| Age | Commit message (Collapse) | Author |
|---|
|
The ipcns-shm images are buffered and contain raw dumps of memory
contents. If the segment is huge, the bfd engine overflows and
doesn't write data into image. This is not nice by itself, but
huge images shouldn't use bfd to avoid double buffering.
Also, in the future, this image should be fixed not to keep mem
dumps in one image with object.
https://github.com/xemul/criu/issues/287
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
A year ago this flag was removed, as parts of criu were build in
sub-directories (i.e. by using make -C SUBDIR), and therefore
paths printed by make were relevant to a SUBDIR rather than top
source dir, which prevented tools like vim from jumping to a
correct source file with with error (for more details, see
commit XXXXXX "nmk: remove no-print-directory from MAKEFLAGS").
Now, as we have everything (except Documentation and test, which
is rather minor) built from top source directory, we can finally
add the flag back and enjoy cleaner output.
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
It was not working:
> $ make DESTDIR=`pwd`/inst3 uninstall
> UNINSTALL crit.1
> UNINSTALL criu.8
> UNINSTALL libcriu.so
> UNINSTALL pkgconfig/criu.pc
> UNINSTALL crit
> /media/ts/kir/git/criu/scripts/nmk/scripts/build.mk:83: criu/arch/x86/Makefile: Not a directory
> make[2]: *** No rule to make target 'criu/arch/x86/Makefile'. Stop.
> Makefile:48: recipe for target 'criu/arch/x86/crtools.built-in.o' failed
> make[1]: *** [criu/arch/x86/crtools.built-in.o] Error 2
> Makefile.install:49: recipe for target 'uninstall' failed
> make: *** [uninstall] Error 2
This is a fix to commit 7a36048 ("build/make: return to make from top
directory").
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Our whole system of Makefiles are integrated from top to bottom,
meaning:
1. The paths in sub-makefiles are relative to the top source dir.
2. Sub-makefiles are executed via make $(build)=<SUBDIR> <TARGET>
For some reason, makefiles under lib/ are the exclusion. Let's fix it.
Side effect: you can now build any individual target under lib/,
for example, "make lib/c/libcriu.so" works.
[v2: use the .FORCE, thanks to dsafonov@]
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Instead of removing everything by means of a few wildcards,
let's properly generate the file names to be removed.
[v2: fix a typo, thanks to dsafonov@]
[v3: resend with a typo fixed for real, this time]
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
If a pipe is inherited (external), it may be impossible to reopen it
from a restored user namespace due to lack of permession,
so in this case we have to reopen it via usernsd.
https://github.com/opencontainers/runc/issues/1333
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
================= Run zdtm/static/socket-tcp-nfconntrack in h ==================
Start test
Test is SUID
./socket-tcp-nfconntrack --pidfile=socket-tcp-nfconntrack.pid --outfile=socket-tcp-nfconntrack.out
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Makefile:331: recipe for target 'socket-tcp-nfconntrack.pid' failed
make: *** [socket-tcp-nfconntrack.pid] Error 1
Reported-by: Mr Travis
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
"Check_fs_type" helper was repalce by "get_fs_type".
This reference is a silly mistake.
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
This is needed for the case when the target descriptor is image
cache/proxy socket.
Signed-off-by: Rodrigo Bruno <rbruno@gsd.inesc-id.pt>
Signed-off-by: Katerina Koukiou <k.koukiou@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
This is needed for the case when we get data from image-cache/proxy socket.
Signed-off-by: Rodrigo Bruno <rbruno@gsd.inesc-id.pt>
Signed-off-by: Katerina Koukiou <k.koukiou@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
After fds restore set merge we no longer need two lists.
Don't BUG in eventpoll when the tfd is not on the list.
This situation means that it's restored, so it's safe
to report OK from this place.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
This is to avoid long item->pid->ns[0].virt for vpid(item).
This is
1) for f in $(git grep -l 'ns\[0\]'); do
sed -e 's/\([a-zA-Z0-9_]\+\)->pid->ns\[0\].virt/vpid(\1)/g' -i $f;
done
2) adding of vpid() routine
3) some manual fixlets
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
We should only get to the post-open stage for standalone
sockets with peers. All the others return 0 from ->open
which means "restore is over".
This change avoids double calling or rst_file_params and
restore_socket_opts for those ones.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Trying to use the FEATURE_CHECK RPC with criu_req->criu_opts set to NULL
makes CRIU segfault. Technically there is no reason to have a valid
criu_req->criu_opt during feature check. The only reason was to set the
image directory for setproctitle(). This removes the segfault and the
unnecessary requirement of setting criu_req->criu_opts.
Another possible solution would have been to return an error if
criu_req->criu_opts is NULL but so far it seems unnecessary to have
criu_req->criu_opts during feature check.
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
This will help us catch bugs where the arguments are not in line
with the format string.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
criu/sk-queue.c | 33 ++++++++++++---------------------
1 file changed, 12 insertions(+), 21 deletions(-)
In order to prepare for the use of sockets to transfer the image files
lseek calls needs to be removed. For sk-queue, we now read the packet
data at the same time than the header. This has the disadvantage to
consume more memory between the image read and the packets restore, but
should hopefully be affordable.
Signed-off-by: Rodrigo Bruno <rbruno@gsd.inesc-id.pt>
Signed-off-by: Katerina Koukiou <k.koukiou@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
When criu is compiled with GCOV=1, .gc* files created are never
cleaned. While 'git clean -dxf' does the job and is popular
among the criu devs, it still feels good to have good ol'
make clean doing the right thing.
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
For most of the CLI tools I see, adding -v option increases their verbosity.
Currently, this is not the case for criu. Default verbosity is set it 2,
and using -v actually decreases the verbosity level to 1, so to increase
verbosity you need to use -vvv (or -v3). To me, this behavior is
quite counterintuitive.
This patch changes the way -v works (but retains -vNUM as it was). Now,
using -v increases verbosity by +1 from the default value (and e.g. -vvv
increases it by +3).
Surely, this changes user experience: for example someone who
was using -v (rather than -v1 or -v0) to silent warnings, will
now have verbosity increased. IMHO this is for the better.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
"zdtm.py run -a" doesn't work on Alpine:
find: unrecognized: -executable
So run zdtm/static/env00 for now to be sure that
it is not broken at all.
travis-ci: success for travis: execute tests on Alpine
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
It works faster and allows to check exit codes.
travis-ci: success for series starting with [1/2] page-server: don't return a server pid from page-server
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
We see the "No space left on device" error on the current version,
so let's try to use a newer version of Alpine, maybe this error
has been fixed there.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Here we check that a master of a bind-mounted slave was opened in the
root mount namespace. The problem is that we restore all mounts in the
root mount namespace. Only when all mounts are restored, we create other
mount namespaces. So when we are restoring mounts, we can open files
only in the root mount namespace.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
Currently all mounts are restored in a one mount namespace, then
this namespace is cloned to restore other mount namespaces and
we need another copy of this namespace to clean link remap files.
Let's define terms:
A - the root mount namespace
B - the mount namespace where link remap files are destroyed
Currently we restore all mounts in the B namespace and then
clone it into the A namespace.
But it doesn't work in a case, when we have to open file
descriptores to restore mounts (e g to restore bind-mount
pty slaves), because a file descriptor has to be opened from
a specified mount (which is one of restore mount namespaces).
This patch reworks code so, that all mounts is restored in the A mount
namespace and then the B mount namespace is created. In this case
we can open files from the root mount namespace (A).
$ ./zdtm.py run -t zdtm/static/pty-console --iter 5
====================== Run zdtm/static/pty-console in ns =======================
Start test
Test is SUID
./pty-console --pidfile=pty-console.pid --outfile=pty-console.out
Run criu dump
Run criu restore
Run criu dump
=[log]=> dump/zdtm/static/pty-console/36/2/dump.log
------------------------ grep Error ------------------------
(00.106521) Error (criu/files-reg.c:1132): Can't lookup mount=563 for fd=4 path=/ptmx
(00.106585) Error (criu/cr-dump.c:1325): Dump files (pid: 70) failed with -1
(00.129041) Error (criu/cr-dump.c:1674): Dumping FAILED.
------------------------ ERROR OVER ------------------------
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
If we can't create a temporary directory for a detached mount,
we can clone a whole mount namespace, open a mount and release
the created namespace. The result will be the same.
https://jira.sw.ru/browse/PSBM-57135
https://github.com/opencontainers/runc/issues/1202
travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Now we create pty pairs when file descriptors are restored.
The problem is that a slave tty can be bind-mounted to somewhere
and in this case we have to create this pair and hold a master file
descritore before related file descriptors will not be restored.
In this patch, a unix socket is used to hold file descriptros.
And we use SK_PEEK_OFF and MSG_PEEK to get any of them.
travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
When we need to get a file descriptor, we have to set peek offset
and then to peek a message. There are two system calls, so we need
to be sure that nobody changes a socket peek offset after we set it.
Acked-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
We need a storage for file descriptors which is shared between processes
and doesn't use a lot of file descriptors. We are going to use it on
restore and if it will use file descriptors, we will have to find
descriptors which don't used by all restored processes to not confilict
with their descriptors.
There are two solutions. The first one is a service (process) which
handles to command push_fd(id, fd) and pop_fd(id, fd).
Another solution is to save descriptros in a unix socket. It requires
only one extra descriptor which we can register as a service fd. Each
unix socket has a buffer and can fit a number of file descriptros. We
can use SK_PEEK_OFF and MSG_PEEK to get file descriptros from a socket
as many times as we need.
This patch implements the second solution.
v2: call recvmsg with MSG_PEEK
travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Now Docker creates a pty pair from a container devpts to use is as console.
A slave tty is set as a control tty for the init process and bind-mounted
into /dev/console. The master tty is handled externelly.
Now CRIU can handle external resources, but here we have internal resources
which are used externaly.
https://github.com/opencontainers/runc/issues/1202
travis-ci: success for A few fixes to c/r a docker container with a console (rev3)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
In 2.11 we've had several got bronek:
- page-server start via RPC
- Fedora build
- ppc64le restorer switch
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Recent Fedora releases add -Wp,-D_FORTIFY_SOURCE=2 to rpm builds,
which breaks compiling pie code on some architectures due to its
trying to use (absent) memcpy_chk() instead of usual memcpy().
We must stand strong against FORTIFY_SOURCE in pie code.
No pasaran! Viva la resistance!
NOTE: in tests, FORTIFY_SOURCE is disabled for completely different
reasons (see commit d1a36cc9 for details), so we're not touching it.
[v2: resend the correct (latest) version]
Reported-by: Reported-by: Adrian Reber <adrian@lisas.de>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
The JUMP_TO_RESTORER_BLOB assembly macro has been rewrote through the
commit '89d6b39cfe36 ppc64: pie -- Add ppc64le relocation's
processing', but the Clobber list hasn't been updated.
This doesn't generate build neither runtime errors since the Clobber
list was larger than needed but GCC 7 is now raising an error when an
assembly macro is clobbering the r2 register.
This patch fix the Clobber list to just modified registers.
Fixes: 89d6b39cfe36 ("ppc64: pie -- Add ppc64le relocation's processing")
Reported-by: Adrian Reber <adrian@lisas.de>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Commit 10801f36 (page-server: don't return a server pid from
page-server) broke page-server starting via RPC -- the latter
code checks for return value being <=0 as failure.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
|
|
This is a bugfix-mostly release. Interesting new features include
the huge rework of files restoring engine which fixed us bugs we
haven't seen in reality :) but have proven they exist. Als this
rework opens the way for scm-rigts c/r we need for nginx.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
As runc uses the RPC interface to run criu it is necessary to expose
the newly added status-fd feature via RPC. Using the status-fd interface
makes it possible to use lazy migration with runc.
travis-ci: success for RPC: make status-fd option available via RPC (rev3)
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
We will need it to include types once compel
gets into own directory.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
|
|
Will move the header into compel.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
|
