So, here's the enhanced version of the first try.

Changes are:

1. The wrapper name is criu-ns instead of crns.py
2. The CLI is absolutely the same as for criu, since the script
   re-execl-s criu binary. E.g.
	   scripts/criu-ns dump -t 1234 ...
   just works
3. Caller doesn't need to care about substituting CLI options,
   instead, the scripts analyzes the command line and
   a) replaces -t|--tree argument with virtual pid __if__ the
      target task lives in another pidns
   b) keeps the current cwd (and root) __if__ switches to another
      mntns. A limitation applies here -- cwd path should be the
      same in target ns, no "smart path mapping" is performed. So
      this script is for now only useful for mntns clones (which
      is our main goal at the moment).

Signed-off-by: Pavel Emelyanov <[email protected]>
Looks-good-to: Andrey Vagin <[email protected]>

In Py2 `range` returns a list and `xrange` creates a sequence object
that evaluates lazily. In Py3 `range` is equivalent to `xrange` in Py2.

Signed-off-by: Radostin Stoyanov <[email protected]>
Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

class ctypes.c_char_p
    Represents the C char * datatype when it points to a zero-
    terminated string. For a general character pointer that may
    also point to binary data, POINTER(c_char) must be used.
    The constructor accepts an integer address, or a bytes object.

https://docs.python.org/3/library/ctypes.html#ctypes.c_char_p

Signed-off-by: Radostin Stoyanov <[email protected]>

Change made through this commit:
- Include copy of flog as a seperate tree.
- Modify the makefile to add and compile flog code.

Signed-off-by: prakritigoyal19 <[email protected]>

CID 302713 (#1 of 1): Missing varargs init or cleanup (VARARGS)
 va_end was not called for argptr.

Signed-off-by: Adrian Reber <[email protected]>

criu-ns performs double fork, which results in criu restore
using PID=2. Thus, if a user is trying to restore a process
with that PID, the restore will fail.

Signed-off-by: Radostin Stoyanov <[email protected]>

When criu restore runs as PID=1 it has an additional responsibility to
reap zombie processes.

Signed-off-by: Radostin Stoyanov <[email protected]>
Signed-off-by: Andrei Vagin <[email protected]>

Some kernels have W^X mitigation, which means they won't execute memory
blocks if that memory block is also writable or ever was writable. This
patch enables CRIU to run on such kernels.

1. Align .data section to a page.
2. mmap a memory block for parasite as RX.
3. mprotect everything after .text as RW.

Signed-off-by: Michał Cłapiński <[email protected]>

The clang analyzer, scan-build, cannot correctly handle the
LOCK_BUG_ON() macro. At multiple places there is the following warning:

  Error: CLANG_WARNING:
    criu/pie/restorer.c:1221:4: warning: Dereference of null pointer

  include/common/lock.h:14:35: note: expanded from macro 'LOCK_BUG_ON'
               *(volatile unsigned long *)NULL = 0xdead0000 + __LINE__
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~

This just disable the clang analyzer for the LOCK_BUG_ON() macro.

Signed-off-by: Adrian Reber <[email protected]>

Using scan-build there is a warning about

 infect.c:231:17: warning: The left operand of '!=' is a garbage value
                 if (ss->state != 'Z') {

which is a false positive as every process will have a 'Status' field,
but initializing the structure makes the clang analyzer silent.

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

The function collect_one_unixsk() has a parameter 'i' and at the same
time has a variable, in a loop, with the name 'i'.

This is no real error or problem, because the function parameter 'i' is
never used in the whole function.

Just trying to reduce confusion and making a code checker happy.

Signed-off-by: Adrian Reber <[email protected]>

Using strsep() moves the pointer of the original string and this
introduces a copy of the malloc()ed memory to be able to free() it
later.

Signed-off-by: Adrian Reber <[email protected]>

Ignore coverity errors about CHECKED_RETURN.

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Coverity does not understand how close_fds() works.

Signed-off-by: Adrian Reber <[email protected]>

…ative

Signed-off-by: Adrian Reber <[email protected]>

criu/sk-unix.c:1173: chroot_call: Calling chroot: "chroot(".")".
criu/sk-unix.c:1175: chroot: Calling function "close_safe" after chroot() but before calling chdir("/").

criu/sk-unix.c:1251: chroot_call: Calling chroot: "chroot(".")".
criu/sk-unix.c:1263: chroot: Calling function "print_on_level" after chroot() but before calling chdir("/").

Coverity also says:

175312, 175313 Insecure chroot

If a call to chroot is not followed by a call to chdir("/") the chroot jail confinement can be violated.

Signed-off-by: Adrian Reber <[email protected]>

criu/pagemap.c:245: negative_return_fn: Function "img_raw_fd(pr->pi)" returns a negative number.
criu/pagemap.c:245: assign: Assigning: "fd" = "img_raw_fd(pr->pi)".
criu/pagemap.c:258: negative_returns: "fd" is passed to a parameter that cannot be negative.

criu/ipc_ns.c:762: negative_return_fn: Function "img_raw_fd(img)" returns a negative number.
criu/ipc_ns.c:762: assign: Assigning: "ifd" = "img_raw_fd(img)".
criu/ipc_ns.c:768: negative_returns: "ifd" is passed to a parameter that cannot be negative.

Signed-off-by: Adrian Reber <[email protected]>

criu/namespaces.c:529: var_decl: Declaring variable "path" without initializer.
criu/namespaces.c:602: uninit_use_in_call: Using uninitialized value "*path" as argument to "%s" when calling "print_on_level".

Signed-off-by: Adrian Reber <[email protected]>

CRIU is already using multiple CI systems and not just Travis. This
renames all Travis related things to 'ci' to show it is actually
independent of Travis.

Just a simple rename.

Signed-off-by: Adrian Reber <[email protected]>

Move podman, openj9, x86_64 tests from Travis to GitHub Actions.

Signed-off-by: Adrian Reber <[email protected]>

Most (all?) lazy tests are not being executed if "$KERN_MAJ" -ge "4" and
"$KERN_MIN" -ge "18". Currently most CI systems are running on something
with 5.4.x which means $KERN_MAJ is greater than 4 but $KERN_MIN is less
than 18 and so we are not running any lazy tests.

This commit removes the complete lazy test kernel version detection as
kernels on the CI systems are new enough to always have all required
features.

Signed-off-by: Adrian Reber <[email protected]>

The special characters in the test selection regexp should no be esaped
for the regexp to work properly.

Signed-off-by: Mike Rapoport <[email protected]>

Raising an exception breaks out of the normal
flow of control of a code block. When an exception
is not handled, the interpreter terminates execution
of the program, or returns to its interactive main loop.

Signed-off-by: Radostin Stoyanov <[email protected]>

Because it is actually running on CentOS 7 and to easier distinguish it
from the new CentOS 8 test.

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Our CentOS based CI run is based on CentOS 7. CentOS 8 exists already
for some time and CentOS 7 will probably go end of life at some point.

This adds a CentOS 8 based CI run to be prepared for the time CentOS 7
goes away.

Signed-off-by: Adrian Reber <[email protected]>

One of the previous static code analyzer fixes added a xfree() at the
end of cr_lazy_pages(). It can, however, happen that during
complete_forks() the memory location for events is moved by xrealloc()
and the final xfree() will be done on the wrong address.

Passing &events to handle_requests() enables the xfree() to free the
correct and changed memory location.

Signed-off-by: Adrian Reber <[email protected]>

In the case, that xrealloc() fails do not overwrite the original pointer
to be able to free the original pointer on exit.

Signed-off-by: Adrian Reber <[email protected]>

When vdso symbol is copied, it should be zero-terminated.
The logging code wants to print vdso names that differ
between vdso from images and vdso that's provided by kernel:

: pr_info("[%zu]`%s` offset differs: %lx != %lx (rt)\n",
:		i, sym_name, sym_offset, rt_sym_offset);

In unlikely event when vdso function name is longer than 32
(not any currently), null-terminator is missing.

Signed-off-by: Dmitry Safonov <[email protected]>

Currently if the specifier can't be parsed - error message is printed
and parsing of the format string continues. That's wrong as the argument
for the specifier will be used for the next specifier. I.e:
  pr_info("[%zu]`%s`\n", 0UL, "")
will crash PIE because %u is not known and the argument (0UL) will be
used for dereferencing string for %s.

Stop parsing printf position arguments at an unknown specifier.
Make this string visible so that `grep Error` in zdtm.py will catch it:

=[log]=> dump/zdtm/static/busyloop00/52/1/restore.log
------------------------ grep Error ------------------------
b'(00.001847) pie: 52: vdso: ['
b'Error: Unknown printf format %u'
------------------------ ERROR OVER ------------------------
Send the 15 signal to  52
Wait for zdtm/static/busyloop00(52) to die for 0.100000
======================= Test zdtm/static/busyloop00 PASS =======================

Reported-by: @ashwani29
Signed-off-by: Dmitry Safonov <[email protected]>

%u is quite common and I remember there were workarounds to print
(unsigned long) as long or whatever.
Just support it from now - it's not hard and not much code.

Signed-off-by: Dmitry Safonov <[email protected]>

Log messages showing the send/recv errno value would
help us to debug issues such as checkpoint-restore#1280.

Example:
    Error (criu/tls.c:321): tls: Pull callback recv failed: Connection reset by peer'
    Error (criu/tls.c:147): tls: Failed receiving data: Error in the pull function.'
    Error (criu/page-xfer.c:1225): page-xfer: Can't read pagemap from socket: I/O error"

Signed-off-by: Radostin Stoyanov <[email protected]>

Using travis-ci.com instead of travis-ci.org offers access to bare metal
aarch64 based systems and thus enabling us to run the full CRIU CI test
suite.

Switch arm64 based tests to arm64-graviton2 for tests.

This is the first non x86_64 architecture running tests and not just
compile in Travis.

Signed-off-by: Adrian Reber <[email protected]>

It is running on GitHub Actions

Signed-off-by: Adrian Reber <[email protected]>

For the schedule daily special definitions were needed for MIPS as it is
not part of the release branch. Now that the release branch contains
MIPS, it is no longer necessary to have separate files for MIPS.

This also changes to make the scheduled runs actually daily and not
hourly.

Signed-off-by: Adrian Reber <[email protected]>

Currently the code checks for SIGSTOP only if (!current).
Let's provide better status checks for debug-ability.

Signed-off-by: Dmitry Safonov <[email protected]>

We can't use errno in case read returned >=0 according to man.

Found in scope of checkpoint-restore#1277

Signed-off-by: Pavel Tikhomirov <[email protected]>

Sometimes there are uffd messages in a queue of a dying task and by the
time these messages are processed in handle_request, the uffd is no
longer valid and reading from it causes errors.

Add processing of EBADF in handle_uffd_event() to gracefully handle such
situation.

Signed-off-by: Mike Rapoport <[email protected]>

We see strange cases there page-server or lazy-pages are exiting with
non-zero but print no errors, probably the tail of the log can help us
to understand what happened.

There are some other uses of grep_errors but let's only change cases
where we explicitly through an exeption on bad ret. For others I'm not
sure if we need extra output, e.g. for validly failing fault injections.

To debug checkpoint-restore#1280

Signed-off-by: Pavel Tikhomirov <[email protected]>

Probably all vim users can setup their desired indent in their vimrc by
themselfs.

Signed-off-by: Pavel Tikhomirov <[email protected]>

There is a small typo in test/zdtm/static/socket_aio.c, test/zdtm/static/socket_listen.c, test/zdtm/static/socket_listen4v6.c, test/zdtm/static/socket_listen6.c, test/zdtm/static/socket_udp-corked.c, test/zdtm/static/socket_udp.c, test/zdtm/static/socket_udplite.c.

Should read `client` rather than `clietn`.

Signed-off-by: Tim Gates <[email protected]>

We've seen addresses in parasite.built-in.o precalculated by linker but
in some unexpected manner:

readelf -WS criu/pie/parasite.built-in.o
Section Headers:
  [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
  [ 1] .text             PROGBITS        0000000000000000 000040 00400a 00  AX  0   0 16
  [87] .data             PROGBITS        0000000000000000 005000 000068 00  WA  0   0 4096
  [88] .rodata           PROGBITS        0000000000000080 005080 001016 00   A  0   0 32

(Notes: All other sections does not have SHF_ALLOC or are of size 0, so I
skip them. Need to add "-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" to
CFLAGS to reproduce.)

Section 88 has address 0x80 in elf file but in our "consequent"
addresses precalculation algorithm it should be at 0x5080:

  addr(.text) == 0x0
  addr(.data) == 0x400a + (0x1000 - 0x400a % 0x1000) + 0x68 == 0x5068
  addr(.rodata) == 0x5068 + (0x20 - 0x5068 % 0x20) == 0x5080

Probably the linker advises us to move 4096 aligned section to the
beginning to save some space, but it's just a guess.

So probably we should be ready to "non-consequent" alignments
precalculated and just override them.

checkpoint-restore#1301

Signed-off-by: Pavel Tikhomirov <[email protected]>

I) Let's make CLONE_NEWPID in rsti(item)->clone_flags always only mean
that we need to clone with CLONE_NEWPID to create this task. Only pidns
reaper would have this flag because only they can be restored via clone
with CLONE_NEWPID flag. If we have non pidns reaper root task but its
pidns is different from criu this can be only restored into external
pidns.

II) Let's remove clone_flags variable from fork_with_pid as it does not
actually needed now:

clone_flags was introduced to be able to restore into external pidns

rsti(item)->clone_flags is determined in prepare_pstree_kobj_ids and
before (I) it means 1) parent has different namespace from item or 2)
item is root task and criu has different namespace from it. We don't
support nested pid namespaces so (1) is always false. And for (2) we
have two cases a) pid == INIT_PID - when it is not possible to restore
into external pidns b) pid != INIT_PID - when it is only possible to
restore into external pidns.

For (b) we previousely had CLONE_NEWPID flag in rsti(item)->clone_flags
and to workaround it we've added this extra clone_flags variable, but I
think it is not needed because we can simply remove CLONE_NEWPID from
non-reaper processes initially.

Also the code with removing CLONE_NEWPID from clone_flags and adding the
same flag to rsti(item)->clone_flags is super strange because I don't
see any other place where we later can use rsti(item)->clone_flags.

III) Also don't print differen flags in "Forking task with ..." from
which we actually use in clone.

Signed-off-by: Pavel Tikhomirov <[email protected]>

I) Make root_ns_mask always display namespaces of root task which are
different from criu ones. All this play with temporary unsetting it
makes this variable hard to understand (more over it is not in shared
memory).

II) Disable "INIT_PID + pidns is dumped" check for external pidns
explicitly.

III) On dump we should check that pidns of root task is external, not
just any pidns is external (in case in future we would support nested
pidns-es it would be wrong). That also allows us to use regular
lookup_ns_by_id search.

IV) On error when killing tasks we should kill only root task if it is
an init of pidns. Previousely we had CLONE_NEWPID set in root_ns_mask
for external pidns but root task was not init and we killed only root
task on error cleanup.

Signed-off-by: Pavel Tikhomirov <[email protected]>

All other tasks will inherit, let's remove excess steps. While on it
also add some info message about external pidns used.

Signed-off-by: Pavel Tikhomirov <[email protected]>

---
v2: add new external_pidns variable to sinchronize all uses of external
pidns case

…PID namespace

It is quiet a common case to move the process from one pidns to another
existing pidns with criu (only restriction is pids should not
intersect). Let's check it works.

v2: - use pipe-s to synchronize processes
    - run the test in a pid namespace to avoid pid conflicts in the host
      pid namespace
    - grep errors in restore.log
    - add some more comments
v3: use 1000 for ns_last_pid so that test works on systems with low
pid_max; remove excess ';'s.

Co-Developed-by: Andrei Vagin <[email protected]>
Signed-off-by: Pavel Tikhomirov <[email protected]>

Build on Ubuntu 18.04 amd64 with command "make DEBUG=1" produces the following error:

include/common/asm/bitops.h: Assembler messages:
include/common/asm/bitops.h:71: Error: incorrect register `%edx' used with `q' suffix

Signed-off-by: anatasluo <[email protected]>

See https://bugs.centos.org/view.php?id=17920

Signed-off-by: Dmitry Safonov <[email protected]>

Not a thing since commit fe66807 ("travis: switch pcp64le and s390x
to real hardware").

Signed-off-by: Dmitry Safonov <[email protected]>

If one will do "git log --oneline", it is quite easy to see that we
don't begin subject lines with a capital letter. We start subjects with
component prefixes where components (mostly) are lowercase. So let's fix
it in contribution guide not to mislead newcomers.

Signed-off-by: Pavel Tikhomirov <[email protected]>

Circle CI provides bare metal test systems which are a very good
environment for the CRIU test cases. This adds two CI runs on Circle CI.

On Circle CI it is necessary to tell clang to use '-Wl,-z,now', because
gcc has it hard-coded in Ubuntu and clang does not.

Signed-off-by: Adrian Reber <[email protected]>

As CRIU is using multiple different CI systems this adds a printout to
each CI run about the CI environment for easier debugging of possible
errors.

Also use V=1 to build CRIU and the tests to easily see which compiler
and which options are used.

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

This is just a small cleanup, no behaviour change.

Signed-off-by: Pavel Tikhomirov <[email protected]>

Signed-off-by: Adrian Reber <[email protected]>

Before the 5.11 kernel, there is a known issue.

start_time in /proc/pid/stat is printed in the host time namespace,
but /proc/uptime is shown in a current namespace, but criu compares them
to detect when a new task has reused one of old pids.

Fixes: checkpoint-restore#1266

Signed-off-by: Andrei Vagin <[email protected]>

On Ubuntu 20.04, iptables is in /usr/sbin/.

Reported-by: Mr Jenkins
Signed-off-by: Andrei Vagin <[email protected]>

This is a copy of stale.yml from the Podman repository to automatically
close tickets after 365 days. After 30 days tickets and issues are
marked as stale and after 365 tickets and issues are finally closed.

Signed-off-by: Adrian Reber <[email protected]>

…sition

1. The -ERESTART_RESTARTBLOCK case in get_task_regs() depends on kernel
   internals too much, and for no reason. We shouldn't rely on fact that
   a) we are going to do sigreturn() and b) restore_sigcontext() always
   sets restart_block->fn = do_no_restart_syscall which returns -EINTR.

   Just change this code to enforce -EINTR after restore, this is what
   we actually want until we teach criu to handle ERESTART_RESTARTBLOCK.

2. Add pr_warn() to make the potential bug-reports more understandable,
   a sane application should handle -EINTR correctly but this is not
   always the case.

Fixes: checkpoint-restore#1325
Report-by: Mr Travis
Inspired-by: dd71cca ("dump/x86: sanitize the ERESTART_RESTARTBLOCK -> EINTR transition")
Signed-off-by: Andrei Vagin <[email protected]>

Resolves checkpoint-restore#1333

Signed-off-by: Radostin Stoyanov <[email protected]>

These changes enable running all compel tests with a single
command from the root path of the repository:

	# sudo make -C compel/test

Signed-off-by: Radostin Stoyanov <[email protected]>

Signed-off-by: Radostin Stoyanov <[email protected]>

musl defines 'loff_t' in fcntl.h as 'off_t'.
This patch resolves the following error when running the compel tests
on Alpine Linux:

gcc -O2 -g -Wall -Werror -c -Wstrict-prototypes -fno-stack-protector -nostdlib -fomit-frame-pointer -ffreestanding -fpie -I ../../../compel/include/uapi -o parasite.o parasite.c
In file included from ../../../compel/include/uapi/compel/plugins/std/syscall.h:8,
                 from ../../../compel/include/uapi/compel/plugins/std.h:5,
                 from parasite.c:3:
../../../compel/include/uapi/compel/plugins/std/syscall-64.h:19:66: error: unknown type name 'loff_t'; did you mean 'off_t'?
   19 | extern long sys_pread (unsigned int fd, char *buf, size_t count, loff_t pos) ;
      |                                                                  ^~~~~~
      |                                                                  off_t
../../../compel/include/uapi/compel/plugins/std/syscall-64.h:96:46: error: unknown type name 'loff_t'; did you mean 'off_t'?
   96 | extern long sys_fallocate (int fd, int mode, loff_t offset, loff_t len) ;
      |                                              ^~~~~~
      |                                              off_t
../../../compel/include/uapi/compel/plugins/std/syscall-64.h:96:61: error: unknown type name 'loff_t'; did you mean 'off_t'?
   96 | extern long sys_fallocate (int fd, int mode, loff_t offset, loff_t len) ;
      |                                                             ^~~~~~
      |                                                             off_t
make[1]: *** [Makefile:32: parasite.o] Error 1

Signed-off-by: Radostin Stoyanov <[email protected]>

gcc -O2 -g -Wall -Werror -I ../../../compel/include/uapi -o spy spy.c ../../../compel/libcompel.a
spy.c: In function ‘check_pipe_ends’:
spy.c:107:2: error: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Werror=unused-result]
  107 |  write(wfd, "1", 2);
      |  ^~~~~~~~~~~~~~~~~~
spy.c:108:2: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
  108 |  read(rfd, aux, sizeof(aux));
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Signed-off-by: Radostin Stoyanov <[email protected]>

Improve the check to skip moving service fds in clone_service_fd because
we don't need to move anything if old service fds resulting offset is
the same as new service fds resulting offset. It saves us from excess
calls to dup/fcntl(F_DUPFD).

Currently we check that base is the same and shared fdt ids are the
same, but there also can be situations where different bases with
different shared fdt ids still give the same offset sum (running zdtm in
Virtuozzo CT we've seen such a case where service_fd_base=512,
new_base=128, service_fd_id=24, id=0, SERVICE_FD_MAX=16).

Signed-off-by: Pavel Tikhomirov <[email protected]>

We need this to avoid conflicts with file descriptors which has to be
restored. Currently open_proc PROC_SELF is not used during restoring
file descriptors, but we are going to use it for memfd restore.

Note: in get_proc_fd let's not close service fd if we detect service fd
is not ours, it will be replaced in open_pid_proc anyway, and e.g. in
protected sfd context we can't close or open sfd, but can replace it
without any problems.

While on it also add FIXME because the check in get_proc_fd is error
prone in some rare cases (nested pidns is not supported yet).

We need to populate this new SELF service fd in populate_pid_proc, so
that it is later available in protected context. Also don't close
/proc/self service fd in prep_unix_sk_cwd as it can be called from
protected context and there is no much point of closing it anyway.

Close proc self servicefd in close_old_fds, because first we don't wan't
to reuse it from some ancestor, second there can be some junk fd as we
are yet only in the beginning of close_old_fds. This junk fd can come
from service fds of other tasks from parent's shared fdtable, and this
fd would not allow us to do opendir_proc(PROC_SELF).

Signed-off-by: Pavel Tikhomirov <[email protected]>

This looks better for me, should be no functional change.

Another implication of this is nested pid namespaces, when we will
support them "__open_proc(getpid()...)" will try to open file of the
process which has the same pid but in NS_ROOT pidns, which is bad.

See also aa2d920 ("files: use PROC_SELF when a process accesses its
/proc/PID") for a similar change.

Signed-off-by: Pavel Tikhomirov <[email protected]>

 criu/cr-restore.c:3230:3: note: Value stored to 'ret' is never read
                 ret = false;
                 ^     ~~~~~
  3228|   	if (n == -1) {
  3229|   		pr_perror("Failed to get number of supplementary groups");
  3230|-> 		ret = false;
  3231|   	}
  3232|   	if (n != n_groups)

Signed-off-by: Adrian Reber <[email protected]>

…gative

criu/fdstore.c:110: negative_return_fn: Function "get_service_fd(FDSTORE_SK_OFF)" returns a negative number.
criu/fdstore.c:110: assign: Assigning: "sk" = "get_service_fd(FDSTORE_SK_OFF)".
criu/fdstore.c:114: negative_returns: "sk" is passed to a parameter that cannot be negative.

criu/namespaces.c:1366: negative_return_fn: Function "get_service_fd(USERNSD_SK)" returns a negative number.
criu/namespaces.c:1366: assign: Assigning: "sk" = "get_service_fd(USERNSD_SK)".
criu/namespaces.c:1389: negative_returns: "sk" is passed to a parameter that cannot be negative.

Signed-off-by: Adrian Reber <[email protected]>
Signed-off-by: Andrei Vagin <[email protected]>

Stats often call 'get_timing' function which has a BUG() assertion to
catch cases when stats failed to initialize correctly.
If stats haven't initialized yet assertion will also be triggered.
We dont want the trigger to happen in a case when criu fails at early
steps before initializing stats, but this can happen in the following
case:
  - at cr_dump_tasks criu can catch error before the call to init_stats.
  - it then decides to gracefully quit with error and
    calls cr_dump_finish.
  - cr_dump_finish will call timing_stop -> get_timing
    and BUG() gets triggered

But because criu is already quitting gracefully, BUG() is not needed.
In this code path we can call timing_stop under proper condition.

[avagin: rebase on top of criu-dev and a few minor changes]

Signed-off-by: Andrei Vagin <[email protected]>

In case get_clean_mnt fails open_mountpoint is still able to resolve mounts
by helper process or print error in the worst case. Using pr_warn instead of
pr_perror.

Signed-off-by: Andrey Zhadchenko <[email protected]>

mnt_is_dir is used when looking up for suitable mount point. In some cases
that function may fail several times. Error level seems to strict for this
cases.
Added error message to lookup_mnt_sdev in case all mnt_is_dir failed.
As for open_handle and alloc_openable which are calling mnt_is_dir, they are
used in check_open_handle, which will call error afterwards.

Adjusted log level for __open_mountpoint result in open_handle since it is
allowed to fail several times. open_handle caller get_mark_path expect
possible failure and will print error in case.

Signed-off-by: Andrey Zhadchenko <[email protected]>

open_handle and first part of alloc_openable do the same work. Both these
function are called from check_open_handle. Rework check_open_handle to call
only alloc_openable.

Signed-off-by: Andrey Zhadchenko <[email protected]>

…enhancement'

With Travis dramatically reducing the minutes available for CI, CRIU
needs a new place to run tests. This moves the Vagrant based Fedora 32
no VDSO test cases to Cirrus CI. Cirrus CI seems to be one of the very
few free CI services allowing access to /dev/kvm.

Signed-off-by: Adrian Reber <[email protected]>

1) Let's do test_init earlier so that max_nr test_msg is now visible in
thread-bomb.out.

2) Also lets check errors from malloc and pthread_...  functions, print
messages about their errors and do proper deallocation at least.

Signed-off-by: Pavel Tikhomirov <[email protected]>

Besides Travis CI Drone CI seems to be only service providing ARM based
builds. This switches the aarch64 and arm32 builds to drone.io.

Because Drone CI is running in a Docker container we cannot use 'setarch
linux32' as it requires the blocked syscall 'personality(2)'.

But Drone CI provides an 'arch: arm' which gives the same architecture
as 'setarch linux32' on Travis aarch64: armv8l

Signed-off-by: Adrian Reber <[email protected]>

Running in an environment with clang and without gcc even installed
does not work as compel-host-bin uses HOSTCC which defaults to gcc.

If CLANG=1 is set this also sets HOSTCC to clang to actually build
compel-host-bin with clang and not with gcc.

Signed-off-by: Adrian Reber <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

Signed-off-by: Andrei Vagin <[email protected]>

Fixes: checkpoint-restore#1346
Signed-off-by: Andrei Vagin <[email protected]>

The commas need to be inside of the quotes. Not on the outside.

Signed-off-by: Adrian Reber <[email protected]>