczc7d9.ffs@tglx/ It removes (created id > desired id) "sanity" check and adds proper checking that ids start at zero and increment by one each time when we create/delete a posix timer. First purpose of it is to fix infinite looping in create_posix_timers on old pre 3.11 kernels. Second purpose is to allow kernel interface of creating posix timers with desired id change from iterating with predictable next id to just setting next id directly. And at the same time removing predictable next id so that criu with this patch would not get to infinite loop in create_posix_timers if this happens. Thanks a lot to Thomas! Signed-off-by: Pavel Tikhomirov <[email protected]>

This hook allows to start image streamer process from an action script. Signed-off-by: Radostin Stoyanov <[email protected]>

…tions This does cgroup namespace creation separately from joining task cgroups. This makes the code more logical, because creating cgroup namespace also involves joining cgroups but these cgroups can be different to task's cgroups as they are cgroup namespace roots (cgns_prefix), and mixing all of them together may lead to misunderstanding. Another positive thing is that we consolidate !item->parent checks in one place in restore_task_with_children. Signed-off-by: Valeriy Vdovin <[email protected]> Signed-off-by: Pavel Tikhomirov <[email protected]>

4.15-based kernels don't allow F_*SEAL for memfds created with MFD_HUGETLB. Since seals are not possible in this case, fake F_GETSEALS result as if it was queried for a non-sealing-enabled memfd. Signed-off-by: Michał Mirosław <[email protected]>

Linux 4.15 doesn't like empty string for cgroup2 mount options. Pass NULL then to satisfy the kernel check. Log the options for easier debugging. Signed-off-by: Michał Mirosław <[email protected]>

The original commit added saving THP_DISABLED flag value, but missed restoring it. There is restoring code, but used only when --lazy_pages mode is enabled. Restore the prctl flag always. While at it, rename the `has_thp_enabled` -> `!thp_disabled` for consistency. Fixes: bbbd597 (2017-06-28 "mem: add dump state of THP_DISABLED prctl") Signed-off-by: Michał Mirosław <[email protected]>

If prctl(SET_THP_DISABLE) is not used due to bad semantics, log it for easier debugging. Signed-off-by: Michał Mirosław <[email protected]>

While at it, don't carry over stale errno to the fail() message. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

Add a sanity check for THP_DISABLE. This discovered a broken commit in Google's kernel tree. Signed-off-by: Michał Mirosław <[email protected]>

Apparently Skylake uses init-optimization when saving FPU state, and ptrace() returns XSTATE_BV[0] = 0 meaning FPU was not used by a task (in init state). Since CRIU restore uses sigreturn to restore registers, FPU state is always restored. Fill the state with default values on dump to make restore happy. Signed-off-by: Michał Mirosław <[email protected]>

This commit revises the error handling in the fdspy test. Previously, a failure case could have been incorrectly reported as successful because of a specific check `pass != 0`, leading to potential false positives when `check_pipe_ends()` returned `-1` due to a read/write pipe error. To improve this, we've adjusted the error handling to return `0` in case of any error. As such, the final success condition remains unchanged. This approach will help accurately differentiate between successful and failed cases, ensuring the output "All OK" is printed for success, and "Something went WRONG" for any failure. Fixes: 5364ca3 ("compel/test: Fix warn_unused_result") Signed-off-by: Haorong Lu <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

Use $TMPDIR for tests_root as the host's /tmp might not have enough features or space. Signed-off-by: Michał Mirosław <[email protected]>

Extend ability to limit time taken to all CRIU invocations. Signed-off-by: Michał Mirosław <[email protected]>

We don't want test framework to change its behaviour on whether we run a single or multiple tests in a run. When we shard the test suite it can result in some shards having a single test to run and unexpectedly change the test output format. Signed-off-by: Michał Mirosław <[email protected]>

Allow to split test suite into predictable sets to parallelize runs on multiple machines or VMs. Signed-off-by: Michał Mirosław <[email protected]>

Make it clear that the option numbers are indexes not the option identifiers ("names"). Also show the value change that prompted test failure. Signed-off-by: Michał Mirosław <[email protected]>

Make it possible to skip network lock to enable uses that break connections anyway to work without iptables/nftables being present. Signed-off-by: Michał Mirosław <[email protected]>

The fail() macro provides a new line character at the end of the message. This patch fixes the following lint check that currently fails in CI: $ git --no-pager grep -E '^\s*\<(pr_perror|fail)\>.*\\n"' test/zdtm/static/thp_disable.c: fail("prctl(GET_THP_DISABLE) returned unexpected value: %d != 1\n", ret); test/zdtm/static/thp_disable.c: fail("Flags changed %lx -> %lx\n", orig_flags, new_flags); test/zdtm/static/thp_disable.c: fail("Madvs changed %lx -> %lx\n", orig_madv, new_madv); test/zdtm/static/thp_disable.c: fail("post-migration prctl(GET_THP_DISABLE) returned unexpected value: %d != 1\n", ret); test/zdtm/static/thp_disable.c: fail("Flags changed %lx -> %lx\n", orig_flags, new_flags); test/zdtm/static/thp_disable.c: fail("Madvs changed %lx -> %lx\n", orig_madv, new_madv); Fixes: checkpoint-restore#2193 Signed-off-by: Radostin Stoyanov <[email protected]>

During dump, CRIU stores the structs representing sockets in a statically sized hashmap of size 32. We have some (admittedly crazy) tasks that use tens of thousands of sockets, and seem to spend most of the dump time iterating over the linked lists of the map. 16K is chosen arbitrarily, so that it reduces the lengths of the chains to few elements on average, while not introducing significant memory overhead. From: Radosław Burny <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

From: Piotr Figiel <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Try IPv6 if IPv4 sockets are not supported. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

The test for HAS_MEMFD is empty and noit used. Remove it. Fixes: 5ee1ac1 ("criu: remove FEATURE_TEST_MEMFD") Change-Id: I43b8f0cfd50ce9bdf93dafb647377318df1deae8 Signed-off-by: Michał Mirosław <[email protected]>

`make` without `-s` option will normally show the commands executed. In the case of detecting build environment features current makefile will cause detected features to be seen as 'echo #define' commands, but not detected ones will be silent. Change it so that all tried features can be seen (outside of make's silent mode) regardless of detection result. Signed-off-by: Michał Mirosław <[email protected]>

$LDFLAGS can contain `-Ldir`s that are required by '-lib's in $LIBS. Reverse the order so that `-L` options make effect. Signed-off-by: Michał Mirosław <[email protected]>

Make $(AR) used also for libzdtmtst build. Signed-off-by: Michał Mirosław <[email protected]>

When trying to build CRIU with libbsd enabled the compilation fails due to duplicate definition of __aligned macro. Other such definitions are already wrapped with #ifndef make __aligned definition consistent and make it easier in the future to use the libbsd features if needed. Signed-off-by: Michał Mirosław <[email protected]>

nla_get_s32() was added to libnl 3.2.7 in 2015. Remove CRIU's definition as it breaks build when statically linking the binary. From: Uros Prestor <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Container runtimes commonly use CRIU with RPC. However, this prevents the use of action-scripts set in a CRIU configuration file due to the explicit scripts mode introduced with the following commit: ac78f13 actions: Introduce explicit scripts mode This patch enables container checkpoint/restore with action-scripts specified via configuration file. Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

New 'query-ext-files' action for `criu dump` is sent after freezing the process tree. This allows to defer gathering the external file list when the process tree is in a stable state and avoids race with the process creating and deleting files. Change-Id: Iae32149dc3992dea086f513ada52cf6863beaa1f Signed-off-by: Michał Mirosław <[email protected]>

Google's RPC client process is in a different pidns and has more privileges -- CRIU can't open its /proc/<pid>/fd/<fd>. For images_dir_fd to be useful here it would need to refer to a passed or CRIU's fd. From: Michał Cłapiński <[email protected]> Change-Id: Icbfb5af6844b21939a15f6fbb5b02264c12341b1 Signed-off-by: Michał Mirosław <[email protected]>

If the error is ignored it is not important enough - make it a warning instead. From: Mian Luo <[email protected]> Change-Id: If2641c3d4e0a4d57fdf04e4570c49be55f526535 Signed-off-by: Michał Mirosław <[email protected]>

kerndat_nsid() is not used outside kerndat.c. Make it static. Change-Id: I52e518ecb7c627cc1866e373411b2be3f71a2c9d Signed-off-by: Michał Mirosław <[email protected]>

If not dumping netns nor connections, nsid support is not used. Don't fail the run as if the support is needed, the dumping process will fail later. Change-Id: I39a086756f6d520c73bb6b21eaf6d9fb49a18879 Signed-off-by: Michał Mirosław <[email protected]>

Instead of relying on chance of CLOCK_MONOTONIC reading being unique, use pid namespace ID that combined with the process ID will make it unique on the machine level. If pidns is not enabled on a kernel we'll get ENOENT, but then CRIU's pid will already be unique. If there is some other error, log it but continue, as the socket clash (if it happens) will result in a failed run anyway. Fixes: 45e048d (2022-03-31 "criu: generate unique socket names") Fixes: 408a7d8 (2022-02-12 "util: add an unique ID of the current criu run") Change-Id: I111c006e1b5b1db8932232684c976a84f4256e49 Signed-off-by: Michał Mirosław <[email protected]>

With the parasite socket clash now guaranteed not to happen, the comment becomes obsolete. netns is steel needed though, so update the comment to point at the requirement. Change-Id: I3cfb253cd5c53b91b955fcb001530b4aee5129f4 Signed-off-by: Michał Mirosław <[email protected]>

Instead of opening the image directly, the commit refactors the asciinema image embedded link to redirect users to the corresponding video. Signed-off-by: Abhishek Guleri <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

We have disabled CentOS 7 tests in CI. This patch reverts the changes introduced in the following commit: 24bc083 ci: disable some tests on CentOS 7 Signed-off-by: Radostin Stoyanov <[email protected]>

This patch reverts changes introduced for Python 2 compatibility in commits: 1c866db (Add new files for running criu-coredump via python 2 or 3) 3180d35 (Add support for python3 in criu-coredump). Signed-off-by: Radostin Stoyanov <[email protected]>

This patch reverts changes introduced with the following commits: 4feb070 crit: enable python2 or python3 based crit b78c4e0 test: fix crit test and extend it Signed-off-by: Radostin Stoyanov <[email protected]>

When building with pip version 20.0.2 or older, the pip install command creates a temporary directory and copies all files from ./crit. This results in the following error message: ModuleNotFoundError: No module named 'pycriu' This error appears because the symlink 'pycriu' uses a relative path that becomes invalid '../lib/py/'. The '--no-build-isolation' option for pip install is needed to enable the use of pre-installed dependencies (e.g., protobuf) during build. The '--ignore-installed' option for pip is needed to avoid an error when crit is already installed. For example, crit is installed in the GitHub CI environment as part of the criu OBS package as a dependency for podman. Distributions such as Arch Linux have adopted an externally managed python installation in compliance with PEP 668 [1] that prevents pip from breaking the system by either installing packages to the system or locally in the home folder. The '--break-system-packages' [2] option allows pip to modify an externally managed Python installation. [1] https://peps.python.org/pep-0668/ [2] https://pip.pypa.io/en/stable/cli/pip_uninstall/ Signed-off-by: Radostin Stoyanov <[email protected]>

This commit removes the dependency on the __future__ module, which was used to enable Python 3 features in Python 2 code. With support for Python 2 being dropped, it is no longer necessary to maintain backward compatibility. Signed-off-by: Radostin Stoyanov <[email protected]>

This commit removes the checks for the Python 2 binary in the makefile and makes sure that ZDTM tests always use python3. Since support for Python 2 has been dropped, these checks are no longer needed. Signed-off-by: Radostin Stoyanov <[email protected]>

This patch is replacing the set_blocking() function with os.set_blocking(). This function was introduced for compatibility with Python 2 in commit 8094df8di (criu-ns: Add tests for criu-ns script). Signed-off-by: Radostin Stoyanov <[email protected]>

This patch removes the code introduced for compatibility with Python 2 in commits: 4c1ee3e test/other: Resolve Py3 compatibility issues 6b615ca test/others: Reuse setup_swrk() Signed-off-by: Radostin Stoyanov <[email protected]>

This patch removes code introduced for compatibility with Python 2 in commits: bf80fee (lib: correctly handle stdin/stdout (Python 3)) b82f222 (lib: fix crit-recode fix for Python 2) Signed-off-by: Radostin Stoyanov <[email protected]>

This patch removes the code for Python 2 compatibility introduced with commit e65c7b5 (zdtm: Replace imp module with importlib). Signed-off-by: Radostin Stoyanov <[email protected]>

This makes the error to mount cgroup hierarchy a bit less noisy: Error (criu/cgroup.c:623): cg: Unable to mount cgroup2 : Invalid argument' Instead of Error (criu/cgroup.c:623): cg: Unable to mount cgroup2 : Invalid argument' Error (criu/cgroup.c:715): cg: failed walking /proc/self/fd/-1/zdtmtst for empty cgroups: No such file or directory' Signed-off-by: Michał Mirosław <[email protected]>

Log the mount and file that were the cause of failing a dump. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

…socket. Make debugging dump failures resulting in "sk unix: Can't dump half of stream unix connection" errors easier. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

Errors in early restore.log for status=1 from a subprocess are confusing, esp. that they don't show what command failed. Since the result is either ignored or logged anyway, mark the calls as "can fail". Signed-off-by: Michał Mirosław <[email protected]>

Make logs about inaccessible mounts warnings, as the failures are normally harmless (e.g. failure to read /dev/cgroup) and don't make the CRIU run fail. (If it happens that the fsnotify can't find a file, then to debug, full CRIU logs will be necessary anyway.) Signed-off-by: Michał Mirosław <[email protected]>

These errors originate from the filesystem scanning in irmap.c and are mostly benign. Nevertheless, if they do result in a failed irmap lookup, that failed lookup is more interesting from an application perspective. Signed-off-by: Michał Mirosław <[email protected]>

Fixes: checkpoint-restore#2222 Fixes: f1c8d38 ("kerndat: check if setsockopt IPV6_FREEBIND is supported") Signed-off-by: Yan Evzman <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

NR_fstat is a deprecated syscall, some modern architectures such as riscv and loongarch64 no longer support this syscall. It is usually replaced by NR_statx. NR_statx is supported since linux 4.10. Signed-off-by: znley <[email protected]>

kerndat_has_ipv6_freebind creates a socket but doesn't close it. Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Prajwal S N <[email protected]>

Signed-off-by: znley <[email protected]>

Add generic wrappers for fchown() and fchmod() that skip the calls if no changes are needed. This will allow to unify places where we can avoid errors when no-op requests are not permitted. Signed-off-by: Michał Mirosław <[email protected]>

Note: This removes the difference in calling convention of restore_file_perms() returning -errno that was the only call that did this in the caller. From: Radosław Burny <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

When CRIU is run with the task's credentials on restore, don't set uids and gids. This avoids the need to modify the SECURE_NO_SETUID_FIXUP flag which requires CAP_SETPCAP. From: Andy Tucker <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Skip calling setgroups() when the list of auxiliary groups already has the values we want. This allows restoring into an unprivileged user namespace where setgroups() is disabled. From: Ambrose Feinstein <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

…els. When restoring on a kernel that has different number of supported capabilities than checkpoint one, check that the extra caps are unset. There are two directions to consider: 1) dump.cap_last_cap > restore.cap_last_cap - restoring might reduce the processes' capabilities if restored kernel doesn't support checkpointed caps. Warn. 2) dump.cap_last_cap < restore.cap_last_cap - restoring will fill the extra caps with zeroes. No changes. Note: `last_cap` might change without affecting `n_words`. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

prctl(NO_NEW_PRIVS) when set prevents child processes gaining capabilities not in permitted set. In this case, inability to clear capability from BSET that is not in the permitted set is harmless. Signed-off-by: Michał Mirosław <[email protected]>

Include the file descriptor and error code in the debug message to make it more useful. Fixes: e7ba909 (2016-03-14 "cr-check: Inspect errno on syscall failures") Signed-off-by: Michał Mirosław <[email protected]>

memfd is created by default with +x permissions set. This can be changed by a process using fchmod() and expected to prevent using this fd for exec(). Migrate the permissions. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

In criu/apparmor.c: write_aa_policy(), the arg path is passed as a char pointer. The original code used sizeof(path) to get the size of it, which is incorrect as it always return the size of the char pointer (typically 8 or 4), not the actual capacity of the char array. Given that this function is only invoked with path declared as `char path[PATH_MAX]`, replacing sizeof(path) with PATH_MAX should correctly represent the maximum size of it. Fixes: 8723e3f ("check: add a feature test for apparmor_stacking") Signed-off-by: Haorong Lu <[email protected]>

Move tcp_cork() and tcp_nodelay() to the only user: page-xfer.c. While at it, fix error messages (as they do not refer to restoring the sockopt values) and demote them as they are not fatal to the page transfer. Signed-off-by: Michał Mirosław <[email protected]>

Make the scan use the order of paths that came from the user. Fixes: 4f2e4ab ("irmap: add --irmap-scan-path option"; 2015-09-16) Signed-off-by: Michał Mirosław <[email protected]>

The log prefix "amdgpu_plugin:" is defined with `LOG_PREFIX` in `amdgpu_plugin.c`. However, the prefix is also included in each log message. As a result it appears duplicated in the log messages: (00.044324) amdgpu_plugin: amdgpu_plugin: devices:1 bos:58 objects:148 priv_data:45696 (00.045376) amdgpu_plugin: amdgpu_plugin: Thread[0x5589] started (00.167172) amdgpu_plugin: amdgpu_plugin: img_path = amdgpu-kfd-62.img (00.083739) amdgpu_plugin: amdgpu_plugin : amdgpu_plugin_dump_file() called for fd = 235 Signed-off-by: Radostin Stoyanov <[email protected]>

It is required to investigate issues. Signed-off-by: Andrei Vagin <[email protected]>

This change fixes the issue: ``` The following packages have unmet dependencies: docker-ce : Depends: containerd.io (>= 1.6.4) E: Unable to correct problems, you have held broken packages. ``` Signed-off-by: Andrei Vagin <[email protected]>

The VMA_AREA_MEMFD constant was introduced with commit 29a1a88 memfd: add memory mapping support This patch extends the status map used in CRIT and coredump with the value of this constant to recognize it. Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

Note: Silently drops MEMBARRIER_CMD_REGISTER_GLOBAL_EXPEDITED as it's not currently detectable. This is still better than silently dropping all membarrier() registrations. Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

While each preadv() is followed by a fallocate() that removes the data range from image files on tmpfs, temporarily (between preadv() and fallocate()) the same data is in two places; this increases the memory overhead of restore operation by the size of a single preadv. Uncapped preadv() would read up to 2 GiB of data, thus we limit that to a smaller block size (128 MiB). Based-on-work-by: Paweł Stradomski <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Labels are removed when new comments are posted. Signed-off-by: Andrei Vagin <[email protected]>

The 288d6a6 change broke all the syscall numbers. Reported-by: Michał Mirosław <[email protected]> Fixes: (288d6a6 "loongarch64: reformat syscall_64.tbl for 8-wide tabs") Signed-off-by: Andrei Vagin <[email protected]>

There is only one user of memfd_open() outside of memfd.c: open_filemap(). It is restoring a file-backed mapping and doesn't need nor expect to update F_SETOWN nor the fd's position. Check the inherited_fd() handling in the callers to simplify the code. Signed-off-by: Michał Mirosław <[email protected]>

Otherwise tests fail by timeout. Signed-off-by: Andrei Vagin <[email protected]>

Fix test of whether the kernel exposes page frame numbers to cope with the possibility that the top of the stack is swapped out, which was happening in about one 1 out of 3 million runs. This lead to a later failure when trying to read the PFN of the zero page, after which criu would exit with no error message. Original-From: Ambrose Feinstein <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

…ebug message Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

This commit is introducing a test for the action-script functionality of CRIU to verify that pre-dump, post-dump, pre-restore, pre-resume, post-restore, post-resume hooks are executed during dump/restore. Signed-off-by: Radostin Stoyanov <[email protected]>

Help debugging problems with restoring custom VMAs. From: Michał Cłapiński <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

Plug a fd leak when returning error from check_pagemap(). (Cosmetic, as the process will exit soon anyway.) Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

If there is only a single RW opened fd for a memfd, it can be used to pass it to execveat() with AT_EMPTY_PATH to have its contents executed. This currently works only for the original fd from memfd_create(). For now we ignore processes that reopen the memfd's rw and expect a particular executability trait of it. (Note: for security purposes recent kernels have SEAL_EXEC to make memfds non-executable.) Signed-off-by: Michał Mirosław <[email protected]>

Signed-off-by: Michał Mirosław <[email protected]>

Ctags is mentioned in the beginning of the "Edit the source code" which is really confusing: Do you need ctags to edit CRIU code? - No. It is just one helpful tool to browse the code, and we do not want to enforce it. So, what is it doing in contribution guide? People who really need it should be able to find it in Makefile or just write oneliner of their own to collect tags... Signed-off-by: Pavel Tikhomirov <[email protected]>

This is highlight that code readability is the real goal of all the coding-style rules. We should not do coding-style just for coding-style, e.g. when clang-format suggests crazy formating we should not follow it if we feel it is bad. Signed-off-by: Pavel Tikhomirov <[email protected]>

There are multiple cases where good human readable code block is converted to an unreadable mess by clang-format, so we don't want to rely on clang-format completely. Also there is no way, as far as I can see, to make clang-format only fix what we want it to fix without breaking something. So let's just display hints inline where clang-format is unhappy. When reviewer sees such a warning it's a good sign that something is broken in coding-style around this warning. We add special script which parses diff generated by indent and generates warning for each hunk. Signed-off-by: Pavel Tikhomirov <[email protected]>

This patch also updated the download URL format from https://releases.hashicorp.com/vagrant/2.3.7/vagrant_2.3.7_x86_64.deb to https://releases.hashicorp.com/vagrant/2.3.7/vagrant_2.3.7-1_amd64.deb Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

MEMBARRIER_CMD_GET_REGISTRATIONS can tell us whether or not the process used MEMBARRIER_CMD_REGISTER_GLOBAL_EXPEDITED unlike the old probing method. Falls back to the old method when MEMBARRIER_CMD_GET_REGISTRATIONS is unavailable. Signed-off-by: Michal Clapinski <[email protected]>

Check membarrier registration both ways: 1. By issuing membarrier commands and checking if they succeed. 2. By issuing MEMBARRIER_CMD_GET_REGISTRATIONS. The first way is needed for older kernels. The second way is needed to test MEMBARRIER_CMD_GLOBAL_EXPEDITED. Signed-off-by: Michal Clapinski <[email protected]>

The amdgpu plugin would create a memory buffer at the size of the largest VRAM bo (buffer object). On some systems, VRAM size exceeds RAM size, so the largest bo might be larger than the available memory. Add an environment variable KFD_MAX_BUFFER_SIZE, which caps the size of this buffer. By default, it is set to 0, and has no effect. When active, any bo larger than its value will be saved to/restored from file in multiple passes. Signed-off-by: David Francis <[email protected]>

Power ISA 3.0 added a new syscall instruction. Kernel 5.9 added corresponding support. Add CRIU support to recognize the new instruction and kernel ABI changes to properly dump and restore threads executing in syscalls. Without this change threads executing in syscalls using the scv instruction will not be restored to re-execute the syscall, they will be restored to execute the following instruction and will return unexpected error codes (ERESTARTSYS, etc) to user code. Signed-off-by: Younes Manton <[email protected]>

The version of CRIU is specified in the Makefile.versions file. This patch generates '__varion__' value for the pycriu module. This value can be used by crit to implement `--version`. Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

This patch implements the '--version' for the crit tool. $ crit --version 3.17 Signed-off-by: Radostin Stoyanov <[email protected]>

They break it with each kernel rebase. More details are here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257 Last time, it was fixed a few month ago and it has been broken again in 5.15.0-1046-azure. Let's bind-mount the CRIU directory into a test container to make it independent of a container file system. Signed-off-by: Andrei Vagin <[email protected]>

At least in Google's VM environment, the kernel taints are unrelated to CRIU runs. Don't fail tests if taints change, if kernel taints are ignored. Signed-off-by: Michał Mirosław <[email protected]>

Make the errno values reported by cgroup04 always correct and showing relevant parameters. Constify constant strings, while at it. Signed-off-by: Michał Mirosław <[email protected]>

cgroup04 test needs full control over mem and devices cgroup hierarchies. Make the test's .checkskip script better at detecting if the cgroups are available for use. Signed-off-by: Michał Mirosław <[email protected]>

This fixes a failure to clean up after a failed test, where CRIU didn't start properly. ``` ===================== Run zdtm/transition/socket-tcp in h ====================== Start test ./socket-tcp --pidfile=socket-tcp.pid --outfile=socket-tcp.out Traceback (most recent call last): File ".../zdtm_py.py", line 1906, in do_run_test cr(cr_api, t, opts) File ".../zdtm_py.py", line 1584, in cr cr_api.dump("dump") File ".../zdtm_py.py", line 1386, in dump self.__dump_process = self.__criu_act(action, File ".../zdtm_py.py", line 1224, in __criu_act raise test_fail_exc("CRIU %s" % action) test_fail_exc: CRIU dump During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<embedded module '_launcher'>", line 182, in run_filename_from_loader_as_main File "<embedded module '_launcher'>", line 34, in _run_code_in_main File ".../zdtm_py.py", line 2790, in <module> fork_zdtm() File ".../zdtm_py.py", line 2782, in fork_zdtm do_run_test(tinfo[0], tinfo[1], tinfo[2], tinfo[3]) File ".../zdtm_py.py", line 1922, in do_run_test t.kill() File ".../zdtm_py.py", line 509, in kill os.kill(int(self.__pid), sig) ProcessLookupError: [Errno 3] No such process ``` Signed-off-by: Michał Mirosław <[email protected]>

When -- after restore -- sockets can't communicate, the test times out while waiting on recvfrom(). Since the communication is local, send() works instantaneously - so mark sockets with SOCK_NONBLOCK and report failure if the message is not received immediately. Signed-off-by: Michał Mirosław <[email protected]>

All test logs are flooded with the "userns is supported" messages... Signed-off-by: Andrei Vagin <[email protected]>

Currently page_size() returns unsigned int value that is after "bitwise not" is promoted to unsigned long value e.g. in uffd.c handle_page_fault. Since the value is unsigned promotion is done with 0 MSB that results in lost of MSB pagefault address bits. So make page_size to return unsigned long to avoid such situation. Signed-off-by: Vladislav Khmelevsky <[email protected]>

Currently most of the times we don't have problems with VVAR segment and lazy restore because when VDSO is parked there is an munmap call that calls UFFDIO_UNREGISTER on the destination address. But we don't want to enable userfaultfd for VDSO and VVAR at the first place.

Signed-off-by: Michal Clapinski <[email protected]>

It means CRIU has to close it when it is not needed. It looks more logically correct and matches the behaviour of the RESTORE_EXT_FILE callback. Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

This patch adds the `libdrm-dev` package to the list of CRIU dependencies installed in CI to build CRIU with amdgpu plugin. Signed-off-by: Radostin Stoyanov <[email protected]>

amdgpu_plugin.c:930:6: error: variable 'buffer' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (ret) { ^~~ amdgpu_plugin.c:988:8: note: uninitialized use occurs here xfree(buffer); Signed-off-by: Radostin Stoyanov <[email protected]>

One memfd can be shared by a few restored files. Only of these files is restored with a file created with memfd_open. Others are restored by reopening memfd files via /proc/self/fd/. It seems unnecessary for restoring memfd memory mappings. We can always use the origin file. Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

The "ColumnLimit: 120" is not only allowing lines to be longer than 80 characters but it also forces line wrapping at 120 characters. If total expression length is more than 120 characters, clang-format will try to wrap it as close to 120 as it can, it would not even allow to wrap at 80 characters if we really want it. But as we all know 80 characters is Linux kernel coding style default and as far as our coding style is based on it it is really strange to prohibit wrapping lines at 80 characters... Signed-off-by: Pavel Tikhomirov <[email protected]>

@option

GCC's lto source: > To avoid this problem the compiler must assume that it sees the > whole program when doing link-time optimization. Strictly > speaking, the whole program is rarely visible even at link-time. > Standard system libraries are usually linked dynamically or not > provided with the link-time information. In GCC, the whole > program option (@option{-fwhole-program}) asserts that every > function and variable defined in the current compilation > unit is static, except for function @code{main} (note: at > link time, the current unit is the union of all objects compiled > with LTO). Since some functions and variables need to > be referenced externally, for example by another DSO or from an > assembler file, GCC also provides the function and variable > attribute @code{externally_visible} which can be used to disable > the effect of @option{-fwhole-program} on a specific symbol. As far as I read gcc's source, ipa_comdats() will avoid placing symbols that are either already in a user-defined section or have externally_visible attribute into new optimized gcc sections. Signed-off-by: Dmitry Safonov <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

fork_and_ptrace_attach has to fork a child with CLONE_UNTRACED, so that strace doesn't trace it. Signed-off-by: Andrei Vagin <[email protected]>

read_ns_sys_file() can return an error, but we are trying to parse a buffer before checking a return code. CID 417395 (checkpoint-restore#3 of 3): String not null terminated (STRING_NULL) 2. string_null: Passing unterminated string buf to strtol, which expects a null-terminated string. Signed-off-by: Andrei Vagin <[email protected]>

This check is redundant as line 201 checks for this condition. Signed-off-by: Taemin Ha <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

The is_native field is a boolean. Therefore, else if() should can be changed to a simple else{}. Signed-off-by: Taemin Ha <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

The condition meant to check fd2 instead of fd1, which is checked in line 24. Signed-off-by: Taemin Ha <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

line 131 checks if (ret >= 0). line 133 could be replaced by a simple else statement Signed-off-by: Taemin Ha <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

Eventpollentry's fields are set only when ret == 3 or ret == 6. The remaining cases can be grouped together to an error Signed-off-by: Taemin Ha <[email protected]> Signed-off-by: Andrei Vagin <[email protected]>

At this point the correct position is already restored, so reading from the fd results in the position being moved forward by 5 bytes. Fixes: 9191f87 ("criu/files-reg.c: add build-id validation functionality") Signed-off-by: Michal Clapinski <[email protected]>

Signed-off-by: Michal Clapinski <[email protected]>

cgroup_ifpriomap test needs net_prio cgroup, which might not be available. Make the .checkskip script check it. Signed-off-by: Michał Mirosław <[email protected]>

Newer versions of pip use an isolated virtual environment when building Python projects. However, when the source code of CRIT is copied into the isolated environment, the symlink for `../lib/py` (pycriu) becomes invalid. As a workaround, we used the `--no-build-isolation` option for `pip install`. However, this functionality has issues in some versions of PIP [1, 2]. To fix this problem, this patch adds separate packages for pycriu and crit, and each package is installed independently. [1] pypa/pip#8221 [2] pypa/pip#8165 (comment) Signed-off-by: Radostin Stoyanov <[email protected]>

Do not use $(USERCFLAGS) for anything other than what the user provide. Signed-off-by: Marcus Folkesson <[email protected]>

This will, by default, prevent the amdgpu plugin from allocating more than 4G of memory at a time. Signed-off-by: David Francis <[email protected]>

plugin: Change default max buffer size to 4G #2293

Are you sure you want to change the base?

plugin: Change default max buffer size to 4G #2293

Commits on Jun 12, 2023

Commits on Jun 15, 2023

Commits on Jun 16, 2023

Commits on Jun 17, 2023

Commits on Jun 19, 2023

Commits on Jun 22, 2023

Commits on Jun 26, 2023

Commits on Jun 28, 2023

Commits on Jun 30, 2023

Commits on Jul 5, 2023

Commits on Jul 7, 2023

Commits on Jul 10, 2023

Commits on Jul 19, 2023

Commits on Jul 22, 2023

Commits on Jul 26, 2023

Commits on Jul 27, 2023

Commits on Aug 1, 2023

Commits on Aug 3, 2023

Commits on Aug 4, 2023

Commits on Aug 7, 2023

Commits on Aug 8, 2023

Commits on Aug 18, 2023

Commits on Aug 21, 2023

Commits on Aug 24, 2023

Commits on Aug 25, 2023

Commits on Aug 28, 2023

Commits on Aug 29, 2023

Commits on Aug 31, 2023

Commits on Sep 4, 2023

Commits on Sep 14, 2023

Commits on Sep 20, 2023

Commits on Sep 22, 2023

Commits on Sep 25, 2023

Commits on Sep 26, 2023

Commits on Sep 27, 2023

Commits on Sep 28, 2023

Commits on Sep 29, 2023

Commits on Oct 5, 2023

Commits on Oct 6, 2023

Commits on Oct 7, 2023

Commits on Oct 8, 2023

Commits on Oct 12, 2023

Commits on Oct 13, 2023

Commits on Oct 17, 2023

Commits on Oct 22, 2023

Commits on Oct 26, 2023